diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 0af9d203e2..149ef61a09 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -21,7 +21,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manag
|Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
|Allow only approved domains to use the TDC ActiveX control |
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
|IE11 in Windows 10 |This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.
If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
|Allow SSL3 Fallback |Administrative Templates\Windows Components\Internet Explorer\Security Features |Internet Explorer 11 on Windows 10 |This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.
If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.
If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.
**Important:**
By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
-|Allow VBScript to run in Internet Explorer|
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
|Internet Explorer 11|This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.If you enable or don't configure this policy setting from the policy Options box (default), VBScript runs on pages in specific zones, without user interaction.
If you choose Prompt from the policy Options box, employees are prompted whether to allow VBScript to run.
If you disable this policy setting from the policy Options box, VBScript is stopped from running on pages in specific zones.|
+|Allow VBScript to run in Internet Explorer|
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
- Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
|Internet Explorer 11|This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.If you enable this policy setting (default), you must also pick one of the following options from the Options box:
- Enable. VBScript runs on pages in specific zones, without any interaction.
- Prompt. Employees are prompted whether to allow VBScript to run in the zone.
- Disable. VBScript is prevented from running in the zone.
If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone.|
|Always send Do Not Track header |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 |This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
**In Internet Explorer 9 and 10:**
If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
**In at least IE11:**
If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced* tab of the **Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
|Don't run antimalware programs against ActiveX controls
(Internet, Restricted Zones) |
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
|IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
|Don't run antimalware programs against ActiveX controls
(Intranet, Trusted, Local Machine Zones) |
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
- Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
|IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |