- ## Allow a shared books folder [!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)] @@ -61,15 +60,33 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Allow Extensions [!INCLUDE [allow-extensions-include.md](includes/allow-extensions-include.md)] +## Allow fullscreen mode +[!INCLUDE [allow-full-screen-include](includes/allow-full-screen-include.md)] + ## Allow InPrivate browsing [!INCLUDE [allow-inprivate-browsing-include.md](includes/allow-inprivate-browsing-include.md)] ## Allow Microsoft Compatibility List [!INCLUDE [allow-microsoft-compatibility-list-include.md](includes/allow-microsoft-compatibility-list-include.md)] +## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed +[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)] + +## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed +[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)] + +## Allow printing +[!INCLUDE [allow-printing-include.md](includes/allow-printing-include.md)] + +## Allow Saving History +[!INCLUDE [allow-saving-history-include.md](includes/allow-saving-history-include.md)] + ## Allow search engine customization [!INCLUDE [allow-search-engine-customization-include.md](includes/allow-search-engine-customization-include.md)] +## Allow sideloading of Extensions +[!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)] + ## Allow web content on New Tab page [!INCLUDE [allow-web-content-new-tab-page-include.md](includes/allow-web-content-new-tab-page-include.md)] @@ -82,6 +99,9 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Configure Autofill [!INCLUDE [configure-autofill-include.md](includes/configure-autofill-include.md)] +## Configure collection of browsing data for Microsoft 365 Analytics +[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)] + ## Configure cookies [!INCLUDE [configure-cookies-include.md](includes/configure-cookies-include.md)] @@ -91,6 +111,21 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Configure Favorites [!INCLUDE [configure-favorites-include.md](includes/configure-favorites-include.md)] +## Configure Favorites Bar +[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)] + +## Configure Home Button +[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)] + +## Configure kiosk mode +[!INCLUDE [configure-microsoft-edge-kiosk-mode-include.md](includes/configure-microsoft-edge-kiosk-mode-include.md)] + +## Configure kiosk reset after idle timeout +[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include.md](includes/configure-edge-kiosk-reset-idle-timeout-include.md)] + +## Configure Open Microsoft Edge With +[!INCLUDE [configure-open-edge-with-include.md](includes/configure-open-edge-with-include.md)] + ## Configure Password Manager [!INCLUDE [configure-password-manager-include.md](includes/configure-password-manager-include.md)] @@ -133,6 +168,9 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Prevent bypassing Windows Defender SmartScreen prompts for sites [!INCLUDE [prevent-bypassing-win-defender-sites-include.md](includes/prevent-bypassing-win-defender-sites-include.md)] +## Prevent certificate error overrides +[!INCLUDE [prevent-certificate-error-overrides-include.md](includes/prevent-certificate-error-overrides-include.md)] + ## Prevent changes to Favorites on Microsoft Edge [!INCLUDE [prevent-changes-to-favorites-include.md](includes/prevent-changes-to-favorites-include.md)] @@ -142,6 +180,12 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Prevent the First Run webpage from opening on Microsoft Edge [!INCLUDE [prevent-first-run-webpage-open-include.md](includes/prevent-first-run-webpage-open-include.md)] +## Prevent turning off required extensions +[!INCLUDE [prevent-turning-off-required-extensions-include.md](includes/prevent-turning-off-required-extensions-include.md)] + +## Prevent users from turning on browser syncing +[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](includes/prevent-users-to-turn-on-browser-syncing-include.md)] + ## Prevent using Localhost IP address for WebRTC [!INCLUDE [prevent-localhost-address-for-webrtc-include.md](includes/prevent-localhost-address-for-webrtc-include.md)] @@ -154,10 +198,23 @@ By using Group Policy and Intune, you can set up a policy setting once, and then ## Set default search engine [!INCLUDE [set-default-search-engine-include.md](includes/set-default-search-engine-include.md)] +## Set Home Button URL +[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)] + +## Set New Tab page URL +[!INCLUDE [set-new-tab-url-include.md](includes/set-new-tab-url-include.md)] + ## Show message when opening sites in Internet Explorer -[!INCLUDE [show-message-opening-sites-ie-include.md](includes/show-message-opening-sites-ie-include.md)] +[!INCLUDE [show-message-opening-sites-ie-include](includes/show-message-opening-sites-ie-include.md)] + +## Unlock Home Button +[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)] ## Related topics -* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885) +- [Mobile Device Management (MDM) settings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) +- [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921) +- [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922) +- [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923) +- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924). \ No newline at end of file diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index 2af18fcf6f..e008145cec 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -1,19 +1,56 @@ --- title: Change history for Microsoft Edge (Microsoft Edge for IT Pros) -description: This topic lists new and updated topics in the Microsoft Edge documentation for Windows 10 and Windows 10 Mobile. +description: Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile. ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library ms.localizationpriority: medium -ms.date: '' +manager: dougkim ms.author: pashort author: shortpatti +ms.date: 10/02/2018 --- # Change history for Microsoft Edge Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile. +# [2018](#tab/2018) + +## October 2018 + +The Microsoft Edge team introduces new group policies and MDM settings for Microsoft Edge on Windows 10. The new policies let you enable/disable +full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure the New Tab page, Home button, and startup options, as well as manage extensions. + +We have discontinued the **Configure Favorites** group policy, so use the [Provision Favorites](available-policies.md#provision-favorites) policy instead. + +>>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: +>> +>> **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + + + +| **New or updated** | **Group Policy** | **Description** | +|------------|-----------------|--------------------| +| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] | +| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] | +| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] | +| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] | +| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] | +| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] | +| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] | +| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] | +| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] | +| New | [Configure kiosk mode](microsoft-edge-kiosk-mode-deploy.md#relevant-policies) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | +| New | [Configure kiosk reset after idle timeout](microsoft-edge-kiosk-mode-deploy.md#relevant-policies) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | +| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] | +| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] | +| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] | +| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] | +| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] | +| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] | +| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] | +| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] | # [2017](#tab/2017) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md deleted file mode 100644 index dbb4851e18..0000000000 --- a/browsers/edge/emie-to-improve-compatibility.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11. -ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4 -author: shortpatti -ms.author: pashort -ms.prod: edge -ms.mktglfcycl: support -ms.sitesec: library -ms.pagetype: appcompat -title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros) -ms.localizationpriority: medium -ms.date: 04/15/2018 ---- - -# Use Enterprise Mode to improve compatibility - -> Applies to: Windows 10 - -If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. - -Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. - ->[!NOTE] ->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714). - -## Fix specific websites - -Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and need IE11, you can add them to the Enterprise Mode site list, using the Enterprise Mode Site List Manager. - -**To add sites to your list** - -1. In the Enterprise Mode Site List Manager, click **Add**.
If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](https://go.microsoft.com/fwlink/p/?LinkId=618322).
 - -2. Type or paste the URL for the website that’s experiencing compatibility problems, like *<domain>*.com or *<domain>*.com/*<path>* into the **URL** box.
You don’t need to include the `http://` or `https://` designation. The tool will automatically try both versions during validation. - -3. Type any comments about the website into the **Notes about URL** box.
Administrators can only see comments while they’re in this tool. - -4. Click **Open in IE** next to the URL that should automatically open in IE11.
The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, Enterprise Mode is automatically selected. - -5. Click **Save** to validate your website and to add it to the site list for your enterprise.
If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. - -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](https://go.microsoft.com/fwlink/p/?LinkId=618952).
-
-### Set up Microsoft Edge to use the Enterprise Mode site list
-
-You must turn on the **Configure the Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).
-
-> **Note**
-> If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. - -**To turn on Enterprise Mode using Group Policy** - -1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** policy.
Turning this setting on also requires you to create and store a site list.
 - -2. Click **Enabled**, and then in the **Options** area, type the location to your site list. - -3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.
The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. - -**To turn on Enterprise Mode using the registry** - -1. **To turn on Enterprise Mode for all users on the PC:** Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode`. - -2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
 - - - **HTTP location**: *“SiteList”=”http://localhost:8080/sites.xml”* - - - **Local network**: *"SiteList"="\\\network\\shares\\sites.xml"* - - - **Local file**: *"SiteList"="file:///c:/Users/<username>/Documents/testList.xml"* - - All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. - - - -3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.
The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
-
-## Fix your intranet sites
-
-You can add the **Send all intranet traffic over to Internet Explorer** Group Policy setting for Windows 10 so that all of your intranet sites open in IE11. This means that even if your employees are using Microsoft Edge, they will automatically switch to IE11 while viewing the intranet.
-
-> **Note**
-> If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
-
-**To turn on Sends all intranet traffic over to Internet Explorer using Group Policy**
-
-1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Microsoft Edge\Sends all intranet traffic over to Internet Explorer` setting.
-
- 
-
-2. Click **Enabled**.
-
-3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.
The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
-
-## Related topics
-* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
-* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](https://go.microsoft.com/fwlink/p/?LinkId=394378)
-* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
-* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714)
-
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
deleted file mode 100644
index 352bb35dff..0000000000
--- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Microsoft Edge and Internet Explorer 11 (Microsoft Edge for IT Pros)
-description: Enterprise guidance for using Microsoft Edge and Internet Explorer 11.
-author: shortpatti
-ms.prod: edge
-ms.mktglfcycl: support
-ms.sitesec: library
-ms.pagetype: appcompat
-ms.localizationpriority: medium
-ms.date: 10/16/2017
----
-
-# Browser: Microsoft Edge and Internet Explorer 11
-**Microsoft Edge content applies to:**
-
-- Windows 10
-- Windows 10 Mobile
-
-**Internet Explorer 11 content applies to:**
-
-- Windows 10
-
-## Enterprise guidance
-Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
-
-We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
-
-If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization.
-
-
-[Click to enlarge](img-microsoft-edge-infographic-lg.md)
-[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
-
-### Microsoft Edge
-Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
-
-- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
-- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
-- **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
-- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
-
-### IE11
-IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
-
-- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
-- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
-- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
-- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
-- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
-- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
-
-## Related topics
-- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
-- [Download Internet Explorer 11](https://windows.microsoft.com/internet-explorer/download-ie)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
-- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
-- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/itpro/internet-explorer/ie11-ieak/index)
-- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md
index 39cc4f17f8..da3686718d 100644
--- a/browsers/edge/group-policies/address-bar-settings-gp.md
+++ b/browsers/edge/group-policies/address-bar-settings-gp.md
@@ -1,18 +1,26 @@
---
-title: Microsoft Edge - Address bar settings
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Address bar group policies
+description: Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services, hiding the functionality of the Address bar drop-down list.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/29/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Address bar settings
+# Address bar
+
+Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list.
+
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
@@ -20,4 +28,5 @@ ms.sitesec: library
[!INCLUDE [allow-address-bar-suggestions-include.md](../includes/allow-address-bar-suggestions-include.md)]
## Configure search suggestions in Address bar
-[!INCLUDE [configure-search-suggestions-address-bar-include.md](../includes/configure-search-suggestions-address-bar-include.md)]
\ No newline at end of file
+[!INCLUDE [configure-search-suggestions-address-bar-include.md](../includes/configure-search-suggestions-address-bar-include.md)]
+
diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md
index 36461a27fe..a5bcbb0ea4 100644
--- a/browsers/edge/group-policies/adobe-settings-gp.md
+++ b/browsers/edge/group-policies/adobe-settings-gp.md
@@ -1,20 +1,29 @@
---
-title: Microsoft Edge - Adobe settings
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Adobe Flash group policies
+description: Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the Configure the Adobe Flash Click-to-Run setting group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/25/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Adobe settings
+# Adobe Flash
+
+Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
+
+To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Allow Adobe Flash
[!INCLUDE [allow-adobe-flash-include.md](../includes/allow-adobe-flash-include.md)]
diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md
index 2851dafc5b..2fc892d73b 100644
--- a/browsers/edge/group-policies/books-library-management-gp.md
+++ b/browsers/edge/group-policies/books-library-management-gp.md
@@ -1,21 +1,27 @@
---
-title: Microsoft Edge - Books Library management
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Books Library group policies
+description: Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder. You can also allow Microsoft Edge to update the configuration data for the library automatically.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/25/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Books Library management
+# Books Library
+
+Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data.
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Allow a shared books folder
[!INCLUDE [allow-shared-folder-books-include.md](../includes/allow-shared-folder-books-include.md)]
diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md
index 213c901cfb..4cd1c73ad2 100644
--- a/browsers/edge/group-policies/browser-settings-management-gp.md
+++ b/browsers/edge/group-policies/browser-settings-management-gp.md
@@ -1,25 +1,35 @@
---
-title: Microsoft Edge - Browser settings management
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Browser experience group policies
+description: Not only do the other Microsoft Edge group policies enhance the browsing experience, but we must also talk about some of the most common or somewhat common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/25/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Browser settings management
+# Browser experience
+
+Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users.
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Allow clearing browsing data on exit
[!INCLUDE [allow-clearing-browsing-data-include](../includes/allow-clearing-browsing-data-include.md)]
+## Allow fullscreen mode
+[!INCLUDE [allow-full-screen-include](../includes/allow-full-screen-include.md)]
+
## Allow printing
[!INCLUDE [allow-printing-include](../includes/allow-printing-include.md)]
@@ -35,11 +45,7 @@ ms.sitesec: library
## Do not sync
[!INCLUDE [do-not-sync-include](../includes/do-not-sync-include.md)]
-## Do not sync browser settings
-[!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)]
-
-## Prevent users from turning on browser syncing
-[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)]
+To learn about the policies to sync the browser settings, see [Sync browser settings](sync-browser-settings-gp.md).
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index 9108424f87..4e2e437372 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -1,21 +1,26 @@
---
-title: Microsoft Edge - Developer settings
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Developer tools
+description: Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+managre: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/25/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Developer settings
+# Developer tools
+Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Allow Developer Tools
[!INCLUDE [allow-dev-tools-include](../includes/allow-dev-tools-include.md)]
diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md
index 5f85feab3f..577d254742 100644
--- a/browsers/edge/group-policies/extensions-management-gp.md
+++ b/browsers/edge/group-policies/extensions-management-gp.md
@@ -1,20 +1,26 @@
---
-title: Microsoft Edge - Extensions management
-description: 115-145 characters including spaces. Edit the intro para describing article intent to fit here. This abstract displays in the search result.
+title: Microsoft Edge - Extensions group policies
+description: Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
services:
-keywords: Don’t add or edit keywords without consulting your SEO champ.
+keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 09/05/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Extensions management
+# Extensions
+Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Allow Extensions
[!INCLUDE [allow-extensions-include](../includes/allow-extensions-include.md)]
diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md
index e488c71611..d4fb07852c 100644
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@@ -1,20 +1,26 @@
---
-title: Microsoft Edge - Favorites management
-description:
+title: Microsoft Edge - Favorites group policies
+description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
services:
keywords:
+ms.localizationpriority: medium
+manager: dougkim
author: shortpatti
ms.author: pashort
-ms.date: 07/25/2018
+ms.date: 10/02/2018
ms.topic: article
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Favorites management
+# Favorites
+You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Configure Favorites Bar
[!INCLUDE [configure-favorites-bar-include](../includes/configure-favorites-bar-include.md)]
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index 5d7808dfa9..a4bac9dd9a 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -1,18 +1,19 @@
---
-title: Microsoft Edge - Home button configuration options
-description: Microsoft Edge shows the home button and by clicking it the Start page loads by default.
+title: Microsoft Edge - Home button group policies
+description: Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
+manager: dougkim
ms.author: pashort
author: shortpatti
-ms.date: 07/23/2018
+ms.date: 10/02/2018
+ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
-# Home button configuration options
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+# Home button
-Microsoft Edge shows the home button and by clicking it the Start page loads by default. You can configure the Home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
+Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
## Relevant group policies
@@ -20,10 +21,13 @@ Microsoft Edge shows the home button and by clicking it the Start page loads by
- [Set Home Button URL](#set-home-button-url)
- [Unlock Home Button](#unlock-home-button)
+You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Configuration options
-
+
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 1918d89136..8be9af2e9d 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -12,7 +12,7 @@ metadata:
description: Learn how to configure group policies in Microsoft Edge on Windows 10.
- text: Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+ text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
@@ -22,7 +22,7 @@ metadata:
ms.author: pashort
- ms.date: 07/26/2018
+ ms.date: 10/02/2018
ms.topic: article
@@ -36,7 +36,7 @@ sections:
- type: markdown
- text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
+ text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
- items:
@@ -50,17 +50,7 @@ sections:
items:
- - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies
-
- html:
View all available group policies for Microsoft Edge on Windows 10.
- - image: - - src: https://docs.microsoft.com/media/common/i_policy.svg - - title: All group policies - - - href: address-bar-settings-gp + - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/address-bar-settings-gp html:Learn how you can configure Microsoft Edge to show search suggestions in the address bar.
@@ -68,7 +58,7 @@ sections: src: https://docs.microsoft.com/media/common/i_http.svg - title: Address bar settings + title: Address bar - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/adobe-settings-gp @@ -78,7 +68,7 @@ sections: src: https://docs.microsoft.com/media/common/i_setup.svg - title: Adobe Flash settings + title: Adobe Flash - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/books-library-management-gp @@ -88,7 +78,7 @@ sections: src: https://docs.microsoft.com/media/common/i_library.svg - title: Books library management + title: Books Library - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/browser-settings-management-gp @@ -98,17 +88,7 @@ sections: src: https://docs.microsoft.com/media/common/i_management.svg - title: Browser settings - - - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy - - html:Learn how Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices.
- - image: - - src: https://docs.microsoft.com/media/common/i_categorize.svg - - title: Deploy Microsoft Edge kiosk mode + title: Browser experience - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/developer-settings-gp @@ -118,17 +98,7 @@ sections: src: https://docs.microsoft.com/media/common/i_config-tools.svg - title: Developer tools & settings - - - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp - - html:Learn how you use Microsoft Edge and Internet Explorer together for a full browsing experience.
- - image: - - src: https://docs.microsoft.com/media/common/i_management.svg - - title: Enterprise mode + title: Developer tools - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/extensions-management-gp @@ -138,7 +108,7 @@ sections: src: https://docs.microsoft.com/media/common/i_extensions.svg - title: Extensions management + title: Extensions - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/favorites-management-gp @@ -148,7 +118,7 @@ sections: src: https://docs.microsoft.com/media/common/i_link.svg - title: Favorites management + title: Favorites - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/home-button-gp @@ -158,17 +128,37 @@ sections: src: https://docs.microsoft.com/media/common/i_setup.svg - title: Home button settings + title: Home button + + - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp + + html:Learn how you use Microsoft Edge and Internet Explorer together for a full browsing experience.
+ + image: + + src: https://docs.microsoft.com/media/common/i_management.svg + + title: Interoperability and enterprise guidance + + - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy + + html:Learn how Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices.
+ + image: + + src: https://docs.microsoft.com/media/common/i_categorize.svg + + title: Kiosk mode deployment in Microsoft Edge - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp - html:Learn how to configure the New tab page in Microsoft Edge.
+ html:Learn how to configure the New Tab page in Microsoft Edge.
image: src: https://docs.microsoft.com/media/common/i_setup.svg - title: New tab page settings + title: New Tab page - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/prelaunch-preload-gp @@ -178,7 +168,7 @@ sections: src: https://docs.microsoft.com/media/common/i_setup.svg - title: Prelaunch Microsoft Edge and preload tabs + title: Prelaunch Microsoft Edge and preload tabs - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/search-engine-customization-gp @@ -188,7 +178,7 @@ sections: src: https://docs.microsoft.com/media/common/i_search.svg - title: Search engine management + title: Search engine customization - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/security-privacy-management-gp @@ -198,7 +188,7 @@ sections: src: https://docs.microsoft.com/media/common/i_security-management.svg - title: Security & privacy management + title: Security and privacy - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/start-pages-gp @@ -208,7 +198,7 @@ sections: src: https://docs.microsoft.com/media/common/i_setup.svg - title: Start page settings + title: Start page - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp @@ -218,7 +208,7 @@ sections: src: https://docs.microsoft.com/media/common/i_sync.svg - title: Sync browser settings + title: Sync browser - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/telemetry-management-gp @@ -229,3 +219,13 @@ sections: src: https://docs.microsoft.com/media/common/i_data-collection.svg title: Telemetry and data collection + + - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies + + html:View all available group policies for Microsoft Edge on Windows 10.
+ + image: + + src: https://docs.microsoft.com/media/common/i_policy.svg + + title: All group policies \ No newline at end of file diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md index 9168988d09..65e68d1a5e 100644 --- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -1,58 +1,77 @@ --- -title: Microsoft Edge - Interoperability and enterprise guidance -description: +title: Microsoft Edge - Interoperability and enterprise mode guidance +description: Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. +ms.localizationpriority: medium +manager: dougkim ms.author: pashort author: shortpatti -ms.date: 07/23/2018 +ms.date: 10/02/2018 ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library --- -# Interoperability and enterprise guidance ->*Supported versions: Microsoft Edge on Windows 10* +# Interoperability and enterprise mode guidance + +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. + +>[!TIP] +>If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly. + +**Technology not supported by Microsoft Edge** -Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support. - - ->[!TIP] -> If you are running an earlier version of Internet Explorer, then we recommend upgrading to IE11, so any legacy apps continue to work correctly. - -**Technology not supported by Microsoft Edge** - ActiveX controls + +- Browser Heler Objects + +- VBScript + - x-ua-compatible headers -- <meta> tags + +- \**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. | +| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. | +| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities. | +| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. | +| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. | +| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. | +| **Extension model and HTML5 support** |Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). | +| **Reduced attack surfaces** |Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.
It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. | +--- diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md index ddb428bcc4..4a048616d8 100644 --- a/browsers/edge/group-policies/start-pages-gp.md +++ b/browsers/edge/group-policies/start-pages-gp.md @@ -1,19 +1,19 @@ --- -title: Microsoft Edge - Start pages -description: Configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. +title: Microsoft Edge - Start pages group policies +description: Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. +manager: dougkim ms.author: pashort author: shortpatti -ms.date: 07/25/2018 +ms.localizationpriority: medium +ms.date: 10/02/2018 ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library --- -# Start pages configuration options ->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows* +# Start pages - -Microsoft Edge loads the pages specified in App settings as the default Start pages. You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. +Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes. ## Relevant group policies @@ -21,6 +21,11 @@ Microsoft Edge loads the pages specified in App settings as the default Start pa - [Configure Start Pages](#configure-start-pages) - [Disable Lockdown of Start pages](#disable-lockdown-of-start-pages) +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + + **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** + +## Configuration options  @@ -34,16 +39,3 @@ Microsoft Edge loads the pages specified in App settings as the default Start pa ## Disable Lockdown of Start pages [!INCLUDE [disable-lockdown-of-start-pages-include](../includes/disable-lockdown-of-start-pages-include.md)] - -### Configuration options - -| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** | -| --- | --- | --- | --- | -| Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. | -| Disabled or not configured | Enabled – String | Enabled (any Start page configured in the Configured Start Pages policy) | Load any start page and let users make changes .| -| Enabled (Start page) | Enabled – String | Blank or not configured | Load Start page(s) and prevent users from making changes. | -| Enabled (New tab page) | Enabled – String | Blank or not configured | Load New tab page and prevent users from making changes. | -| Enabled (Previous pages) | Enabled – String | Blank or not configured | Load previously opened pages and prevent users from making changes. | -| Enabled (A specific page or pages) | Enabled – String | Blank or not configured | Load a specific page or pages and prevent users from making changes. | -| Enabled (A specific page or pages) | Enabled – String | Enabled (any Start page configured in Configure Start Pages policy) | Load a specific page or pages and let users make changes. | ---- \ No newline at end of file diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md index 957e790520..19670fa3e2 100644 --- a/browsers/edge/group-policies/sync-browser-settings-gp.md +++ b/browsers/edge/group-policies/sync-browser-settings-gp.md @@ -1,12 +1,14 @@ --- -title: Microsoft Edge - Sync browser settings options -description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. +title: Microsoft Edge - Sync browser settings +description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. +manager: dougkim ms.author: pashort author: shortpatti -ms.date: 08/06/2018 +ms.date: 10/02/2018 +ms.localizationpriority: medium --- -# Sync browser settings options +# Sync browser settings By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. @@ -16,6 +18,9 @@ By default, the “browser” group syncs automatically between the user’s dev - [Do not sync browser settings](#do-not-sync-browser-settings) - [Prevent users from turning on browser syncing](#prevent-users-from-turning-on-browser-syncing) +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + + **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** ## Configuration options @@ -24,8 +29,8 @@ By default, the “browser” group syncs automatically between the user’s dev  -## Verify the configuration -To verify if syncing is turned on or off: +### Verify the configuration +To verify the settings: 1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\). 2. Click **Settings**. 3. Under Account, see if the setting is toggled on or off.
 diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md index 242ecf0298..446721b2a4 100644 --- a/browsers/edge/group-policies/telemetry-management-gp.md +++ b/browsers/edge/group-policies/telemetry-management-gp.md @@ -1,14 +1,20 @@ --- -title: Microsoft Edge - Telemetry and data collection -description: +title: Microsoft Edge - Telemetry and data collection group policies +description: Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. +manager: dougkim ms.author: pashort author: shortpatti -ms.date: 07/29/2018 +ms.date: 10/02/2018 +ms.localizationpriority: medium --- -# Telemetry and data collection +# Telemetry and data collection +Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information. +You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy: + + **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\** ## Allow extended telemetry for the Books tab [!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)] @@ -16,11 +22,8 @@ ms.date: 07/29/2018 ## Configure collection of browsing data for Microsoft 365 Analytics [!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](../includes/configure-browser-telemetry-for-m365-analytics-include.md)] - - ## Configure Do Not Track [!INCLUDE [configure-do-not-track-include.md](../includes/configure-do-not-track-include.md)] - ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start [!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)] \ No newline at end of file diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md deleted file mode 100644 index 307e1293de..0000000000 --- a/browsers/edge/hardware-and-software-requirements.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -description: Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list. -ms.assetid: 3c5bc4c4-1060-499e-9905-2504ea6dc6aa -author: shortpatti -ms.prod: edge -ms.mktglfcycl: support -ms.sitesec: library -ms.pagetype: appcompat -title: Microsoft Edge requirements and language support (Microsoft Edge for IT Pros) -ms.localizationpriority: medium -ms.date: 07/27/2017 ---- - -# Microsoft Edge requirements and language support - ->Applies to: Windows 10, Windows 10 Mobile - - -Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list. - ->[!NOTE] ->The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality, and can't be supported on systems running the LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11. - -## Minimum system requirements -Some of the components in this table might also need additional system resources. Check the component's documentation for more information. - - -| Item | Minimum requirements | -| ------------------ | -------------------------------------------- | -| Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) | -| Operating system |
**Note**
For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
-| Memory |
+[!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)] +
**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**
Also, the users must be signed in with a school or work account.| |
---
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
index b6ebf001c6..4ca5fcad6b 100644
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Enabled (Allowed)*
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
@@ -8,7 +16,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). | | +|Disabled or not configured |0 |0 |Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:
**Computer Configuration\\Administrative Templates\\Windows Components\\App Package Deployment\\**
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). | |
|Enabled
**(default)** |1 |1 |Allowed. | |
---
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index b09c405754..4bef6e6c00 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, version 1802*
+>*Supported versions: Microsoft Edge on Windows 10, version 1802*
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
@@ -8,15 +16,10 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented/not allowed. | |
-|Enabled or not configured
**(default)** |1 |1 |Allowed. Preload Start and New tab pages. | |
+|Disabled |0 |0 |Prevented. | |
+|Enabled or not configured
**(default)** |1 |1 |Allowed. Preload Start and New Tab pages. | |
---
-
-### Configuration options
-
-For more details about configuring the prelaunch and preload options, see [Prelaunch Microsoft Edge and preload tabs in the background](../group-policies/prelaunch-preload-gp.md).
-
### ADMX info and settings
#### ADMX info
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index 7c6889225d..65b23105e2 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -1,6 +1,14 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (Default New tab page loads)*
+>*Default setting: Enabled (Default New Tab page loads)*
[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
@@ -10,9 +18,9 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Not configured |Blank |Blank |Users can choose what loads on the New tab page. |
-|Disabled |0 |0 |Load a blank page instead of the default New tab page and prevent users from changing it. |
-|Enabled **(default)** |1 |1 |Load the default New tab page. |
+|Not configured |Blank |Blank |Users can choose what loads on the New Tab page. |
+|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from changing it. |
+|Enabled **(default)** |1 |1 |Load the default New Tab page. |
---
### ADMX info and settings
@@ -34,4 +42,7 @@
- **Value name:** AllowWebContentOnNewTabPage
- **Value type:** REG_DWORD
+### Related policies
+[Set New Tab page URL](../available-policies.md#set-new-tab-page-url): [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
+
If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. | |
+|Disabled or not configured
**(default)** |0 |0 |Prevented. Use the search engine specified in App settings.
If you enabled this policy and now want to disable it, all previously configured search engines get removed. | | |Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
---
-
-### Configuration options
-
-For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure additional search engines
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
index d7b0fa6adb..c9c70e7638 100644
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
>*Default setting: Enabled or not configured (Does not load content automatically)*
[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
@@ -9,7 +17,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Load and run Adobe Flash content automatically. | |
-|Enabled or not configured
**(default)** |1 |1 |Do not load or run Adobe Flash content automatically. Requires action from the user. | |
+|Enabled or not configured
**(default)** |1 |1 |Do not load or run Adobe Flash content and require action from the user. | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/configure-allow-flash-url-list-include.md b/browsers/edge/includes/configure-allow-flash-url-list-include.md
deleted file mode 100644
index 919215341c..0000000000
--- a/browsers/edge/includes/configure-allow-flash-url-list-include.md
+++ /dev/null
@@ -1,36 +0,0 @@
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting:*
-
-[!INCLUDE [configure-allow-flash-for-url-list-shortdesc](../shortdesc/configure-allow-flash-for-url-list-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-| | | | | |
-| | | | | |
-| | | | | |
----
-
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:**
-- **GP name:**
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[]()
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\
-- **Value name:**
-- **Value type:** REG_DWORD
-
-
Favorites Bar toggle (in Settings) = **Off** and enabled letting users make changes. | +|Disabled |0 |0 |Hidden on all pages.
+**version 1809:**
When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.
### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured |Blank |Blank |If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
-|Enabled |0 |0 |Loads the Start page. |
-|Enabled |1 |1 |Load the New tab page. |
+|Enabled |0 |0 |Load the Start page. |
+|Enabled |1 |1 |Load the New Tab page. |
|Enabled |2 |2 |Load the previous pages. |
|Enabled
**(default)** |3 |3 |Load a specific page or pages. |
---
-### Configuration options
-
-For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
-
>[!TIP]
>If you want to make changes to this policy:
\ **Version 1703 or later:** **Version 1810:** \ **Version 1703 or later:** **Version 1809:** When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
---
-### Configuration options
-
-For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
-
### ADMX info and settings
#### ADMX info
@@ -42,7 +46,7 @@ For more details about configuring the Start pages, see [Start pages configurati
### Related Policies
- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
### Related topics
diff --git a/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md b/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md
deleted file mode 100644
index 3d4feeb168..0000000000
--- a/browsers/edge/includes/do-not-prompt-client-cert-if-only-one-exists-include.md
+++ /dev/null
@@ -1,31 +0,0 @@
-
->*Supported versions: Microsoft Edge on Windows 10* _Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../available-policies.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
+|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off: _Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
+
+
### ADMX info and settings
#### ADMX info
- **GP English name:** Prevent turning off required extensions
@@ -21,7 +31,7 @@
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
-- **MDM name:** Browser/[PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)
+- **MDM name:** [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
- **Data type:** String
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
index 215ccfad37..d6d9abf40f 100644
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -1,5 +1,13 @@
-
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows* Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser. A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab. Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser. **Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab. Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add. If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**. If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. | |
+|Not configured Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add. If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**. If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. | |
---
-### Configuration options
-
-For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
### ADMX info and settings
#### ADMX info
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
index 7e9b36ea77..5fbf5227ad 100644
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows* Enter a URL in string format, for example, https://www.msn.com. |
+|Disabled or not configured For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option. |
---
-### Configuration options
-
-For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
-
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Set Home Button URL
@@ -39,8 +42,8 @@ For more details about configuring the different Home button options, see [Home
### Related policies
-- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-- [Unlock Home Button](../new-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
Enter a URL in string format, for example, https://www.msn.com. |
+|Disabled or not configured Enabling this policy prevents users from making changes. |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
index 75c8366ae9..8b851708f3 100644
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -1,11 +1,20 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, version 1607 and later* Learn more about the latest group policies and features added to Microsoft Edge. Learn about the system requirements and language support for Microsoft Edge. Learn more about the latest group policies and features added to Microsoft Edge. Learn about the supported features & functionality in each Windows edition. Measuring the impact of Microsoft Edge Deploy Internet Explorer 11 (IE11) - IT Pros The single-app public browsing mode is the only kiosk mode that has an ‘End Session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Use the “Configure kiosk reset after idle timeout” policy to set the idle timer, which is set to 5 minutes by default, but you can provide a value of your own. A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
+
+ 
### Multi-app kiosk
When you set up Microsoft Edge kiosk mode in multi-app assigned access, Microsoft Edge runs a limited multi-tab version of InPrivate or a normal browsing version. For more details about running a multi-app kiosk, or fixed-purpose device, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps). Here you learn how to create kiosks that run more than one app and the benefits of a multi-app kiosk, or fixed-purpose device.
The multi-app Microsoft Edge kiosk mode types include:
-3. **Public browsing** supports browsing the internet and runs InPrivate with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate windows. On a multi-app kiosk device, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access. You can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other app(s).
+3. **Public browsing** devices are publicly accessible and supports browsing the internet. Public browsing runs a multi-tab version of InPrivate browsing mode with limited functionality that runs in full-screen mode. In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
- 
+ 
-4. **Normal mode** mode runs a full version of Microsoft Edge, but some features may not work depending on what other apps you configured in assigned access. For example, if Internet Explorer 11 is set up in assigned access, you can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
+4. **Normal mode** devices run a full-featured version of Microsoft Edge (referred to as normal browsing). Some features may not work depending on what other apps you have configured in assigned access. For example, if Internet Explorer 11 is set up in assigned access, you can enable Enterprise Mode to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
- 
+ 
## Let’s get started!
-Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. You can set up Microsoft Edge kiosk mode in assigned access using:
+Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. With assigned access, you restrict a local standard user account so that it only has access to one Windows app, such as Microsoft Edge in kiosk mode. You can set up Microsoft Edge kiosk mode in assigned access using:
-- **Windows Settings.** Best for physically setting up a single device as a kiosk. With this method, you set up assigned access and configure the kiosk or digital sign device using Settings. You can configure Microsoft Edge in single-app (kiosk type – Full-screen or public browsing) and define a single URL for the Home button, Start page, and New tab page. You can also set the reset after an idle timeout.
+- **Windows Settings.** Best for physically setting up a couple of devices as kiosks. You can configure Microsoft Edge in single-app (full-screen or public browsing as the kiosk type) and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout.
- **Microsoft Intune or other MDM service.** Best for setting up multiple devices as a kiosk. With this method, you configure Microsoft Edge in assigned access and configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access.
@@ -69,88 +73,94 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
### Prerequisites
-- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
+- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
-- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the [AppUserModelID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app); this does not apply to the Windows Settings method.
-
->[!Important]
->If you are using a local account as a kiosk account in Intune or provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
+- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the [AppUserModelID](https://docs.microsoft.com/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app); this does not apply to the Windows Settings method.
### Use Windows Settings
-Windows Settings is the simplest and easiest way to set up one or a couple of devices because you must perform these steps on each device. This method is ideal for small businesses.
+Windows Settings is the simplest and easiest way to set up one or a couple of devices because you perform these steps physically on each device. This method is ideal for small businesses.
-1. In Windows Settings, select **Accounts** \> **Other people**.
+When you set up a single-app kiosk device using Windows Settings, you must first set up assigned access before configuring the device. With assigned access, you restrict a local standard user account so that it only has access to one Windows app, such as Microsoft Edge, in kiosk mode.
-2. Under **Set up a kiosk**, select **Assigned access**.
+1. In the search field of Windows Settings, type **kiosk** and then select **Set up a kiosk (assigned access)**.
-3. Select **Get started**.
+2. On the **Set up a kiosk** page, click **Get started**.
-4. Create a standard user account or choose an existing account for your kiosk.
+3. Type a name to create a new account or you can choose an existing account and click **Next**.
-5. Select **Next**.
+4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**.
-6. On the **Choose a kiosk app** page, select **Microsoft Edge.**
-
-7. Select **Next**.
-
-8. Select how Microsoft Edge displays when running in kiosk mode:
+5. Select how Microsoft Edge displays when running in kiosk mode:
- **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls.
- **As a public browser**, the default URL shows in a browser view with limited browser controls.
-9. Select **Next**.
+6. Select **Next**.
-10. Enter the URL that you want to load when the kiosk launches.
+7. Type the URL to load when the kiosk launches.
- >[!NOTE]
- >The URL sets the Home button, Start page, and New tab page.
+ >[!NOTE]
+ >The URL sets the Home button, Start page, and New Tab page.
-11. Microsoft Edge in kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If **Continue** is not selected, Microsoft Edge resets to the default URL. You can accept the default value of **5 minutes**, or you can choose your own idle timer value.
+8. Accept the default value of **5 minutes** for the idle time or provide your own value.
-12. Select **Next**, and then select **Close**.
+ >[!TIP]
+ >Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If the user does not **Continue**, Microsoft Edge resets to the default URL.
-13. Close **Settings** to save your choices automatically and apply them the next time the user account logs on.
+9. Click **Next**.
-14. Configure the policies for Microsoft Edge kiosk mode. For details on the valid kiosk policy settings, see [Relevant policies](#relevant-policies).
+10. Close the **Settings** window to save and apply your choices.
-15. Validate the Microsoft Edge kiosk mode by restarting the device and signing in with the local kiosk account.
+11. Now that you have configured assigned access, selected how Microsoft Edge displays the kiosk, and set the idle timer, you can configure the group policies for Microsoft Edge kiosk mode.
-**_Congratulations!_** You’ve finished setting up Microsoft Edge in assigned access and a kiosk or digital sign, and configured browser policies for Microsoft Edge kiosk mode.
+ >>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
+ >>
+ >> **Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
+
+ - **[Configure kiosk mode](#configure-kiosk-mode)**: Configure the display mode for Microsoft Edge as a kiosk app. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge. For this policy to work, you must configure assigned access; otherwise, Microsoft Edge ignores the settings in this policy.
+
+ - **[Configure kiosk reset after idle timeout](#configure-kiosk-reset-idle-timeout)**: Change the time, in minutes, from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. For this policy to work, you must enable the Configure kiosk mode policy (InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access; otherwise, Microsoft Edge ignores this setting.
+
+ - **[Additional policies for kiosk mode](#additional-policies-for-kiosk-mode)**: We have other new and existing policies that work with Microsoft Edge kiosk mode, such as Allow cookies, Allow printing, Configure Home button, and Configure telemetry for Microsoft 365 analytics. At this time, only a few features work in all kiosk types, for example, Unlock Home button works only in normal browsing.
+
+12. Once you've configured the group policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration.
+
+**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured the group policies for Microsoft Edge kiosk mode.
**_Next steps._**
-- Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
-- If you want to make changes to your kiosk, you can quickly change the display option and default URL for Microsoft Edge.
-
- 1. Go to **Start** \> **Settings** \> **Accounts** \> **Other people**.
-
- 2. Under **Set up a kiosk**, select **Assigned access**.
-
- 3. Make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
+|If you want to... |Then... |
+|---|---|
+|Use your new kiosk |Sign into the device with the kiosk account that you selected to run Microsoft Edge kiosk mode. |
+|Make changes to your kiosk such as change the display option or the URL that loads |  | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Set one or more start pages, URLs, to load when Microsoft Edge launches. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages **Data type:** String **Allowed values:** Enter one or more URLs, for example,  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | Set a custom URL for the New tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
- | **[SetHomeButtonURL](new-policies.md#set-home-button-url)**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
+ | **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
+ | **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**  | Set a custom URL for the New Tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
---
 | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Set one or more start pages, URLs, to load when Microsoft Edge launches. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages **Data type:** String **Allowed values:** Enter one or more URLs, for example,  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | Set a custom URL for the New tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
- | **[SetHomeButtonURL](new-policies.md#set-home-button-url)**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
+ | **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
+ | **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**  | Set a custom URL for the New Tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
---
- The wizard closes and takes you back to the Customizations page.
+
+7. [Apply the provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package) to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime).
**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
@@ -186,7 +201,17 @@ With this method, you can use a provisioning package to configure Microsoft Edge
---
+
## Relevant policies
+We added and updated Microsoft Edge group policies to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure.
+
+### Configure kiosk mode
+[!INCLUDE [configure-microsoft-edge-kiosk-mode-include](includes/configure-microsoft-edge-kiosk-mode-include.md)]
+
+### Configure kiosk reset idle timeout
+[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include](includes/configure-edge-kiosk-reset-idle-timeout-include.md)]
+
+### Additional policies for kiosk mode
Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
@@ -202,57 +227,57 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | 2 |  |  |  |
-| [AllowFullscreen](new-policies.md#allow-fullscreen-mode)\* |  |  |  |  |
+| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | 1 |  |
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
-| [AllowPrelaunch](new-policies.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)\* |  |  |  |  |
-| [AllowPrinting](new-policies.md#allow-printing)\* |  |  |  |  |
-| [AllowSavingHistory](new-policies.md#allow-saving-history)\* |  |  |  |  |
+| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
+| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
+| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
-| [AllowSideloadingOfExtensions](new-policies.md#allow-sideloading-of-extensions)\* |  |  |  |  |
+| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
-| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\* |  |  |  |  |
-| [AllowWebContentOnNewTabPage](available-policies.md#allow-web-content-on-new-tab-page)\* |  |  |  |  |
+| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
+| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
-| [ConfigureFavoritesBar](new-policies.md#configure-favorites-bar)\* |  |  |  |  |
-| [ConfigureHomeButton](new-policies.md#configure-home-button)\* |  |  |  |  |
-| [ConfigureKioskMode](new-policies.md#configure-kiosk-mode)\* |  |  |  |  |
-| [ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)\* |  |  |  |  |
-| [ConfigureOpenMicrosoftEdgeWith](new-policies.md#configure-open-microsoft-edge-with)\* |  |  |  |  |
-| [ConfigureTelemetryForMicrosoft365Analytics](new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)\* |  |  |  |  |
+| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
+| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
+| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
+| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
+| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
+| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
-| [Experience/DoNotSyncBrowserSetting](available-policies.md#do-not-sync-browser-settings)\* and [Experience/PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* |  |  |  |  |
+| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | 1 |  |
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
-| [PreventCertErrorOverrides](new-policies.md#prevent-certificate-error-overrides)\* |  |  |  |  |
+| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
-| [PreventTurningOffRequiredExtensions](new-policies.md#prevent-turning-off-required-extensions)\* |  |  |  |  |
+| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | 1 |  |
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
-| [SetHomeButtonURL](new-policies.md#set-home-button-url)\* |  |  |  |  |
-| [SetNewTabPageURL](new-policies.md#set-new-tab-page-url)\* |  |  |  |  |
+| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
+| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | 1 |  |
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | 1 |  |
-| [UnlockHomeButton](new-policies.md#unlock-home-button)\* |  |  |  |  |
+| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
---
-*\* New policy coming in the next release of Windows 10.*
+*\* New policy as of Windows 10, version 1809.*
*1) For multi-app assigned access, you must configure Internet Explorer 11.*
-
-
-
-| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
-| --- | --- | --- | --- |
-| [Allow fullscreen mode](#allow-fullscreen-mode) | New | [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) | New |
-| [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
-| [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
-| [Allow printing](#allow-printing) | New | [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | New |
-| [Allow Saving History](#allow-saving-history) | New | [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | New |
-| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | New |
-| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
-| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | New |
-| [Configure Favorites Bar](#configure-favorites-bar) | New | [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | New |
-| [Configure Home Button](#configure-home-button) | New | [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | New |
-| [Configure kiosk mode](#configure-kiosk-mode) | New | [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | New |
-| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | New |
-| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | New |
-| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting) | New |
-| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | New |
-| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | [Experience/PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) | New |
-| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing) | New |
-| [Set Home Button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
-| [Set New Tab page URL](#set-new-tab-page-url) | New | [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | New |
-| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | Updated |
-| [Unlock Home Button](#unlock-home-button) | New | [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | New |
----
-
-
-
-
-## Allow fullscreen mode
-[!INCLUDE [allow-full-screen-include](includes/allow-full-screen-include.md)]
-
-## Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
-[!INCLUDE [allow-prelaunch-include](includes/allow-prelaunch-include.md)]
-
-## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
-[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
-
-## Allow printing
-[!INCLUDE [allow-printing-include.md](includes/allow-printing-include.md)]
-
-## Allow Saving History
-[!INCLUDE [allow-saving-history-include.md](includes/allow-saving-history-include.md)]
-
-## Allow sideloading of Extensions
-[!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)]
-
-## Configure collection of browsing data for Microsoft 365 Analytics
-[!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)]
-
-## Configure Favorites Bar
-[!INCLUDE [configure-favorites-bar-include.md](includes/configure-favorites-bar-include.md)]
-
-## Configure Home Button
-[!INCLUDE [configure-home-button-include.md](includes/configure-home-button-include.md)]
-
-## Configure kiosk mode
-[!INCLUDE [configure-microsoft-edge-kiosk-mode-include.md](includes/configure-microsoft-edge-kiosk-mode-include.md)]
-
-## Configure kiosk reset after idle timeout
-[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include.md](includes/configure-edge-kiosk-reset-idle-timeout-include.md)]
-
-## Configure Open Microsoft Edge With
-[!INCLUDE [configure-open-edge-with-include.md](includes/configure-open-edge-with-include.md)]
-
-## Prevent certificate error overrides
-[!INCLUDE [prevent-certificate-error-overrides-include.md](includes/prevent-certificate-error-overrides-include.md)]
-
-## Prevent turning off required extensions
-[!INCLUDE [prevent-turning-off-required-extensions-include.md](includes/prevent-turning-off-required-extensions-include.md)]
-
-## Prevent users from turning on browser syncing
-[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](includes/prevent-users-to-turn-on-browser-syncing-include.md)]
-
-## Set Home Button URL
-[!INCLUDE [set-home-button-url-include](includes/set-home-button-url-include.md)]
-
-## Set New Tab page URL
-[!INCLUDE [set-new-tab-url-include.md](includes/set-new-tab-url-include.md)]
-
-## Show message when opening sites in Internet Explorer
-[!INCLUDE [show-message-opening-sites-ie-include](includes/show-message-opening-sites-ie-include.md)]
-
-## Unlock Home Button
-[!INCLUDE [unlock-home-button-include.md](includes/unlock-home-button-include.md)]
-
diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
deleted file mode 100644
index ae5d5916d8..0000000000
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ /dev/null
@@ -1,119 +0,0 @@
----
-description: Microsoft Edge is designed with significant security improvements over existing browsers, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
-ms.prod: edge
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
-ms.localizationpriority: medium
-ms.date: 10/16/2017
-ms.author: pashort
-author: shortpatti
----
-
-# Security enhancements for Microsoft Edge
-
->Applies to: Windows 10, Windows 10 Mobile
-
-Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
-
-## Help to protect against web-based security threats
-While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:
-
-- **Trickery** uses things like “phishing” attacks to convince a person to enter a banking password into a website that looks like the bank, but isn’t.
-
-- **Hacking** attacks a system through malformed content that exploits subtle flaws in a browser, or in various browser extensions, such as video decoders. This exploit lets an attacker run code on a device, taking over first a browsing session, and perhaps ultimately the entire device.
-
-While trickery and hacking are threats faced by every browser, it’s important that we explore how Microsoft Edge addresses these threats and is helping make the web a safer experience.
-
-### Help against trickery
-Web browsers can help defend your employees against trickery by identifying and blocking known tricks, and by using strong security protocols to ensure that they’re talking to the web site they think they’re talking to.
-
-#### Windows Hello
-Phishing scams get people to enter passwords into a fake version of a trusted website, such as a bank. Attempts to identify legitimate websites through the HTTPS lock symbol and the EV Cert green bar have met with only limited success, since attackers are too good at faking legitimate experiences for many people to notice the difference.
-
-To really address this problem, we need to stop people from entering plain-text passwords into websites. So in Windows 10, we gave you [Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/) technology with asymmetric cryptography that authenticates both the person and the website.
-
-Microsoft Edge is the first browser to natively support Windows Hello as a more personal, seamless, and secure way to authenticate on the web, powered by an early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/).
-
-#### Microsoft SmartScreen
-Microsoft SmartScreen, used in Windows 10 and both Internet Explorer 11 and Microsoft Edge, helps to defend against phishing by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. SmartScreen also helps to defend people against being tricked into installing malicious [socially-engineered software downloads](http://operationstech.about.com/od/glossary/g/Socially-Engineered-Malware.htm and against [drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/smartscreen-drive-by-improvements/). Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software, and may be hosted on trusted sites.
-
-#### Certificate Reputation system
-While people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites. To help address this problem, we introduced the [Certificate Reputation system](https://blogs.msdn.com/b/ie/archive/2014/03/10/certificate-reputation-a-novel-approach-for-protecting-users-from-fraudulent-certificates.aspx) last year. This year, we’ve extended the system to let web developers use the [Bing Webmaster Tools](http://www.bing.com/toolbox/webmaster) to report directly to Microsoft to let us know about fake certificates.
-
-### Help against hacking
-While Microsoft Edge has done much to help defend against trickery, the browser’s “engine” has also been overhauled to resist hacking (attempts to corrupt the browser itself) including a major overhaul of the DOM representation in the browser’s memory, and the security mitigations described here.
-
-#### Microsoft EdgeHTML and modern web standards
-Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused on modern standards that let web developers build and maintain a consistent site across all modern browsers.
-
-The Microsoft EdgeHTML engine also helps to defend against hacking through these new security standards features:
-
-- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
-
-- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
-
->[!NOTE]
->Both Microsoft Edge and Internet Explorer 11 support HSTS.
-
-#### All web content runs in an app container sandbox
-Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](https://windows.microsoft.com/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
-
-Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing a stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
-
-Microsoft Edge takes the sandbox even farther, running its content processes in app containers not just by default, but all of the time. Because Microsoft Edge doesn’t support 3rd party binary extensions, there’s no reason for it to run outside of the containers, ensuring that Microsoft Edge is more secure.
-
-#### Microsoft Edge is now a 64-bit app
-The largest security change to Microsoft Edge is that it's designed like a Universal Windows app. By changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the assorted content processes all live within app container sandboxes; helping to provide the user and the platform with the [confidence](https://blogs.msdn.com/b/b8/archive/2012/05/17/delivering-reliable-and-trustworthy-metro-style-apps.aspx) provided by other Microsoft Store apps.
-
-##### 64-bit processes and Address Space Layout Randomization (ASLR)
-Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
-
-The value of running 64-bit all the time is that it strengthens Windows Address Space Layout Randomization (ASLR). ASLR randomizes the memory layout of the browser processes, making it much harder for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger and, therefore, more difficult for attackers to find the sensitive memory components they’re looking for.
-
-#### New extension model and HTML5 support
-Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
-
-Based on that learning, we’ve stopped supporting binary extensions in Microsoft Edge and instead encourage everyone to use our new, scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/).
-
-#### Reduced attack surfaces
-In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible.
-
-Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility.
-
-#### Code integrity and image loading restrictions
-Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or being injected into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as, UNC or WebDAV) can’t be loaded.
-
-#### Memory corruption mitigations
-Memory corruption happens most frequently to apps written in C or C++ because those languages don’t provide type safety or buffer overflow protection. Broadly speaking, memory corruption attacks happen when an attacker provides malformed input to a program and the program can’t handle it, corrupting the program’s memory state and allowing the attacker to take control of the program.
-
-Over the years, a broad variety of mitigations have been created around memory corruption, but even as these mitigations roll out, attackers adapt and invent new ways to attack. At the same time, we’ve responded with new memory safety defenses, mitigating the most common new forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities.
-
-##### Memory Garbage Collector (MemGC) mitigation
-MemGC is the replacement for Memory Protector, currently turned on for both Microsoft Edge on Windows 10 and Internet Explorer 11 on Windows 7 and newer operating systems. MemGC is a memory garbage collection system that helps to defend the browser from UAF vulnerabilities by taking the responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation detects that there are no more references left pointing to a given block of memory.
-
-##### Control Flow Guard
-Ultimately, attackers use memory corruption attacks to gain control of the CPU program counter so that they can jump to any code location they want. Control Flow Guard is a Microsoft Visual Studio technology that compiles checks around code that performs indirect jumps based on a pointer, restricting those jumps to only go to function entry points with known addresses. This makes attacker take-overs much more difficult by severely constraining where a memory corruption attack can jump to.
-
-#### Designed for security
-We’ve spent countless hours reviewing, testing, and using Microsoft Edge to make sure that you’re more protected than ever before.
-
-##### Fuzzing/Static Analysis
-We’ve devoted more than 670 machine-years to fuzz testing Microsoft Edge and Internet Explorer during product development, including monitoring for possible exceptions such as crashes or memory leaks. We’ve also generated more than 400-billion DOM manipulations from 1-billion HTML files. Because of all of this, hundreds of security issues were addressed before the product shipped.
-
-##### Code Review & Penetration Testing
-Over 70 end-to-end security engagements reviewed all key features, helping to address security implementation and design issues before shipping.
-
-##### Windows REDTEAM
-The Windows REDTEAM emulates the techniques and expertise of skilled, real-world attackers. Exploited Microsoft Edge vulnerabilities discovered through penetration testing can be addressed before public discovery and real-world exploits.
-
-
-
-
-
-
-
-
-
-
diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
index 19e8c5a8a4..7eb5da6bd4 100644
--- a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the Allow a Windows app to share application data between users group policy. Also, the users must be signed in with a school or work account.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
index 4a49c8dc67..d970c98301 100644
--- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
index 6c0c3cf0be..a06ece3f82 100644
--- a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
index 31127ca2d7..75e6fa71ed 100644
--- a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
index e5fd1dde74..69f981f0d4 100644
--- a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
index 2857a93d27..cc694ab73b 100644
--- a/browsers/edge/shortdesc/allow-cortana-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
index b9bab04325..ef095e5733 100644
--- a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
index 1c11de47c0..1bbf337754 100644
--- a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
index 2d1f8ec802..41849af3ef 100644
--- a/browsers/edge/shortdesc/allow-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
index 0ce0f11a60..6f37d4a659 100644
--- a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge allows full-screen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing full-screen mode, users and extensions must have the proper permissions. Disabling this policy prevents full-screen mode in Microsoft Edge.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
index 75def749bb..0171d9c8a5 100644
--- a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
index a56056d3e9..769d1ee379 100644
--- a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
index 405fca5e9c..3d939db8c0 100644
--- a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md
index 5abb3b7dc7..b9e4cf691f 100644
--- a/browsers/edge/shortdesc/allow-printing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
index bec7172c23..e37a1e9bfc 100644
--- a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
index 2b4e25a7c3..e94443a99b 100644
--- a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
index bb723ab0c6..e9e9fd0512 100644
--- a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
index 3b245ca258..b276822d74 100644
--- a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge allows preloading of the Start and New tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
index bad40654c0..9c8dea176e 100644
--- a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge loads the default New tab page. Disabling this policy loads a blank page instead of the New tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New tab page.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge loads the default New Tab page. Disabling this policy loads a blank page instead of the New Tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New Tab page.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
index 7ec95879df..86ac25c632 100644
--- a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
@@ -1 +1,9 @@
-With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data is shared through the SharedLocal folder, which is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
index 9a382427fa..a91b389923 100644
--- a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
index c68642520a..39961b4f01 100644
--- a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
@@ -1 +1,9 @@
-By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. With this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
index c58d446834..d0be48cb2b 100644
--- a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-allow-flash-for-url-list-shortdesc.md b/browsers/edge/shortdesc/configure-allow-flash-for-url-list-shortdesc.md
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
index 247308fee8..1688989ef7 100644
--- a/browsers/edge/shortdesc/configure-autofill-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
@@ -1 +1,9 @@
-By default, users can choose to use the Autofill feature to automatically populate the form fields. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 6a9cce12e0..32abbdf60a 100644
--- a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
index a35c4d0f31..ea5cb7e557 100644
--- a/browsers/edge/shortdesc/configure-cookies-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
index d3026c51e7..f9de9cd2ec 100644
--- a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
index 80383e4f0a..fd49f0e0c9 100644
--- a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
index 4536456e59..0303f69e10 100644
--- a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes. With this policy, you can configure Microsoft Edge to either show or hide the favorites bar on all pages.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
index c5bfae7541..ae90afc8af 100644
--- a/browsers/edge/shortdesc/configure-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
@@ -1 +1,9 @@
-Discontinued in Windows 10, version 1810. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
index 8f31b8505f..7a0260f8ea 100644
--- a/browsers/edge/shortdesc/configure-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-inprivate-shortdesc.md b/browsers/edge/shortdesc/configure-inprivate-shortdesc.md
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
index a0e1cbf398..6515189a19 100644
--- a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
@@ -1 +1,9 @@
-Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal browsing in Microsoft Edge.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
index 4772d2d2dd..3bcba1b944 100644
--- a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
index 7383d68455..5bf099b3ca 100644
--- a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
index 63a62cfff5..0f77b004ba 100644
--- a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
index e89395a2ab..18d5e9bf38 100644
--- a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
@@ -1 +1,10 @@
-Microsoft Edge turns off Pop-up Blocker allowing pop-up windows to appear. Enabling this policy turns on Pop-up Blocker stopping pop-up windows from appearing. Don’t configure this policy to let users choose to use Pop-up Blocker.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
+
diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
index e95e652f45..f9e057b6a5 100644
--- a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
index f027fdb17e..f9b5185f3d 100644
--- a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
index 752f554dca..58dfd6be9a 100644
--- a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
index 9286227f0e..e0c635c0c7 100644
--- a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
index 5e485a0200..93ecd60efe 100644
--- a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
index 69425a77f3..5902fb6656 100644
--- a/browsers/edge/shortdesc/do-not-sync-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge turns on the Sync your Settings toggle in Settings and let users choose what to sync on their device. Enabling this policy turns off and disables the Sync your Settings toggle in Settings, preventing syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option in this policy.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
index 71de365bde..981ef9d876 100644
--- a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
+++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
index 132291b931..95116f7ddc 100644
--- a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
+++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
@@ -1 +1,9 @@
-This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+In this topic, we describe the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
index b13677be33..518f94bdea 100644
--- a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
index 135bd4f574..6330b51213 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of unverified file(s).
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
index 56a2ecdd15..d5eaea4a31 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
index 0d4351e0cb..156b1bb385 100644
--- a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
@@ -1 +1,9 @@
-Web security certificates are used to ensure a site that users go to is legitimate, and in some circumstances, encrypts the data. By default, Microsoft Edge allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
index 195318866f..78c77baf42 100644
--- a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
index 4be519322f..87d3b927ed 100644
--- a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a more complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users a limited experience.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
index f587cc839c..af24d3583b 100644
--- a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -1 +1,9 @@
-By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via a FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
index e428d938ed..7875990600 100644
--- a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
index 1211a69dfa..daa02c5729 100644
--- a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index defb76bdf5..4ba3bff11a 100644
--- a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
index 7f02b200c8..e2ed5da50f 100644
--- a/browsers/edge/shortdesc/provision-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
index c5684bc753..454549bffe 100644
--- a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
+++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
index 296965ba86..79dfd220c1 100644
--- a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
index 839e07428b..c9d57f2140 100644
--- a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
+++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
@@ -1 +1,9 @@
-By default, Microsoft Edge uses the default search engine specified in App settings. In this case, users can make changes to the default search engine at any time unless the Allow search engine customization policy is disabled, which restricts users from making any changes. Disabling this policy removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. Enabling this policy uses the policy-set search engine specified in the OpenSearch XML file, prevent users from changing the default search engine.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
index 80b7cf8040..98fcc7aef2 100644
--- a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
index 35ae30c337..9f27db97ce 100644
--- a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
@@ -1 +1,9 @@
-Microsoft Edge loads the default New tab page by default. Enabling this policy lets you set a New tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/shortdesc-test.md b/browsers/edge/shortdesc/shortdesc-test.md
index 2c796253ef..c1d657d88b 100644
--- a/browsers/edge/shortdesc/shortdesc-test.md
+++ b/browsers/edge/shortdesc/shortdesc-test.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
UI settings for the home button are disabled preventing your users from making changes
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
index 80e4360bb0..a15e780afe 100644
--- a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -1 +1,8 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
\ No newline at end of file
diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
index aff697e8f0..d412d67e72 100644
--- a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
\ No newline at end of file
diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md
new file mode 100644
index 0000000000..b4a16608e7
--- /dev/null
+++ b/browsers/edge/use-powershell-to manage-group-policy.md
@@ -0,0 +1,27 @@
+---
+title: Use Windows PowerShell to manage group policy
+description:
+ms.prod: edge
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
+ms.localizationpriority: medium
+ms.date: 10/02/2018
+ms.author: pashort
+author: shortpatti
+---
+
+# Use Windows PowerShell to manage group policy
+
+Windows PowerShell supports group policy automation of the same tasks you perform in Group Policy Management Console (GPMC) for domain-based group policy objects (GPOs):
+
+- Maintain GPOs (GPO creation, removal, backup, and import)
+- Associate GPOs with Active Directory service containers (group policy link creation, update, and removal)
+- Set permissions on GPOs
+- Modify inheritance flags on Active Directory organization units (OUs) and domains
+- Configure registry-based policy settings and group policy preferences registry settings (update, retrieval, and removal)
+- Create starter GPOs
+
+
+
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
index 175646f824..3ea0832564 100644
--- a/browsers/includes/available-duel-browser-experiences-include.md
+++ b/browsers/includes/available-duel-browser-experiences-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
## Available dual-browser experiences
Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
diff --git a/browsers/includes/configuration-options.md b/browsers/includes/configuration-options.md
deleted file mode 100644
index 2b2516dfe2..0000000000
--- a/browsers/includes/configuration-options.md
+++ /dev/null
@@ -1,11 +0,0 @@
-## Configuration options
-You can make changes to your deployment through the software management system you have chosen.
-
-### Choosing an update channel
-
-### Configure policies using Group Policy Editor
-
-### Configure policies using Registry Editor
-
-### Configure policies using Intune
-
diff --git a/browsers/includes/control-browser-content.md b/browsers/includes/control-browser-content.md
deleted file mode 100644
index e32eda17a8..0000000000
--- a/browsers/includes/control-browser-content.md
+++ /dev/null
@@ -1,18 +0,0 @@
-## Controlling browser content
-This section explains how to control content in the browser.
-
-### Configure Pop-up Blocker
-[configure-pop-up-blocker-include](../edge/includes/configure-pop-up-blocker-include.md)
-
-### Allow exentions
-[allow-extensions-include](../edge/includes/allow-extensions-include.md)
-
-[send-all-intranet-sites-ie-include](../edge/includes/send-all-intranet-sites-ie-include.md)
-
-[keep-fav-sync-ie-edge-include](../edge/includes/keep-fav-sync-ie-edge-include.md)
-
-extensions
-javascript
-Tracking your browser:
-- Do not track
-
diff --git a/browsers/includes/control-browsing-behavior.md b/browsers/includes/control-browsing-behavior.md
deleted file mode 100644
index 067eba3f7d..0000000000
--- a/browsers/includes/control-browsing-behavior.md
+++ /dev/null
@@ -1,90 +0,0 @@
-
-# Control browsing behavior
-This section explains how to contol the behavior of Microsoft Edge in certain circumstances. Besides changing how sites deplay and the look and feel of the browser itself, you can also change how the browser behaves, for example, you can change the settings for security.
-
-
-
-## Security settings
-
-## Cookies
-
-[configure-cookies-include](../edge/includes/configure-cookies-include.md)
-
-## Search engine settings
-...shortdesc of search engines...how admins can control the default search engine...
-
-### Allow address bar suggestions
-[allow-address-bar-suggestions-include](../edge/includes/allow-address-bar-suggestions-include.md)
-
-[configure-search-suggestions-address-bar-include](../edge/includes/configure-search-suggestions-address-bar-include.md)
-
-[allow-search-engine-customization-include](../edge/includes/allow-search-engine-customization-include.md)
-
-[configure-additional-search-engines-include](../edge/includes/configure-additional-search-engines-include.md)
-
-[set-default-search-engine-include](../edge/includes/set-default-search-engine-include.md)
-
-
-
-
-## Extensions
-Extensions allow you to add features and functionality directly into the browser itself. Choose from a range of extensions from the Microsoft Store.
-
-
-
-[Allow Extensions](../edge/available-policies.md#allow-extensions)
-
-[allow-sideloading-extensions-include](../edge/includes/allow-sideloading-extensions-include.md)
-
-[prevent-turning-off-required-extensions-include](../edge/includes/prevent-turning-off-required-extensions-include.md)
-
-## Home button settings
-The Home page...
-
-
-### Scenarios
-You can specify www.bing.com or www.google.com as the startup pages for Microsoft Edge using "HomePages" (MDM) or Configure Start Pages (GP). You can also enable the Disable Lockdown of Start pages (GP) policy or set the the DisableLockdownOfStartPages (MDM) setting to 1 allowing users to change the Microsoft Edge start options. Additionally, you can enable the Disable Lockdown of Start Pages or set the DisableLockdownOfStartPages to 2 locking down the IT-provided URLs, but allowing users to add or remove additional URLs. Users cannot switch Startup setting to another, for example, to load New Tab page or "previous pages" at startup.
-
-### Configuration combinations
-
-| **Configure Home Button** | **Set Home Button URL** | **Unlock Home Button** | **Results** |
-|---------------------------------|-------------------------|------------------------|---------------------------------|
-| Not configured (0/Null default) | N/A | N/A | Shows home button and loads the Start page. |
-| Enabled (1) | N/A | Disabled (0 default) | Shows home button, loads the New tab page, and prevent users from making changes to it. |
-| Enabled (1) | N/A | Disabled (0 default) | Shows home button, loads the New tab page, and let users from making changes to it. |
-| Enabled (2) | Enabled | Disabled (0 default) | Shows home button, loads custom URL defined in the Set Home Button URL policy, prevent users from changing what page loads. |
-| Enabled (2) | Enabled | Enabled | Shows home button, loads custom URL defined in the Set Home Button URL policy, and allow users to change what page loads. |
-| Enabled (3) | N/A | N/A | Hides home button. |
----
-
-[configure-home-button-include](configure-home-button-include.md)
-
-[set-home-button-url-include](set-home-button-url-include.md)
-
-[unlock-home-button-include](unlock-home-button-include.md)
-
-## Start page settings
-
-[configure-start-pages-include](configure-start-pages-include.md)
-
-[disable-lockdown-of-start-pages-include](disable-lockdown-of-start-pages-include.md)
-
-
-
-## New Tab page settings
-
-[set-new-tab-url-include](set-new-tab-url-include.md)
-
-[allow-web-content-new-tab-page-include](allow-web-content-new-tab-page-include.md)
-
-
-## Exit tasks
-
-[allow-clearing-browsing-data-include](allow-clearing-browsing-data-include.md)
-
-
-## Kiosk mode
-
-[Configure kiosk mode](configure-microsoft-edge-kiosk-mode-include.md)
-
-[Configure kiosk reset after idle timeout](configure-edge-kiosk-reset-idle-timeout-include.md)
diff --git a/browsers/includes/customize-look-and-feel.md b/browsers/includes/customize-look-and-feel.md
deleted file mode 100644
index 5bada8092e..0000000000
--- a/browsers/includes/customize-look-and-feel.md
+++ /dev/null
@@ -1,2 +0,0 @@
-## Customize the look and feel
-
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
index 21a3238bd5..40a63009d1 100644
--- a/browsers/includes/helpful-topics-include.md
+++ b/browsers/includes/helpful-topics-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
## Helpful information and additional resources
- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
index 2e8b76896b..02ad5fe86d 100644
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
>[!IMPORTANT]
diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md
index 5937eb6bef..f980f943ee 100644
--- a/browsers/includes/interoperability-goals-enterprise-guidance.md
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
## Interoperability goals and enterprise guidance
Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
diff --git a/devices/hololens/images/minimenu.png b/devices/hololens/images/minimenu.png
new file mode 100644
index 0000000000..7aa0018011
Binary files /dev/null and b/devices/hololens/images/minimenu.png differ
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 4c0c6061ea..b6515bbde1 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -38,115 +38,66 @@ Some of the apps show up in multiple tables - that's because their status change
System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803.
-| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
-|------------------|--------------------------------------------|:----:|:----:|:----:|:----------------------------------:|
-| Cortana UI | CortanaListenUIApp | x | | |No |
-| | Desktop Learning | x | | |No |
-| | DesktopView | x | | |No |
-| | EnvironmentsApp | x | | |No |
-| Mixed Reality + | HoloCamera | x | | |No |
-| Mixed Reality + | HoloItemPlayerApp | x | | |No |
-| Mixed Reality + | HoloShell | x | | |No |
-| | InputApp | | x | x |No |
-| | Microsoft.AAD.BrokerPlugin | x | x | x |No |
-| | Microsoft.AccountsControl | x | x | x |No |
-| Hello setup UI | Microsoft.BioEnrollment | x | x | x |No |
-| | Microsoft.CredDialogHost | x | x | x |No |
-| | Microsoft.ECApp | | x | x |No |
-| | Microsoft.LockApp | x | x | x |No |
-| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x |No |
-| | Microsoft.PPIProjection | x | x | x |No |
-| | Microsoft.Windows.Apprep.ChxApp | x | x | x |No |
-| | Microsoft.Windows.AssignedAccessLockApp | x | x | x |No |
-| | Microsoft.Windows.CloudExperienceHost | x | x | x |No |
-| | Microsoft.Windows.ContentDeliveryManager | x | x | x |No |
-| Cortana | Microsoft.Windows.Cortana | x | x | x |No |
-| | Microsoft.Windows.Holographic.FirstRun | x | x | x |No |
-| | Microsoft.Windows.ModalSharePickerHost | x | | |No |
-| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x |No |
-| | Microsoft.Windows.OOBENetworkConnectionFlow| x | x | x |No |
-| | Microsoft.Windows.ParentalControls | x | x | x |No |
-| People Hub | Microsoft.Windows.PeopleExperienceHost | | x | x |No |
-| | Microsoft.Windows.PinningConfirmationDialog| | x | x |No |
-| | Microsoft.Windows.SecHealthUI | x | x | x |No |
-| | Microsoft.Windows.SecondaryTileExperience | x | x | |No |
-| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x |No |
-| Start | Microsoft.Windows.ShellExperienceHost | x | x | x |No |
-| Windows Feedback | Microsoft.WindowsFeedback | * | * | |No |
-| | Microsoft.XboxGameCallableUI | x | x | x |No |
-| Contact Support\* | Windows.ContactSupport | x | * | |via Optional Features app |
-| Settings | Windows.ImmersiveControlPanel | x | x | |No |
-| Connect | Windows.MiracastView | x | | |No |
-| Print 3D | Windows.Print3D | | x | |Yes |
-| Print UI | Windows.PrintDialog | x | x | x |No |
-| Purchase UI | Windows.PurchaseDialog | | | x |No |
-| | Microsoft.AsyncTextService | | | x |No |
-| | Microsoft.MicrosoftEdgeDevToolsClient | | | x |No |
-| | Microsoft.Win32WebViewHost | | | x |No |
-| | Microsoft.Windows.CapturePicker | | | x |No |
-| | Windows.CBSPreview | | | x |No |
-|File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x |No |
-|File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x |No |
-|App Resolver | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x |No |
-|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|| | x |No |
-
->[!NOTE]
->\* The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
-
-## Provisioned Windows apps
-
-Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709, and 1803.
-
-| App Name (Canonical) | Display Name | 1703 | 1709 | 1803 | Uninstall via UI? |
-|--------------------------------|------------------------|:-----:|:----:|:----:|:-----------------:|
-| 3D Builder | [Microsoft.3DBuilder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | Yes |
-| App Installer | [Microsoft.DesktopAppInstaller](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | Via Settings App |
-| Feedback Hub | [Microsoft.WindowsFeedbackHub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | Yes |
-| Get Help | [Microsoft.GetHelp](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | No |
-| Get Office | [Microsoft.MicrosoftOfficeHub](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | Yes |
-| Groove Music | [Microsoft.ZuneMusic](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | No |
-| Mail and Calendar | [Microsoft.windowscommunicationsapps](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | No |
-| Microsoft Messaging | [Microsoft.Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | No |
-| Microsoft People | [Microsoft.People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | No |
-| Microsoft Photos | [Microsoft.Windows.Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | No |
-| Microsoft Solitaire Collection | [Microsoft.MicrosoftSolitaireCollection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | Yes |
-| Microsoft Sticky Notes | [Microsoft.MicrosoftStickyNotes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | No |
-| Microsoft Tips | [Microsoft.Getstarted](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | Yes |
-| Mixed Reality Viewer | [Microsoft.Microsoft3DViewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | No |
-| Movies & TV | [Microsoft.ZuneVideo](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | No |
-| MSN Weather (BingWeather | [Microsoft.BingWeather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | Yes |
-| One Note | [Microsoft.Office.OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | Yes |
-| Paid Wi-Fi & Cellular | [Microsoft.OneConnect](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | Yes |
-| Paint 3D | [Microsoft.MSPaint](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | No |
-| Print 3D | [Microsoft.Print3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | No |
-| Skype | [Microsoft.SkypeApp](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | Yes |
-| Store Purchase App\* | App not available in store | x | x | x | No |
-| Wallet | App not available in store | x | x | x | No |
-| Web Media Extensions | [Microsoft.WebMediaExtensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | No |
-| Windows Alarms & Clock | [Microsoft.WindowsAlarms](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | No |
-| Windows Calculator | [Microsoft.WindowsCalculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | No |
-| Windows Camera | [Microsoft.WindowsCamera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | No |
-| Windows Maps | [Microsoft.WindowsMaps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | No |
-| Windows Store | [Microsoft.WindowsStore](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | No |
-| Windows Voice Recorder | [Microsoft.SoundRecorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | No |
-| Xbox | [Microsoft.XboxApp](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | No |
-| Xbox Game Bar | [Microsoft.XboxGameOverlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | No |
-| Xbox Gaming Overlay | [Microsoft.XboxGamingOverlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | No |
-| Xbox Identity Provider | [Microsoft.XboxIdentityProvider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | No |
-| Xbox Speech to Text Overlay | App not available in store | x | x | x | No |
-| Xbox TCUI | [Microsoft.Xbox.TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | No |
-
->[!NOTE]
->\* The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
-
-
+| Name | Full name |1703 | 1709 | 1803 |Uninstall through UI? |
+|------------------|-------------------------------------------|:------:|:------:|:------:|-------------------------------------------------------|
+| Cortana UI | CortanaListenUIApp | x | | |No |
+| | Desktop Learning | x | | |No |
+| | DesktopView | x | | |No |
+| | EnvironmentsApp | x | | |No |
+| Mixed Reality + | HoloCamera | x | | |No |
+| Mixed Reality + | HoloItemPlayerApp | x | | |No |
+| Mixed Reality + | HoloShell | x | | |No |
+| | InputApp | | x | x |No |
+| | Microsoft.AAD.Broker.Plugin | x | x | x |No |
+| | Microsoft.AccountsControl | x | x | x |No |
+| Hello setup UI | Microsoft.BioEnrollment | x | x | x |No |
+| | Microsoft.CredDialogHost | x | x | x |No |
+| | Microsoft.ECApp | | x | x |No |
+| | Microsoft.LockApp | x | x | x |No |
+| Microsoft Edge | Microsoft.Microsoft.Edge | x | x | x |No |
+| | Microsoft.PPIProjection | x | x | x |No |
+| | Microsoft.Windows. Apprep.ChxApp | x | x | x |No |
+| | Microsoft.Windows. AssignedAccessLockApp | x | x | x |No |
+| | Microsoft.Windows. CloudExperienceHost | x | x | x |No |
+| | Microsoft.Windows. ContentDeliveryManager | x | x | x |No |
+| Cortana | Microsoft.Windows.Cortana | x | x | x |No |
+| | Microsoft.Windows. Holographic.FirstRun | x | x | x |No |
+| | Microsoft.Windows. ModalSharePickerHost | x | | |No |
+| | Microsoft.Windows. OOBENetworkCaptivePort | x | x | x |No |
+| | Microsoft.Windows. OOBENetworkConnectionFlow | x | x | x |No |
+| | Microsoft.Windows. ParentalControls | x | x | x |No |
+| People Hub | Microsoft.Windows. PeopleExperienceHost | | x | x |No |
+| | Microsoft.Windows. PinningConfirmationDialog | | x | x |No |
+| | Microsoft.Windows. SecHealthUI | x | x | x |No |
+| | Microsoft.Windows. SecondaryTileExperience | x | x | |No |
+| | Microsoft.Windows. SecureAssessmentBrowser | x | x | x |No |
+| Start | Microsoft.Windows. ShellExperienceHost | x | x | x |No |
+| Windows Feedback | Microsoft.WindowsFeedback | * | * | |No |
+| | Microsoft.XboxGameCallableUI | x | x | x |No |
+| Contact Support* | Windows.ContactSupport | x | * | |Via Optional Features app |
+| Settings | Windows.ImmersiveControlPanel | x | x | |No |
+| Connect | Windows.MiracastView | x | | |No |
+| Print 3D | Windows.Print3D | | x | |Yes |
+| Print UI | Windows.PrintDialog | x | x | x |No |
+| Purchase UI | Windows.PurchaseDialog | | | x |No |
+| | Microsoft.AsyncTextService | | | x |No |
+| | Microsoft.MicrosoftEdgeDevToolsClient | | | x |No |
+| | Microsoft.Win32WebViewHost | | | x |No |
+| | Microsoft.Windows.CapturePicker | | | x |No |
+| | Windows.CBSPreview | | | x |No |
+|File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x |No |
+|File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x |No |
+|App Resolver | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x |No |
+|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE|| | x |No |
+> [!NOTE]
+> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
## Installed Windows apps
Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
-| Name | DisplayName | 1703 | 1709 | 1803 |Uninstall through UI? |
+| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
|--------------------|------------------------------------------|:----:|:----:|:----:|:----------------------:|
| Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes |
| PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes |
@@ -176,13 +127,14 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a
| | Microsoft.VCLibs.120.00.Universal | | x | | Yes |
| | Microsoft.VCLibs.140.00.UWPDesktop | | | x | Yes |
| | Microsoft.WinJS.2.0 | x | | | Yes |
+---
## Provisioned Windows apps
Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709, and 1803.
| Name | Full name | 1703 | 1709 | 1803 | Uninstall through UI? |
-|---------------------------------|----------------------------------------|:------:|:------:|:------:|---------------------------|
+|---------------------------------|----------------------------------------|:------:|:------:|:------:|:---------------------------:|
| 3D Builder | Microsoft.3DBuilder | x | | | Yes |
| Alarms & Clock | Microsoft.WindowsAlarms | x | x | x | No |
| App Installer | Microsoft.DesktopAppInstaller | x | x | x | Via Settings App |
@@ -221,7 +173,8 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709,
| | Microsoft.XboxGameOverlay | x | x | x | No |
| | Microsoft.XboxGamingOverlay | | | x | No |
| | Microsoft.XboxIdentityProvider | x | x | x | No |
-| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No |
+| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No |
+---
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index f36c6be04b..20b71d39e8 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -9,7 +9,7 @@ ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 05/16/2018
+ms.date: 10/02/2018
---
# Enable or block Windows Mixed Reality apps in the enterprise
@@ -34,8 +34,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
- a. Download [the FOD .cab file for Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) or [the FOD .cab file for Windows 10, version 1709]
- (http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+ a. Download the FOD .cab file for [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
>[!NOTE]
>You must download the FOD .cab file that matches your operating system version.
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 01387c62d6..3225ed9730 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
-ms.date: 08/28/2018
+ms.date: 10/02/2018
---
# Create mandatory user profiles
@@ -39,7 +39,7 @@ The name of the folder in which you store the mandatory profile must use the cor
| Windows 8 | Windows Server 2012 | v3 |
| Windows 8.1 | Windows Server 2012 R2 | v4 |
| Windows 10, versions 1507 and 1511 | N/A | v5 |
-| Windows 10, versions 1607, 1703, 1709, and 1803 | Windows Server 2016 | v6 |
+| Windows 10, versions 1607, 1703, 1709, 1803, and 1809 | Windows Server 2016 | v6 |
For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index b31a602fc2..44209b479a 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -873,7 +873,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-fullscreen-mode-shortdesc](../../../browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md)]
@@ -1211,7 +1211,7 @@ To verify AllowPopups is set to 0 (not allowed):
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-prelaunch-shortdesc](../../../browsers/edge/shortdesc/allow-prelaunch-shortdesc.md)]
@@ -1280,7 +1280,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-printing-shortdesc](../../../browsers/edge/shortdesc/allow-printing-shortdesc.md)]
@@ -1350,7 +1350,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-saving-history-shortdesc](../../../browsers/edge/shortdesc/allow-saving-history-shortdesc.md)]
@@ -1549,7 +1549,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../../../browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
@@ -1688,7 +1688,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-tab-preloading-shortdesc](../../../browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md)]
@@ -1757,7 +1757,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../../../browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
@@ -2029,7 +2029,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-favorites-bar-shortdesc](../../../browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md)]
@@ -2099,7 +2099,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-home-button-shortdesc](../../../browsers/edge/shortdesc/configure-home-button-shortdesc.md)]
@@ -2174,7 +2174,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-kiosk-mode-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md)]
@@ -2252,7 +2252,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
@@ -2324,7 +2324,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../../../browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
@@ -2407,7 +2407,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../../../browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
@@ -2970,7 +2970,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../../../browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
@@ -3620,7 +3620,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [set-home-button-url-shortdesc](../../../browsers/edge/shortdesc/set-home-button-url-shortdesc.md)]
@@ -3689,7 +3689,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [set-new-tab-url-shortdesc](../../../browsers/edge/shortdesc/set-new-tab-url-shortdesc.md)]
@@ -3897,7 +3897,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1810*
[!INCLUDE [unlock-home-button-shortdesc](../../../browsers/edge/shortdesc/unlock-home-button-shortdesc.md)]
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index b434ae89f0..af4f71427d 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -69,10 +69,10 @@
### [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-packages/provisioning-powershell.md)
### [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md)
### [Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md)
+#### [Changes to settings in Windows Configuration Designer](wcd/wcd-changes.md)
#### [AccountManagement](wcd/wcd-accountmanagement.md)
#### [Accounts](wcd/wcd-accounts.md)
#### [ADMXIngestion](wcd/wcd-admxingestion.md)
-#### [ApplicationManagement](wcd/wcd-applicationmanagement.md)
#### [AssignedAccess](wcd/wcd-assignedaccess.md)
#### [AutomaticTime](wcd/wcd-automatictime.md)
#### [Browser](wcd/wcd-browser.md)
@@ -98,8 +98,10 @@
#### [Folders](wcd/wcd-folders.md)
#### [HotSpot](wcd/wcd-hotspot.md)
#### [InitialSetup](wcd/wcd-initialsetup.md)
-#### [InternetExplorer](wcd/wcd-internetexplorer.md)
-#### [Licensing](wcd/wcd-licensing.md)
+#### [InternetExplorer](wcd/wcd-internetexplorer.md)
+#### [KioskBrowser](wcd/wcd-kioskbrowser.md)
+#### [Licensing](wcd/wcd-licensing.md)
+#### [Location](wcd/wcd-location.md)
#### [Maps](wcd/wcd-maps.md)
#### [Messaging](wcd/wcd-messaging.md)
#### [ModemConfigurations](wcd/wcd-modemconfigurations.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 469b9d0261..3483fedd7a 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -10,13 +10,19 @@ ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 09/17/2018
+ms.date: 10/02/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## RELEASE: Windows 10, version 1809
+
+The topics in this library have been updated for Windows 10, version 1809. The following new topic has been added:
+
+- [Changes to settings in Windows Configuration Designer](wcd/wcd-changes.md)
+
## September 2018
New or changed topic | Description
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 92e0a97c03..06a64d0755 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -9,7 +9,7 @@ author: jdeckerms
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 08/15/2018
+ms.date: 10/02/2018
---
# Guidelines for choosing an app for assigned access (kiosk mode)
@@ -43,7 +43,9 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
## Guidelines for web browsers
-In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
+In Windows 10, version 1809, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
+
+In Windows 10, version 1803 and later, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@@ -134,8 +136,6 @@ Entry | Result
### Other browsers
->[!NOTE]
->Microsoft Edge and any third-party web browsers that can be set as a default browser have special permissions beyond that of most Windows apps. Microsoft Edge is not currently supported for assigned access.
You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index e4e836e249..346ce64c96 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 10/02/2018
---
# Prepare a device for kiosk configuration
@@ -28,7 +28,8 @@ For a more secure kiosk experience, we recommend that you make the following con
Recommendation | How to
--- | ---
-Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:`HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled`[Learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002)You must restart the device after changing the registry.
+Hide update notifications
If you do not want to send traffic to Microsoft, use the \
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
+|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:
If you do not want to send traffic to Microsoft, use the \
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
---
-### Configuration options
-
-For more details about configuring the Start pages, see [Start pages configuration options](../group-policies/start-pages-gp.md).
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Start pages
@@ -40,7 +44,7 @@ For more details about configuring the Start pages, see [Start pages configurati
- [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages-include): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-- [Configure Open Microsoft Edge With](../new-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index b9545d480d..cece4ab0bc 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Enabled (Turned on)*
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
index 06a0642481..3bdfcb5675 100644
--- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Enabled (Start pages are not editable)*
@@ -8,14 +16,10 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Not configured |0 |0 |Lock down Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy. | |
+|Not configured |0 |0 |Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. | |
|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.
->*Default setting: Disabled or not configured*
-
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-| | | | | |
-| | | | | |
-| | | | | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:**
-- **GP name:**
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[]()
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\
-- **Value name:**
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
index 2424c7de85..03f9746a15 100644
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Disabled or not configured (Allowed/turned on)*
@@ -12,10 +20,6 @@
|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the _Sync your Settings_ option. |
---
-### Configuration options
-
-For more details about configuring the browser syncing options, see [Sync browser settings options](../group-policies/sync-browser-settings-gp.md).
-
### ADMX info and settings
#### ADMX info
@@ -37,7 +41,7 @@ For more details about configuring the browser syncing options, see [Sync browse
### Related policies
-[Prevent users from turning on browser syncing](../new-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+[Prevent users from turning on browser syncing](../available-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
index 8a8b4770f2..e572ce631a 100644
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Disabled or not configured (Allowed/turned on)*
diff --git a/browsers/edge/includes/edge-respects-applocker-lists-include.md b/browsers/edge/includes/edge-respects-applocker-lists-include.md
deleted file mode 100644
index 60b8d8f5e0..0000000000
--- a/browsers/edge/includes/edge-respects-applocker-lists-include.md
+++ /dev/null
@@ -1,22 +0,0 @@
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled or not configured
-
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-| | | | | |
-| | | | | |
-| | | | | |
----
-
-### ADMX info and settings
-| | |
-|---|---|
-|ADMX info |
|
-|MDM settings |
|
-|Registry |
|
----
-
-
----
\ No newline at end of file
diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
index f724a38af6..29285e2d27 100644
--- a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
+++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
[Enable your device for development](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
\ No newline at end of file
diff --git a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
index ed4e9b1019..d3d116dc84 100644
--- a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
+++ b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*
>*Default setting: Disabled or not configured*
@@ -5,3 +13,7 @@ By default, all sites open the currently active browser. With this policy, you c
>[!NOTE]
>If you’ve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.
+
+You can find the group policy settings in the following location of the Group Policy Editor:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\**
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
index b1dda60948..cd98f1a8c3 100644
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
>*Default setting: Disabled or not configured (Turned off/not syncing)*
diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
index c0590648fa..7884bbe03b 100644
--- a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
+++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
@@ -1 +1,9 @@
-[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
\ No newline at end of file
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows and evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
index 2ec1c055f5..b7cb5483d1 100644
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
>*Default setting: Disabled or not configured (Allowed)*
@@ -8,8 +16,8 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled or not configured
**(default)** |0 |0 |Allowed. | |
-|Enabled |1 |1 |Prevents users from accessing the about:flags page. | |
+|Disabled or not configured
**(default)** |0 |0 |Allowed | |
+|Enabled |1 |1 |Prevented | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
index e547317eb3..511434ab4e 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
>*Default setting: Disabled or not configured (Allowed/turned off)*
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
index e57bb9f213..01a87fe00e 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
>*Default setting: Disabled or not configured (Allowed/turned off)*
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
index 052ef6499e..edc6eb48d8 100644
--- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -1,6 +1,14 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Disabled or not configured (Allowed/turned off)*
[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
index 4bbb97f4b0..9807f5b9ce 100644
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
>*Default setting: Disabled or not configured (Allowed/not locked down)*
@@ -8,7 +16,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled or not configured
**(default)** |0 |0 |Allowed/not locked down. Users can add, import, and make changes to the Favorites list. | |
+|Disabled or not configured
**(default)** |0 |0 |Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | |
|Enabled |1 |1 |Prevented/locked down. | |
---
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
index 21acfb5de4..09f5a55707 100644
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
>*Default setting: Disabled or not configured (Allowed)*
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
index cfc5af6f08..39a929269e 100644
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
>*Default setting: Disabled or not configured (Collect and send)*
@@ -9,7 +17,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured
**(default)** |0 |0 |Collect and send Live Tile metadata. | |
-|Enabled |1 |1 |No data collected. | |
+|Enabled |1 |1 |Do not collect data. | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
index 4b5e20e3cb..bd72138fb1 100644
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
>*Default setting: Disabled or not configured (Allowed/show localhost IP addresses)*
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
index 67f9bab3e2..12aad63505 100644
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -1,6 +1,14 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Disabled or not configured (Allowed)*
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
@@ -10,9 +18,11 @@
|Group Policy |Description |
|---|---|
|Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
-|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Enabled or not configured (Prevented/turned off)*
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
@@ -11,10 +19,6 @@
|Enabled or not configured
**(default)** |1 |1 |Prevented/turned off. |
---
-### Configuration options
-
-For more details about configuring the browser syncing options, see [Sync browser settings options](../group-policies/sync-browser-settings-gp.md).
-
### ADMX info and settings
#### ADMX info
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index f0398c27c6..97c708932b 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
>*Default setting: Disabled or not configured (Customizable)*
diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
index e550bc4e57..2f7d7dab86 100644
--- a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
+++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
@@ -1 +1,9 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
[Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
index 904c78270d..fa61ceaac2 100644
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10*
>*Default setting: Disabled or not configured*
@@ -13,7 +21,7 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured
**(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. | |
-|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.
| |
+|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** and click **Enable**.
| |
---
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md
index 4a65053d39..5458337ff4 100644
--- a/browsers/edge/includes/set-default-search-engine-include.md
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@@ -1,3 +1,11 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
>*Default setting: Not configured (Defined in App settings)*
@@ -8,15 +16,12 @@
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Not configured
**(default)** |Blank |Blank |Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../available-policies.md#allow-search-engine-customization) policy, users cannot make changes. | |
-|Disabled |0 |0 |Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. | |
-|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.
**(default)** |Blank |Blank |Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | |
+|Disabled |0 |0 |Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | |
+|Enabled |1 |1 |Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
@@ -8,16 +16,11 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Disabled or not configured
**(default)** |Blank |Blank |Show the home button and loads the Start page and locks down the home button to prevent users from changing what page loads. |
-|Enabled - String |String |String |Load a custom URL for the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.
**(default)** |Blank |Blank |Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. |
+|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
index ffd31bd264..d558c67cf7 100644
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
@@ -8,8 +16,8 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Disabled or not configured
**(default)** |Blank |Blank |Load the default New tab page. |
-|Enabled - String |String |String |Prevent users from changing the New tab page.
**(default)** |Blank |Blank |Load the default New Tab page. |
+|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*
>*Default setting: Disabled or not configured (No additional message)*
[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
@@ -15,9 +24,6 @@
|Enabled |2 |2 |Show an additional message with a _Keep going in Microsoft Edge_ link to allow users to open the site in Microsoft Edge. | |
---
-### Configuration options
-For more details about configuring the search engine, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md).
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Show message when opening sites in Internet Explorer
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
index e6cb4d2e9f..6ca46698db 100644
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -1,5 +1,13 @@
+---
+author: shortpatti
+ms.author: pashort
+ms.date: 10/02/2018
+ms.prod: edge
+ms:topic: include
+---
+
->*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
>*Default setting: Disabled or not configured (Home button is locked)*
[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
@@ -8,15 +16,10 @@
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Disabled or not configured
**(default)** |0 |0 |Lock down and prevent users from making changes to the home button settings. |
-|Enabled |1 |1 |Let users make changes. |
+|Disabled or not configured
**(default)** |0 |0 |Locked, preventing users from making changes. |
+|Enabled |1 |1 |Unlocked, letting users make changes. |
---
-
-### Configuration options
-
-For more details about configuring the different Home button options, see [Home button configuration options](../group-policies/home-button-gp.md).
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Unlock Home Button
@@ -37,9 +40,9 @@ For more details about configuring the different Home button options, see [Home
### Related policies
-- [Configure Home Button](../new-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-- [Set Home Button URL](../new-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
\ No newline at end of file
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index f70b140995..5798e4ee62 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -12,7 +12,7 @@ metadata:
description:
- text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+ text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10
@@ -50,6 +50,16 @@ sections:
items:
+ - href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/change-history-for-microsoft-edge
+
+ html:
->Preview build 17723
+>Applies to: Microsoft Edge on Windows 10, version 1809
-Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
+In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk (referred to as Microsoft Edge kiosk mode). We added and updated Microsoft Edge group policies to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure.
-When you configure Microsoft Edge kiosk mode in assigned access, you can set it up to show only a single URL in full-screen, in the case of digital/interactive signage on a single-app kiosk device. You can restrict Microsoft Edge for public browsing (on a single and multi-app kiosk device) which runs a multi-tab version of InPrivate with limited functionality. Also, you can configure a multi-app kiosk device to run a full or normal version of Microsoft Edge.
+Microsoft Edge kiosk mode works with assigned access, which lets IT administrators create a tailored browsing experience designed for kiosk devices. Assigned access prevents users from accessing the file system and running other apps from Microsoft Edge, such as the address bar or downloads. For example, you can configure Microsoft Edge to load only a single URL in full-screen mode when you configure digital/interactive signage on a single-app kiosk device.
-Digital/Interactive signage and public browsing protects the user’s data by running Microsoft Edge InPrivate. In single-app public browsing, there is both an idle timer and an 'End Session' button. The idle timer resets the browsing session after a specified time of user inactivity.
+In addition to digital/interactive signage, you can configure Microsoft Edge for public browsing either on a single and multi-app kiosk device. Public browsing runs a multi-tab version of InPrivate browsing mode with limited functionality to run in full-screen mode or normal browsing of Microsoft Edge.
-In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to setup your Microsoft Edge kiosk mode experience.
+Both digital/interactive signage and public browsing help protect the user’s data by running Microsoft Edge with InPrivate browsing. In single-app public browsing, there is both an ‘End Session’ button that users click to end the browsing session or that resets the session after a specified time of user inactivity. The idle timer is set to 5 minutes by default, but you can choose a value of your own.
+In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
## Microsoft Edge kiosk types
-Microsoft Edge kiosk mode supports **four** types, depending on how Microsoft Edge is set up in assigned access; single-app or multi-app kiosk. Learn more about [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access).
+Depending on how Microsoft Edge is set up in assigned access, Microsoft Edge kiosk mode supports four types, single-app or multi-app kiosk mode with both supporting public browsing. Learn more about [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access).
### Single-app kiosk
@@ -34,29 +34,33 @@ When you set up Microsoft Edge kiosk mode in single-app assigned access, Microso
The single-app Microsoft Edge kiosk mode types include:
-1. **Digital / Interactive signage** devices display a specific site in full-screen mode in which Microsoft Edge runs InPrivate mode. Examples of Digital signage are a rotating advertisement or menu. Examples of Interactive signage include an interactive museum display or a restaurant order/pay station.
+1. **Digital / Interactive signage** devices display a specific site in full-screen mode that runs InPrivate browsing mode.
-2. **Public browsing** devices run a limited multi-tab version of InPrivate and Microsoft Edge is the only app available. Users can’t minimize, close, or open new Microsoft Edge windows or customize Microsoft Edge. Users can clear browsing data, downloads and restart Microsoft Edge by clicking the “End session” button. You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. A public library or hotel concierge desk are two examples of public browsing in single-app kiosk device.
+ - **Digital signage** does not require user interaction and best used for a rotating advertisement or menu.
- 
+ - **Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet. Use interactive signage for things like a building business directory or restaurant order/pay station.
+
+2. **Public browsing** devices are publicly accessible and run a limited multi-tab version of InPrivate browsing in Microsoft Edge, which is the only app available on the device. Users can’t minimize, close, or open new Microsoft Edge windows or customize Microsoft Edge.
|
+---
### Use Microsoft Intune or other MDM service
With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device.
+>[!IMPORTANT]
+>If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
+
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
2. Configure the following MDM settings to control a web browser app on the kiosk device and then restart the device.
| | |
|---|---|
- | **[ConfigureKioskMode](new-policies.md#configure-kiosk-mode)**
|
- | **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**
|
+ | **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
|
+ | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**
|
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**
\
|
- | **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**
|
+ | **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**
-**_Congratulations!_** You’ve finished setting up a kiosk or digital signage and configuring policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
+**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
@@ -158,27 +168,32 @@ With this method, you can use Microsoft Intune or other MDM services to configur
With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
-1. Open Windows Configuration Designer to create a provisioning package and configure Microsoft Edge in assigned access.
+>[!IMPORTANT]
+>If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
-2. After creating the provisioning package and configuring assigned access, and before you build the package, switch to the advanced editor.
+1. Open Windows Configuration Designer and select **Provision Kiosk devices**.
-3. Navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
+2. Name your project, and click **Next**.
+
+3. [Set up a kiosk](https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#set-up-a-kiosk-using-the-kiosk-wizard-in-windows-configuration-designer).
+
+4. Switch to the advanced editor and navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
| | |
|---|---|
- | **[ConfigureKioskMode](new-policies.md#configure-kiosk-mode)**
|
- | **[ConfigureKioskResetAfterIdleTimeout](new-policies.md#configure-kiosk-reset-after-idle-timeout)**
|
+ | **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
|
+ | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**
|
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**
\
|
- | **[SetNewTabPageURL](new-policies.md#set-new-tab-page-url)**
|
+ | **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**
-4. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to build the package.
-5. Click **Finish**. The wizard closes taking you back to the Customizations page.
+5. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to [build the package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
-6. Apply the provisioning package to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime). For more details, see [Apply a provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package).
+6. Click **Finish**.
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
@@ -284,14 +309,6 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
---
-## Known issues with prerelease build 17723
-
-When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored.
-- **Expected behavior** – Microsoft Edge kiosk mode launches in full-screen mode.
-- **Actual behavior** – Normal Microsoft Edge launches.
-
----
-
## Provide feedback or get support
To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
diff --git a/browsers/edge/new-policies.md b/browsers/edge/new-policies.md
deleted file mode 100644
index 421bd3945c..0000000000
--- a/browsers/edge/new-policies.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-description: Microsoft Edge now has new Group Policies and MDM Settings for IT administrators to configure Microsoft Edge. The new policies allow you to enable/disabled full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
-ms.assetid:
-ms.prod: edge
-ms.mktglfcycl: explore
-ms.sitesec: library
-title: New Microsoft Edge Group Policies and MDM settings
-ms.localizationpriority: medium
-author: shortpatti
-ms.author: pashort
-ms.date: 07/25/2018
----
-
-# New Microsoft Edge Group Policies and MDM settings (Preview)
-
-> Applies to: Microsoft Edge on Windows 10
-> Preview build 17713+
-
-The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
-
-We are discontinuing the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** instead.
-
-
-
->>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
->>
->> **_Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\_**
-
(New in Windows 10, version 1809) | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
-or-
Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
-or-
Add the following registry keys as DWORD (32-bit) type:`HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\UpdateNotificationLevel` with a value of `1`, and `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetUpdateNotificationLevel` with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings.
+Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:`HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled`
Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** > **System** > **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
Hide **Ease of access** feature on the sign-in screen. | Go to **Control Panel** > **Ease of Access** > **Ease of Access Center**, and turn off all accessibility tools.
Disable the hardware power button. | Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index dc55bd5004..9f16d7bc3b 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 10/02/2018
---
# Set up a single-app kiosk
@@ -28,7 +28,7 @@ You have several options for configuring your single-app kiosk.
Method | Description
--- | ---
-[Assigned access in Settings](#local) | The **Assigned Access** option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
This method is supported on Windows 10 Pro, Enterprise, and Education.
+[Locally, in Settings](#local) | The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account.
This method is supported on Windows 10 Pro, Enterprise, and Education.
[PowerShell](#powershell) | You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
This method is supported on Windows 10 Pro, Enterprise, and Education.
[The kiosk wizard in Windows Configuration Designer](#wizard) | Windows Configuration Designer is a tool that produces a *provisioning package*, which is a package of configuration settings that can be applied to one or more devices during the first-run experience (OOBE) or after OOBE is done (runtime). You can also create the kiosk user account and install the kiosk app, as well as other useful settings, using the kiosk wizard.
This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
[Microsoft Intune or other mobile device management (MDM) provider](#mdm) | For managed devices, you can use MDM to set up a kiosk configuration.
This method is supported on Windows 10 Pro (version 1709 and later), Enterprise, and Education.
@@ -48,7 +48,45 @@ Method | Description
>
>Account type: Local standard user
-You can use **Settings** to quickly configure one or a few devices as a kiosk. When you set up a kiosk (also known as *assigned access*) in **Settings**, you must select a local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
+You can use **Settings** to quickly configure one or a few devices as a kiosk.
+
+When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
+
+- If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do.
+
+- If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
+
+
+
+### Instructions for Windows 10, version 1809
+
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1809, you create the kiosk user account at the same time.
+
+**To set up assigned access in PC settings**
+
+1. Go to **Start** > **Settings** > **Accounts** > **Other users**.
+
+2. Select **Set up a kiosk > Assigned access**, and then select **Get started**.
+
+3. Enter a name for the new account.
+
+ >[!NOTE]
+ >If there are any local standard user accounts on the device already, the **Create an account** page will offer the option to **Choose an existing account**.
+
+4. Choose the app that will run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). If you select **Microsoft Edge** as the kiosk app, you configure the following options:
+
+ - Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
+ - Which URL should be displayed when the kiosk accounts signs in
+ - When Microsoft Edge should restart after a period of inactivity (if you select to run as a public browser)
+
+5. Select **Close**.
+
+To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
+
+
+### Instructions for Windows 10, version 1803 and earlier
+
+When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10, version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
@@ -56,7 +94,7 @@ You can use **Settings** to quickly configure one or a few devices as a kiosk.
1. Go to **Start** > **Settings** > **Accounts** > **Other people**.
-2. Choose **Set up assigned access**.
+2. Select **Set up assigned access**.
3. Choose an account.
@@ -66,13 +104,7 @@ You can use **Settings** to quickly configure one or a few devices as a kiosk.
To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
-When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
-- If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do.
-
-- If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
-
-
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index 9be99277a6..414773196e 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 10/02/2018
ms.author: jdecker
ms.topic: article
---
@@ -24,11 +24,14 @@ ms.topic: article
## Full XML sample
>[!NOTE]
->Updated for Windows 10, version 1803.
+>Updated for Windows 10, version 1809.
```xml
-
- Assign [group accounts to a config profile](#config-for-group-accounts)
- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803
+- Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)
- [Automatically launch an app](#allowedapps) when the user signs in
- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809
**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`.
+
-- Configure [a single-app kiosk profile](#profile) in your XML file.
-- Assign [group accounts to a config profile](#config-for-group-accounts).
-- Configure [an account to sign in automatically](#config-for-autologon-account).
-The benefit of a kiosk with desktop that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
>[!WARNING]
>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
@@ -104,7 +108,10 @@ You can start your file by pasting the following XML (or any other examples in t
```xml
-
- Prevents users from changing power settings
- Turns off hibernate
- Overrides all power state transitions to sleep (e.g. lid close) |
| Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep. |
| Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies. |
+[Policies: Authentication](wcd/wcd-policies.md#authentication) (optional related setting) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts.
##Configuring shared PC mode on Windows
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index d5ea73a4a8..0b0e15e263 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 08/03/2018
+ms.date: 10/02/2018
---
# Set up digital signs on Windows 10
@@ -20,7 +20,7 @@ ms.date: 08/03/2018
Digital signage can be a useful and exciting business tool. Use digital signs to showcase your products and services, to display testimonials, or to advertise promotions and campaigns. A digital sign can be a static display, such as a building directory or menu, or it can be dynamic, such as repeating videos or a social media feed.
-For digital signage, simply select a digital sign player as your kiosk app. You can also use the Kiosk Browser app (a new Microsoft app for Windows 10, version 1803) and configure it to show your online content.
+For digital signage, simply select a digital sign player as your kiosk app. You can also use [Microsoft Edge in kiosk mode](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy) or the Kiosk Browser app (a new Microsoft app for Windows 10, version 1803) and configure it to show your online content.
>[!TIP]
>Kiosk Browser can also be used in [single-app kiosks](kiosk-single-app.md) and [multi-app kiosk](lock-down-windows-10-to-specific-apps.md) as a web browser. For more information, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index 6dc0b4da16..e95d1cc298 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 09/17/2018
+ms.date: 10/02/2018
ms.localizationpriority: medium
---
@@ -73,6 +73,7 @@ The following table lists the supported elements and attributes for the LayoutMo
| [RequiredStartGroups](#requiredstartgroups)Parent:RequiredStartGroupsCollection | Region | Use to contain the AppendGroup tags, which represent groups that can be appended to the default Start layout |
| [AppendGroup](#appendgroup)Parent:RequiredStartGroups | Name | Use to specify the tiles that need to be appended to the default Start layout |
| [start:Tile](#specify-start-tiles)Parent:AppendGroup | AppUserModelIDSizeRowColumn | Use to specify any of the following:- A Universal Windows app- A Windows 8 or Windows 8.1 appNote that AppUserModelID is case-sensitive. |
+start:Folder
Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile).
| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated .url file that is in a legacy Start Menu folder |
| start:SecondaryTileParent:AppendGroup | AppUserModelIDTileIDArgumentsDisplayNameSquare150x150LogoUriShowNameOnSquare150x150LogoShowNameOnWide310x150LogoWide310x150LogoUriBackgroundColorForegroundTextIsSuggestedAppSizeRowColumn | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. |
| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
diff --git a/windows/configuration/wcd/wcd-applicationmanagement.md b/windows/configuration/wcd/wcd-applicationmanagement.md
deleted file mode 100644
index 058450c727..0000000000
--- a/windows/configuration/wcd/wcd-applicationmanagement.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: ApplicationManagement (Windows 10)
-description: This section describes the ApplicationManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: jdeckerMS
-ms.localizationpriority: medium
-ms.author: jdecker
-ms.topic: article
-ms.date: 09/12/2017
----
-
-# ApplicationManagement (Windows Configuration Designer reference)
-
-Use these settings to manage app installation and management.
-
->[!NOTE]
->ApplicationManagement settings are not available in Windows 10, version 1709, and later.
-
-## Applies to
-
-| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](#allowalltrustedapps) | | | | | X |
-| [AllowAppStoreAutoUpdate](#allowappstoreautoupdate) | | | | | X |
-| [RestrictAppDataToSystemVolume](#restrictappdatatosystemvolume) | | | | | X |
-| [RestrictAppToSystemVolume](#restrictapptosystemvolume) | | | | | X |
-
-## AllowAllTrustedApps
-
-Specifies whether non-Microsoft Store apps are allowed.
-
-| Value | Description |
-| --- | --- |
-| No | Only Microsoft Store apps are allowed |
-| Yes | Non-Microsoft Store apps are allowed |
-
-## AllowAppStoreAutoUpdate
-
-Specifies whether automatic update of apps from Microsoft Store are allowed
-
-| Value | Description |
-| --- | --- |
-| Disallowed | Automatic update of apps is not allowed |
-| Allowed | Automatic update of apps is allowed |
-
-
-## RestrictAppDataToSystemVolume
-
-Specifies whether application data is restricted to the system drive.
-
-| Value | Description |
-| --- | --- |
-| 0 | Not restricted |
-| 1 | Restricted |
-
-
-## RestrictAppToSystemVolume
-
-Specifies whether the installation of applications is restricted to the system drive.
-
-| Value | Description |
-| --- | --- |
-| 0 | Not restricted |
-| 1 | Restricted |
-
-## Related topics
-
-- [Policy configuration service provider (CSP): ApplicationManagement/AllowAllTrustedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps)
-- [Policy CSP: ApplicationManagement/AllowAppStoreAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate)
-- [Policy CSP: ApplicationManagement/RestrictAppDataToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume)
-- [Policy CSP: ApplicationManagement/RestrictAppToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume)
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 3ed958488d..c7cd5a030f 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 04/30/2018
+ms.date: 10/02/2018
---
# Browser (Windows Configuration Designer reference)
@@ -19,10 +19,32 @@ Use to configure browser settings that should only be set by OEMs who are part o
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
+| [AllowPrelaunch](#allowprelaunch) | | | X | | |
+| [FavoriteBarItems](#favoritebaritems) | X | | | | |
| [Favorites](#favorites) | | X | | | |
| [PartnerSearchCode](#partnersearchcode) | X | X | X | | |
| [SearchProviders](#searchproviders) | | X | | | |
+
+## AllowPrelaunch
+
+Use this setting to allow Microsoft Edge to pre-launch during Windows sign-in, when the system is idle, and each time that Microsoft Edge is closed. Pre-launch minimizes the amount of time required to start Microsoft Edge.
+
+Select between **Prevent Pre-launching** and **Allow Pre-launching**.
+
+## FavoriteBarItems
+
+Use to add items to the Favorites Bar in Microsoft Edge.
+
+1. Enter a name for the item, and select **Add**. (The name you enter here is only used to distinguish the group of settings, and is not shown on the device when the settings are applied.)
+2. In **Available customizations**, select the item that you added, and then configure the following settings for that item:
+
+Setting | Description
+--- | ---
+ItemFavIconFile | Enter the path to the icon file, local to the device where the browser will run. The icon file must be added to the device to the specified path.
+ItemName | Enter the name for the item, which will be displayed on the Favorites Bar.
+ItemUrl | Enter the target URL for the item.
+
## Favorites
Use to configure the default list of Favorites that show up in the browser.
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index 66fd0b6bc1..b7b52b37af 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -8,11 +8,13 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 04/30/2018
+ms.date: 10/02/2018
---
# CellCore (Windows Configuration Designer reference)
+>Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809.
+
Use to configure settings for cellular data.
>[!IMPORTANT]
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index 290e3f52cb..f6c9545c4a 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 09/21/2017
+ms.date: 10/02/2018
---
# Cellular (Windows Configuration Designer reference)
@@ -24,39 +24,54 @@ Use to configure settings for cellular connections.
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | |
+## PerDevice
+See [SignalBarMappingTable](#signalbarmappingtable)
+
+## PerSimSettings
To begin, enter a SIM integrated circuit card identifier (**SimIccid**), and click **Add**. In the **Customizations** pane, select the SimIccid that you just entered and configure the following settings for it.
-## AccountExperienceURL
+### AccountExperienceURL
Enter the URL for the mobile operator's web page.
-## AppID
+### AppID
Enter the AppID for the mobile operator's app in Microsoft Store.
-## BrandingIcon
+### BrandingIcon
Browse to and select an .ico file.
-## BrandingIconPath
+### BrandingIconPath
Enter the destination path for the BrandingIcon .ico file.
-## BrandingName
+### BrandingName
Enter the service provider name for the mobile operator.
-## NetworkBlockList
-
-Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
-
-## SIMBlockList
+### NetworkBlockList
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
-## UseBrandingNameOnRoaming
+### SignalBarMappingTable
+
+>[!NOTE]
+>SignalBarMappingTable can be configured per device or per sim.
+
+Use the **SignalBarMappingTable** settings to customize the number of bars displayed based on signal strength. Set a signal strength minimum for each bar number.
+
+1. Expand **SignalBarMappingTable**, select a bar number in **SignalForBars**, and select **Add**.
+2. Select the signal bar number in **Available customizations**, and enter a minimum signal strength value, between 0 and 31.
+
+### SIMBlockList
+
+Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
+
+
+### UseBrandingNameOnRoaming
Select an option for displaying the BrandingName when the device is roaming.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
new file mode 100644
index 0000000000..b51c2ab60e
--- /dev/null
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -0,0 +1,83 @@
+---
+title: Changes to settings in Windows Configuration Designer (Windows 10)
+description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 10/02/2018
+---
+
+# Changes to settings in Windows Configuration Designer
+
+Settings added in Windows 10, version 1809
+
+
+- [Browser > AllowPrelaunch](wcd-browser.md#allowprelaunch)
+- [Browser > FavoriteBarItems](wcd-browser.md#favoritebaritems)
+- [Cellular > SignalBarMappingTable](wcd-cellular.md#signalbarmappingtable)
+- [KioskBrowser](wcd-kioskbrowser.md)
+- [Location](wcd-location.md)
+- [Policies > ApplicationManagement > LaunchAppAfterLogOn](wcd-policies.md#applicationmanagement)
+- [Policies > Authentication:](wcd-policies.md#authentication)
+ - EnableFastFirstSignin
+ - EnableWebSignin
+ - PreferredAadTenantDomainName
+- [Policies > Browser:](wcd-policies.md#browser)
+ - AllowFullScreenMode
+ - AllowPrelaunch
+ - AllowPrinting
+ - AllowSavingHistory
+ - AllowSideloadingOfExtensions
+ - AllowTabPreloading
+ - AllowWebContentOnNewTabPage
+ - ConfigureFavoritesBar
+ - ConfigureHomeButton
+ - ConfigureKioskMode
+ - ConfigureKioskResetAfterIdleTimer
+ - ConfigureOpenMicrosoftEdgeWith
+ - ConfigureTelemetryForMicrosoft365
+ - FirstRunURL
+ - PreventCertErrorOverrides
+ - PreventTurningOffRequiredExtensions
+ - SetHomeButtonURL
+ - SetNewTabPageURL
+ - UnlockHomeButton
+- [Policies > DeliveryOptimization:](wcd-policies.md#deliveryoptimization)
+ - DODelayBackgroundDownloadFromHttp
+ - DODelayForegroundDownloadFromHttp
+ - DOGroupIdSource
+ - DOPercentageMaxBackDownloadBandwidth
+ - DOPercentageMaxForeDownloadBandwidth
+ - DORestrictPeerSelectionsBy
+ - DOSetHoursToLimitBackgroundDownloadBandwidth
+ - DOSetHoursToLimitForegroundDownloadBandwidth
+- [Policies > KioskBrowser](wcd-policies.md#kioskbrowser) > EnableEndSessionButton
+- [Policies > Search](wcd-policies.md#search) > DoNotUseWebResults
+- [Policies > System:](wcd-policies.md#system)
+ - DisableDeviceDelete
+ - DisableDiagnosticDataViewer
+- [Policies > Update:](wcd-policies.md#update)
+ - AutoRestartDeadlinePeriodInDaysForFeatureUpdates
+ - EngagedRestartDeadlineForFeatureUpdates
+ - EngagedRestartSnoozeScheduleForFeatureUpdates
+ - EngagedRestartTransitionScheduleForFeatureUpdates
+ - ExcludeWUDriversInQualityUpdate
+ - SetDisablePauseUXAccess
+ - SetDisableUXWUAccess
+ - UpdateNotificationLevel
+- [UnifiedWriteFilter > OverlayFlags](wcd-unifiedwritefilter.md#overlayflags)
+- [UnifiedWriteFilter > ResetPersistentState](wcd-unifiedwritefilter.md#resetpersistentstate)
+- [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md)
+
+
+Settings removed in Windows 10, version 1809
+
+- [CellCore](wcd-cellcore.md)
+- [Policies > Browser:](wcd-policies.md#browser)
+ - AllowBrowser
+ - PreventTabReloading
+
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index b797544274..38bdf81ca7 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -19,12 +19,12 @@ Use to configure profiles that a user will connect with, such as an email accoun
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [Email](#email) | X | X | X | | X |
-| [Exchange](#exchange) | X | X | X | | X |
-| [KnownAccounts](#knownaccounts) | X | X | X | | X |
-| [VPN](#vpn) | X | X | X | X | X |
-| [WiFiSense](#wifisense) | X | X | X | | X |
-| [WLAN](#wlan) | X | X | X | X | X |
+| [Email](#email) | X | X | X | | |
+| [Exchange](#exchange) | X | X | X | | |
+| [KnownAccounts](#knownaccounts) | X | X | X | | |
+| [VPN](#vpn) | X | X | X | X | |
+| [WiFiSense](#wifisense) | X | X | X | | |
+| [WLAN](#wlan) | X | X | X | X | |
## Email
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
new file mode 100644
index 0000000000..29f19e45e4
--- /dev/null
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -0,0 +1,44 @@
+---
+title: KioskBrowser (Windows 10)
+description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 10/02/2018
+---
+
+# KioskBrowser (Windows Configuration Designer reference)
+
+Use KioskBrowser settings to configure Internet sharing.
+
+## Applies to
+
+| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | | | | | X |
+
+>[!NOTE]
+>To configure Kiosk Browser settings for desktop editions, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser).
+
+Kiosk Browser settings | Use this setting to
+--- | ---
+Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
+Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
+Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
+Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
+Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
+Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+
+>[!IMPORTANT]
+>To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+>
+> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+>2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+>3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
+>4. Save the XML file.
+>5. Open the project again in Windows Configuration Designer.
+>6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
new file mode 100644
index 0000000000..f54b9343b1
--- /dev/null
+++ b/windows/configuration/wcd/wcd-location.md
@@ -0,0 +1,26 @@
+---
+title: Location (Windows 10)
+description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 10/02/2018
+---
+
+# Location (Windows Configuration Designer reference)
+
+Use Location settings to configure location services.
+
+## Applies to
+
+| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| [EnableLocation](#enablelocation) | | | | | X |
+
+## EnableLocation
+
+Use this setting to enable or disable location services for the device.
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index e533cd7b14..9e65e7f7e7 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -8,35 +8,35 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 08/03/2018
+ms.date: 10/02/2018
---
# Policies (Windows Configuration Designer reference)
-This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider).
+This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider).
## AboveLock
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowActionCenterNotifications](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | X | | | |
-| [AllowToasts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | X | X | | | |
+| [AllowActionCenterNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | X | | | |
+| [AllowToasts](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | X | X | | | |
## Accounts
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddingNonMicrosoftAccountManually](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | X | X | | | |
-| [AllowMicrosoftAccountConnection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | X | X | | X | |
-| [AllowMicrosoftAccountSigninAssistant](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | X | X | | | |
-| [DomainNamesForEmailSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | X | X | | | |
+| [AllowAddingNonMicrosoftAccountManually](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | X | X | | | |
+| [AllowMicrosoftAccountConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | X | X | | X | |
+| [AllowMicrosoftAccountSigninAssistant](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | X | X | | | |
+| [DomainNamesForEmailSync](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | X | X | | | |
## ApplicationDefaults
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [DefaultAssociationsConfiguration](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | X | | | | |
+| [DefaultAssociationsConfiguration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | X | | | | |
##ApplicationManagement
@@ -44,15 +44,16 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | X | X | | | |
-| [AllowAppStoreAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | X | X | | | |
-| [AllowDeveloperUnlock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | X | X | X | X | X |
-| [AllowGameDVR](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | X | | | | |
-| [AllowSharedUserAppData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | X | X | | | |
-| [AllowStore](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | X | | | |
-| [ApplicationRestrictions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | x | | | |
-| [RestrictAppDataToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | X | X | | | |
-| [RestrictAppToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | X | X | | | |
+| [AllowAllTrustedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | X | X | | | X |
+| [AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | X | X | | | X |
+| [AllowDeveloperUnlock](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | X | X | X | X | X |
+| [AllowGameDVR](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | X | | | | |
+| [AllowSharedUserAppData](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | X | X | | | |
+| [AllowStore](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | X | | | |
+| [ApplicationRestrictions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | x | | | |
+| [LaunchAppAfterLogOn](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | X | | | | |
+| [RestrictAppDataToSystemVolume](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | X | X | | | X |
+| [RestrictAppToSystemVolume](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | X | X | | | X |
@@ -61,94 +62,115 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowFastReconnect](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | X | X | X | X | X |
+| [AllowFastReconnect](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | X | X | X | X | X |
+| [EnableFastFirstSignin](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | X | X | X | | X |
+| [EnableWebSignin](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | X | X | X | | X |
+| [PreferredAadTenantDomainName](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | X | X | X | | X |
## BitLocker
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [EncryptionMethod](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | X | X | | | |
+| [EncryptionMethod](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | X | X | | | |
## Bluetooth
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAdvertising](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | X | X | X | X | X |
-| [AllowDiscoverableMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | X | X | X | X | X |
-| [AllowPrepairing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | X | X | X | | X |
+| [AllowAdvertising](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | X | X | X | X | X |
+| [AllowDiscoverableMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | X | X | X | X | X |
+| [AllowPrepairing](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | X | X | X | X | X |
| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | X | X | X | X | X |
-| [LocalDeviceName](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | X | X |
-| [ServicesAllowedList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | X | X | |
+| [LocalDeviceName](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | X | X |
+| [ServicesAllowedList](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | X | X | X |
## Browser
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddressBarDropdown](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | X | | | | |
-| [AllowAutofill](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | X | X | X | X | |
-| [AllowBrowser](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device. | X | | | | |
-[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | X | | | | |
-| [AllowCookies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | X | X | X | X | |
-| [AllowDeveloperTools](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | X | | | | |
-| [AllowDoNotTrack](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | X | X | X | X | |
-| [AllowExtensions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | X | | | | |
-| [AllowFlash](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | X | | | | |
-| [AllowFlashClickToRun](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | X | | | | |
-| [AllowInPrivate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | X | X | X | X | |
-| [AllowMicrosoftCompatibilityList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | X | X | X | | |
-| [AllowPasswordManager](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | X | X | X | X | |
-| [AllowPopups](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | X | | | X | |
-| [AllowSearchEngineCustomization](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | X | | | | |
-| [AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | X | X | X | X | |
-| [AllowSmartScreen](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | X | X | X | X | |
-[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | X | | | | |
-| [ClearBrowsingDataOnExit](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | X | | | | |
-| [ConfigureAdditionalSearchEngines](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | |
-| [DisableLockdownOfStartPages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | X | | | | |
-[EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | X | | | | |
-| [EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | X | | | | |
-| [EnterpriseSiteListServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | X | | | | |
-| [FirstRunURL](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | | X | | | |
-| [HomePages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | X | | | | |
-[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | X | | | | |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | X | X | X | | |
-| [PreventFirstRunPage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | X | | | | |
-| [PreventLiveTileDataCollection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | X | X | X | | |
-| [PreventSmartScreenPromptOverride](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. | X | X | X | | |
-| [PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. | X | X | X | | |
-PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. | X | | | | |
-| [PreventUsingLocalHostIPAddressForWebRTC](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | X | X | X | | |
-[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | X | | | | |
-| [SendIntranetTraffictoInternetExplorer ](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | X | | | | |
-| [SetDefaultSearchEngine](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | X | X | X | | |
-| [ShowMessageWhenOpeningSitesInInternetExplorer](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | X | | | | |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | X | | | | |
-[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | X | | | | |
+| [AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | X | | | | |
+| [AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | X | X | X | | X |
+| [AllowBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | X | X | | | |
+[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | X | X | | | |
+| [AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | X | X | X | | X |
+| [AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | X | | | | |
+| [AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | X | X | X | | X |
+| [AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | X | | | | |
+| [AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | X | | | | |
+| [AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | X | | | | |
+| [AllowFullScreenMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | X | X | X | | X |
+| [AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | X | X | X | | X |
+| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | X | X | X | | X |
+| [AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | X | X | X | | X |
+| [AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | X | | | X | |
+| [AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | X | | | | |
+| [AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | X | X | X | | X |
+| [AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | X | | | | |
+| [AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | X | X | X | | X |
+| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | X | X | X | | X |
+| [AllowSideloadingOfExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | X | | | | |
+| [AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | X | X | X | X | X |
+| [AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | X | | | | |
+| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | X | X | X | | X |
+[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | X | X | | | |
+| [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | X | | | | |
+| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | X |
+| [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | X | | | | |
+| [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | X | | | | |
+| [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | X | | | | |
+| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | X | | | | |
+| [ConfigureOpenMicrosoftEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | X | | | | |
+| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | X | | | | |
+| [DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | X | | | | |
+[EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | X | X | | | |
+| [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | X | | | | |
+| [EnterpriseSiteListServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | X | | | | |
+| [FirstRunURL](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | X | X | | | |
+| [HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | X | | | | |
+[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | X | X | | | |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | X | X | X | | X |
+| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | X | X | X | | X |
+| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | X | | | | |
+| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | X | X | X | | X |
+| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. | X | X | X | | X |
+| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. | X | X | X | | X |
+PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | X | | | | |
+| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | X | | | | |
+| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | X | X | X | | X |
+[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | X | X | | | |
+| [SendIntranetTraffictoInternetExplorer ](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | X | | | | |
+| [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | X | X | X | | X |
+| [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | X | | | | |
+| [SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | X | | | | |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | X | | | | |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | X | | | | |
+| [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | X | | | | |
+[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | X | X | | | |
## Camera
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCamera](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | X | |
+| [AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | X | |
## Connectivity
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowBluetooth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | X | X | X | X | |
-| [AllowCellularData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | X | X | X | | |
-| [AllowCellularDataRoaming](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | X | X | X | | |
-| [AllowConnectedDevices](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | X | X | X | | |
-| [AllowNFC](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | X | | | |
-| [AllowUSBConnection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | X | | | |
-| [AllowVPNOverCellular](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |X | X | X | | |
-| [AllowVPNRoamingOverCellular](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | X | X | X | | |
-| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | X | X | X | | |
-| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | X | X | X | | |
+| [AllowBluetooth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | X | X | X | X | X |
+| [AllowCellularData](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | X | X | X | | X |
+| [AllowCellularDataRoaming](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | X | X | X | | X |
+| [AllowConnectedDevices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | X | X | X | | X |
+| [AllowNFC](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | X | | | X |
+| [AllowUSBConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | X | | | X |
+| [AllowVPNOverCellular](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |X | X | X | | X |
+| [AllowVPNRoamingOverCellular](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | X | X | X | | X |
+| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | X | X | X | | X |
+| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | X | X | X | | X |
## CredentialProviders
@@ -160,60 +182,68 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowFipsAlgorithmPolicy](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | X | X | | | |
-| [TLSCiperSuites](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | X | X | | | |
+| [AllowFipsAlgorithmPolicy](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | X | X | | | |
+| [TLSCiperSuites](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | X | X | | | |
## Defender
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowArchiveScanning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | X | | | | |
-| [AllowBehaviorMonitoring](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | X | | | | |
-| [AllowCloudProtection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | X | | | | |
-| [AllowEmailScanning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | X | | | | |
-| [AllowFullScanOnMappedNetworkDrives](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | X | | | | |
-| [AllowFullScanRemovableDriveScanning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | X | | | | |
-| [AllowIntrusionPreventionSystem](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | X | | | | |
-| [AllowIOAVProtection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | X | | | | |
-| [AllowOnAccessProtection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | X | | | | |
-| [AllowRealtimeMonitoring](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | X | | | | |
-| [AllowScanningNetworkFiles](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | X | | | | |
-| [AllowScriptScanning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | X | | | | |
-| [AllowUserUIAccess](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | X | | | | |
-| [AvgCPULoadFactor](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | X | | | | |
-| [DaysToRetainCleanedMalware](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | X | | | | |
-| [ExcludedExtensions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | X | | | | |
-| [ExcludedPaths](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | X | | | | |
-| [ExcludedProcesses](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | X | | | | |
-| [RealTimeScanDirection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | X | | | | |
-| [ScanParameter](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | X | | | | |
-| [ScheduleQuickScanTime](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | X | | | | |
-| [ScheduleScanDay](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | X | | | | |
-| [ScheduleScanTime](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | X | | | | |
-| [SignatureUpdateInterval](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | X | | | | |
-| [SubmitSamplesConsent](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | X | | | | |
-| [ThreatSeverityDefaultAction](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | X | | | | |
+| [AllowArchiveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | X | | | | |
+| [AllowBehaviorMonitoring](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | X | | | | |
+| [AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | X | | | | |
+| [AllowEmailScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | X | | | | |
+| [AllowFullScanOnMappedNetworkDrives](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | X | | | | |
+| [AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | X | | | | |
+| [AllowIntrusionPreventionSystem](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | X | | | | |
+| [AllowIOAVProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | X | | | | |
+| [AllowOnAccessProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | X | | | | |
+| [AllowRealtimeMonitoring](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | X | | | | |
+| [AllowScanningNetworkFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | X | | | | |
+| [AllowScriptScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | X | | | | |
+| [AllowUserUIAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | X | | | | |
+| [AvgCPULoadFactor](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | X | | | | |
+| [DaysToRetainCleanedMalware](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | X | | | | |
+| [ExcludedExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | X | | | | |
+| [ExcludedPaths](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | X | | | | |
+| [ExcludedProcesses](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | X | | | | |
+| [RealTimeScanDirection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | X | | | | |
+| [ScanParameter](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | X | | | | |
+| [ScheduleQuickScanTime](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | X | | | | |
+| [ScheduleScanDay](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | X | | | | |
+| [ScheduleScanTime](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | X | | | | |
+| [SignatureUpdateInterval](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | X | | | | |
+| [SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | X | | | | |
+| [ThreatSeverityDefaultAction](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | X | | | | |
## DeliveryOptimization
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [DOAbsoluteMaxCacheSize](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | X | | | | |
-| [DOAllowVPNPeerCaching](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | X | | | | |
-| [DODownloadMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | X | | | | |
-| [DOGroupId](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | X | | | | |
-| [DOMaxCacheAge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | X | | | | |
-| [DOMaxCacheSize](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | X | | | | |
-| [DOMaxDownloadBandwidth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | X | | | | |
-| [DOMaxUploadBandwidth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | X | | | | |
-| [DOMinBackgroundQos](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | X | | | | |
-| [DOMinBatteryPercentageAllowedToUpload](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | X | | | | |
-| [DOMinDiskSizeAllowedToPeer](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | X | | | | |
-| [DOMinFileSizeToCache](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | X | | | | |
-| [DOMinRAMAllowedToPeer](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | X | | | | |
-| [DOModifyCacheDrive](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | X | | | | |
-| [DOMonthlyUploadDataCap](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | X | | | | |
-| [DOPercentageMaxDownloadBandwidth](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
+| [DOAbsoluteMaxCacheSize](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | X | | | | |
+| [DOAllowVPNPeerCaching](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | X | | | | |
+| [DODelayBackgroundDownloadFromHttp](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | X | | | | |
+| [DODelayForegroundDownloadFromHttp](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | X | | | | |
+| [DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | X | | | | |
+| [DOGroupId](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | X | | | | |
+| [DOGroupIdSource](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | X | | | | |
+| [DOMaxCacheAge](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | X | | | | |
+| [DOMaxCacheSize](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | X | | | | |
+| [DOMaxDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | X | | | | |
+| [DOMaxUploadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | X | | | | |
+| [DOMinBackgroundQos](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | X | | | | |
+| [DOMinBatteryPercentageAllowedToUpload](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | X | | | | |
+| [DOMinDiskSizeAllowedToPeer](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | X | | | | |
+| [DOMinFileSizeToCache](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | X | | | | |
+| [DOMinRAMAllowedToPeer](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | X | | | | |
+| [DOModifyCacheDrive](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | X | | | | |
+| [DOMonthlyUploadDataCap](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | X | | | | |
+| [DOPercentageMaxBackDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
+| [DOPercentageMaxDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
+| [DOPercentageMaxForeDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
+| [DORestrictPeerSelectionBy](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | X | | | | |
+| [DOSetHoursToLimitBackgroundDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
+| [DOSetHoursToLimitForegroundDownloadBandwidth](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | X | | | | |
## DeviceGuard
@@ -225,18 +255,18 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowIdleReturnWithoutPassword](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | X | | | |
-| [AllowScreenTimeoutWhileLockedUserConfig](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | X | | | |
-| [AllowSimpleDevicePassword](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | X | X | | X | |
-|[AlphanumericDevicePasswordRequired](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | X | X | | X | |
-| [DevicePasswordEnabled](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | X | X | | X | |
-| [DevicePasswordExpiration](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | X | X | | X | |
-| [DevicePasswordHistory](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | X | X | | X | |
-| [MaxDevicePasswordFailedAttempts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | X | X | | X | |
-| [MaxInactivityTimeDeviceLock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | X | X | | X | |
-| [MinDevicePasswordComplexCharacters](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | X | X | | X | |
-| [MinDevicePasswordLength](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | X | X | | X | |
-| [ScreenTimeoutWhileLocked](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | X | | | |
+| [AllowIdleReturnWithoutPassword](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | X | | | |
+| [AllowScreenTimeoutWhileLockedUserConfig](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | X | | | |
+| [AllowSimpleDevicePassword](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | X | X | | X | |
+|[AlphanumericDevicePasswordRequired](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | X | X | | X | |
+| [DevicePasswordEnabled](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | X | X | | X | |
+| [DevicePasswordExpiration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | X | X | | X | |
+| [DevicePasswordHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | X | X | | X | |
+| [MaxDevicePasswordFailedAttempts](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | X | X | | X | |
+| [MaxInactivityTimeDeviceLock](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | X | X | | X | |
+| [MinDevicePasswordComplexCharacters](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | X | X | | X | |
+| [MinDevicePasswordLength](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | X | X | | X | |
+| [ScreenTimeoutWhileLocked](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | X | | | |
## DeviceManagement
@@ -251,24 +281,24 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCopyPaste](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | X | | | |
-| [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | X | X | | X | |
-| [AllowDeviceDiscovery](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | X | X | | | |
-| [AllowFindMyDevice](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | X | X | | | |
-| [AllowManualMDMUnenrollment](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | X | X | | X | |
-| [AllowScreenCapture](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | X | | | |
-| [AllowSIMErrorDialogPromptWhenNoSIM](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | X | | | |
-| [AllowSyncMySettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | X | X | | | |
-| [AllowTailoredExperiencesWithDiagnosticData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | X | | | | |
-| [AllowTaskSwitcher](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | X | | | |
-| [AllowThirdPartySuggestionsInWindowsSpotlight](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | X | | | | |
-| [AllowVoiceRecording](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | X | | | |
+| [AllowCopyPaste](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | X | | | |
+| [AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | X | X | | X | |
+| [AllowDeviceDiscovery](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | X | X | | | |
+| [AllowFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | X | X | | | |
+| [AllowManualMDMUnenrollment](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | X | X | | X | |
+| [AllowScreenCapture](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | X | | | |
+| [AllowSIMErrorDialogPromptWhenNoSIM](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | X | | | |
+| [AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | X | X | | | |
+| [AllowTailoredExperiencesWithDiagnosticData](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | X | | | | |
+| [AllowTaskSwitcher](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | X | | | |
+| [AllowThirdPartySuggestionsInWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | X | | | | |
+| [AllowVoiceRecording](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | X | | | |
| [AllowWindowsConsumerFeatures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | X | | | | |
-| [AllowWindowsSpotlight](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | X | | | | |
-| [AllowWindowsSpotlightOnActionCenter](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | X | | | | |
-| [AllowWindowsSpotlightWindowsWelcomeExperience](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | X | | | | |
-| [AllowWindowsTips](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | X | | | | |
-| [ConfigureWindowsSpotlightOnLockScreen](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | X | | | | |
+| [AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | X | | | | |
+| [AllowWindowsSpotlightOnActionCenter](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | X | | | | |
+| [AllowWindowsSpotlightWindowsWelcomeExperience](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | X | | | | |
+| [AllowWindowsTips](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | X | | | | |
+| [ConfigureWindowsSpotlightOnLockScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | X | | | | |
## ExploitGuard
@@ -281,7 +311,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAdvancedGamingServices](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | X | | | | |
+| [AllowAdvancedGamingServices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | X | | | | |
## KioskBrowser
@@ -293,6 +323,7 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X | | | | |
[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | X | | | | |
[DefaultURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | X | | | | |
+[EnableEndSessionButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | X | | | | |
[EnableHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | X | | | | |
[EnableNavigationButtons](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | X | | | | |
[RestartOnIdleTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | X | | | | |
@@ -310,15 +341,15 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [EnableLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the Location Service's Device Switch is enabled or disabled for the device. | X | X | | | |
+| [EnableLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Configure whether the Location Service's Device Switch is enabled or disabled for the device. | X | X | | | |
## Privacy
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | X | | | |
-| [AllowInputPersonalization](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | X | X | | X | |
+| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | X | | | |
+| [AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | X | X | | X | |
## Search
@@ -327,16 +358,17 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| --- | --- | :---: | :---: | :---: | :---: | :---: |
[AllowCloudSearch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | X | X | | | |
[AllowCortanaInAAD](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | X | | | | |
-| [AllowIndexingEncryptedStoresOrItems](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | X | X | | | |
-| [AllowSearchToUseLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | X | X | | X | |
-| [AllowUsingDiacritics](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | X | X | | | |
+| [AllowIndexingEncryptedStoresOrItems](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | X | X | | | |
+| [AllowSearchToUseLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | X | X | | X | |
+| [AllowUsingDiacritics](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | X | X | | | |
| [AllowWindowsIndexer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consuemrs | X | X | | | |
-| [AlwaysUseAutoLangDetection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | X | X | | | |
-| [DisableBackoff](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | X | X | | | |
-| [DisableRemovableDriveIndexing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | X | X | | | |
-| [PreventIndexingLowDiskSpaceMB](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | X | X | | | |
-| [PreventRemoteQueries](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | X | X | | | |
-| [SafeSearchPermissions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | X | | | |
+| [AlwaysUseAutoLangDetection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | X | X | | | |
+| [DoNotUseWebResults](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | X | X | | | |
+| [DisableBackoff](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | X | X | | | |
+| [DisableRemovableDriveIndexing](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | X | X | | | |
+| [PreventIndexingLowDiskSpaceMB](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | X | X | | | |
+| [PreventRemoteQueries](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | X | X | | | |
+| [SafeSearchPermissions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | X | | | |
@@ -344,22 +376,22 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | X | X | X | | X |
-| [AllowManualRootCertificateInstallation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | X | | | |
-| [AllowRemoveProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | X | X | X | | X |
-| [AntiTheftMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | X | | | |
-| [RequireDeviceEncryption](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | X | X | X | X | X |
-| [RequireProvisioningPackageSignature](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | X | X | X | | X |
-| [RequireRetrieveHealthCertificateOnBoot](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | X | X | | | |
+| [AllowAddProvisioningPackage](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | X | X | X | | X |
+| [AllowManualRootCertificateInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | X | | | |
+| [AllowRemoveProvisioningPackage](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | X | X | X | | X |
+| [AntiTheftMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | X | | | |
+| [RequireDeviceEncryption](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | X | X | X | X | X |
+| [RequireProvisioningPackageSignature](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | X | X | X | | X |
+| [RequireRetrieveHealthCertificateOnBoot](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | X | X | | | |
## Settings
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoPlay](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | X | | | |
-| [AllowDataSense](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | X | | | |
-| [AllowVPN](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | X | | X | |
-| [ConfigureTaskbarCalendar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | X | | | | |
+| [AllowAutoPlay](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | X | | | |
+| [AllowDataSense](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | X | | | |
+| [AllowVPN](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | X | | X | |
+| [ConfigureTaskbarCalendar](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | X | | | | |
[PageVisiblityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | X | | | | |
## Start
@@ -377,40 +409,42 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | X | | | | |
DisableContextMenus | Prevent context menus from being invoked in the Start menu. | X | | | | |
-| [ForceStartSize](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | X | | | | |
-| [HideAppList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | X | | | | |
-| [HideChangeAccountSettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | X | | | | |
-| [HideFrequentlyUsedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | X | | | | |
-| [HideHibernate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | X | | | | |
-| [HideLock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | X | | | | |
+| [ForceStartSize](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | X | | | | |
+| [HideAppList](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | X | | | | |
+| [HideChangeAccountSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | X | | | | |
+| [HideFrequentlyUsedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | X | | | | |
+| [HideHibernate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | X | | | | |
+| [HideLock](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | X | | | | |
| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | X | | | | |
-| [HidePowerButton](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | X | | | | |
-| [HideRecentJumplists](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | X | | | | |
-| [HideRecentlyAddedApps](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | X | | | | |
-| [HideRestart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | X | | | | |
-| [HideShutDown](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | X | | | | |
-| [HideSignOut](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | X | | | | |
-| [HideSleep](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | X | | | | |
-| [HideSwitchAccount](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | X | | | | |
-| [HideUserTile](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | X | | | | |
-| [ImportEdgeAssets](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/windows/configuration/start-secondary-tiles). | X | | | | |
-| [NoPinningToTaskbar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | X | | | | |
-| [StartLayout](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd) | X | | | | |
+| [HidePowerButton](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | X | | | | |
+| [HideRecentJumplists](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | X | | | | |
+| [HideRecentlyAddedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | X | | | | |
+| [HideRestart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | X | | | | |
+| [HideShutDown](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | X | | | | |
+| [HideSignOut](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | X | | | | |
+| [HideSleep](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | X | | | | |
+| [HideSwitchAccount](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | X | | | | |
+| [HideUserTile](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | X | | | | |
+| [ImportEdgeAssets](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](https://docs.microsoft.com/windows/configuration/start-secondary-tiles). | X | | | | |
+| [NoPinningToTaskbar](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | X | | | | |
+| [StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd) | X | | | | |
## System
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowBuildPreview](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | X | X | | | |
-| [AllowEmbeddedMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | X | X | X | | X |
-| [AllowExperimentation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | |
-| [AllowLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X |
-| [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | | X |
-| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | X | |
-| [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | |
+| [AllowBuildPreview](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | X | X | | | |
+| [AllowEmbeddedMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | X | X | X | | X |
+| [AllowExperimentation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | |
+| [AllowLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X |
+| [AllowStorageCard](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | | X |
+| [AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | X | |
+| [AllowUserToResetPhone](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | |
ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | X | X | | | |
ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | X | X | | | |
-| [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | |
+| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | X | X | | | |
+| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | X | X | | | |
+| [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | |
| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | |
@@ -418,98 +452,106 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowIMELogging](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | X | | | | |
-| [AllowIMENetworkAccess](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | X | | | | |
-| [AllowInputPanel](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | X | | | | |
-| [AllowJapaneseIMESurrogatePairCharacters](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | X | | | | |
-| [AllowJapaneseIVSCharacters](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | X | | | | |
-| [AllJapaneseNonPublishingStandardGlyph](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | X | | | | |
-| [AllowJapaneseUserDictionary](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | X | | | | |
-| [AllowKeyboardTextSuggestions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | X | | | | |
-| [AllowLanguageFeaturesUninstall](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | X | | | | |
-| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | |
-| [ExcludeJapaneseIMEExceptISO208](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
-| [ExcludeJapaneseIMEExceptISO208andEUDC](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
-| [ExcludeJapaneseIMEExceptShiftJIS](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
+| [AllowIMELogging](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | X | | | | |
+| [AllowIMENetworkAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | X | | | | |
+| [AllowInputPanel](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | X | | | | |
+| [AllowJapaneseIMESurrogatePairCharacters](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | X | | | | |
+| [AllowJapaneseIVSCharacters](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | X | | | | |
+| [AllJapaneseNonPublishingStandardGlyph](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | X | | | | |
+| [AllowJapaneseUserDictionary](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | X | | | | |
+| [AllowKeyboardTextSuggestions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | X | | | | |
+| [AllowLanguageFeaturesUninstall](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | X | | | | |
+| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | |
+| [ExcludeJapaneseIMEExceptISO208](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
+| [ExcludeJapaneseIMEExceptISO208andEUDC](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
+| [ExcludeJapaneseIMEExceptShiftJIS](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | X | | | | |
## TimeLanguageSettings
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowSet24HourClock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | X | | | |
+| [AllowSet24HourClock](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | X | | | |
## Update
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [ActiveHoursEnd](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | | X |
-| [ActiveHoursMaxRange](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | | X |
-| [ActiveHoursStart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | | X |
-| [AllowAutoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X |
+| [ActiveHoursEnd](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | | X |
+| [ActiveHoursMaxRange](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | | X |
+| [ActiveHoursStart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | | X |
+| [AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X |
| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)| Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | | X |
-| [AllowMUUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X |
-| [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | | X |
-| [AllowUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X |
+| [AllowMUUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X |
+| [AllowNonMicrosoftSignedUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | | X |
+| [AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X |
| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X |
-| [AutoRestartNotificationSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | | X |
-| [AutoRestartRequiredNotificationDismissal](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | | X |
-| [BranchReadinessLevel](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X |
-| [DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | | X |
-| [DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | | X |
+| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X |
+| [AutoRestartNotificationSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | | X |
+| [AutoRestartRequiredNotificationDismissal](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | | X |
+| [BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X |
+| [DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | | X |
+| [DeferQualityUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | | X |
| [DeferUpdatePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | X | X | X | X | X |
| [DeferUpgradePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) |Specify upgrade delays for up to 8 months. | X | X | X | X | X |
-| [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X |
+| [DetectionFrequency](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X |
| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | | X |
-| [EngagedRestartDeadline](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X |
-| [EngagedRestartSnoozeSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X |
-| [EngagedRestartTransitionSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X |
-| [FillEmptyContentUrls](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | | X |
+| [EngagedRestartDeadline](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X |
+| [EngagedRestartDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X |
+| [EngagedRestartSnoozeSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X |
+| [EngagedRestartSnoozeScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X |
+| [EngagedRestartTransitionSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X |
+| [EngagedRestartTransitionScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X |
+| [ExcludeWUDriversInQualityUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | X | | X | | X |
+| [FillEmptyContentUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | | X |
| ManagePreviewBuilds | Use to enable or disable preview builds. | X | X | X | X | X |
| PhoneUpdateRestrictions | Deprecated | | X | | | |
-| [RequireDeferUpgrade](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X |
-| [ScheduledInstallDay](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | X | X | X | X | X |
+| [RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X |
+| [ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | X | X | X | X | X |
| [ScheduledInstallEveryWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | X | X | X | X | X |
| [ScheduledInstallFirstWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallFourthWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | X | X | X | X | X |
-| [ScheduledInstallTime](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X |
-| [ScheduleImminentRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | | X ||
-| [ScheduleRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | | X |
-| [SetAutoRestartNotificationDisable](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | | X |
-| [SetEDURestart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | | X |
-| [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | X | X | X | X | X |
-| [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | X | X | X | X | X |
+| [ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X |
+| [ScheduleImminentRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | | X ||
+| [ScheduleRestartWarning](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | | X |
+| [SetAutoRestartNotificationDisable](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | | X |
+| [SetDisablePauseUXAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | X | X | X | | X |
+| [SetDisableUXWUAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | X | X | X | | X |
+| [SetEDURestart](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | | X |
+| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | X | X | X | | X |
+| [UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | X | X | X | X | X |
+| [UpdateServiceUrlAlternate](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | X | X | X | X | X |
## WiFi
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAutoConnectToWiFiSenseHotspots](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | X | X | | | |
-| [AllowInternetSharing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | X | X | | | |
-| [AllowManualWiFiConfiguration](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | X | | | |
-| [AllowWiFi](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | X | | | |
-| [WLANScanMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | X | X |
+| [AllowAutoConnectToWiFiSenseHotspots](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | X | X | | | |
+| [AllowInternetSharing](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | X | X | | | |
+| [AllowManualWiFiConfiguration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | X | | | |
+| [AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | X | | | |
+| [WLANScanMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | X | X |
## WindowsInkWorkspace
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowSuggestedAppsInWindowsInkWorkspace](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | X | | | | |
-| [AllowWindowsInkWorkspace](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | X | | | | |
+| [AllowSuggestedAppsInWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | X | | | | |
+| [AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | X | | | | |
## WindowsLogon
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [HideFastUserSwitching](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | X | | | | |
+| [HideFastUserSwitching](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | X | | | | |
## WirelessDisplay
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | X | X | | | |
\ No newline at end of file
+| [AllowUserInputFromWirelessDisplayReceiver](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | X | X | | | |
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 8cc91e3ca4..73739a9e70 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -16,7 +16,6 @@ ms.date: 10/16/2017
Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.
-
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 3eb2ee43c6..436c29160d 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -19,7 +19,7 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | X | X | X | | X |
+| All settings | X | X | X | | |
## ConvertibleSlateModePromptPreference
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 9102c70cbe..7ca1ec138a 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 09/06/2017
+ms.date: 10/02/2018
---
# UnifiedWriteFilter (reference)
@@ -39,6 +39,13 @@ The overlay does not mirror the entire volume, but dynamically grows to keep tra
Set to **True** to enable UWF.
+## OverlayFlags
+
+OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not be redirected to the overlay file. Enabling this setting helps conserve space on the overlay file.
+
+- Value `0` (default value when [OverlayType](#overlaytype) is not **Disk**): writes are redirected to the overlay file
+- Value `1`(default value when [OverlayType](#overlaytype) is **Disk**): writes to unused space on the volume are allowed to pass through without being redirected to the overlay file.
+
## OverlaySize
Enter the maximum overlay size, in megabytes (MB), for the UWF overlay. The minimum value for maximum overlay size is 1024.
@@ -58,6 +65,10 @@ Use **Add** to add a registry entry to the exclusion list after you restart the
Use **Remove** to remove a registry entry from the exclusion list after you restart the device.
+## ResetPersistentState
+
+Set to **True** to reset UWF settings to the original state that was captured at installation time.
+
## Volumes
Enter a drive letter for a volume to be protected by UWF.
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index 0a2c9c16eb..d5455b7f01 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -8,14 +8,11 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 07/19/2018
+ms.date: 10/02/2018
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 546e98f694..1064831115 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 04/30/2018
+ms.date: 10/02/2018
---
# WLAN (reference)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 57c84d177d..6ddc8bd462 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -22,7 +22,6 @@ This section describes the settings that you can configure in [provisioning pack
[AccountManagement](wcd-accountmanagement.md) | | | | X | |
| [Accounts](wcd-accounts.md) | X | X | X | X | X |
| [ADMXIngestion](wcd-admxingestion.md) | X | | | | |
-| [ApplicationManagement](wcd-applicationmanagement.md) | | | | | X |
| [AssignedAccess](wcd-assignedaccess.md) | X | | | X | |
| [AutomaticTime](wcd-automatictime.md) | | X | | | |
| [Browser](wcd-browser.md) | X | X | X | X | |
@@ -33,7 +32,7 @@ This section describes the settings that you can configure in [provisioning pack
| [Certificates](wcd-certificates.md) | X | X | X | X | X |
| [CleanPC](wcd-cleanpc.md) | X | | | | |
| [Connections](wcd-connections.md) | X | X | X | X | |
-| [ConnectivityProfiles](wcd-connectivityprofiles.md) | X | X | X | X | X |
+| [ConnectivityProfiles](wcd-connectivityprofiles.md) | X | X | X | X | |
| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | X | |
| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | X | | | | |
| [DeveloperSetup](wcd-developersetup.md) | | | | X | |
@@ -49,7 +48,9 @@ This section describes the settings that you can configure in [provisioning pack
| [HotSpot](wcd-hotspot.md) | X | X | X | X | X |
| [InitialSetup](wcd-initialsetup.md) | | X | | | |
| [InternetExplorer](wcd-internetexplorer.md) | | X | | | |
+| [KioskBrowser](wcd-kioskbrowser.md) | | | | | X |
| [Licensing](wcd-licensing.md) | X | | | | |
+| [Location](wcd-location.md) | | | | | X |
| [Maps](wcd-maps.md) |X | X | X | X | |
| [Messaging](wcd-messaging.md) | | X | | | |
| [ModemConfigurations](wcd-modemconfigurations.md) | | X | | | |
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index 085675fdde..a229e2df1a 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -5,6 +5,7 @@
## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
## Basic level Windows diagnostic data events and fields
+### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
### [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
new file mode 100644
index 0000000000..634376dd9a
--- /dev/null
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -0,0 +1,4661 @@
+---
+description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
+title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10)
+keywords: privacy, telemetry
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: high
+author: brianlic-msft
+ms.author: brianlic
+ms.date: 09/10/2018
+---
+
+
+# Windows 10, version 1809 basic level Windows diagnostic events and fields
+
+ **Applies to**
+
+- Windows 10, version 1809
+
+
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
+
+The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
+
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
+
+You can learn more about Windows functional and diagnostic data through these articles:
+
+
+- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
+- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
+- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
+
+
+## AppLocker events
+
+### Microsoft.Windows.Security.AppLockerCSP.ActivityStoppedAutomatically
+
+Automatically closed activity for start/stop operations that aren't explicitly closed.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddParams
+
+Parameters passed to Add function of the AppLockerCSP Node.
+
+The following fields are available:
+
+- **child** The child URI of the node to add.
+- **uri** URI of the node relative to %SYSTEM32%/AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStart
+
+Start of "Add" Operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStop
+
+End of "Add" Operation for AppLockerCSP Node.
+
+The following fields are available:
+
+- **hr** The HRESULT returned by Add function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback
+
+Result of the 'Rollback' operation in AppLockerCSP.
+
+The following fields are available:
+
+- **oldId** Previous id for the CSP transaction.
+- **txId** Current id for the CSP transaction.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearParams
+
+Parameters passed to the "Clear" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **uri** The URI relative to the %SYSTEM32%\AppLocker folder.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStart
+
+Start of the "Clear" operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStop
+
+End of the "Clear" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT reported at the end of the 'Clear' function.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart
+
+Start of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **NotifyState** State sent by ConfigManager to AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop
+
+End of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the ConfigManagerNotification function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams
+
+Parameters passed to the CreateNodeInstance function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **NodeId** NodeId passed to CreateNodeInstance.
+- **nodeOps** NodeOperations parameter passed to CreateNodeInstance.
+- **uri** URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart
+
+Start of the "CreateNodeInstance" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop
+
+End of the "CreateNodeInstance" operation for the AppLockerCSP node
+
+The following fields are available:
+
+- **hr** HRESULT returned by the CreateNodeInstance function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams
+
+Parameters passed to the DeleteChild function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **child** The child URI of the node to delete.
+- **uri** URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart
+
+Start of the "DeleteChild" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop
+
+End of the "DeleteChild" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the DeleteChild function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies
+
+Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present.
+
+The following fields are available:
+
+- **uri** URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams
+
+Parameters passed to the GetChildNodeNames function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **uri** URI relative to %SYSTEM32%/AppLocker for MDM node.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart
+
+Start of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop
+
+End of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **child[0]** If function succeeded, the first child's name, else "NA".
+- **count** If function succeeded, the number of child node names returned by the function, else 0.
+- **hr** HRESULT returned by the GetChildNodeNames function of AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetLatestId
+
+The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID).
+
+The following fields are available:
+
+- **dirId** The latest directory identifier found by GetLatestId.
+- **id** The id returned by GetLatestId if id > 0 - otherwise the dirId parameter.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.HResultException
+
+HRESULT thrown by any arbitrary function in AppLockerCSP.
+
+The following fields are available:
+
+- **file** File in the OS code base in which the exception occurs.
+- **function** Function in the OS code base in which the exception occurs.
+- **hr** HRESULT that is reported.
+- **line** Line in the file in the OS code base in which the exception occurs.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueParams
+
+Parameters passed to the SetValue function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **dataLength** Length of the value to set.
+- **uri** The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStart
+
+Start of the "SetValue" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStop
+
+End of the "SetValue" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the SetValue function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies
+
+EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed.
+
+The following fields are available:
+
+- **uri** URI for node relative to %SYSTEM32%/AppLocker.
+
+
+## Appraiser events
+
+### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
+
+This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client.
+
+The following fields are available:
+
+- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers.
+- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers.
+- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS4Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_TH1** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device.
+- **DatasourceDevicePnp_RS2** The count of DatasourceApplicationFile objects present on this machine targeting the next release of Windows
+- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
+- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_TH1** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device.
+- **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device.
+- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device.
+- **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS4Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_TH1** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoBlock_RS2** The count of DatasourceDevicePnp objects present on this machine targeting the next release of Windows
+- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS2** The count of DatasourceDriverPackage objects present on this machine targeting the next release of Windows
+- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device.
+- **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device.
+- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device.
+- **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS4Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_TH1** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_TH2** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_TH1** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device.
+- **DecisionDevicePnp_RS2** The count of DataSourceMatchingInfoBlock objects present on this machine targeting the next release of Windows
+- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device.
+- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_TH1** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_TH2** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device.
+- **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device.
+- **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_TH1** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device.
+- **DecisionMatchingInfoBlock_RS2** The count of DataSourceMatchingInfoPassive objects present on this machine targeting the next release of Windows
+- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS2** The count of DataSourceMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows
+- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device.
+- **DecisionMediaCenter_RS2** The count of DatasourceSystemBios objects present on this machine targeting the next release of Windows
+- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_TH1** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_TH2** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device.
+- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 present on this device.
+- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
+- **DecisionSystemBios_RS4Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device.
+- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
+- **InventorySystemBios** The count of the number of this particular object type present on this device.
+- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
+- **PCFP** The count of the number of this particular object type present on this device.
+- **SystemMemory** The count of the number of this particular object type present on this device.
+- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device.
+- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device.
+- **SystemProcessorNx** The count of the number of this particular object type present on this device.
+- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device.
+- **SystemProcessorSse2** The count of the number of this particular object type present on this device.
+- **SystemTouch** The count of the number of this particular object type present on this device.
+- **SystemWim** The count of the number of this particular object type present on this device.
+- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
+- **SystemWlan** The count of the number of this particular object type present on this device.
+- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
+- **Wmdrm_RS2** The count of InventoryLanguagePack objects present on this machine.
+- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
+- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
+- **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device.
+- **Wmdrm_TH1** The count of the number of this particular object type present on this device.
+- **Wmdrm_TH2** The count of the number of this particular object type present on this device.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
+
+Represents the basic metadata about specific application files installed on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **AvDisplayName** If the app is an anti-virus app, this is its display name.
+- **CompatModelIndex** The compatibility prediction for this file.
+- **HasCitData** Indicates whether the file is present in CIT data.
+- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
+- **IsAv** Is the file an anti-virus reporting EXE?
+- **ResolveAttempted** This will always be an empty string when sending telemetry.
+- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
+
+This event indicates that the DatasourceApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
+
+This event indicates that a new set of DatasourceApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
+
+This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **ActiveNetworkConnection** Indicates whether the device is an active network device.
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **IsBootCritical** Indicates whether the device boot is critical.
+- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update.
+- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver.
+- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
+
+This event indicates that the DatasourceDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
+
+This event indicates that a new set of DatasourceDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
+
+This event sends compatibility database data about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
+
+This event indicates that a new set of DatasourceDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
+
+This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
+
+This event indicates that the DataSourceMatchingInfoBlock object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
+
+This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
+
+This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
+
+This event indicates that the DataSourceMatchingInfoPassive object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
+
+This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
+
+This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
+
+This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
+
+This event indicates that the DatasourceSystemBios object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
+
+This event indicates that a new set of DatasourceSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
+
+This event sends compatibility decision data about a file to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS.
+- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
+- **DisplayGenericMessage** Will be a generic message be shown for this file?
+- **HardBlock** This file is blocked in the SDB.
+- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB?
+- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
+- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
+- **NeedsDismissAction** Will the file cause an action that can be dimissed?
+- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
+- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade?
+- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app.
+- **NeedsUninstallAction** The file must be uninstalled to complete the upgrade.
+- **SdbBlockUpgrade** The file is tagged as blocking upgrade in the SDB,
+- **SdbBlockUpgradeCanReinstall** The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
+- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
+- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
+- **SoftBlock** The file is softblocked in the SDB and has a warning.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
+
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
+
+This event indicates that a new set of DecisionApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
+
+This event sends compatibility decision data about a PNP device to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **AssociatedDriverIsBlocked** Is the driver associated with this PNP device blocked?
+- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate?
+- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked?
+- **BlockingDevice** Is this PNP device blocking upgrade?
+- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS?
+- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device?
+- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device?
+- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
+- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
+- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
+- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden?
+- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
+- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
+- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
+- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
+
+This event indicates that the DecisionDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
+
+The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
+
+This event sends decision data about driver package compatibility to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+- **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block?
+- **DriverIsDriverBlocked** Is the driver package blocked because of a driver block?
+- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade?
+- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
+
+This event indicates that the DecisionDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
+
+This event indicates that a new set of DecisionDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
+
+This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessage** Will a generic message be shown for this block?
+- **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block?
+- **SdbBlockUpgrade** Is a matching info block blocking upgrade?
+- **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag?
+- **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove
+
+This event indicates that the DecisionMatchingInfoBlock object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
+
+This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
+
+This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks?
+- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove
+
+This event Indicates that the DecisionMatchingInfoPassive object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
+
+This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app?
+- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade?
+- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app?
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
+
+This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
+
+This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **BlockingApplication** Is there any application issues that interfere with upgrade due to Windows Media Center?
+- **MediaCenterActivelyUsed** If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
+- **MediaCenterIndicators** Do any indicators imply that Windows Media Center is in active use?
+- **MediaCenterInUse** Is Windows Media Center actively being used?
+- **MediaCenterPaidOrActivelyUsed** Is Windows Media Center actively being used or is it running on a supported edition?
+- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
+
+This event indicates that the DecisionMediaCenter object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
+
+This event indicates that a new set of DecisionMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
+
+This event sends compatibility decision data about the BIOS to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device blocked from upgrade due to a BIOS block?
+- **HasBiosBlock** Does the device have a BIOS block?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
+
+This event indicates that the DecisionSystemBios object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
+
+This event indicates that a new set of DecisionSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.GatedRegChange
+
+This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
+
+The following fields are available:
+
+- **NewData** The data in the registry value after the scan completed.
+- **OldData** The previous data in the registry value before the scan ran.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **RegKey** The registry key name for which a result is being sent.
+- **RegValue** The registry value for which a result is being sent.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
+
+This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **AvDisplayName** If the app is an antivirus app, this is its display name.
+- **AvProductState** Indicates whether the antivirus program is turned on and the signatures are up to date.
+- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
+- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
+- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
+- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
+- **CompanyName** The company name of the vendor who developed this file.
+- **FileId** A hash that uniquely identifies a file.
+- **FileVersion** The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file.
+- **IsAv** Indicates whether the file an antivirus reporting EXE.
+- **LinkDate** The date and time that this file was linked on.
+- **LowerCaseLongPath** The full file path to the file that was inventoried on the device.
+- **Name** The name of the file that was inventoried.
+- **ProductName** The Product name field from the file metadata under Properties -> Details.
+- **ProductVersion** The Product version field from the file metadata under Properties -> Details.
+- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it.
+- **Size** The size of the file (in hexadecimal bytes).
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
+
+This event indicates that the InventoryApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
+
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
+
+This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **HasLanguagePack** Indicates whether this device has 2 or more language packs.
+- **LanguagePackCount** The number of language packs are installed.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
+
+This event indicates that the InventoryLanguagePack object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
+
+This event indicates that a new set of InventoryLanguagePackAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
+
+This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **EverLaunched** Has Windows Media Center ever been launched?
+- **HasConfiguredTv** Has the user configured a TV tuner through Windows Media Center?
+- **HasExtendedUserAccounts** Are any Windows Media Center Extender user accounts configured?
+- **HasWatchedFolders** Are any folders configured for Windows Media Center to watch?
+- **IsDefaultLauncher** Is Windows Media Center the default app for opening music or video files?
+- **IsPaid** Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
+- **IsSupported** Does the running OS support Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
+
+This event indicates that the InventoryMediaCenter object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
+
+This event indicates that a new set of InventoryMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
+
+This event sends basic metadata about the BIOS to determine whether it has a compatibility block.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **biosDate** The release date of the BIOS in UTC format.
+- **BiosDate** The release date of the BIOS in UTC format.
+- **biosName** The name field from Win32_BIOS.
+- **BiosName** The name field from Win32_BIOS.
+- **manufacturer** The manufacturer field from Win32_ComputerSystem.
+- **Manufacturer** The manufacturer field from Win32_ComputerSystem.
+- **model** The model field from Win32_ComputerSystem.
+- **Model** The model field from Win32_ComputerSystem.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
+
+This event indicates that the InventorySystemBios object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
+
+This event indicates that a new set of InventorySystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
+
+This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BootCritical** Is the driver package marked as boot critical?
+- **Build** The build value from the driver package.
+- **CatalogFile** The name of the catalog file within the driver package.
+- **Class** The device class from the driver package.
+- **ClassGuid** The device class unique ID from the driver package.
+- **Date** The date from the driver package.
+- **Inbox** Is the driver package of a driver that is included with Windows?
+- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
+- **Provider** The provider of the driver package.
+- **PublishedName** The name of the INF file after it was renamed.
+- **Revision** The revision of the driver package.
+- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
+- **VersionMajor** The major version of the driver package.
+- **VersionMinor** The minor version of the driver package.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
+
+This event indicates that the InventoryUplevelDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
+
+This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.RunContext
+
+This event indicates what should be expected in the data payload.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
+
+This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device from upgrade due to memory restrictions?
+- **MemoryRequirementViolated** Was a memory requirement violated?
+- **pageFile** The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
+- **ram** The amount of memory on the device.
+- **ramKB** The amount of memory (in KB).
+- **virtual** The size of the user-mode portion of the virtual address space of the calling process (in bytes).
+- **virtualKB** The amount of virtual memory (in KB).
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
+
+This event that the SystemMemory object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
+
+This event indicates that a new set of SystemMemoryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
+
+This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **CompareExchange128Support** Does the CPU support CompareExchange128?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
+
+This event indicates that the SystemProcessorCompareExchange object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
+
+This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
+
+This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **LahfSahfSupport** Does the CPU support LAHF/SAHF?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
+
+This event indicates that the SystemProcessorLahfSahf object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
+
+This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
+
+This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **NXDriverResult** The result of the driver used to do a non-deterministic check for NX support.
+- **NXProcessorSupport** Does the processor support NX?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
+
+This event indicates that the SystemProcessorNx object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
+
+This event indicates that a new set of SystemProcessorNxAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
+
+This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **PrefetchWSupport** Does the processor support PrefetchW?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
+
+This event indicates that the SystemProcessorPrefetchW object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
+
+This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
+
+This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **SSE2ProcessorSupport** Does the processor support SSE2?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
+
+This event indicates that the SystemProcessorSse2 object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
+
+This event indicates that a new set of SystemProcessorSse2Add events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchAdd
+
+This event sends data indicating whether the system supports touch, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IntegratedTouchDigitizerPresent** Is there an integrated touch digitizer?
+- **MaximumTouches** The maximum number of touch points supported by the device hardware.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchRemove
+
+This event indicates that the SystemTouch object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
+
+This event indicates that a new set of SystemTouchAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimAdd
+
+This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IsWimBoot** Is the current operating system running from a compressed WIM file?
+- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimRemove
+
+This event indicates that the SystemWim object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimStartSync
+
+This event indicates that a new set of SystemWimAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
+
+This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **WindowsIsLicensedApiValue** The result from the API that's used to indicate if operating system is activated.
+- **WindowsNotActivatedDecision** Is the current operating system activated?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove
+
+This event indicates that the SystemWindowsActivationStatus object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
+
+This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver** Does the device have an emulated WLAN driver?
+- **WlanExists** Does the device support WLAN at all?
+- **WlanModulePresent** Are any WLAN modules present?
+- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanRemove
+
+This event indicates that the SystemWlan object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
+
+This event indicates that a new set of SystemWlanAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
+
+This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
+- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
+- **AuxFinal** Obsolete, always set to false.
+- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
+- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
+- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
+- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
+- **InboxDataVersion** The original version of the data files before retrieving any newer version.
+- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated.
+- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
+- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
+- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
+- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
+- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
+- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
+- **RunResult** The hresult of the Appraiser telemetry run.
+- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
+- **StoreHandleIsNotNull** Obsolete, always set to false
+- **TelementrySent** Indicates if telemetry was successfully sent.
+- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
+- **Time** The client time of the event.
+- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
+- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmAdd
+
+This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Same as NeedsDismissAction.
+- **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
+- **WmdrmApiResult** Raw value of the API used to gather DRM state.
+- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
+- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased.
+- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed.
+- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses.
+- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmRemove
+
+This event indicates that the Wmdrm object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmStartSync
+
+This event indicates that a new set of WmdrmAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+## Census events
+
+### Census.App
+
+Provides information on IE and Census versions running on the device
+
+The following fields are available:
+
+- **AppraiserEnterpriseErrorCode** The error code of the last Appraiser enterprise run.
+- **AppraiserErrorCode** The error code of the last Appraiser run.
+- **AppraiserRunEndTimeStamp** The end time of the last Appraiser run.
+- **AppraiserRunIsInProgressOrCrashed** Flag that indicates if the Appraiser run is in progress or has crashed.
+- **AppraiserRunStartTimeStamp** The start time of the last Appraiser run.
+- **AppraiserTaskEnabled** Whether the Appraiser task is enabled.
+- **AppraiserTaskExitCode** The Appraiser task exist code.
+- **AppraiserTaskLastRun** The last runtime for the Appraiser task.
+- **CensusVersion** The version of Census that generated the current data for this device.
+- **IEVersion** IE version running on the device.
+
+
+### Census.Battery
+
+This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalBatteryCapablities** Represents information about what the battery is capable of doing.
+- **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity to estimate the battery's wear.
+- **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh.
+- **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
+- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
+
+
+### Census.Camera
+
+This event sends data about the resolution of cameras on the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FrontFacingCameraResolution** Represents the resolution of the front facing camera in megapixels. If a front facing camera does not exist, then the value is 0.
+- **RearFacingCameraResolution** Represents the resolution of the rear facing camera in megapixels. If a rear facing camera does not exist, then the value is 0.
+
+
+### Census.Enterprise
+
+This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment.
+
+The following fields are available:
+
+- **AADDeviceId** Azure Active Directory device ID.
+- **AzureOSIDPresent** Represents the field used to identify an Azure machine.
+- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
+- **CDJType** Represents the type of cloud domain joined for the machine.
+- **CommercialId** Represents the GUID for the commercial entity which the device is a member of. Will be used to reflect insights back to customers.
+- **ContainerType** The type of container, such as process or virtual machine hosted.
+- **EnrollmentType** Defines the type of MDM enrollment on the device.
+- **HashedDomain** The hashed representation of the user domain used for login.
+- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false
+- **IsDERequirementMet** Represents if the device can do device encryption.
+- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption
+- **IsDomainJoined** Indicates whether a machine is joined to a domain.
+- **IsEDPEnabled** Represents if Enterprise data protected on the device.
+- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
+- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+
+
+### Census.Firmware
+
+This event sends data about the BIOS and startup embedded in the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FirmwareManufacturer** Represents the manufacturer of the device's firmware (BIOS).
+- **FirmwareReleaseDate** Represents the date the current firmware was released.
+- **FirmwareType** Represents the firmware type. The various types can be unknown, BIOS, UEFI.
+- **FirmwareVersion** Represents the version of the current firmware.
+
+
+### Census.Flighting
+
+This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DeviceSampleRate** The telemetry sample rate assigned to the device.
+- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
+- **FlightIds** A list of the different Windows Insider builds on this device.
+- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
+- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
+- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
+- **SSRK** Retrieves the mobile targeting settings.
+
+
+### Census.Hardware
+
+This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActiveMicCount** The number of active microphones attached to the device.
+- **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
+- **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields.
+- **D3DMaxFeatureLevel** Supported Direct3D version.
+- **DeviceForm** Indicates the form as per the device classification.
+- **DeviceName** The device name that is set by the user.
+- **DigitizerSupport** Is a digitizer supported?
+- **DUID** The device unique ID.
+- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
+- **InventoryId** The device ID used for compatibility testing.
+- **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
+- **NFCProximity** Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
+- **OEMDigitalMarkerFileName** The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
+- **OEMManufacturerName** The device manufacturer name. The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
+- **OEMModelBaseBoard** The baseboard model used by the OEM.
+- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices.
+- **OEMModelName** The device model name.
+- **OEMModelNumber** The device model number.
+- **OEMModelSKU** The device edition that is defined by the manufacturer.
+- **OEMModelSystemFamily** The system family set on the device by an OEM.
+- **OEMModelSystemVersion** The system model version set on the device by the OEM.
+- **OEMOptionalIdentifier** A Microsoft assigned value that represents a specific OEM subsidiary.
+- **OEMSerialNumber** The serial number of the device that is set by the manufacturer.
+- **PhoneManufacturer** The friendly name of the phone manufacturer.
+- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
+- **SoCName** The firmware manufacturer of the device.
+- **StudyID** Used to identify retail and non-retail device.
+- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
+- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
+- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
+- **TPMManufacturerId** The ID of the TPM manufacturer.
+- **TPMManufacturerVersion** The version of the TPM manufacturer.
+- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
+- **VoiceSupported** Does the device have a cellular radio capable of making voice calls?
+
+
+### Census.Memory
+
+This event sends data about the memory on the device, including ROM and RAM, to help keep Windows up to date.
+
+The following fields are available:
+
+- **TotalPhysicalRAM** Represents the physical memory (in MB).
+- **TotalVisibleMemory** Represents the memory that is not reserved by the system.
+
+
+### Census.Network
+
+This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors), to help keep Windows up to date.
+
+The following fields are available:
+
+- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MEID** Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
+- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MNC1** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MobileOperatorBilling** Represents the telephone company that provides services for mobile phone users.
+- **MobileOperatorCommercialized** Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
+- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **NetworkAdapterGUID** The GUID of the primary network adapter.
+- **NetworkCost** Represents the network cost associated with a connection.
+- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+
+
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the Contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
+- **FindMyDevice** Current state of the "find my device" setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **LocationHistoryCloudSync** Current state of the location history cloud sync setting.
+- **LocationHistoryOnTimeline** Current state of the location history on timeline setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.Processor
+
+Provides information on several important data points about Processor settings
+
+The following fields are available:
+
+- **KvaShadow** Microcode info of the processor.
+- **MMSettingOverride** Microcode setting of the processor.
+- **MMSettingOverrideMask** Microcode setting override of the processor.
+- **PreviousUpdateRevision** Previous microcode revision
+- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system.
+- **ProcessorClockSpeed** Clock speed of the processor in MHz.
+- **ProcessorCores** Number of logical cores in the processor.
+- **ProcessorIdentifier** Processor Identifier of a manufacturer.
+- **ProcessorManufacturer** Name of the processor manufacturer.
+- **ProcessorModel** Name of the processor model.
+- **ProcessorPhysicalCores** Number of physical cores in the processor.
+- **ProcessorUpdateRevision** Microcode revision
+- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
+- **SocketCount** Count of CPU sockets.
+- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability.
+
+
+### Census.Security
+
+This event provides information on about security settings used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
+- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
+- **DGState** This field summarizes the Device Guard state.
+- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
+- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
+- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
+- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
+- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
+- **SModeState** The Windows S mode trail state.
+- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
+
+
+### Census.Speech
+
+This event is used to gather basic speech settings on the device.
+
+The following fields are available:
+
+- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KeyVer** Version information for the census speech event.
+- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device.
+- **SpeechServicesValueSource** Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference.
+
+
+### Census.Storage
+
+This event sends data about the total capacity of the system volume and primary disk, to help keep Windows up to date.
+
+The following fields are available:
+
+- **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB.
+- **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
+- **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB.
+
+
+### Census.Userdefault
+
+This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
+- **DefaultBrowserProgId** The ProgramId of the current user's default browser.
+
+
+### Census.UserDisplay
+
+This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalPrimaryDisplayLogicalDPIX** Retrieves the logical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayLogicalDPIY** Retrieves the logical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIX** Retrieves the physical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIY** Retrieves the physical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayResolutionHorizontal** Retrieves the number of pixels in the horizontal direction of the internal display.
+- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display.
+- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
+- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
+- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine
+- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine.
+- **VRAMDedicated** Retrieves the video RAM in MB.
+- **VRAMDedicatedSystem** Retrieves the amount of memory on the dedicated video card.
+- **VRAMSharedSystem** Retrieves the amount of RAM memory that the video card can use.
+
+
+### Census.UserNLS
+
+This event sends data about the default app language, input, and display language preferences set by the user, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DefaultAppLanguage** The current user Default App Language.
+- **DisplayLanguage** The current user preferred Windows Display Language.
+- **HomeLocation** The current user location, which is populated using GetUserGeoId() function.
+- **KeyboardInputLanguages** The Keyboard input languages installed on the device.
+- **SpeechInputLanguages** The Speech Input languages installed on the device.
+
+
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **InkTypePersonalization** Current state of the inking and typing personalization setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **LocationHistoryCloudSync** Current state of the location history cloud synchronization setting.
+- **LocationHistoryOnTimeline** Current state of the location history on timeline setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.VM
+
+This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within.
+- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor.
+- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present.
+- **IsVDI** Is the device using Virtual Desktop Infrastructure?
+- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
+- **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
+- **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware.
+
+
+### Census.WU
+
+This event sends data about the Windows update server and other App store policies, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading.
+- **AppStoreAutoUpdate** Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
+- **AppStoreAutoUpdateMDM** Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
+- **AppStoreAutoUpdatePolicy** Retrieves the Microsoft Store App Auto Update group policy setting
+- **DelayUpgrade** Retrieves the Windows upgrade flag for delaying upgrades.
+- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it?
+- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update?
+- **OSAssessmentForQualityUpdate** Is the device on the latest quality update?
+- **OSAssessmentForSecurityUpdate** Is the device on the latest security update?
+- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it?
+- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment.
+- **OSRollbackCount** The number of times feature updates have rolled back on the device.
+- **OSRolledBack** A flag that represents when a feature update has rolled back during setup.
+- **OSUninstalled** A flag that represents when a feature update is uninstalled on a device .
+- **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device.
+- **OSWUAutoUpdateOptionsSource** The source of auto update setting that appears in the OSWUAutoUpdateOptions field. For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
+- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently.
+- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS).
+- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates.
+- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades.
+- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network.
+- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier.
+- **WUPauseState** Retrieves WU setting to determine if updates are paused.
+- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
+
+
+### Census.Xbox
+
+This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
+
+The following fields are available:
+
+- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console.
+- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console.
+- **XboxLiveDeviceId** Retrieves the unique device ID of the console.
+- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft.
+
+
+## Common data extensions
+
+### Common Data Extensions.app
+
+Describes the properties of the running application. This extension could be populated by a client app or a web app.
+
+The following fields are available:
+
+- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
+- **env** The environment from which the event was logged.
+- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
+- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
+- **locale** The locale of the app.
+- **name** The name of the app.
+- **userId** The userID as known by the application.
+- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
+
+
+### Common Data Extensions.container
+
+Describes the properties of the container for events logged within a container.
+
+The following fields are available:
+
+- **epoch** An ID that's incremented for each SDK initialization.
+- **localId** The device ID as known by the client.
+- **osVer** The operating system version.
+- **seq** An ID that's incremented for each event.
+- **type** The container type. Examples: Process or VMHost
+
+
+### Common Data Extensions.cs
+
+Describes properties related to the schema of the event.
+
+The following fields are available:
+
+- **sig** A common schema signature that identifies new and modified event schemas.
+
+
+### Common Data Extensions.device
+
+Describes the device-related fields.
+
+The following fields are available:
+
+- **deviceClass** The device classification. For example, Desktop, Server, or Mobile.
+- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
+- **make** Device manufacturer.
+- **model** Device model.
+
+
+### Common Data Extensions.Envelope
+
+Represents an envelope that contains all of the common data extensions.
+
+The following fields are available:
+
+- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries.
+- **data** Represents the optional unique diagnostic data for a particular event schema.
+- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
+- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
+- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
+- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
+- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
+- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
+- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
+- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
+- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
+- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
+- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
+- **iKey** Represents an ID for applications or other logical groupings of events.
+- **name** Represents the uniquely qualified name for the event.
+- **popSample** Represents the effective sample rate for this event at the time it was generated by a client.
+- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.os
+
+Describes some properties of the operating system.
+
+The following fields are available:
+
+- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
+- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
+- **locale** Represents the locale of the operating system.
+- **name** Represents the operating system name.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.receipts
+
+Represents various time information as provided by the client and helps for debugging purposes.
+
+The following fields are available:
+
+- **originalTime** The original event time.
+- **uploadTime** The time the event was uploaded.
+
+
+### Common Data Extensions.sdk
+
+Used by platform specific libraries to record fields that are required for a specific SDK.
+
+The following fields are available:
+
+- **epoch** An ID that is incremented for each SDK initialization.
+- **installId** An ID that's created during the initialization of the SDK for the first time.
+- **libVer** The SDK version.
+- **seq** An ID that is incremented for each event.
+
+
+### Common Data Extensions.user
+
+Describes the fields related to a user.
+
+The following fields are available:
+
+- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
+- **locale** The language and region.
+- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
+
+
+### Common Data Extensions.utc
+
+Describes the properties that could be populated by a logging library on Windows.
+
+The following fields are available:
+
+- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
+- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number
+- **cat** Represents a bitmask of the ETW Keywords associated with the event.
+- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
+- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **flags** Represents the bitmap that captures various Windows specific flags.
+- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
+- **op** Represents the ETW Op Code.
+- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
+- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
+
+
+### Common Data Extensions.xbl
+
+Describes the fields that are related to XBOX Live.
+
+The following fields are available:
+
+- **claims** Any additional claims whose short claim name hasn't been added to this structure.
+- **did** XBOX device ID
+- **dty** XBOX device type
+- **dvr** The version of the operating system on the device.
+- **eid** A unique ID that represents the developer entity.
+- **exp** Expiration time
+- **ip** The IP address of the client device.
+- **nbf** Not before time
+- **pid** A comma separated list of PUIDs listed as base10 numbers.
+- **sbx** XBOX sandbox identifier
+- **sid** The service instance ID.
+- **sty** The service type.
+- **tid** The XBOX Live title ID.
+- **tvr** The XBOX Live title version.
+- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
+- **xid** A list of base10-encoded XBOX User IDs.
+
+
+## Common data fields
+
+### Ms.Device.DeviceInventoryChange
+
+Describes the installation state for all hardware and software components available on a particular device.
+
+The following fields are available:
+
+- **action** The change that was invoked on a device inventory object.
+- **inventoryId** Device ID used for Compatibility testing
+- **objectInstanceId** Object identity which is unique within the device scope.
+- **objectType** Indicates the object type that the event applies to.
+- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
+
+## Component-based servicing events
+
+### CbsServicingProvider.CbsLateAcquisition
+
+This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **Features** The list of feature packages that could not be updated.
+- **RetryID** The ID identifying the retry attempt to update the listed packages.
+
+
+## Deployment extensions
+
+### DeploymentTelemetry.Deployment_End
+
+This event indicates that a Deployment 360 API has completed.
+
+The following fields are available:
+
+- **ClientId** Client ID of the user utilizing the D360 API.
+- **ErrorCode** Error code of action.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **Mode** Phase in upgrade.
+- **RelatedCV** The correction vector (CV) of any other related events
+- **Result** End result of the action.
+
+
+### DeploymentTelemetry.Deployment_SetupBoxLaunch
+
+This event indicates that the Deployment 360 APIs have launched Setup Box.
+
+The following fields are available:
+
+- **ClientId** The client ID of the user utilizing the D360 API.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **Quiet** Whether Setup will run in quiet mode or full mode.
+- **RelatedCV** The correlation vector (CV) of any other related events.
+- **SetupMode** The current setup phase.
+
+
+### DeploymentTelemetry.Deployment_SetupBoxResult
+
+This event indicates that the Deployment 360 APIs have received a return from Setup Box.
+
+The following fields are available:
+
+- **ClientId** Client ID of the user utilizing the D360 API.
+- **ErrorCode** Error code of the action.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **Quiet** Indicates whether Setup will run in quiet mode or full mode.
+- **RelatedCV** The correlation vector (CV) of any other related events.
+- **SetupMode** The current Setup phase.
+
+
+### DeploymentTelemetry.Deployment_Start
+
+This event indicates that a Deployment 360 API has been called.
+
+The following fields are available:
+
+- **ClientId** Client ID of the user utilizing the D360 API.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **Mode** The current phase of the upgrade.
+- **RelatedCV** The correlation vector (CV) of any other related events.
+
+
+## Diagnostic data events
+
+### TelClientSynthetic.AbnormalShutdown_0
+
+This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event.
+- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in.
+- **BatteryLevelAtLastShutdown** The last recorded battery level.
+- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown.
+- **CrashDumpEnabled** Are crash dumps enabled?
+- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
+- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
+- **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware.
+- **Firmwaredata->ResetReasonEmbeddedControllerAdditional** Additional data related to reset reason provided by the firmware.
+- **Firmwaredata->ResetReasonPch** The reset reason that was supplied by the hardware.
+- **Firmwaredata->ResetReasonPchAdditional** Additional data related to the reset reason supplied by the hardware.
+- **Firmwaredata->ResetReasonSupplied** Indicates whether the firmware supplied any reset reason or not.
+- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
+- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
+- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
+- **LastBugCheckBootId** bootId of the last captured crash.
+- **LastBugCheckCode** Code that indicates the type of error.
+- **LastBugCheckContextFlags** Additional crash dump settings.
+- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
+- **LastBugCheckOtherSettings** Other crash dump settings.
+- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
+- **LastBugCheckProgress** Progress towards writing out the last crash dump.
+- **LastBugCheckVersion** The version of the information struct written during the crash.
+- **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown.
+- **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button.
+- **OOBEInProgress** Identifies if OOBE is running.
+- **OSSetupInProgress** Identifies if the operating system setup is running.
+- **PowerButtonCumulativePressCount** How many times has the power button been pressed?
+- **PowerButtonCumulativeReleaseCount** How many times has the power button been released?
+- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record power button metrics.
+- **PowerButtonLastPressBootId** BootId of the last time the power button was pressed.
+- **PowerButtonLastPressTime** Date and time of the last time the power button was pressed.
+- **PowerButtonLastReleaseBootId** BootId of the last time the power button was released.
+- **PowerButtonLastReleaseTime** Date and time of the last time the power button was released.
+- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
+- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed.
+- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on.
+- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
+- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
+- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition.
+- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file.
+- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid.
+- **StaleBootStatData** Identifies if the data from bootstat is stale.
+- **TransitionInfoBootId** BootId of the captured transition info.
+- **TransitionInfoCSCount** l number of times the system transitioned from Connected Standby mode.
+- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode.
+- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode.
+- **TransitionInfoCSInProgress** At the time the last marker was saved, the system was in or entering Connected Standby mode.
+- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp,
+- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
+- **TransitionInfoLidState** Describes the state of the laptop lid.
+- **TransitionInfoPowerButtonTimestamp** The date and time of the last time the power button was pressed.
+- **TransitionInfoSleepInProgress** At the time the last marker was saved, the system was in or entering sleep mode.
+- **TransitionInfoSleepTranstionsToOn** Total number of times the device transitioned from sleep mode.
+- **TransitionInfoSystemRunning** At the time the last marker was saved, the device was running.
+- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
+- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
+- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
+- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
+- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
+- **VirtualMachineId** If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
+
+
+### TelClientSynthetic.HeartBeat_5
+
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+
+The following fields are available:
+
+- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel.
+- **CensusExitCode** The last exit code of the Census task.
+- **CensusStartTime** Time of last Census run.
+- **CensusTaskEnabled** True if Census is enabled, false otherwise.
+- **CompressedBytesUploaded** Number of compressed bytes uploaded.
+- **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client.
+- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer.
+- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling.
+- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB.
+- **DbCriticalDroppedCount** Total number of dropped critical events in event DB.
+- **DbDroppedCount** Number of events dropped due to DB fullness.
+- **DbDroppedFailureCount** Number of events dropped due to DB failures.
+- **DbDroppedFullCount** Number of events dropped due to DB fullness.
+- **DecodingDroppedCount** Number of events dropped due to decoding failures.
+- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated.
+- **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session.
+- **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client.
+- **EventsPersistedCount** Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC.
+- **EventStoreResetCounter** Number of times event DB was reset.
+- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance.
+- **EventsUploaded** Number of events uploaded.
+- **Flags** Flags indicating device state such as network state, battery state, and opt-in state.
+- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full.
+- **HeartBeatSequenceNumber** The sequence number of this heartbeat.
+- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex.
+- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel.
+- **LastEventSizeOffender** Event name of last event which exceeded max event size.
+- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
+- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe.
+- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC.
+- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
+- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
+- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
+- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers.
+- **TopUploaderErrors** List of top errors received from the upload endpoint.
+- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client.
+- **UploaderErrorCount** Number of errors received from the upload endpoint.
+- **VortexFailuresTimeout** The number of timeout failures received from Vortex.
+- **VortexHttpAttempts** Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+
+
+### TelClientSynthetic.HeartBeat_Aria_5
+
+This event is the telemetry client ARIA heartbeat.
+
+The following fields are available:
+
+- **CompressedBytesUploaded** Number of compressed bytes uploaded.
+- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer.
+- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database.
+- **DbCriticalDroppedCount** Total number of dropped critical events in event database.
+- **DbDroppedCount** Number of events dropped at the database layer.
+- **DbDroppedFailureCount** Number of events dropped due to database failures.
+- **DbDroppedFullCount** Number of events dropped due to database being full.
+- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated.
+- **EventsPersistedCount** Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter** Number of times the event store has been reset.
+- **EventStoreResetCounter** Number of times the event store has been reset during this heartbeat.
+- **EventStoreResetSizeSum** Size of event store reset in bytes.
+- **EventsUploaded** Number of events uploaded.
+- **HeartBeatSequenceNumber** The sequence number of this heartbeat.
+- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex.
+- **LastEventSizeOffender** Event name of last event which exceeded max event size.
+- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
+- **PreviousHeartBeatTime** The FILETIME of the previous heartbeat fire.
+- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
+- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures** Number of failures from contacting OneSettings service.
+- **TopUploaderErrors** List of top errors received from the upload endpoint.
+- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client.
+- **UploaderErrorCount** Number of errors received from the upload endpoint.
+- **VortexFailuresTimeout** Number of time out failures received from Vortex.
+- **VortexHttpAttempts** Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+
+
+### TelClientSynthetic.HeartBeat_Seville_5
+
+This event is sent by the universal telemetry client (UTC) as a heartbeat signal for Sense.
+
+The following fields are available:
+
+- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host or agent channel.
+- **CompressedBytesUploaded** Number of compressed bytes uploaded.
+- **ConsumerDroppedCount** Number of events dropped at consumer layer of the telemetry client.
+- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer.
+- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling.
+- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database.
+- **DailyUploadQuotaInBytes** Daily upload quota for Sense in bytes (only in in-proc mode).
+- **DbCriticalDroppedCount** Total number of dropped critical events in event database.
+- **DbDroppedCount** Number of events dropped due to database being full.
+- **DbDroppedFailureCount** Number of events dropped due to database failures.
+- **DbDroppedFullCount** Number of events dropped due to database being full.
+- **DecodingDroppedCount** Number of events dropped due to decoding failures.
+- **DiskSizeInBytes** Size of event store for Sense in bytes (only in in-proc mode).
+- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated.
+- **EtwDroppedBufferCount** Number of buffers dropped in the universal telemetry client (UTC) event tracing for Windows (ETW) session.
+- **EtwDroppedCount** Number of events dropped at the event tracing for Windows (ETW) layer of telemetry client.
+- **EventsPersistedCount** Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter** Number of times event the database was reset for the lifetime of the universal telemetry client (UTC).
+- **EventStoreResetCounter** Number of times the event database was reset.
+- **EventStoreResetSizeSum** Total size of the event database across all resets reports in this instance.
+- **EventsUploaded** Number of events uploaded.
+- **Flags** Flags indicating device state, such as network state, battery state, and opt-in state.
+- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full.
+- **HeartBeatSequenceNumber** The sequence number of this heartbeat.
+- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex.
+- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel.
+- **LastEventSizeOffender** Event name of last event which exceeded the maximum event size.
+- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
+- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe.
+- **NormalUploadTimerMillis** Number of milliseconds between each upload of normal events for SENSE (only in in-proc mode).
+- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
+- **RepeatedUploadFailureDropped** Number of events lost due to repeated failed uploaded attempts.
+- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures** Number of failures from contacting the OneSettings service.
+- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers.
+- **TopUploaderErrors** Top uploader errors, grouped by endpoint and error type.
+- **UploaderDroppedCount** Number of events dropped at the uploader layer of the telemetry client.
+- **UploaderErrorCount** Number of input for the TopUploaderErrors mode estimation.
+- **VortexFailuresTimeout** Number of time out failures received from Vortex.
+- **VortexHttpAttempts** Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+
+
+## Direct to update events
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
+
+This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call.
+
+The following fields are available:
+
+- **CampaignID** ID of the campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run
+- **ClientID** Client ID being run
+- **CoordinatorVersion** Coordinator version of DTU
+- **CV** Correlation vector
+- **hResult** HRESULT of the failure
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess
+
+This event indicates that the Coordinator Cleanup call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run
+- **ClientID** Client ID being run
+- **CoordinatorVersion** Coordinator version of DTU
+- **CV** Correlation vector
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess
+
+This event indicates that the Coordinator Commit call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure
+
+This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess
+
+This event indicates that the Coordinator Download call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator HandleShutdown call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinate version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess
+
+This event indicates that the Coordinator HandleShutdown call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess
+
+This event indicates that the Coordinator Initialize call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure
+
+This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess
+
+This event indicates that the Coordinator Install call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack
+
+This event indicates that the Coordinator's progress callback has been called.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **DeployPhase** Current Deploy Phase.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess
+
+This event indicates that the Coordinator SetCommitReady call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiNotShown
+
+This event indicates that the Coordinator WaitForRebootUi call succeeded.
+
+The following fields are available:
+
+- **CampaignID** Campaign ID being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection
+
+This event indicates that the user selected an option on the Reboot UI.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **rebootUiSelection** Selection on the Reboot UI.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess
+
+This event indicates that the Coordinator WaitForRebootUi call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call.
+
+The following fields are available:
+
+- **CampaignID** ID of the campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess
+
+This event indicates that the Handler CheckApplicabilityInternal call succeeded.
+
+The following fields are available:
+
+- **ApplicabilityResult** The result of the applicability check.
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess
+
+This event indicates that the Handler CheckApplicability call succeeded.
+
+The following fields are available:
+
+- **ApplicabilityResult** The result code indicating whether the update is applicable.
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **CV_new** New correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess
+
+This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **CV_new** New correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess
+
+This event indicates that the Handler Commit call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.run
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **CV_new** New correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure
+
+This event indicates that the Handler Download and Extract cab call failed.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **DownloadAndExtractCabFunction_failureReason** Reason why the update download and extract process failed.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess
+
+This event indicates that the Handler Download and Extract cab call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess
+
+This event indicates that the Handler Download call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extract.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess
+
+This event indicates that the Handler Initialize call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extraction.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess
+
+This event indicates that the Coordinator Install call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess
+
+This event indicates that the Handler SetCommitReady call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure
+
+This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call.
+
+The following fields are available:
+
+- **CampaignID** The ID of the campaigning being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+- **hResult** The HRESULT of the failure.
+
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess
+
+This event indicates that the Handler WaitForRebootUi call succeeded.
+
+The following fields are available:
+
+- **CampaignID** ID of the campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
+## Inventory events
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
+
+This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object.
+
+The following fields are available:
+
+- **DeviceCensus** A count of device census objects in cache.
+- **DriverPackageExtended** A count of driverpackageextended objects in cache.
+- **FileSigningInfo** A count of file signing objects in cache.
+- **InventoryApplication** A count of application objects in cache.
+- **InventoryApplicationAppV** A count of application AppV objects in cache.
+- **InventoryApplicationDriver** A count of application driver objects in cache
+- **InventoryApplicationFile** A count of application file objects in cache.
+- **InventoryApplicationFramework** A count of application framework objects in cache
+- **InventoryApplicationShortcut** A count of application shortcut objects in cache
+- **InventoryDeviceContainer** A count of device container objects in cache.
+- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache.
+- **InventoryDeviceMediaClass** A count of device media objects in cache.
+- **InventoryDevicePnp** A count of device Plug and Play objects in cache.
+- **InventoryDeviceUsbHubClass** A count of device usb objects in cache
+- **InventoryDriverBinary** A count of driver binary objects in cache.
+- **InventoryDriverPackage** A count of device objects in cache.
+- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache
+- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache.
+- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache
+- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache
+- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache
+- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache
+- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache
+- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache
+- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache
+- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache
+
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheFileInfo
+
+Diagnostic data about the inventory cache.
+
+The following fields are available:
+
+- **CacheFileSize** Size of the cache.
+- **InventoryVersion** Inventory version of the cache.
+- **TempCacheCount** Number of temp caches created.
+- **TempCacheDeletedCount** Number of temp caches deleted.
+
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
+
+This event sends inventory component versions for the Device Inventory data.
+
+The following fields are available:
+
+- **aeinv** The version of the App inventory component.
+- **devinv** The file version of the Device inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
+
+This event sends basic metadata about an application on the system to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
+- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
+- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00
+- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array.
+- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Language** The language code of the program.
+- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
+- **MsiProductCode** A GUID that describe the MSI Product.
+- **Name** The name of the application.
+- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install.
+- **PackageFullName** The package full name for a Store application.
+- **ProgramInstanceId** A hash of the file IDs in an app.
+- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field.
+- **RootDirPath** The path to the root directory where the program was installed.
+- **Source** How the program was installed (for example, ARP, MSI, Appx).
+- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
+- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
+- **Version** The version number of the program.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents what drivers an application installs.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component
+- **ProgramIds** The unique program identifier the driver is associated with
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
+
+The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
+
+This event provides the basic metadata about the frameworks an application may depend on.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **FileId** A hash that uniquely identifies a file.
+- **Frameworks** The list of frameworks this file depends on.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
+
+This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
+
+This event indicates that a new set of InventoryApplicationAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
+
+This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Categories** A comma separated list of functional categories in which the container belongs.
+- **DiscoveryMethod** The discovery method for the device container.
+- **FriendlyName** The name of the device container.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **IsActive** Is the device connected, or has it been seen in the last 14 days?
+- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
+- **IsMachineContainer** Is the container the root device itself?
+- **IsNetworked** Is this a networked device?
+- **IsPaired** Does the device container require pairing?
+- **Manufacturer** The manufacturer name for the device container.
+- **ModelId** A unique model ID.
+- **ModelName** The model name.
+- **ModelNumber** The model number for the device container.
+- **PrimaryCategory** The primary category for the device container.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
+
+This event indicates that the InventoryDeviceContainer object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
+
+This event indicates that a new set of InventoryDeviceContainerAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
+
+This event retrieves information about what sensor interfaces are available on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Accelerometer3D** Indicates if an Accelerator3D sensor is found.
+- **ActivityDetection** Indicates if an Activity Detection sensor is found.
+- **AmbientLight** Indicates if an Ambient Light sensor is found.
+- **Barometer** Indicates if a Barometer sensor is found.
+- **Custom** Indicates if a Custom sensor is found.
+- **EnergyMeter** Indicates if an Energy sensor is found.
+- **FloorElevation** Indicates if a Floor Elevation sensor is found.
+- **GeomagneticOrientation** Indicates if a Geo Magnetic Orientation sensor is found.
+- **GravityVector** Indicates if a Gravity Detector sensor is found.
+- **Gyrometer3D** Indicates if a Gyrometer3D sensor is found.
+- **Humidity** Indicates if a Humidity sensor is found.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **LinearAccelerometer** Indicates if a Linear Accelerometer sensor is found.
+- **Magnetometer3D** Indicates if a Magnetometer3D sensor is found.
+- **Orientation** Indicates if an Orientation sensor is found.
+- **Pedometer** Indicates if a Pedometer sensor is found.
+- **Proximity** Indicates if a Proximity sensor is found.
+- **RelativeOrientation** Indicates if a Relative Orientation sensor is found.
+- **SimpleDeviceOrientation** Indicates if a Simple Device Orientation sensor is found.
+- **Temperature** Indicates if a Temperature sensor is found.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
+
+This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
+
+This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Audio_CaptureDriver** The Audio device capture driver endpoint.
+- **Audio_RenderDriver** The Audio device render driver endpoint.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
+
+This event indicates that the InventoryDeviceMediaClassRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
+
+This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
+
+This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BusReportedDescription** The description of the device reported by the bux.
+- **Class** The device setup class of the driver loaded for the device.
+- **ClassGuid** The device class GUID from the driver package
+- **COMPID** The device setup class guid of the driver loaded for the device.
+- **ContainerId** The list of compat ids for the device.
+- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
+- **DeviceState** The device description.
+- **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
+- **DriverName** A unique identifier for the driver installed.
+- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage
+- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
+- **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage.
+- **Enumerator** The date of the driver loaded for the device.
+- **HWID** The version of the driver loaded for the device.
+- **Inf** The bus that enumerated the device.
+- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
+- **InventoryVersion** List of hardware ids for the device.
+- **LowerClassFilters** Lower filter class drivers IDs installed for the device
+- **LowerFilters** Lower filter drivers IDs installed for the device
+- **Manufacturer** INF file name (the name could be renamed by OS, such as oemXX.inf)
+- **MatchingID** Device installation state.
+- **Model** The version of the inventory binary generating the events.
+- **ParentId** Lower filter class drivers IDs installed for the device.
+- **ProblemCode** Lower filter drivers IDs installed for the device.
+- **Provider** The device manufacturer.
+- **Service** The device service name
+- **STACKID** Represents the hardware ID or compatible ID that Windows uses to install a device instance.
+- **UpperClassFilters** Upper filter drivers IDs installed for the device
+- **UpperFilters** The device model.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
+
+This event indicates that the InventoryDevicePnpRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
+
+This event sends basic metadata about the USB hubs on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+- **TotalUserConnectablePorts** Total number of connectable USB ports.
+- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
+
+This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
+
+This event provides the basic metadata about driver binaries running on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **DriverCheckSum** The checksum of the driver file.
+- **DriverCompany** The company name that developed the driver.
+- **DriverInBox** Is the driver included with the operating system?
+- **DriverIsKernelMode** Is it a kernel mode driver?
+- **DriverName** The file name of the driver.
+- **DriverPackageStrongName** The strong name of the driver package
+- **DriverSigned** The strong name of the driver package
+- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file.
+- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
+- **DriverVersion** The version of the driver file.
+- **ImageSize** The size of the driver file.
+- **Inf** The name of the INF file.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Product** The product name that is included in the driver file.
+- **ProductVersion** The product version that is included in the driver file.
+- **Service** The name of the service that is installed for the device.
+- **WdfVersion** The Windows Driver Framework version.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
+
+This event indicates that the InventoryDriverBinary object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
+
+This event indicates that a new set of InventoryDriverBinaryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
+
+This event sends basic metadata about drive packages installed on the system to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Class** The class name for the device driver.
+- **ClassGuid** The class GUID for the device driver.
+- **Date** The driver package date.
+- **Directory** The path to the driver package.
+- **DriverInBox** Is the driver included with the operating system?
+- **Inf** The INF name of the driver package.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Provider** The provider for the driver package.
+- **SubmissionId** The HLK submission ID for the driver package.
+- **Version** The version of the driver package.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
+
+This event indicates that the InventoryDriverPackageRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
+
+This event indicates that a new set of InventoryDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
+
+This event sends details collected for a specific application on the source device.
+
+The following fields are available:
+
+- **AhaVersion** The binary version of the App Health Analyzer tool.
+- **ApplicationErrors** The count of application errors from the event log.
+- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit).
+- **device_level** Various JRE/JAVA versions installed on a particular device.
+- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type.
+- **Jar** Flag to determine if an app has a Java JAR file dependency.
+- **Jre** Flag to determine if an app has JRE framework dependency.
+- **Jre_version** JRE versions an app has declared framework dependency for.
+- **Name** Name of the application.
+- **NonDPIAware** Flag to determine if an app is non-DPI aware.
+- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location.
+- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution.
+- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution.
+- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility.
+- **VB6** Flag to determine if an app is based on VB6 framework.
+- **VB6v2** Additional flag to determine if an app is based on VB6 framework.
+- **Version** Version of the application.
+- **VersionCheck** Flag to determine if an app has a static dependency on OS version.
+- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version.
+
+
+### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
+
+This event indicates the beginning of a series of AppHealthStaticAdd events.
+
+The following fields are available:
+
+- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument.
+- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable.
+- **Enhanced** Indicates the presence of the 'enhanced' command line argument.
+- **StartTime** UTC date and time at which this event was sent.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
+
+Provides data on the installed Office Add-ins.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AddinCLSID** The CLSID for the Office add-in.
+- **AddInId** Office add-in ID.
+- **AddinType** Office add-in Type.
+- **BinFileTimestamp** Timestamp of the Office add-in.
+- **BinFileVersion** Version of the Office add-in.
+- **Description** Office add-in description.
+- **FileId** FileId of the Office add-in.
+- **FileSize** File size of the Office add-in.
+- **FriendlyName** Friendly name for office add-in.
+- **FullPath** Unexpanded path to the office add-in.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **LoadBehavior** Uint32 that describes the load behavior.
+- **OfficeApplication** The office application for this add-in.
+- **OfficeArchitecture** Architecture of the add-in.
+- **OfficeVersion** The office version for this add-in.
+- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this add-in.
+- **ProductCompany** The name of the company associated with the Office add-in.
+- **ProductName** The product name associated with the Office add-in.
+- **ProductVersion** The version associated with the Office add-in.
+- **ProgramId** The unique program identifier of the Office add-in.
+- **Provider** Name of the provider for this add-in.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd
+
+Provides data on the Office identifiers.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OMID** Identifier for the Office SQM Machine
+- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit
+- **OTenantId** Unique GUID representing the Microsoft O365 Tenant
+- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000
+- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows)
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd
+
+Provides data on Office-related Internet Explorer features.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature.
+- **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files.
+- **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeMimeSniffing** Flag indicating which Microsoft Office products have this setting enabled. Determines a file's type by examining its bit signature. Windows Internet Explorer uses this information to determine how to render the file. The FEATURE_MIME_SNIFFING feature, when enabled, allows to be set differently for each security zone by using the URLACTION_FEATURE_MIME_SNIFFING URL action flag
+- **OIeNoAxInstall** Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request
+- **OIeNoDownload** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeObjectCaching** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts
+- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords
+- **OIeSafeBind** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control
+- **OIeSecurityBand** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted
+- **OIeUncSaveCheck** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC)
+- **OIeValidateUrl** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_VALIDATE_NAVIGATE_URL feature control prevents Windows Internet Explorer from navigating to a badly formed URL
+- **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior
+- **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows
+- **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd
+
+This event provides insight data on the installed Office products
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OfficeApplication** The name of the Office application.
+- **OfficeArchitecture** The bitness of the Office application.
+- **OfficeVersion** The version of the Office application.
+- **Value** The insights collected about this entity.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync
+
+This diagnostic event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd
+
+Describes Office Products installed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OC2rApps** A GUID the describes the Office Click-To-Run apps
+- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus
+- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word
+- **OProductCodes** A GUID that describes the Office MSI products
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd
+
+This event describes various Office settings
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BrowserFlags** Browser flags for Office-related products.
+- **ExchangeProviderFlags** Provider policies for Office Exchange.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **SharedComputerLicensing** Office shared computer licensing policies.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
+
+Indicates a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd
+
+This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Design** Count of files with design issues found.
+- **Design_x64** Count of files with 64 bit design issues found.
+- **DuplicateVBA** Count of files with duplicate VBA code.
+- **HasVBA** Count of files with VBA code.
+- **Inaccessible** Count of files that were inaccessible for scanning.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **Issues** Count of files with issues detected.
+- **Issues_x64** Count of files with 64-bit issues detected.
+- **IssuesNone** Count of files with no issues detected.
+- **IssuesNone_x64** Count of files with no 64-bit issues detected.
+- **Locked** Count of files that were locked, preventing scanning.
+- **NoVBA** Count of files with no VBA inside.
+- **Protected** Count of files that were password protected, preventing scanning.
+- **RemLimited** Count of files that require limited remediation changes.
+- **RemLimited_x64** Count of files that require limited remediation changes for 64-bit issues.
+- **RemSignificant** Count of files that require significant remediation changes.
+- **RemSignificant_x64** Count of files that require significant remediation changes for 64-bit issues.
+- **Score** Overall compatibility score calculated for scanned content.
+- **Score_x64** Overall 64-bit compatibility score calculated for scanned content.
+- **Total** Total number of files scanned.
+- **Validation** Count of files that require additional manual validation.
+- **Validation_x64** Count of files that require additional manual validation for 64-bit issues.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd
+
+This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Count** Count of total Microsoft Office VBA rule violations
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
+
+Provides data on Unified Update Platform (UUP) products and what version they are at.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Identifier** UUP identifier
+- **LastActivatedVersion** Last activated version
+- **PreviousVersion** Previous version
+- **Source** UUP source
+- **Version** UUP version
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.Checksum
+
+This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events.
+
+The following fields are available:
+
+- **ChecksumDictionary** A count of each operating system indicator.
+- **PCFP** Equivalent to the InventoryId field that is found in other core events.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
+
+These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **IndicatorValue** The indicator value.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
+
+This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
+
+This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+## Kernel events
+
+### IO
+
+This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
+
+The following fields are available:
+
+- **BytesRead** The total number of bytes read from or read by the OS upon system startup.
+- **BytesWritten** The total number of bytes written to or written by the OS upon system startup.
+
+
+### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
+
+OS information collected during Boot, used to evaluate the success of the upgrade process.
+
+The following fields are available:
+
+- **BootApplicationId** This field tells us what the OS Loader Application Identifier is.
+- **BootAttemptCount** The number of consecutive times the boot manager has attempted to boot into this operating system.
+- **BootSequence** The current Boot ID, used to correlate events related to a particular boot session.
+- **BootStatusPolicy** Identifies the applicable Boot Status Policy.
+- **BootType** Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
+- **EventTimestamp** Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
+- **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware.
+- **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonPch** Reason for system reset provided by firmware.
+- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware.
+- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
+- **LastBootSucceeded** Flag indicating whether the last boot was successful.
+- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful.
+- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb.
+- **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb.
+- **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
+- **MeasuredLaunchResume** This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation.
+- **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
+- **RecoveryEnabled** Indicates whether recovery is enabled.
+- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot.
+- **TcbLaunch** Indicates whether the Trusted Computing Base was used during the boot flow.
+- **UserInputTime** The amount of time the loader application spent waiting for user input.
+
+
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience.
+
+The following fields are available:
+
+- **presentationVersion** Which display version of the privacy consent experience the user completed
+- **privacyConsentState** The current state of the privacy consent experience
+- **settingsVersion** Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason** The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+Event tells us effectiveness of new privacy experience.
+
+The following fields are available:
+
+- **isAdmin** whether the person who is logging in is an admin
+- **isExistingUser** whether the account existed in a downlevel OS
+- **isLaunching** Whether or not the privacy consent experience will be launched
+- **isSilentElevation** whether the user has most restrictive UAC controls
+- **privacyConsentState** whether the user has completed privacy experience
+- **userRegionCode** The current user's region setting
+
+
+## Software update events
+
+### SoftwareUpdateClientTelemetry.CheckForUpdates
+
+Scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BranchReadinessLevel** The servicing branch configured on the device.
+- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
+- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
+- **CurrentMobileOperator** The mobile operator the device is currently connected to.
+- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
+- **DeferredUpdates** Update IDs which are currently being deferred until a later time
+- **DeviceModel** What is the device model.
+- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered.
+- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled.
+- **DriverSyncPassPerformed** Were drivers scanned this time?
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **ExtendedMetadataCabUrl** Hostname that is used to download an update.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan.
+- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan.
+- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days).
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days).
+- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device.
+- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MSIError** The last error that was encountered during a scan for updates.
+- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
+- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete
+- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked
+- **NumberOfLoop** The number of round trips the scan required
+- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan
+- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan
+- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **PausedUpdates** A list of UpdateIds which that currently being paused.
+- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days).
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days).
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **ScanDurationInSeconds** The number of seconds a scan took
+- **ScanEnqueueTime** The number of seconds it took to initialize a scan
+- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
+- **ServiceUrl** The environment URL a device is configured to scan with
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan the event was
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down.
+- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Download
+
+Download process event for target update on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActiveDownloadTime** Number of seconds the update was actively being downloaded.
+- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload.
+- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded.
+- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client.
+- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - only the content required to launch the app is being downloaded; "AutomaticContentOnly" - only the optional [automatic] content for the app (the ones that can downloaded after the app has been launched) is being downloaded; "AllContent" - all content for the app, including the optional [automatic] content, is being downloaded.
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
+- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download.
+- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. This value can be one of the following: (1) express download method was used for download; (2) SelfContained download method was used for download indicating the update had no express content; (3) SelfContained download method was used indicating that the update has an express payload, but the server is not hosting it; (4) SelfContained download method was used indicating that range requests are not supported; (5) SelfContained download method was used indicating that the system does not support express download (dpx.dll is not present); (6) SelfContained download method was used indicating that self-contained download method was selected previously; (7) SelfContained download method was used indicating a fall back to self-contained if the number of requests made by DPX exceeds a certain threshold.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
+- **ConnectTime** Indicates the cumulative sum (in seconds) of the time it took to establish the connection for all updates in an update bundle.
+- **CurrentMobileOperator** The mobile operator the device is currently connected to.
+- **DeviceModel** What is the device model.
+- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
+- **DownloadProps** Indicates a bitmask for download operations indicating: (1) if an update was downloaded to a system volume (least significant bit i.e. bit 0); (2) if the update was from a channel other than the installed channel (bit 1); (3) if the update was for a product pinned by policy (bit 2); (4) if the deployment action for the update is uninstall (bit 3).
+- **DownloadType** Differentiates the download type of SIH downloads between Metadata and Payload downloads.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight.
+- **FlightId** The specific ID of the flight (pre-release build) the device is getting.
+- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **HostName** The hostname URL the content is downloading from.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6.
+- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **NetworkCost** A flag indicating the cost of the network used for downloading the update content. The values can be: 0x0 (Unkown); 0x1 (Network cost is unrestricted); 0x2 (Network cost is fixed); 0x4 (Network cost is variable); 0x10000 (Network cost over data limit); 0x20000 (Network cost congested); 0x40000 (Network cost roaming); 0x80000 (Network cost approaching data limit).
+- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
+- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
+- **PackageFullName** The package name of the content.
+- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
+- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
+- **RegulationReason** The reason that the update is regulated
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
+- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
+- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded.
+- **TotalExpectedBytes** The total count of bytes that the download is expected to be.
+- **UpdateId** An identifier associated with the specific piece of content.
+- **UpdateID** An identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedDO** Whether the download used the delivery optimization service.
+- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Install
+
+This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
+
+The following fields are available:
+
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
+- **CSIErrorType** The stage of CBS installation where it failed.
+- **CurrentMobileOperator** The mobile operator to which the device is currently connected.
+- **DeviceModel** The device model.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program.
+- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **FlightRing** The ring that a device is on if participating in the Windows Insider Program.
+- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update).
+- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether this update is a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
+- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
+- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
+- **MsiAction** The stage of MSI installation where it failed.
+- **MsiProductCode** The unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content being installed.
+- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced.
+- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
+- **RevisionNumber** The revision number of this specific piece of content.
+- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** The ID that represents a given MSI installation.
+- **UpdateId** Unique update ID.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Revert
+
+Revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation that failed.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **EventType** Event type (Child, Bundle, Release, or Driver).
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** The identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.TaskRun
+
+Start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed).
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CmdLineArgs** Command line arguments passed in by the caller.
+- **EventInstanceID** A globally unique identifier for the event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.Uninstall
+
+Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.).
+- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateDetected
+
+This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates.
+
+The following fields are available:
+
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
+- **WUDeviceID** The unique device ID controlled by the software distribution client.
+
+
+## System Resource Usage Monitor events
+
+### Microsoft.Windows.Srum.Sdp.CpuUsage
+
+This event provides information on CPU usage.
+
+The following fields are available:
+
+- **UsageMax** The maximum of hourly average CPU usage.
+- **UsageMean** The mean of hourly average CPU usage.
+- **UsageMedian** The median of hourly average CPU usage.
+- **UsageTwoHourMaxMean** The mean of the maximum of every two hour of hourly average CPU usage.
+- **UsageTwoHourMedianMean** The mean of the median of every two hour of hourly average CPU usage.
+
+
+### Microsoft.Windows.Srum.Sdp.NetworkUsage
+
+This event provides information on network usage.
+
+The following fields are available:
+
+- **AdapterGuid** The unique ID of the adapter.
+- **BytesTotalMax** The maximum of the hourly average bytes total.
+- **BytesTotalMean** The mean of the hourly average bytes total.
+- **BytesTotalMedian** The median of the hourly average bytes total.
+- **BytesTotalTwoHourMaxMean** The mean of the maximum of every two hours of hourly average bytes total.
+- **BytesTotalTwoHourMedianMean** The mean of the median of every two hour of hourly average bytes total.
+- **LinkSpeed** The adapter link speed.
+
+
+## Upgrade events
+
+### FacilitatorTelemetry.DCATDownload
+
+This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **DownloadSize** Download size of payload.
+- **ElapsedTime** Time taken to download payload.
+- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
+- **ResultCode** Result returned by the Facilitator DCAT call.
+- **Scenario** Dynamic update scenario (Image DU, or Setup DU).
+- **Type** Type of package that was downloaded.
+
+
+### FacilitatorTelemetry.InitializeDU
+
+This event determines whether devices received additional or critical supplemental content during an OS upgrade.
+
+The following fields are available:
+
+- **DCATUrl** The Delivery Catalog (DCAT) URL we send the request to.
+- **DownloadRequestAttributes** The attributes we send to DCAT.
+- **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **Url** The Delivery Catalog (DCAT) URL we send the request to.
+- **Version** Version of Facilitator.
+
+
+### Setup360Telemetry.Setup360DynamicUpdate
+
+This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **Operation** Facilitator's last known operation (scan, download, etc.).
+- **ReportId** ID for tying together events stream side.
+- **ResultCode** Result returned by Setup for the entire operation.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **ScenarioId** Identifies the update scenario.
+- **TargetBranch** Branch of the target OS.
+- **TargetBuild** Build of the target OS.
+
+
+## Windows as a Service diagnostic events
+
+### Microsoft.Windows.WaaSMedic.SummaryEvent
+
+Result of the WaaSMedic operation.
+
+The following fields are available:
+
+- **callerApplication** The name of the calling application.
+- **detectionSummary** Result of each applicable detection that was run.
+- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
+- **hrEngineResult** Error code from the engine operation.
+- **isInteractiveMode** The user started a run of WaaSMedic.
+- **isManaged** Device is managed for updates.
+- **isWUConnected** Device is connected to Windows Update.
+- **noMoreActions** No more applicable diagnostics.
+- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
+- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
+- **usingBackupFeatureAssessment** Relying on backup feature assessment.
+- **usingBackupQualityAssessment** Relying on backup quality assessment.
+- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run.
+- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run.
+- **versionString** Version of the WaaSMedic engine.
+- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
+
+
+## Windows Update events
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
+
+This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **activated** Whether the entire device manifest update is considered activated and in use.
+- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis.
+- **flightId** Unique ID for each flight.
+- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system.
+- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system.
+- **objectId** Unique value for each diagnostics session.
+- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **scenarioId** Indicates the update scenario.
+- **sessionId** Unique value for each update session.
+- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on.
+- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string.
+- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string.
+- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string.
+- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices.
+- **updateId** Unique ID for each Update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
+
+This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **objectId** The unique GUID for each diagnostics session.
+- **relatedCV** A correlation vector value generated from the latest USO scan.
+- **result** Outcome of the initialization of the session.
+- **scenarioId** Identifies the Update scenario.
+- **sessionId** The unique value for each update session.
+- **updateId** The unique identifier for each Update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest
+
+This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted.
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **objectId** Unique value for each Update Agent mode.
+- **packageCountOptional** Number of optional packages requested.
+- **packageCountRequired** Number of required packages requested.
+- **packageCountTotal** Total number of packages needed.
+- **packageCountTotalCanonical** Total number of canonical packages.
+- **packageCountTotalDiff** Total number of diff packages.
+- **packageCountTotalExpress** Total number of express packages.
+- **packageSizeCanonical** Size of canonical packages in bytes.
+- **packageSizeDiff** Size of diff packages in bytes.
+- **packageSizeExpress** Size of express packages in bytes.
+- **rangeRequestState** Represents the state of the download range request.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Result of the download request phase of update.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
+
+This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **flightMetadata** Contains the FlightId and the build being flighted.
+- **objectId** Unique value for each Update Agent mode.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique ID for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall
+
+This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current install phase.
+- **flightId** The unique identifier for each flight.
+- **objectId** The unique identifier for each diagnostics session.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Outcome of the install phase of the update.
+- **scenarioId** The unique identifier for the update scenario.
+- **sessionId** The unique identifier for each update session.
+- **updateId** The unique identifier for each update.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages.
+
+The following fields are available:
+
+- **flightId** The unique identifier for each flight.
+- **mode** The mode that is starting.
+- **objectId** The unique value for each diagnostics session.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique identifier for each update.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog
+
+This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed..
+
+The following fields are available:
+
+- **DeviceLocalTime** The local time on the device sending the event.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that user chose in this dialog box.
+- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel
+
+This event indicates that Windows Update activity was blocked due to low battery level.
+
+The following fields are available:
+
+- **batteryLevel** The current battery charge capacity.
+- **batteryLevelThreshold** The battery capacity threshold to stop update activity.
+- **updatePhase** The current state of the update process.
+- **wuDeviceid** Device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit
+
+This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update.
+
+The following fields are available:
+
+- **wuDeviceid** Device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DTUEnabled
+
+This event indicates that Inbox DTU functionality was enabled.
+
+The following fields are available:
+
+- **wuDeviceid** Device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DTUInitiated
+
+This event indicates that Inbox DTU functionality was intiated.
+
+The following fields are available:
+
+- **dtuErrorCode** Return code from creating the DTU Com Server.
+- **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on.
+- **wuDeviceid** Device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask
+
+This event indicated that USO failed to add a trigger time to a task.
+
+The following fields are available:
+
+- **errorCode** The Windows Update error code.
+- **wuDeviceid** The Windows Update device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.StickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId** Identifier associated with the specific piece of content.
+- **wuDeviceid** Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours
+
+This event indicates that update activity was stopped due to active hours starting.
+
+The following fields are available:
+
+- **activeHoursEnd** The end of the active hours window.
+- **activeHoursStart** The start of the active hours window.
+- **updatePhase** The current state of the update process.
+- **wuDeviceid** The device identifier.
+
+
+### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel
+
+This event is sent when update activity was stopped due to a low battery level.
+
+The following fields are available:
+
+- **batteryLevel** The current battery charge capacity.
+- **batteryLevelThreshold** The battery capacity threshold to stop update activity.
+- **updatePhase** The current state of the update process.
+- **wuDeviceid** The device identifier.
+
+
+### Microsoft.Windows.Update.Orchestrator.UnstickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId** Identifier associated with the specific piece of content.
+- **wuDeviceid** Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask
+
+This event is sent when MUSE broker schedules a task.
+
+The following fields are available:
+
+- **TaskArgument** The arguments with which the task is scheduled.
+- **TaskName** Name of the task.
+
+
+
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index 1766427ef8..dd435f2d40 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -14,6 +14,7 @@ ms.date: 03/13/2018
# Windows 10, version 1709 and newer diagnostic data for the Full level
Applies to:
+- Windows 10, version 1809
- Windows 10, version 1803
- Windows 10, version 1709
@@ -24,17 +25,11 @@ In addition, this article provides references to equivalent definitions for the
The data covered in this article is grouped into the following types:
- Common data (diagnostic header information)
-
- Device, Connectivity, and Configuration data
-
- Product and Service Usage data
-
- Product and Service Performance data
-
- Software Setup and Inventory data
-
- Browsing History data
-
- Inking, Typing, and Speech Utterance data
## Common data
@@ -44,9 +39,23 @@ Most diagnostic events contain a header of common data. In each example, the inf
Header data supports the use of data associated with all diagnostic events. Therefore, Common data is used to [provide](#provide) Windows 10, and may be used to [improve](#improve), [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) Microsoft and third-party products and services, depending on the uses described in the **Data Use** statements for each data category.
### Data Description for Common data type
-|Sub-type|Description and examples|
-|- |- |
-|Common Data|Information that is added to most diagnostic events, if relevant and available:
|
+
+#### Common data type
+
+Information that is added to most diagnostic events, if relevant and available:
+
+- Diagnostic level -- Basic or Full, Sample level -- for sampled data, what sample level is this device opted into (8.2.3.2.4 Observed Usage of the Service Capability)
+- Operating system name, version, build, and locale (8.2.3.2.2 Telemetry data)
+- Event collection time (8.2.3.2.2 Telemetry data)
+- User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic - diagnostic data (8.2.5 Account data)
+- Xbox UserID (8.2.5 Account data)
+- Device ID -- This is not the user provided device name, but an ID that is unique for that device. (8.2.3.2.3 Connectivity data)
+- Device class -- Desktop, Server, or Mobile (8.2.3.2.3 Connectivity data)
+- Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time, such as the amount of time an app is running or between boots of the operating system (8.2.4 Cloud service provider data)
+- Diagnostic event name, Event ID, ETW opcode, version, schema signature, keywords, and flags (8.2.4 Cloud service provider data)
+- HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service (8.2.4 Cloud service provider data)
+- Various IDs that are used to correlate and sequence related events together (8.2.4 Cloud service provider data)
+
## Device, Connectivity, and Configuration data
This type of data includes details about the device, its configuration and connectivity capabilities, and status. Device, Connectivity, and Configuration Data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.3 Connectivity data.
@@ -59,15 +68,11 @@ This type of data includes details about the device, its configuration and conne
- Device, Connectivity, and Configuration data is used to understand the unique device characteristics that can contribute to an error experienced on the device, to identify patterns, and to more quickly resolve problems that impact devices with unique hardware, capabilities, or settings. For example:
- Data about the use of cellular modems and their configuration on your devices is used to troubleshoot cellular modem issues.
-
- Data about the use of USB hubs use and their configuration on your devices is used to troubleshoot USB hub issues.
-
- Data about the use of connected Bluetooth devices is used to troubleshoot compatibility issues with Bluetooth devices.
- Data about device properties, such as the operating system version and available memory, is used to determine whether the device is due to, and able to, receive a Windows update.
-
- Data about device peripherals is used to determine whether a device has installed drivers that might be negatively impacted by a Windows update.
-
- Data about which devices, peripherals, and settings are most-used by customers, is used to prioritize Windows 10 improvements to determine the greatest positive impact to the most Windows 10 users.
**With (optional) Tailored experiences:**
@@ -78,13 +83,91 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
- Data about device capabilities, such as whether the device is pen-enabled, is used to recommend (Microsoft and third-party) apps that are appropriate for the device. These may be free or paid apps.
### Data Description for Device, Connectivity, and Configuration data type
-|Sub-type|Description and examples|
-|- |- |
-|Device properties |Information about the operating system and device hardware, such as:
|
-|Device capabilities|Information about the specific device capabilities, such as:
|
-|Device preferences and settings |Information about the device settings and user preferences, such as:
|
-|Device peripherals |Information about the device peripherals, such as:
|
-|Device network info |Information about the device network configuration, such as:
+
+**Device properties sub-type:** Information about the operating system and device hardware
+
+- Operating system - version name, edition
+- Installation type, subscription status, and genuine operating system status
+- Processor architecture, speed, number of cores, manufacturer, and model
+- OEM details --manufacturer, model, and serial number
+- Device identifier and Xbox serial number
+- Firmware/BIOS operating system -- type, manufacturer, model, and version
+- Memory -- total memory, video memory, speed, and how much memory is available after the device has reserved memory
+- Storage -- total capacity and disk type
+- Battery -- charge capacity and InstantOn support
+- Hardware chassis type, color, and form factor
+- Is this a virtual machine?
+
+**Device capabilities sub-type:** Information about the capabilities of the device
+
+- Camera -- whether the device has a front facing camera, a rear facing camera, or both.
+- Touch screen -- Whether the device has a touch screen? If yes, how many hardware touch points are supported?
+- Processor capabilities -- CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
+- Trusted Platform Module (TPM) -- whether a TPM exists and if yes, what version
+- Virtualization hardware -- whether an IOMMU exists, whether it includes SLAT support, and whether virtualization is enabled in the firmware
+- Voice -- whether voice interaction is supported and the number of active microphones
+- Number of displays, resolutions, and DPI
+- Wireless capabilities
+- OEM or platform face detection
+- OEM or platform video stabilization and quality-level set
+- Advanced Camera Capture mode (HDR versus Low Light), OEM versus platform implementation, HDR probability, and Low Light probability
+
+**Device preferences and settings sub-type:** Information about the device settings and user preferences
+
+- User Settings -- System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
+- User-provided device name
+- Whether device is domain-joined, or cloud-domain joined (for example, part of a company-managed network)
+- Hashed representation of the domain name
+- MDM (mobile device management) enrollment settings and status
+- BitLocker, Secure Boot, encryption settings, and status
+- Windows Update settings and status
+- Developer Unlock settings and status
+- Default app choices
+- Default browser choice
+- Default language settings for app, input, keyboard, speech, and display
+- App store update settings
+- Enterprise OrganizationID, Commercial ID
+
+**Device peripherals sub-type:** Information about the peripherals of the device
+
+- Peripheral name, device model, class, manufacturer, and description
+- Peripheral device state, install state, and checksum
+- Driver name, package name, version, and manufacturer
+- HWID - A hardware vendor-defined ID to match a device to a driver [INF file](https://docs.microsoft.com/windows-hardware/drivers/install/hardware-ids)
+- Driver state, problem code, and checksum
+- Whether driver is kernel mode, signed, and image size
+
+**Device network info sub-type:** Information about the device network configuration
+
+- Network system capabilities
+- Local or Internet connectivity status
+- Proxy, gateway, DHCP, DNS details, and addresses
+- Whether it's a paid or free network
+- Whether the wireless driver is emulated
+- Whether it's access point mode-capable
+- Access point manufacturer, model, and MAC address
+- WDI Version
+- Name of networking driver service
+- Wi-Fi Direct details
+- Wi-Fi device hardware ID and manufacturer
+- Wi-Fi scan attempt and item counts
+- Whether MAC randomization is supported and enabled
+- Number of supported spatial streams and channel frequencies
+- Whether Manual or Auto-connect is enabled
+- Time and result of each connection attempt
+- Airplane mode status and attempts
+- Interface description provided by the manufacturer
+- Data transfer rates
+- Cipher algorithm
+- Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
+- Mobile operator and service provider name
+- Available SSIDs and BSSIDs
+- IP Address type -- IPv4 or IPv6
+- Signal Quality percentage and changes
+- Hotspot presence detection and success rate
+- TCP connection performance
+- Miracast device names
+- Hashed IP address
## Product and Service Usage data
This type of data includes details about the usage of the device, operating system, applications and services. Product and Service Usage data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.4 Observed Usage of the Service Capability.
@@ -95,32 +178,60 @@ This type of data includes details about the usage of the device, operating syst
[Pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
- Data about the specific apps that are in-use when an error occurs is used to troubleshoot and repair issues with Windows features and Microsoft apps.
-
- Data about the specific apps that are most-used by customers, is used to prioritize Windows 10 improvements to determine the greatest positive impact to the most Windows 10 users.
-
- Data about whether devices have Suggestions turned off from the **Settings Phone** screen is to improve the Suggestions feature.
-
- Data about whether a user canceled the authentication process in their browser is used to help troubleshoot issues with and improve the authentication process.
-
- Data about when and what feature invoked Cortana is used to prioritize efforts for improvement and innovation in Cortana.
-
- Data about when a context menu in the photo app is closed is used to troubleshoot and improve the photo app.
**With (optional) Tailored experiences:**
If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
- If data shows that a user has not used a particular feature of Windows, we may recommend that the user try that feature.
-
- Data about which apps are most-used on a device is used to provide recommendations for similar or complementary (Microsoft or third-party) apps. These may be free or paid apps.
### Data Description for Product and Service Usage data type
-|Sub-type|Description and examples |
-|- |- |
-|App usage|Information about Windows and application usage, such as:
|
-|App or product state|Information about Windows and application state, such as:
|
-|Purchasing|Information about purchases made on the device, such as:
|
-|Login properties|Information about logins on the device, such as:
|
+
+**App usage sub-type:** Information about Windows and application usage
+
+- Operating system component and app feature usage
+- User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites
+- Time of and count of app and component launches, duration of use, session GUID, and process ID
+- App time in various states –- running in the foreground or background, sleeping, or receiving active user interaction
+- User interaction method and duration –- whether the user used a keyboard, mouse, pen, touch, speech, or game controller, and for how long
+- Cortana launch entry point and reason
+- Notification delivery requests and status
+- Apps used to edit images and videos
+- SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary lines
+- Incoming and outgoing calls and voicemail usage statistics on primary or secondary lines
+- Emergency alerts are received or displayed statistics
+- Content searches within an app
+- Reading activity -- bookmarked, printed, or had the layout changed
+
+**App or product state sub-type:** Information about Windows and application state
+
+- Start Menu and Taskbar pins
+- Online and offline status
+- App launch state –- with deep-links, such as Groove launching with an audio track to play or MMS launching to share a picture
+- Personalization impressions delivered
+- Whether the user clicked on, or hovered over, UI controls or hotspots
+- User provided feedback, such as Like, Dislike or a rating
+- Caret location or position within documents and media files -- how much has been read in a book in a single session, or how much of a song has been listened to.
+
+**Purchasing sub-type:** Information about purchases made on the device
+
+- Product ID, edition ID and product URI
+- Offer details -- price
+- Date and time an order was requested
+- Microsoft Store client type -- web or native client
+- Purchase quantity and price
+- Payment type -- credit card type and PayPal
+
+**Login properties sub-type:** Information about logins on the device
+
+- Login success or failure
+- Login sessions and state
## Product and Service Performance data
This type of data includes details about the health of the device, operating system, apps, and drivers. Product and Service Performance data is equivalent to ISO/IEC 19944:2017 8.2.3.2.2 EUII Telemetry data.
@@ -131,35 +242,109 @@ This type of data includes details about the health of the device, operating sys
[Pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
- Data about the reliability of content that appears in the [Windows Spotlight](https://docs.microsoft.com/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
-
- Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening peformance.
-
- Timing data about how quickly the facial recognition feature starts up and finishes is used to improve facial recognition performance.
-
- Data about when an Application Window fails to appear is used to investigate issues with Application Window reliability and performance.
**With (optional) Tailored experiences:**
If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users.
- Data about battery performance on a device may be used to recommend settings changes that can improve battery performance.
-
- If data shows a device is running low on file storage, we may recommend Windows-compatible cloud storage solutions to free up space.
-
- If data shows the device is experiencing performance issues, we may provide recommendations for Windows apps that can help diagnose or resolve these issues. These may be free or paid apps.
**Microsoft doesn't use crash and hang dump data to [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) any product or service.**
### Data Description for Product and Service Performance data type
-|Sub-type|Description and examples |
-|- |- |
-|Device health and crash data|Information about the device and software health, such as:
|
-|Device performance and reliability data|Information about the device and software performance, such as:
|
-|Movies|Information about movie consumption functionality on the device. This isn't intended to capture user viewing, listening, or habits.
|
-|Music & TV|Information about music and TV consumption on the device. This isn't intended to capture user viewing, listening, or habits.
|
-|Reading|Information about reading consumption functionality on the device. This isn't intended to capture user viewing, listening, or habits.
|
-|Photos App|Information about photos usage on the device. This isn't intended to capture user viewing, listening, or habits.
|
-|On-device file query |Information about local search activity on the device, such as:
|
-|Entitlements |Information about entitlements on the device, such as:
|
+
+**Device health and crash data sub-type:** Information about the device and software health
+
+- Error codes and error messages, name and ID of the app, and process reporting the error
+- DLL library predicted to be the source of the error -- for example, xyz.dll
+- System generated files -- app or product logs and trace files to help diagnose a crash or hang
+- System settings, such as registry keys
+- User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
+- Details and counts of abnormal shutdowns, hangs, and crashes
+- Crash failure data -- operating system, operating system component, driver, device, and 1st and 3rd-party app data
+- Crash and hang dumps, including:
+ - The recorded state of the working memory at the point of the crash
+ - Memory in-use by the kernel at the point of the crash.
+ - Memory in-use by the application at the point of the crash
+ - All the physical memory used by Windows at the point of the crash
+ - Class and function name within the module that failed.
+
+**Device performance and reliability data sub-type:** Information about the device and software performance
+
+- User interface interaction durations -- Start menu display times, browser tab switch times, app launch and switch times, and Cortana and Search performance and reliability
+- Device on and off performance -- Device boot, shutdown, power on and off, lock and unlock times, and user authentication times (fingerprint and face recognition durations)
+- In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction
+- User input responsiveness -- onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score
+- UI and media performance and glitches versus smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
+- Disk footprint -- Free disk space, out of memory conditions, and disk score
+- Excessive resource utilization -- components impacting performance or battery life through high CPU usage during different screen and power states
+- Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
+- Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness, and environmental response times
+- Device setup -- first setup experience times (time to install updates, install apps, connect to network, and so on), time to recognize connected devices (printer and monitor), and time to set up a Microsoft Account
+- Power and Battery life -- power draw by component (Process/CPU/GPU/Display), hours of time the screen is off, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use while the screen is off, auto-brightness details, time device is plugged into AC versus battery, and battery state transitions
+- Service responsiveness -- Service URI, operation, latency, service success and error codes, and protocol
+- Diagnostic heartbeat -- regular signal used to validate the health of the diagnostics system
+
+**Movies sub-type:** Information about movie consumption functionality on the device
+
+> [!NOTE]
+> This isn't intended to capture user viewing, listening, or habits.
+
+- Video Width, height, color palette, encoding (compression) type, and encryption type
+- Instructions about how to stream content for the user -- the smooth streaming manifest of content file chunks that must be pieced together to stream the content based on screen resolution and bandwidth
+- URL for a specific two-second chunk of content if there is an error
+- Full-screen viewing mode details
+
+**Music & TV sub-type:** Information about music and TV consumption on the device
+
+> [!NOTE]
+> This isn't intended to capture user viewing, listening, or habits.
+
+- Service URL for song being downloaded from the music service -- collected when an error occurs to facilitate restoration of service
+- Content type (video, audio, or surround audio)
+- Local media library collection statistics -- number of purchased tracks and number of playlists
+- Region mismatch -- User's operating system region and Xbox Live region
+
+**Reading sub-type:** Information about reading consumption functionality on the device
+
+> [!NOTE]
+> This isn't intended to capture user viewing, listening, or habits.
+
+- App accessing content and status and options used to open a Microsoft Store book
+- Language of the book
+- Time spent reading content
+- Content type and size details
+
+**Photos app sub-type:** Information about photos usage on the device
+
+> [!NOTE]
+> This isn't intended to capture user viewing, listening, or habits.
+
+- File source data -- local, SD card, network device, and OneDrive
+- Image and video resolution, video length, file sizes types, and encoding
+- Collection view or full screen viewer use and duration of view
+
+**On-device file query sub-type:** Information about local search activity on the device
+
+- Kind of query issued and index type (ConstraintIndex or SystemIndex)
+- Number of items requested and retrieved
+- File extension of search result with which the user interacted
+- Launched item type, file extension, index of origin, and the App ID of the opening app
+- Name of process calling the indexer and the amount of time to service the query
+- A hash of the search scope (file, Outlook, OneNote, or IE history). The state of the indices (fully optimized, partially optimized, or being built)
+
+**Entitlements sub-type:** Information about entitlements on the device
+
+- Service subscription status and errors
+- DRM and license rights details -- Groove subscription or operating system volume license
+- Entitlement ID, lease ID, and package ID of the install package
+- Entitlement revocation
+- License type (trial, offline versus online) and duration
+- License usage session
## Software Setup and Inventory data
This type of data includes software installation and update information on the device. Software Setup and Inventory Data is a sub-type of ISO/IEC 19944:2017 8.2.3.2.4 Observed Usage of the Service Capability.
@@ -170,11 +355,8 @@ This type of data includes software installation and update information on the d
[Pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
- Data about the specific drivers that are installed on a device is used to understand whether there are any hardware or driver compatibility issues which should block or delay a Windows update.
-
- Data about when a download starts and finishes on a device is used to understand and address download problems.
-
- Data about the specific Microsoft Store apps that are installed on a device is used to determine which app updates to provide to the device.
-
- Data about the antimalware installed on a device is used to understand malware transmissions vectors.
**With (optional) Tailored experiences:**
@@ -183,10 +365,28 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
- Data about the specific apps that are installed on a device is used to provide recommendations for similar or complementary apps in the Microsoft Store.
### Data Description for Software Setup and Inventory data type
-|Sub-type|Description and examples |
-|- |- |
-|Installed Applications and Install History|Information about apps, drivers, update packages, or operating system components installed on the device, such as:
|
-|Device update information |Information about Windows Update, such as:
|
+
+**Installed applications and install history sub-type:** Information about apps, drivers, update packages, or operating system components installed on the device
+
+- App, driver, update package, or component’s Name, ID, or Package Family Name
+- Product, SKU, availability, catalog, content, and Bundle IDs
+- Operating system component, app or driver publisher, language, version and type (Win32 or UWP)
+- Install date, method, install directory, and count of install attempts
+- MSI package and product code
+- Original operating system version at install time
+- User, administrator, or mandatory installation or update
+- Installation type -- clean install, repair, restore, OEM, retail, upgrade, or update
+
+**Device update information sub-type:** Information about apps, drivers, update packages, or operating system components installed on the device
+
+- Update Readiness analysis of device hardware, operating system components, apps, and drivers (progress, status, and results)
+- Number of applicable updates, importance, and type
+- Update download size and source -- CDN or LAN peers
+- Delay upgrade status and configuration
+- Operating system uninstall and rollback status and count
+- Windows Update server and service URL
+- Windows Update machine ID
+- Windows Insider build details
## Browsing History data
This type of data includes details about web browsing in the Microsoft browsers. Browsing History data is equivalent to ISO/IEC 19944:2017 8.2.3.2.8 Client side browsing history.
@@ -197,13 +397,9 @@ This type of data includes details about web browsing in the Microsoft browsers.
[Pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
- Data about when the **Block Content** dialog box has been shown is used for investigations of blocked content.
-
- Data about potentially abusive or malicious domains is used to make updates to Microsoft Edge and Windows Defender SmartScreen to warn users about the domain.
-
- Data about when the **Address** bar is used for navigation purposes is used to improve the Suggested Sites feature and to understand and address problems arising from navigation.
-
- Data about when a Web Notes session starts is used to measure popular domains and URLs for the Web Notes feature.
-
- Data about when a default **Home** page is changed by a user is used to measure which default **Home** pages are the most popular and how often users change the default **Home** page.
**With (optional) Tailored experiences:**
@@ -212,9 +408,17 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
- We may recommend that a user download a compatible app from the Microsoft Store if they have browsed to the related website. For example, if a user uses the Facebook website, we may recommend the Facebook app.
### Data Description for Browsing History data type
-|Sub-type|Description and examples |
-|- |- |
-|Microsoft browser data|Information about **Address** bar and **Search** box performance on the device, such as:
|
+
+**Microsoft browser data sub-type:** Information about **Address** bar and **Search** box performance on the device
+
+- Text typed in **Address** bar and **Search** box
+- Text selected for an Ask Cortana search
+- Service response time
+- Auto-completed text, if there was an auto-complete
+- Navigation suggestions provided based on local history and favorites
+- Browser ID
+- URLs (may include search terms)
+- Page title
## Inking Typing and Speech Utterance data
This type of data gathers details about the voice, inking, and typing input features on the device. Inking, Typing and Speech Utterance data is a sub-type of ISO/IEC 19944:2017 8.2.3.2.1 End User Identifiable information.
@@ -225,13 +429,9 @@ This type of data gathers details about the voice, inking, and typing input feat
[Anonymized](#anon) Inking, Typing, and Speech Utterance data from Windows 10 is used by Microsoft to [improve](#improve) natural language capabilities in Microsoft products and services. For example:
- Data about words marked as spelling mistakes and replaced with another word from the context menu is used to improve the spelling feature.
-
- Data about alternate words shown and selected by the user after right-clicking is used to improve the word recommendation feature.
-
- Data about auto-corrected words that were restored back to the original word by the user is used to improve the auto-correct feature.
-
- Data about whether Narrator detected and recognized a touch gesture is used to improve touch gesture recognition.
-
- Data about handwriting samples sent from the Handwriting Panel is used to help Microsoft improve handwriting recognition.
**With (optional) Tailored experiences:**
@@ -239,26 +439,69 @@ This type of data gathers details about the voice, inking, and typing input feat
**Microsoft doesn't use Windows Inking, Typing, and Speech Utterance data for Tailored experiences.**
### Data Description for Inking, Typing, and Speech Utterance data type
-|Sub-type|Description and examples |
-|- |- |
-|Voice, inking, and typing|Information about voice, inking and typing features, such as:
|
+
+**Voice, inking, and typing sub-type:** Information about voice, inking and typing features
+
+- Type of pen used (highlighter, ball point, or pencil), pen color, stroke height and width, and how long it is used
+- Pen gestures (click, double click, pan, zoom, or rotate)
+- Palm Touch x,y coordinates
+- Input latency, missed pen signals, number of frames, strokes, first frame commit time, and sample rate
+- Ink strokes written, text before and after the ink insertion point, recognized text entered, input language -- processed to remove identifiers, sequencing information, and other data (such as email addresses and - numeric values), which could be used to reconstruct the original content or associate the input to the user
+- Text input from Windows 10 Mobile on-screen keyboards, except from password fields and private sessions -- processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values), which could be used to reconstruct the original content or associate the input to the user
+- Text of speech recognition results -- result codes and recognized text
+- Language and model of the recognizer and the System Speech language
+- App ID using speech features
+- Whether user is known to be a child
+- Confidence and success or failure of speech recognition
## ISO/IEC 19944:2017-specific terminology
-This table provides the ISO/IEC 19944:2017-specific definitions for use and de-identification qualifiers used in this article.
-|Term |ISO/IEC 19944:2017 Reference |Microsoft usage notes |
-|-|-|-|
-|Provide |9.3.2 Provide |Use of a specified data category by a Microsoft product or service to protect and provide the described service, including, (i) troubleshoot and fix issues with the product or service or (ii) provide product or service updates.|
-|Improve |9.3.3 Improve |Use of a specified data category to improve or increase the quality of a Microsoft product or service. Those improvements may be available to end users.|
-|Personalize |9.3.4 Personalize |Use of the specified data categories to create a customized experience for the end user in any Microsoft product or service.|
-|Recommend |9.3.4 Personalize |“Recommend” means use of the specified data categories to Personalize (9.3.4) the end user’s experience by recommending Microsoft products or services that can be accessed without the need to make a purchase or pay money.
Use of the specified data categories give recommendations about Microsoft products or services the end user may act on where the recommendation is (i) contextually relevant to the product or service in which it appears, (ii) that can be accessed without the need to make a purchase or pay money, and (iii) Microsoft receives no compensation for the placement.|
-|Offer |9.3.5 Offer upgrades or upsell |Implies the source of the data is Microsoft products and services, and the upgrades offered come from Microsoft products and services that are relevant to the context of the current capability. The target audience for the offer is Microsoft customers.
Specifically, use of the specified data categories to make an offer or upsell new capability or capacity of a Microsoft product or service which is (i) contextually relevant to the product or service in which it appears; (ii) likely to result in additional future revenue for Microsoft from end user; and (iii) Microsoft receives no consideration for placement.|
-|Promote|9.3.6 Market/advertise/promote|Use of the specified data categories to promote a product or service in or on a first-party Microsoft product or service.|
+This section provides the ISO/IEC 19944:2017-specific definitions for use and de-identification qualifiers used in this article.
-
+### Provide
-|Data identification qualifiers |ISO/IEC 19944:2017 Reference |Microsoft usage notes |
-|-|-|-|
-|Pseudonymized Data |8.3.3 Pseudonymized data|As defined|
-|Anonymized Data |8.3.5 Anonymized data|As defined|
-|Aggregated Data |8.3.6 Aggregated data|As defined|
\ No newline at end of file
+ISO/IEC 19944:2017 Reference: **9.3.2 Provide**
+
+Use of a specified data category by a Microsoft product or service to protect and provide the described service, including, (i) troubleshoot and fix issues with the product or service or (ii) provide product or service updates.
+
+### Improve
+
+ISO/IEC 19944:2017 Reference: **9.3.3 Improve**
+
+Use of a specified data category to improve or increase the quality of a Microsoft product or service. Those improvements may be available to end users.
+
+### Personalize
+
+ISO/IEC 19944:2017 Reference: **9.3.4 Personalize**
+
+Use of the specified data categories to create a customized experience for the end user in any Microsoft product or service.
+
+### Recommend
+
+ISO/IEC 19944:2017 Reference: **9.3.4 Personalize**
+
+“Recommend” means use of the specified data categories to Personalize (9.3.4) the end user’s experience by recommending Microsoft products or services that can be accessed without the need to make a purchase or pay money.
+
+Use of the specified data categories give recommendations about Microsoft products or services the end user may act on where the recommendation is (i) contextually relevant to the product or service in which it appears, (ii) that can be accessed without the need to make a purchase or pay money, and (iii) Microsoft receives no compensation for the placement.
+
+### Offer
+
+ISO/IEC 19944:2017 Reference: **9.3.5 Offer upgrades or upsell**
+
+Implies the source of the data is Microsoft products and services, and the upgrades offered come from Microsoft products and services that are relevant to the context of the current capability. The target audience for the offer is Microsoft customers.
+
+Specifically, use of the specified data categories to make an offer or upsell new capability or capacity of a Microsoft product or service which is (i) contextually relevant to the product or service in which it appears; (ii) likely to result in additional future revenue for Microsoft from end user; and (iii) Microsoft receives no consideration for placement.
+
+### Promote
+
+ISO/IEC 19944:2017 Reference: **9.3.6 Market/advertise/promote**
+
+Use of the specified data categories to promote a product or service in or on a first-party Microsoft product or service.
+
+### Data identification qualifiers
+
+Here are the list of data identification qualifiers and the ISO/IEC 19944:2017 reference:
+
+- **Pseudonymized Data** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
+- **Anonymized Data** 8.3.5 Anonymized data. Microsoft usage notes are as defined.
+- **Aggregated Data** 8.3.6 Aggregated data. Microsoft usage notes are as defined.
\ No newline at end of file
diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md
index 22e6c40651..6c8ae105ee 100644
--- a/windows/whats-new/TOC.md
+++ b/windows/whats-new/TOC.md
@@ -1,4 +1,5 @@
# [What's new in Windows 10](index.md)
+## [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
## [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
diff --git a/windows/whats-new/images/1_AppBrowser.png b/windows/whats-new/images/1_AppBrowser.png
new file mode 100644
index 0000000000..6e1f32e389
Binary files /dev/null and b/windows/whats-new/images/1_AppBrowser.png differ
diff --git a/windows/whats-new/images/2_InstallWDAG.png b/windows/whats-new/images/2_InstallWDAG.png
new file mode 100644
index 0000000000..e45f714a35
Binary files /dev/null and b/windows/whats-new/images/2_InstallWDAG.png differ
diff --git a/windows/whats-new/images/3_ChangeSettings.png b/windows/whats-new/images/3_ChangeSettings.png
new file mode 100644
index 0000000000..968eb0c3c0
Binary files /dev/null and b/windows/whats-new/images/3_ChangeSettings.png differ
diff --git a/windows/whats-new/images/4_ViewSettings.jpg b/windows/whats-new/images/4_ViewSettings.jpg
new file mode 100644
index 0000000000..72ee4db754
Binary files /dev/null and b/windows/whats-new/images/4_ViewSettings.jpg differ
diff --git a/windows/whats-new/images/Defender.png b/windows/whats-new/images/Defender.png
new file mode 100644
index 0000000000..a99f5992a0
Binary files /dev/null and b/windows/whats-new/images/Defender.png differ
diff --git a/windows/whats-new/images/FastSignIn.png b/windows/whats-new/images/FastSignIn.png
new file mode 100644
index 0000000000..1bd763dbea
Binary files /dev/null and b/windows/whats-new/images/FastSignIn.png differ
diff --git a/windows/whats-new/images/Multi-app_kiosk_inFrame.png b/windows/whats-new/images/Multi-app_kiosk_inFrame.png
new file mode 100644
index 0000000000..7a1928501e
Binary files /dev/null and b/windows/whats-new/images/Multi-app_kiosk_inFrame.png differ
diff --git a/windows/whats-new/images/Normal_inFrame.png b/windows/whats-new/images/Normal_inFrame.png
new file mode 100644
index 0000000000..8d0559d0ee
Binary files /dev/null and b/windows/whats-new/images/Normal_inFrame.png differ
diff --git a/windows/whats-new/images/RDPwBio2.png b/windows/whats-new/images/RDPwBio2.png
new file mode 100644
index 0000000000..6cffe649fe
Binary files /dev/null and b/windows/whats-new/images/RDPwBio2.png differ
diff --git a/windows/whats-new/images/RDPwBioTime.png b/windows/whats-new/images/RDPwBioTime.png
new file mode 100644
index 0000000000..d3007e8279
Binary files /dev/null and b/windows/whats-new/images/RDPwBioTime.png differ
diff --git a/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png b/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png
new file mode 100644
index 0000000000..f329d74d3e
Binary files /dev/null and b/windows/whats-new/images/SingleApp_contosoHotel_inFrame@2x.png differ
diff --git a/windows/whats-new/images/WebSignIn.png b/windows/whats-new/images/WebSignIn.png
new file mode 100644
index 0000000000..4afa324aec
Binary files /dev/null and b/windows/whats-new/images/WebSignIn.png differ
diff --git a/windows/whats-new/images/beaming.png b/windows/whats-new/images/beaming.png
new file mode 100644
index 0000000000..096c1d43f4
Binary files /dev/null and b/windows/whats-new/images/beaming.png differ
diff --git a/windows/whats-new/images/block-suspicious-behaviors.png b/windows/whats-new/images/block-suspicious-behaviors.png
new file mode 100644
index 0000000000..31a2cf5727
Binary files /dev/null and b/windows/whats-new/images/block-suspicious-behaviors.png differ
diff --git a/windows/whats-new/images/hyper-v.png b/windows/whats-new/images/hyper-v.png
new file mode 100644
index 0000000000..27f482a6dd
Binary files /dev/null and b/windows/whats-new/images/hyper-v.png differ
diff --git a/windows/whats-new/images/kiosk-mode.PNG b/windows/whats-new/images/kiosk-mode.PNG
new file mode 100644
index 0000000000..57c420a9c2
Binary files /dev/null and b/windows/whats-new/images/kiosk-mode.PNG differ
diff --git a/windows/whats-new/images/regeditor.png b/windows/whats-new/images/regeditor.png
new file mode 100644
index 0000000000..947718ee80
Binary files /dev/null and b/windows/whats-new/images/regeditor.png differ
diff --git a/windows/whats-new/images/virus-and-threat-protection.png b/windows/whats-new/images/virus-and-threat-protection.png
new file mode 100644
index 0000000000..8fd800dcfa
Binary files /dev/null and b/windows/whats-new/images/virus-and-threat-protection.png differ
diff --git a/windows/whats-new/images/your-phone.png b/windows/whats-new/images/your-phone.png
new file mode 100644
index 0000000000..708c6c004a
Binary files /dev/null and b/windows/whats-new/images/your-phone.png differ
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
new file mode 100644
index 0000000000..62ee95e835
--- /dev/null
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -0,0 +1,242 @@
+---
+title: What's new in Windows 10, version 1809
+description: New and updated features in Windows 10, version 1809
+keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"]
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: dawnwood
+ms.date: 10/02/2018
+ms.localizationpriority: high
+---
+
+# What's new in Windows 10, version 1809 for IT Pros
+
+>Applies To: Windows 10, version 1809, also known as Windows 10 October 2018 Update
+
+In this article we describe new and updated features of interest to IT Pros for Windows 10, version 1809. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1803.
+
+The following 3-minute video summarizes some of the new features that are available for IT Pros in this release.
+
+
+
+
+
+
+> [!video https://www.youtube.com/embed/hAva4B-wsVA]
+
+## Your Phone app
+
+Android phone users, you can finally stop emailing yourself photos. With Your Phone you get instant access to your Android’s most recent photos on your PC. Drag and drop a photo from your phone onto your PC, then you can copy, edit, or ink on the photo. Try it out by opening the **Your Phone** app. You’ll receive a text with a link to download an app from Microsoft to your phone. Android 7.0+ devices with ethernet or Wi-Fi on unmetered networks are compatible with the **Your Phone** app. For PCs tied to the China region, **Your Phone** app services will be enabled in the future.
+
+For iPhone users, **Your Phone** app also helps you to link your phone to your PC. Surf the web on your phone, then send the webpage instantly to your computer to continue what you’re doing–-read, watch, or browse-- with all the benefits of a bigger screen.
+
+
+
+The desktop pin takes you directly to the **Your Phone** app for quicker access to your phone’s content. You can also go through the all apps list in Start, or use the Windows key and search for **Your Phone**.
+
+## Wireless projection experience
+
+One of the things we’ve heard from you is that it’s hard to know when you’re wirelessly projecting and how to disconnect your session when started from file explorer or from an app. In Windows 10, version 1809, you’ll see a control banner at the top of your screen when you’re in a session (just like you see when using remote desktop). The banner keeps you informed of the state of your connection, allows you to quickly disconnect or reconnect to the same sink, and allows you to tune the connection based on what you are doing. This tuning is done via **Settings**, which optimizes the screen-to-screen latency based on one of the three modes:
+
+* Game mode minimizes the screen-to-screen latency to make gaming over a wireless connection possible
+* Video mode increases the screen-to-screen latency to ensure the video on the big screen plays back smoothly
+* Productivity modes strikes a balance between game mode and video mode; the screen-to screen-latency is responsive enough that typing feels natural, while ensuring videos don’t glitch as often.
+
+
+
+## Windows Autopilot self-deploying mode
+
+Windows Autopilot self-deploying mode enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured automatically by Windows Autopilot.
+
+This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process.
+
+You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider,and provision policies and applications, all with no user authentication or user interaction required.
+
+To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying).
+
+## Kiosk setup experience
+
+We introduced a simplified assigned access configuration experience in **Settings** that allows device administrators to easily set up a PC as a kiosk or digital sign. A wizard experience walks you through kiosk setup including creating a kiosk account that will automatically sign in when a device starts.
+
+To use this feature, go to **Settings**, search for **assigned access**, and open the **Set up a kiosk** page.
+
+
+Microsoft Edge kiosk mode running in single-app assigned access has two kiosk types.
+
+1.__Digital / Interactive signage__ that displays a specific website full-screen and runs InPrivate mode.
+2.__Public browsing__ supports multi-tab browsing and runs InPrivate mode with minimal features available. Users cannot minimize, close, or open new Microsoft Edge windows or customize them using Microsoft Edge Settings. Users can clear browsing data and downloads, and restart Microsoft Edge by clicking **End session**. Administrators can configure Microsoft Edge to restart after a period of inactivity.
+
+
+
+Microsoft Edge kiosk mode running in multi-app assigned access has two kiosk types.
+
+**Note** the following Microsoft Edge kiosk mode types cannot be setup using the new simplified assigned access configuration wizard in Windows 10 Settings.
+
+1.__Public browsing__ supports multi-tab browsing and runs InPrivate mode with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate mode windows.
+
+
+
+2.__Normal mode__ runs a full version of Microsoft Edge, although some features may not work depending on what apps are configured in assigned access. For example, if the Microsoft Store is not set up, users cannot get books.
+
+
+
+Learn more about [Microsoft Edge kiosk mode](https://docs.microsoft.com/en-us/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy).
+
+## Registry editor improvements
+
+We added a dropdown that displays as you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word.
+
+
+
+## Remote Desktop with Biometrics
+
+Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+
+
+
+To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click __Connect__.
+
+Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click __More choices__ to choose alternate credentials.
+
+
+
+In this example, Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN.
+
+
+
+## Security Improvements
+
+We’ve continued to work on the **Current threats** area in [Virus & threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen:
+
+
+
+You can enable a new protection setting, **Block suspicious behaviors**, which brings [Windows Defender Exploit Guard attack surface reduction technology](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to all users. To enable this setting, go to the **Virus & threat protection** section and click **Manage settings**, as shown in the following screenshot:
+
+
+
+With controlled folder access you can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.
+
+When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking **Manage settings** under the **Ransomware protection** heading. Click **Allow an app through Controlled folder access**. After the prompt, click the **+** button and choose **Recently blocked apps**. Select any of the apps to add them to the allowed list. You can also browse for an app from this page.
+
+We added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you to turn it back on.
+
+We’re continuing to work on how other security apps you’ve installed show up in the **Windows Security** app. There’s a new page called **Security providers** that you can find in the **Settings** section of the app. Click **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to resolve issues reported to you through **Windows Security**.
+
+This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which inclueds domain, private, and public networks).
+
+HKLM\SOFTWARE\Microsoft\Security Center\Feature DisableAvCheck (DWORD) = 1
+
+### BitLocker
+
+#### Silent enforcement on fixed drives
+
+Through a Modern Decice Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI.
+
+This is an update to the [BitLocker CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp), which was introduced in Windows 10, version 1703, and leveraged by Intune and others.
+
+This feature will soon be enabled on Olympia Corp as an optional feature.
+
+#### Delivering BitLocker policy to AutoPilot devices during OOBE
+
+You can choose which encryption algorithm to apply automatic BitLocker encryption to capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before automatic BitLocker encryption begins.
+
+For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
+
+### Windows Defender Application Guard Improvements
+
+Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without needing to change registry key settings.
+
+Additionally, users who are managed by enterprise policies will be able to check their settings to see what their administrators have configured for their machines to better understand the behavior of Windows Defender Application Guard. This new UI improves the overall experience for users while managing and checking their Windows Defender Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security.For detailed information, click [here](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/test/m-p/214102#M1709).
+
+To try this,
+1. Go to**Windows Security** and select **App & browser control**.
+
+2. Under **Isolated browsing**, select **Install Windows Defender Application Guard**, then install and restart the device.
+
+3. Select **Change Application Guard** settings.
+
+4. Configure or check Application Guard settings.
+
+
+### Windows Security Center
+
+Windows Defender Security Center is now called **Windows Security Center**.
+
+You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Windows Defender Antivirus** and **Windows Defender Firewall**.
+
+The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Windows Defender Antivirus will remain enabled side-by-side with these products.
+
+WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**.
+
+
+
+### Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes
+
+You can add specific rules for a WSL process in Windows Defender Firewall, just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](https://docs.microsoft.com/en-us/windows/wsl/release-notes#build-17618-skip-ahead).
+
+### Microsoft Edge Group Policies
+
+We introduced new group policies and Modern Device Management settings to manage Microsoft Edge. The new policies include enabling and disabling full-screen mode, printing, favorites bar, and saving history; preventing certificate error overrides; configuring the Home button and startup options; setting the New Tab page and Home button URL, and managing extensions. Learn more about the [new Microsoft Edge policies](https://aka.ms/new-microsoft-edge-group-policies).
+
+### Windows Defender Credential Guard is supported by default on 10S devices that are AAD Joined
+
+Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It is designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
+
+Windows Defender Credential Guard has always been an optional feature, but Windows 10-S turns this functionality on by default when the machine has been Azure Active Directory joined. This provides an added level of security when connecting to domain resources not normally present on 10-S devices. Please note that Windows Defender Credential Guard is available only to S-Mode devices or Enterprise and Education Editions.
+
+### Windows 10 Pro S Mode requires a network connection
+
+A network connection is now required to set up a new device. As a result, we removed the “skip for now” option in the network setup page in Out Of Box Experience (OOBE).
+
+### Windows Defender ATP
+
+[Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) has been enhanced with many new capabilities. For more information, see the following topics:
+
+- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
+Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+
+- [Custom detection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
+ With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.
+
+
+- [Managed security service provider (MSSP) support](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
+Windows Defender ATP adds support for this scenario by providing MSSP integration.
+The integration will allow MSSPs to take the following actions:
+Get access to MSSP customer's Windows Defender Security Center portal, fet email notifications, and fetch alerts through security information and event management (SIEM) tools.
+
+- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
+Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
+
+- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
+Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
+
+
+- [Onboard Windows Server 2019](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
+Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines.
+
+- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/onboard-downlevel-windows-defender-advanced-threat-protection)
+Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor
+
+## Faster sign-in to a Windows 10 shared pc
+
+Do you have shared devices deployed in your work place? **Fast sign-in** enables users to sign in to a shared Windows 10 PC in a flash!
+
+**To enable fast sign-in:**
+1. Set up a shared or guest device with Windows 10, version 1809.
+2. Set the Policy CSP, and the Authentication and EnableFastFirstSignIn policies to enable fast sign-in.
+3. Sign-in to a shared PC with your account. You'll notice the difference!
+
+
+
+## Web sign-in to Windows 10
+
+Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML).
+
+**To try out web sign-in:**
+1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs).
+2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in.
+3. On the lock screen, select web sign-in under sign-in options.
+4. Click the “Sign in” button to continue.
+
+
\ No newline at end of file