diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 83fd0ea765..b311f49601 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
+ - [September 2020](#september-2020)
- [August 2020](#august-2020)
- [July 2020](#july-2020)
- [June 2020](#june-2020)
@@ -1414,6 +1415,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
Update/ExcludeWUDriversInQualityUpdate
Update/PauseFeatureUpdates
Update/PauseQualityUpdates
+Update/SetProxyBehaviorForUpdateDetection
Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)
WindowsInkWorkspace/AllowWindowsInkWorkspace
WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
@@ -1996,6 +1998,11 @@ How do I turn if off? | The service can be stopped from the "Services" console o
## Change history in MDM documentation
+### September 2020
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - Update](policy-csp-update.md)|Added the following policy setting:
Update/SetProxyBehaviorForUpdateDetection
|
+
### August 2020
|New or updated topic | Description|
|--- | ---|
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 7986a6fae0..5bb7f9d9c8 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -3918,6 +3918,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Update/SetEDURestart
+
+ Update/SetProxyBehaviorForUpdateDetection
+
Update/TargetReleaseVersion
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 38e9dd4066..4eb6ccaccf 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -194,6 +194,9 @@ manager: dansimp
Update/SetEDURestart
+
+ Update/SetProxyBehaviorForUpdateDetection
+
Update/TargetReleaseVersion
@@ -4133,6 +4136,78 @@ The following list shows the supported values:
+
+
+**Update/SetProxyBehaviorForUpdateDetection**
+
+
+
+
+ | Windows Edition |
+ Supported? |
+
+
+ | Home |
+  |
+
+
+ | Pro |
+  1 |
+
+
+ | Business |
+ 1 |
+
+
+ | Enterprise |
+ 1 |
+
+
+ | Education |
+ 1 |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP based intranet server despite the vulnerabilities it presents.
+
+This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
+
+
+
+ADMX Info:
+- GP English name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
+- GP name: *Select the proxy behavior*
+- GP element: *Select the proxy behavior*
+- GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allow system proxy only for HTTP scans.
+- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails.
+> [!NOTE]
+> Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure.
+
+
+
+
+
+
**Update/TargetReleaseVersion**
diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md b/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
index 617be22113..8e70dd707e 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
@@ -66,6 +66,7 @@ ms.date: 07/18/2019
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
+- [Update/SetProxyBehaviorForUpdateDetection](policy-csp-update.md#update-setproxybehaviorforupdatedetection)
## Related topics