diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 2da74c3dca..f3f141bb30 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
-ms.date: 4/30/2018
+ms.date: 07/20/2018
---
# Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
@@ -154,5 +154,7 @@ Computer Configuration\Administrative Templates\Windows Components\Microsoft Edg
## Show message when opening sites in Internet Explorer
[!INCLUDE [show-message-opening-sites-ie-include.md](includes/show-message-opening-sites-ie-include.md)]
+
+
## Related topics
* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
diff --git a/browsers/edge/images/home-buttom-custom-url-v4-sm.png b/browsers/edge/images/home-buttom-custom-url-v4-sm.png
index aea16f6e2c..b1e0fac180 100644
Binary files a/browsers/edge/images/home-buttom-custom-url-v4-sm.png and b/browsers/edge/images/home-buttom-custom-url-v4-sm.png differ
diff --git a/browsers/edge/images/home-buttom-custom-url-v4.png b/browsers/edge/images/home-buttom-custom-url-v4.png
index e1e86dacdb..de5e47578c 100644
Binary files a/browsers/edge/images/home-buttom-custom-url-v4.png and b/browsers/edge/images/home-buttom-custom-url-v4.png differ
diff --git a/browsers/edge/images/home-button-custom-url-sm.png b/browsers/edge/images/home-button-custom-url-sm.png
deleted file mode 100644
index c934d77584..0000000000
Binary files a/browsers/edge/images/home-button-custom-url-sm.png and /dev/null differ
diff --git a/browsers/edge/images/home-button-custom-url.png b/browsers/edge/images/home-button-custom-url.png
deleted file mode 100644
index 5eec1936b0..0000000000
Binary files a/browsers/edge/images/home-button-custom-url.png and /dev/null differ
diff --git a/browsers/edge/images/home-button-hide-v4-sm.png b/browsers/edge/images/home-button-hide-v4-sm.png
index 977b4ad143..6e1162f0fc 100644
Binary files a/browsers/edge/images/home-button-hide-v4-sm.png and b/browsers/edge/images/home-button-hide-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-hide-v4.png b/browsers/edge/images/home-button-hide-v4.png
index 7f7fca8b51..e533b8a7fb 100644
Binary files a/browsers/edge/images/home-button-hide-v4.png and b/browsers/edge/images/home-button-hide-v4.png differ
diff --git a/browsers/edge/images/home-button-hide.png b/browsers/edge/images/home-button-hide.png
deleted file mode 100644
index f4358ffbe2..0000000000
Binary files a/browsers/edge/images/home-button-hide.png and /dev/null differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
index da7ea49fa4..f9870cbd47 100644
Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png and b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4.png b/browsers/edge/images/home-button-start-new-tab-page-v4.png
index c842968a3c..9d11f5096c 100644
Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4.png and b/browsers/edge/images/home-button-start-new-tab-page-v4.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page.png b/browsers/edge/images/home-button-start-new-tab-page.png
deleted file mode 100644
index 244820ddee..0000000000
Binary files a/browsers/edge/images/home-button-start-new-tab-page.png and /dev/null differ
diff --git a/browsers/edge/images/set-default-search-engine-sm.png b/browsers/edge/images/set-default-search-engine-sm.png
deleted file mode 100644
index 858af935fe..0000000000
Binary files a/browsers/edge/images/set-default-search-engine-sm.png and /dev/null differ
diff --git a/browsers/edge/images/set-default-search-engine-v4-sm.png b/browsers/edge/images/set-default-search-engine-v4-sm.png
new file mode 100644
index 0000000000..d16f333174
Binary files /dev/null and b/browsers/edge/images/set-default-search-engine-v4-sm.png differ
diff --git a/browsers/edge/images/set-default-search-engine-v4.png b/browsers/edge/images/set-default-search-engine-v4.png
new file mode 100644
index 0000000000..4e6b03d9b9
Binary files /dev/null and b/browsers/edge/images/set-default-search-engine-v4.png differ
diff --git a/browsers/edge/images/set-default-search-engine.png b/browsers/edge/images/set-default-search-engine.png
deleted file mode 100644
index 709b09400d..0000000000
Binary files a/browsers/edge/images/set-default-search-engine.png and /dev/null differ
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md
index b0936a13ea..a4176410a8 100644
--- a/browsers/edge/includes/allow-address-bar-suggestions-include.md
+++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md
index aa05b6a059..a00ce21139 100644
--- a/browsers/edge/includes/allow-adobe-flash-include.md
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md
index 3ce9d33da6..8e2a7e60bd 100644
--- a/browsers/edge/includes/allow-clearing-browsing-data-include.md
+++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md
@@ -1,15 +1,15 @@
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Prevented)*
+>*Default setting: Disabled or not configured (Prevented/not allowed)*
[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured
**(default)** |0 |0 |Prevented/not allowed. Users can configure the _Clear browsing data_ option in Settings. | |
-|Enabled |1 |1 |Allowed. Clears the browsing data upon exit automatically. | |
+|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. | |
---
diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md
index c4518e24c4..325293262e 100644
--- a/browsers/edge/includes/allow-config-updates-books-include.md
+++ b/browsers/edge/includes/allow-config-updates-books-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md
index f361fdec4c..a175001e68 100644
--- a/browsers/edge/includes/allow-cortana-include.md
+++ b/browsers/edge/includes/allow-cortana-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md
index 2d58570076..919b4a9968 100644
--- a/browsers/edge/includes/allow-dev-tools-include.md
+++ b/browsers/edge/includes/allow-dev-tools-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md
index 0c199266a0..1018a1cdd6 100644
--- a/browsers/edge/includes/allow-enable-book-library-include.md
+++ b/browsers/edge/includes/allow-enable-book-library-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
index e721533043..722b2ce5e8 100644
--- a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
+++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md
index f73f913253..95895b9817 100644
--- a/browsers/edge/includes/allow-extensions-include.md
+++ b/browsers/edge/includes/allow-extensions-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md
index fafed36d38..c8fe9899a0 100644
--- a/browsers/edge/includes/allow-full-screen-include.md
+++ b/browsers/edge/includes/allow-full-screen-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md
index 7a55d8de7c..727ded18a6 100644
--- a/browsers/edge/includes/allow-inprivate-browsing-include.md
+++ b/browsers/edge/includes/allow-inprivate-browsing-include.md
@@ -6,13 +6,13 @@
[!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Prevented/not allowed | |
|Enabled or not configured
**(default)** |1 |1 |Allowed | |
----
+---
### ADMX info and settings
diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
index 774bd0a4d0..aabd2fb773 100644
--- a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
+++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md
index 11691aa992..6165cb2c67 100644
--- a/browsers/edge/includes/allow-prelaunch-include.md
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md
index ab590802f8..6260c4a5a8 100644
--- a/browsers/edge/includes/allow-printing-include.md
+++ b/browsers/edge/includes/allow-printing-include.md
@@ -4,12 +4,12 @@
[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled |0 |0 |Prevented/not allowed | |
-|Enabled
**(default)** |1 |1 |Allowed | |
+|Enabled or not configured
**(default)** |1 |1 |Allowed | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md
index 8a289e5f84..c072916f81 100644
--- a/browsers/edge/includes/allow-saving-history-include.md
+++ b/browsers/edge/includes/allow-saving-history-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md
index 8f62454221..b4b58ca9a5 100644
--- a/browsers/edge/includes/allow-search-engine-customization-include.md
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
@@ -13,7 +13,7 @@
---
-### Configuration combinations
+### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
@@ -25,7 +25,7 @@
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
-
+
### ADMX info and settings
diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md
index 109d7c26f9..16ea570af7 100644
--- a/browsers/edge/includes/allow-shared-folder-books-include.md
+++ b/browsers/edge/includes/allow-shared-folder-books-include.md
@@ -4,11 +4,11 @@
[!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured
**(default)** |0 |0 |Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. | |
-|Enabled |1 |1 |Allowed. | |
+|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder.| |
---
### ADMX info and settings
@@ -30,8 +30,4 @@
- **Value name:** UseSharedFolderForBooks
- **Value type:** REG_DWORD
-### Scenarios
-
-Some schools may use a Shared Cart (a physical cart), to store some devices. For example, at the beginning of the lessons, each student picks up a device and returns their device at the end of the of lessons.
-
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
index f19244b266..a860342788 100644
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -4,11 +4,11 @@
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enable). | |
+|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). | |
|Enabled
**(default)** |1 |1 |Allowed. | |
---
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index ce573e6f32..f4cd3d0291 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
@@ -15,7 +15,7 @@
### ADMX info and settings
#### ADMX info
-- **GP English name:** Allow Start and New Tab page preload
+- **GP English name:** Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
- **GP name:** AllowTabPreloading
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index b2321d88b7..8347bce439 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -6,7 +6,7 @@
[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md
index 4fc0ec6e0b..d5f292b182 100644
--- a/browsers/edge/includes/always-enable-book-library-include.md
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md
index 6b9423ca81..f49aa45f71 100644
--- a/browsers/edge/includes/configure-additional-search-engines-include.md
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@@ -1,19 +1,19 @@
>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Prevented/Not allowed)*
+>*Default setting: Disabled or not configured (Prevented/not allowed)*
[!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
-|Disabled or not configured
**(default)** |0 |0 |Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.
If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. | |
-|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
+|Disabled or not configured
**(default)** |0 |0 |Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.
If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. | |
+|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
---
-### Configuration combinations
+### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
@@ -25,7 +25,6 @@
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
-
### ADMX info and settings
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
index 063a7ee12b..c1a93a7712 100644
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-allow-flash-url-list-include.md b/browsers/edge/includes/configure-allow-flash-url-list-include.md
index da7487f10a..1f13125cd7 100644
--- a/browsers/edge/includes/configure-allow-flash-url-list-include.md
+++ b/browsers/edge/includes/configure-allow-flash-url-list-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-allow-flash-for-url-list-shortdesc](../shortdesc/configure-allow-flash-for-url-list-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
index ca17e9389b..5d4adef785 100644
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
index 3c53b45cd6..f1b2a047e7 100644
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
@@ -23,7 +23,7 @@
- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
- **GP name:** ConfigureTelemetryForMicrosoft365Analytics
- **GP element:** ZonesListBox
-- **GP path:** Data Collection and Preview Builds
+- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md
index 5a84416d46..5b175d58bd 100644
--- a/browsers/edge/includes/configure-cookies-include.md
+++ b/browsers/edge/includes/configure-cookies-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md
index f7c16b0fed..5b606480e8 100644
--- a/browsers/edge/includes/configure-do-not-track-include.md
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
index 71f1bb7715..db8e2d926a 100644
--- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@@ -6,7 +6,7 @@
You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
-### Allowed values
+### Supported values
- **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
diff --git a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
index f44608c9dc..2bd2ad900f 100644
--- a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
+++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md
index 611d62f935..f5da78bf9a 100644
--- a/browsers/edge/includes/configure-favorites-bar-include.md
+++ b/browsers/edge/includes/configure-favorites-bar-include.md
@@ -6,7 +6,7 @@
[!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md
index bb5dec6d37..6ea76affc3 100644
--- a/browsers/edge/includes/configure-favorites-include.md
+++ b/browsers/edge/includes/configure-favorites-include.md
@@ -1,2 +1,2 @@
->Deprecated. Use [Provision Favorites](../available-policies.md#provision-favorites).
+>Use [Provision Favorites](../available-policies.md#provision-favorites) in place of this policy.
diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md
index 6fd8442c77..eed541dc4b 100644
--- a/browsers/edge/includes/configure-home-button-include.md
+++ b/browsers/edge/includes/configure-home-button-include.md
@@ -6,22 +6,22 @@
[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Disabled or not configured
**(default)** |0 |0 |Show the home button and load the Start page. |
-|Enabled |1 |1 |Show the home button and load the New tab page. |
-|Enabled |2 |2 |Show the home button and load the custom URL defined in the Set Home Button URL policy. |
-|Enabled |3 |3 |Hide the home button. |
+|Disabled or not configured
**(default)** |0 |0 |Show home button and load the Start page. |
+|Enabled |1 |1 |Show home button and load the New tab page. |
+|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home Button URL policy. |
+|Enabled |3 |3 |Hide home button. |
---
>[!TIP]
->If you want to make changes to this policy:
- Enable the Unlock Home Button.
- Make changes to the Configure Home Button policy or Set Home Button URL policy.
- Disable the Unlock Home Button.
+>If you want to make changes to this policy:- Enable the **Unlock Home Button** policy.
- Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.
- Disable the **Unlock Home Button** policy.
-With these values, you can do any of the following configurations:
+### Configuration options
diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
index 780d6aa1f8..2c4341113c 100644
--- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@@ -7,7 +7,7 @@
For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
-### Allowed values
+### Supported values
| | |
|---|---|
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md
index 21a06cf28b..726bf48ac3 100644
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@@ -9,7 +9,7 @@
**Version 1810:**
When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
@@ -20,7 +20,10 @@
|Enabled
**(default)** |3 |3 |Load a specific page or pages. |
---
-### Configuration combinations
+>[!TIP]
+>If you want to make changes to this policy:
- Set the **Disabled Lockdown of Start Pages** policy to not configured.
- Make changes to the **Configure Open Microsoft With** policy.
- Enable the **Disabled Lockdown of Start Pages** policy.
+
+### Configuration options
| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
| --- | --- | --- | --- |
| Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |
@@ -33,9 +36,6 @@
---
-If you want to make changes to this policy:- Set the Disabled Lockdown of Start Pages to not configured.
- Make changes to the Configure Open Microsoft With policy.
- Enable the Disabled Lockdown of Start Pages.
-
-
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Open Microsoft Edge With
diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md
index 80b8005726..bf4710b123 100644
--- a/browsers/edge/includes/configure-password-manager-include.md
+++ b/browsers/edge/includes/configure-password-manager-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md
index 8e2bd3b5c2..0b63fbd96e 100644
--- a/browsers/edge/includes/configure-pop-up-blocker-include.md
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
index 443218710d..5ee81ccabb 100644
--- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md
index fc40c47a8a..cd0606243a 100644
--- a/browsers/edge/includes/configure-start-pages-include.md
+++ b/browsers/edge/includes/configure-start-pages-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
@@ -12,18 +12,7 @@
|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:\\**Version 1703 or later:**
If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.**Version 1810:**
When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
---
-### Configuration combinations
-| **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
-| --- | --- | --- | --- |
-| Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | [\#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.](#1-load-the-urls-defined-in-the-configure-open-microsoft-edge-with-policy-and-allow-users-to-edit-all-configured-start-pages) |
-| Disabled or not configured | Enabled – String | Enabled (any Start page configured in the Configured Start Pages policy) | [\#2: Load any start page and allow users to edit their Start pages.](#2-load-any-start-page-configured-using-the-configured-start-pages-policy-and-allow-users-to-edit-their-start-pages) |
-| Enabled (Start page) | Enabled – String | Blank or not configured | [\#3: Load Start page(s) and prevent users from changing it.](#3-load-the-start-pages-and-prevent-users-from-making-changes) |
-| Enabled (New tab page) | Enabled – String | Blank or not configured | [\#4: Load New tab page and prevent users from changing it.](#4-load-the-new-tab-page-and-prevent-users-from-making-changes) |
-| Enabled (Previous pages) | Enabled – String | Blank or not configured | [\#5: Load previously opened pages and prevent users from changing it.](#5-load-the-previously-opened-pages-that-were-opened-when-microsoft-edge-last-closed-and-prevent-users-from-making-changes) |
-| Enabled (A specific page or pages) | Enabled – String | Blank or not configured | [\#6: Load a specific page or pages and prevent users from changing it.](#6-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-prevent-users-from-making-changes) |
-| Enabled (A specific page or pages) | Enabled – String | Enabled (any Start page configured in Configure Start Pages policy) | [\#7: Load a specific page or pages and allow users to make changes to their Start page.](#7-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-allow-users-to-make-changes-to-their-start-page) |
-| N/A | Blank or not configured | N/A | Microsoft Edge loads the pages specified in App settings as the default Start pages. |
----
+
### ADMX info and settings
#### ADMX info
@@ -51,79 +40,6 @@
- [Configure Start Pages](#configure-start-pages-include): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-### Scenarios
-#### \#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.
-
-1. Enable the **Configure Open Microsoft Edge With** policy. Applies to all options for this policy.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *All configured start pages are editable*.
-
----
-
-#### \#2: Load any start page and allow users to edit their Start pages.
-
-1. Disable or don't configure the **Configure Open Microsoft Edge With** policy.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets in the following format: \\
-
-3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *Start pages are not editable*.
-
----
-
-#### \#3: Load Start page(s) and prevent users from changing it.
-
-1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Start page*.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
-
----
-
-#### \#4: Load New tab page and prevent users from changing it..
-
-1. Enable the **Configure Open Microsoft Edge With** policy by selecting *New tab page*.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
-
----
-
-
-#### \#5: Load previously opened pages and prevent users from changing it.
-
-1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Previous pages*.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
-
----
-
-
-#### \#6: Load a specific page or pages and prevent users from changing it.
-
-1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
-
----
-
-
-#### \#7: Load a specific page or pages and allow users to make changes to their Start page.
-
-1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*.
-
-2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:
\\
-
-3. Enable **Disabled Lockdown of Start Pages** by selecting *Start pages are not editable*.
-
----
\ No newline at end of file
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index 671cec88b7..2baca3bc94 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
index 770f5a7c5b..04803943be 100644
--- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@@ -4,12 +4,12 @@
[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured |0 |0 |Lockdown Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy. | |
-|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
+|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.
When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
index 2c1d1c206a..a2cc5beeca 100644
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
index b9b5bd42c8..477476f826 100644
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
index f5fbad9aef..b53d665f3a 100644
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
@@ -12,8 +12,8 @@
|Enabled |1 |1 |Turned on/syncing. | |
---
-### Configuration combinations
-### Configuration combinations
+### Configuration options
+### Configuration options
| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Outcome** |
| --- | --- | --- |
| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
index 7c25f2e218..a2f7492948 100644
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
index efbe7b14d1..e547317eb3 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
index eeaf631687..e57bb9f213 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
index c0c3746933..4bbb97f4b0 100644
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
index 2e9f993088..61192efbcf 100644
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
index b13b6ccd49..6fc1c4e9e4 100644
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
index 04b461121a..4ff1e1a4a1 100644
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
index 155f41be40..1b8ba1c458 100644
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -4,12 +4,12 @@
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |Description |
|---|---|
|Disabled or not configured
**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
-|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following the OneNote Web Clipper and Office Online extension prevents users from turning it off:
_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
+|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:
_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
index c59893611a..bb1ab1d431 100644
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -5,7 +5,7 @@
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings. |
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index 82e428f83c..ffa737f996 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -7,7 +7,7 @@
>[!IMPORTANT]
>Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
-### Allowed values
+### Supported values
|Group Policy |Description |Most restricted |
|---|---|:---:|
@@ -15,7 +15,7 @@
|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
To define a default list of favorites, do the following:
- In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
- Click **Import from another browser**, click **Export to file**, and save the file.
- In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
- HTTP location: "SiteList"=http://localhost:8080/URLs.html
- Local network: "SiteList"="\network\shares\URLs.html"
- Local file: "SiteList"=file:///c:\Users\\Documents\URLs.html
| |
---
-### Configuration combinations
+### Configuration options
| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Results** |
| --- | --- | --- |
| Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
index 6fbca02b24..03e31b51f1 100644
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@@ -8,7 +8,7 @@
>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. Allowed values.
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
@@ -16,7 +16,7 @@
|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
- In Group Policy Editor, navigate to:
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** - Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.
A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
| |
---
-### Configuration combinations
+### Configuration options
### ADMX info and settings
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md
index 95b6739e0f..de82b057b7 100644
--- a/browsers/edge/includes/set-default-search-engine-include.md
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@@ -4,16 +4,16 @@
[!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Not configured
**(default)** |Blank |Blank |Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](#allow-search-engine-customization-include) policy, users cannot make changes. | |
|Disabled |0 |0 |Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. | |
-|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want users to use the default Microsoft Edge settings for each market set the string to EDGEDEFAULT.
If you would like users to use Microsoft Bing as the default search engine set the string to EDGEBING. | |
+|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**.
If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. | |
---
-### Configuration combinations
+### Configuration options
| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
| --- | --- | --- | --- |
@@ -25,7 +25,7 @@
| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
---
-
+
### ADMX info and settings
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
index 221783e102..69cb4b2cb8 100644
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -4,7 +4,7 @@
[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
@@ -12,7 +12,7 @@
|Enabled - String |String |String |A custom URL loads when clicking the home button. You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.
Enter a URL in string format, for example, https://www.msn.com. |
---
-With these values, you can do any of the following configurations:
+### Configuration options
#### Show the home button, load a custom URL, and let users make changes:
1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
index 0083883f9a..c639ffe195 100644
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -4,12 +4,12 @@
[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Disabled or not configured
**(default)** |Blank |Blank |Load the default New tab page. |
-|Enabled - String |String |String |Prevent users from changing the New tab page.
Enter a URL in string format, for example, https://www.msn.com. |
+|Enabled - String |String |String |Prevent users from changing the New tab page.
Enter a URL in string format, for example, https://www.msn.com. |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
index 257c6ef4b9..96bedad850 100644
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -5,13 +5,13 @@
[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |Most restricted |
|---|:---:|:---:|---|:---:|
|Disabled or not configured
**(default)** |0 |0 |No additional message displays. | |
|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | |
-|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link. | |
+|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link to allow users to open the site in Microsoft Edge. | |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
index 212962b41d..0e5841829f 100644
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -4,11 +4,11 @@
[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
-### Allowed values
+### Supported values
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Disabled or not configured
**(default)** |0 |0 |Lock down the home button to prevent users from making changes. |
+|Disabled or not configured
**(default)** |0 |0 |Lock down the home button to prevent users from making changes to the home button settings. |
|Enabled |1 |1 |Let users make changes. |
---
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index d9df9ed30d..21553dfee9 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -315,6 +315,8 @@
#### [WiFi DDF file](wifi-ddf-file.md)
### [Win32AppInventory CSP](win32appinventory-csp.md)
#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md)
+### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
+#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md)
### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md)
### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 5cbbae1bca..441c14e310 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2417,6 +2417,34 @@ Footnotes:
+
+[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+
[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
index 58ee388b92..a066d9261e 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png
new file mode 100644
index 0000000000..a15961bbcc
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png differ
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 5404820349..3733920512 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -7,11 +7,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 07/20/2018
---
# SUPL CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The SUPL configuration service provider is used to configure the location client, as shown in the following table.
@@ -220,35 +222,50 @@ Specifies the name of the H-SLP root certificate as a string, in the format *nam
**RootCertificate/Data**
The base 64 encoded blob of the H-SLP root certificate.
+**RootCertificate2**
+Specifies the root certificate for the H-SLP server.
+
**RootCertificate2/Name**
Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
**RootCertificate2/Data**
The base 64 encoded blob of the H-SLP root certificate.
+**RootCertificate3**
+Specifies the root certificate for the H-SLP server.
+
**RootCertificate3/Name**
Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
**RootCertificate3/Data**
The base 64 encoded blob of the H-SLP root certificate.
+**RootCertificate4**
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
+
**RootCertificate4/Name**
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
**RootCertificate4/Data**
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
+
+**RootCertificate5**
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
**RootCertificate5/Name**
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
**RootCertificate5/Data**
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
+
+**RootCertificate6**
+Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
**RootCertificate6/Name**
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
**RootCertificate6/Data**
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
**V2UPL1**
Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index ce92e3c6b8..ec126158b6 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -7,17 +7,19 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/20/2018
---
# SUPL DDF file
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
``` syntax
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
new file mode 100644
index 0000000000..5efc199b30
--- /dev/null
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -0,0 +1,615 @@
+---
+title: Win32CompatibilityAppraiser CSP
+description:
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 07/19/2018
+---
+
+# Win32CompatibilityAppraiser CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, next major version.
+
+The following diagram shows the Storage configuration service provider in tree format.
+
+
+
+**./Vendor/MSFT/Win32CompatibilityAppraiser**
+The root node for the Win32CompatibilityAppraiser configuration service provider.
+
+**CompatibilityAppraiser**
+This represents the state of the Compatibility Appraiser.
+
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis**
+This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data.
+
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId**
+The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded.
+
+Value type is string. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid**
+A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces.
+
+Value type is bool. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested**
+A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
+
+Value type is bool. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser**
+A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.
+
+Value type is bool. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum**
+An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.
+
+The values are:
+- 0 == Neither the code nor data is of a sufficient version
+- 1 == The code version is insufficient but the data version is sufficient
+- 2 == The code version is sufficient but the data version is insufficient
+- 3 == Both the code and data are of a sufficient version
+
+Value type is integer. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending**
+A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+
+Value type is bool. Supported operation is Get.
+
+**CompatibilityAppraiser/AppraiserRunResultReport**
+This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.
+
+For the report XML schema see [Appraiser run result report](#appraiser-run-result-report).
+
+**UniversalTelemetryClient**
+This represents the state of the Universal Telemetry Client, or DiagTrack service.
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis**
+This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn**
+An integer value representing what level of telemetry will be uploaded.
+
+Value type is integer. Supported operation is Get.
+
+The values are:
+- 0 == Security data will be sent
+- 1 == Basic telemetry will be sent
+- 2 == Enhanced telemetry will be sent
+- 3 == Full telemetry will be sent
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn**
+An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.
+
+Value type is integer. Supported operation is Get.
+
+The values are:
+- 0 == Setting is disabled
+- 1 == Setting is enabled
+- 2 == Setting is not applicable to this version of Windows
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning**
+A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
+
+Value type is bool. Supported operation is Get.
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**
+A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
+
+Value type is bool. Supported operation is Get.
+
+**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn**
+An integer value representing what websites Internet Explorer will collect telemetry data for.
+
+Value type is integer. Supported operation is Get.
+
+The values are:
+- 0 == Telemetry collection is disabled
+- 1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones
+- 2 == Telemetry collection is enabled for internet websites and restricted website zones
+- 3 == Telemetry collection is enabled for all websites
+- 0x7FFFFFFF == Telemetry collection is not configured
+
+**UniversalTelemetryClient/UtcConnectionReport**
+This provides an XML representation of the UTC connections during the most recent summary period.
+
+For the report XML schema, see [UTC connection report](#utc-connection-report).
+
+**WindowsErrorReporting**
+This represents the state of the Windows Error Reporting service.
+
+**WindowsErrorReporting/WerConfigurationDiagnosis**
+This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.
+
+**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn**
+An integer value indicating the amount of WER data that will be uploaded.
+
+Value type integer. Supported operation is Get.
+
+The values are:
+- 0 == Data will not send due to UTC opt-in
+- 1 == Data will not send due to WER opt-in
+- 2 == Basic WER data will send but not the complete set of data
+- 3 == The complete set of WER data will send
+
+
+**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting**
+An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.
+
+Value type integer. Supported operation is Get.
+
+The values are:
+- 0 == System telemetry settings are restricting uploads
+- 1 == WER basic policies are restricting uploads
+- 2 == WER advanced policies are restricting uploads
+- 3 == WER consent policies are restricting uploads
+- 4 == There are no restrictive settings
+
+**WindowsErrorReporting/WerConnectionReport**
+This provides an XML representation of the most recent WER connections of various types.
+
+For the report XML schema, see [Windows Error Reporting connection report](#windows-error-reporting-connection-report).
+
+## XML schema for the reports
+
+### Appraiser run result report
+
+```
+
+
+
+ CSP schema for the Compatibility Appraiser Diagnostic CSP.
+ Schema defining the Win32CompatibilityAppraiser\CompatibilityAppraiser\AppraiserRunResultReport CSP node.
+ Copyright (c) Microsoft Corporation, all rights reserved.
+
+
+
+ Defines a category of Appraiser run.
+
+
+
+
+ LastSecurityModeRunAttempt - The most recent run that was skipped because the "Allow Telemetry" setting was set to "Security".
+
+
+
+
+ LastEnterpriseRun - The most recent run that was invoked with the "ent" command line.
+
+
+
+
+ LastFatallyErroredRun - The most recent run that returned a failed "ErrorCode".
+
+
+
+
+ LastSuccessfulRun - The most recent run that returned a successful "ErrorCode".
+
+
+
+
+ LastFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run).
+
+
+
+
+ LastSuccessfulFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "ErrorCode".
+
+
+
+
+ LastSuccessfulFromEnterprisePerspectiveRun - The most recent run that returned a successful "EnterpriseErrorCode".
+
+
+
+
+ LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "EnterpriseErrorCode".
+
+
+
+
+ LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that was invoked with the "ent" command line and also returned a successful "EnterpriseErrorCode".
+
+
+
+
+
+
+ Represents the most recent run of the Compatibility Appraiser.
+
+
+
+
+ CurrentlyRunning - A boolean representing whether the specified Compatibility Appraiser run is still in progress.
+
+
+
+
+ CrashedOrInterrupted - A boolean representing whether the specified Compatibility Appraiser run ended before it finished scanning for compatibility data.
+
+
+
+
+ ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run. This may be a successful HRESULT code or a failure HRESULT code.
+
+
+
+
+ EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run. This may be a successful HRESULT code or a failure HRESULT code.
+
+
+
+
+ RunStartTimestamp - The time when the specified Compatibility Appraiser run started.
+
+
+
+
+ RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.
+
+
+
+
+ ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run. Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.
+
+
+
+
+ ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run. A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.
+
+
+
+
+
+
+ Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.
+
+
+
+
+ ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run. This may be a successful HRESULT code or a failure HRESULT code.
+
+
+
+
+ EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run. This may be a successful HRESULT code or a failure HRESULT code.
+
+
+
+
+ RunStartTimestamp - The time when the specified Compatibility Appraiser run started.
+
+
+
+
+ RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.
+
+
+
+
+ ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run. Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.
+
+
+
+
+ ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run. A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.
+
+
+
+
+
+ RunCategory - A string which details the category of Appraiser run.
+
+
+
+
+
+ Defines the latest run results for all known categories.
+
+
+
+
+ LastRunResult - Represents the most recent run of the Compatibility Appraiser.
+
+
+
+
+ LastRunResultForCategory - Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.
+
+
+
+
+
+
+```
+
+### UTC connection report
+
+```
+
+
+
+ CSP schema for the Compatibility Appraiser Diagnostic CSP.
+ Schema defining the Win32CompatibilityAppraiser\UniversalTelemetryClient\UtcConnectionReport CSP node.
+ Copyright (c) Microsoft Corporation, all rights reserved.
+
+
+
+ Defines the latest UTC connection results, if any.
+
+
+
+
+ ConnectionSummaryStartingTimestamp - The starting time of the most recent UTC summary window.
+
+
+
+
+ ConnectionSummaryEndingTimestamp - The ending time of the most recent UTC summary window.
+
+
+
+
+ TimestampOfLastSuccessfulUpload - The ending time of the most recent UTC summary window that included a successful data upload.
+
+
+
+
+ LastHttpErrorCode - The HTTP error code from the last failed internet connection.
+
+
+
+
+ ProxyDetected - A boolean value representing whether an internet connection during the summary window was directed through a proxy.
+
+
+
+
+ ConnectionsSuccessful - An integer value summarizing the success of internet connections during the summary window. The values are: 0 == "All connections failed", 1 == "Some connections succeeded and some failed", and 2 == "All connections succeeded".
+
+
+
+
+ DataUploaded - An integer value summarizing the success of data uploads during the summary window. The values are: 0 == "All data was dropped", 1 == "Some data was dropped and some was sent successfully", 2 == "All data was sent successfully", and 3 == "No data was present to upload".
+
+
+
+
+ AnyCertificateValidationFailures - A boolean value representing whether there were any failed attempts to validate certificates in the summary window.
+
+
+
+
+ LastCertificateValidationFailureCode - The most recent error code from a failed attempt at validating a certificate.
+
+
+
+
+
+
+ Lists results of UTC connections.
+
+
+
+
+ Defines the latest UTC connection results, if any.
+
+
+
+
+
+
+```
+
+### Windows Error Reporting connection report
+
+```
+
+
+
+ CSP schema for the Compatibility Appraiser Diagnostic CSP.
+ Schema defining the Win32CompatibilityAppraiser\WindowsErrorReporting\WerConnectionReport CSP node.
+ Copyright (c) Microsoft Corporation, all rights reserved.
+
+
+
+ LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.
+
+
+
+
+ Timestamp - The time when WER attempted the upload.
+
+
+
+
+ UploadDuration - The time taken while attempting the upload.
+
+
+
+
+ PayloadSize - The size of the payload that WER attempted to upload.
+
+
+
+
+ Protocol - The communication protocol that WER used during the upload.
+
+
+
+
+ Stage - The processing stage that WER was in when the upload ended.
+
+
+
+
+ BytesUploaded - The number of bytes that WER successfully uploaded.
+
+
+
+
+ ServerName - The name of the server that WER attempted to upload data to.
+
+
+
+
+
+
+ LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.
+
+
+
+
+ Timestamp - The time when WER attempted the upload.
+
+
+
+
+ HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.
+
+
+
+
+ UploadDuration - The time taken while attempting the upload.
+
+
+
+
+ PayloadSize - The size of the payload that WER attempted to upload.
+
+
+
+
+ Protocol - The communication protocol that WER used during the upload.
+
+
+
+
+ Stage - The processing stage that WER was in when the upload ended.
+
+
+
+
+ RequestStatusCode - The status code returned by the server in response to the upload request.
+
+
+
+
+ BytesUploaded - The number of bytes that WER successfully uploaded.
+
+
+
+
+ ServerName - The name of the server that WER attempted to upload data to.
+
+
+
+
+ TransportHr - The HRESULT code encountered when transferring data to the server.
+
+
+
+
+
+
+ LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.
+
+
+
+
+ Timestamp - The time when WER attempted the upload.
+
+
+
+
+ LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.
+
+
+
+
+ TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.
+
+
+
+
+
+
+ LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.
+
+
+
+
+ Timestamp - The time when WER attempted the upload.
+
+
+
+
+ HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.
+
+
+
+
+ LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.
+
+
+
+
+ TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.
+
+
+
+
+
+
+ Defines the latest WER connection results, if any.
+
+
+
+
+ LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.
+
+
+
+
+ LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.
+
+
+
+
+ LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.
+
+
+
+
+ LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.
+
+
+
+
+
+
+ Lists results of WER connections.
+
+
+
+
+ Defines the latest WER connection results, if any.
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
new file mode 100644
index 0000000000..9b8a7d81c5
--- /dev/null
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -0,0 +1,537 @@
+---
+title: Win32CompatibilityAppraiser DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 07/19/2018
+---
+
+# Win32CompatibilityAppraiser DDF file
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **Win32CompatibilityAppraiser** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is for Windows 10, next major version.
+
+``` syntax
+
+]>
+
+ 1.2
+
+ Win32CompatibilityAppraiser
+ ./Device/Vendor/MSFT
+
+
+
+
+ The root node for the Win32CompatibilityAppraiser configuration service provider.
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/Win32CompatibilityAppraiser
+
+
+
+ CompatibilityAppraiser
+
+
+
+
+ This represents the state of the Compatibility Appraiser.
+
+
+
+
+
+
+
+
+
+ CompatibilityAppraiser
+
+
+
+
+
+ AppraiserConfigurationDiagnosis
+
+
+
+
+ This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data.
+
+
+
+
+
+
+
+
+
+ AppraiserConfigurationDiagnosis
+
+
+
+
+
+ CommercialId
+
+
+
+
+ The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded.
+
+
+
+
+
+
+
+
+
+ CommercialId
+
+ text/plain
+
+
+
+
+ CommercialIdSetAndValid
+
+
+
+
+ A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces.
+
+
+
+
+
+
+
+
+
+ CommercialIdSetAndValid
+
+ text/plain
+
+
+
+
+ AllTargetOsVersionsRequested
+
+
+
+
+ A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
+
+
+
+
+
+
+
+
+
+ AllTargetOsVersionsRequested
+
+ text/plain
+
+
+
+
+ OsSkuIsValidForAppraiser
+
+
+
+
+ A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.
+
+
+
+
+
+
+
+
+
+ OsSkuIsValidForAppraiser
+
+ text/plain
+
+
+
+
+ AppraiserCodeAndDataVersionsAboveMinimum
+
+
+
+
+ An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data. The values are: 0 == "Neither the code nor data is of a sufficient version", 1 == "The code version is insufficient but the data version is sufficient", 2 == "The code version is sufficient but the data version is insufficient", and 3 == "Both the code and data are of a sufficient version".
+
+
+
+
+
+
+
+
+
+ AppraiserCodeVersionAboveMinimum
+
+ text/plain
+
+
+
+
+ RebootPending
+
+
+
+
+ A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+
+
+
+
+
+
+
+
+
+ RebootPending
+
+ text/plain
+
+
+
+
+
+ AppraiserRunResultReport
+
+
+
+
+ This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.
+
+
+
+
+
+
+
+
+
+ AppraiserRunResultReport
+
+ text/plain
+
+
+
+
+
+ UniversalTelemetryClient
+
+
+
+
+ This represents the state of the Universal Telemetry Client, or DiagTrack service.
+
+
+
+
+
+
+
+
+
+ UniversalTelemetryClient
+
+
+
+
+
+ UtcConfigurationDiagnosis
+
+
+
+
+ This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.
+
+
+
+
+
+
+
+
+
+ UtcConfigurationDiagnosis
+
+
+
+
+
+ TelemetryOptIn
+
+
+
+
+ An integer value representing what level of telemetry will be uploaded. The values are: 0 == "Security data will be sent", 1 == "Basic telemetry will be sent", 2 == "Enhanced telemetry will be sent", and 3 == "Full telemetry will be sent".
+
+
+
+
+
+
+
+
+
+ TelemetryOptIn
+
+ text/plain
+
+
+
+
+ CommercialDataOptIn
+
+
+
+
+ An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload. The values are: 0 == "Setting is disabled", 1 == "Setting is enabled", and 2 == "Setting is not applicable to this version of Windows".
+
+
+
+
+
+
+
+
+
+ CommercialDataOptIn
+
+ text/plain
+
+
+
+
+ DiagTrackServiceRunning
+
+
+
+
+ A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data.
+
+
+
+
+
+
+
+
+
+ DiagTrackServiceRunning
+
+ text/plain
+
+
+
+
+ MsaServiceEnabled
+
+
+
+
+ A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
+
+
+
+
+
+
+
+
+
+ MsaServiceEnabled
+
+ text/plain
+
+
+
+
+ InternetExplorerTelemetryOptIn
+
+
+
+
+ An integer value representing what websites Internet Explorer will collect telemetry data for. The values are: 0 == "Telemetry collection is disabled", 1 == "Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones", 2 == "Telemetry collection is enabled for internet websites and restricted website zones", 3 == "Telemetry collection is enabled for all websites", and 0x7FFFFFFF == "Telemetry collection is not configured".
+
+
+
+
+
+
+
+
+
+ InternetExplorerTelemetryOptIn
+
+ text/plain
+
+
+
+
+
+ UtcConnectionReport
+
+
+
+
+ This provides an XML representation of the UTC connections during the most recent summary period.
+
+
+
+
+
+
+
+
+
+ UtcConnectionReport
+
+ text/plain
+
+
+
+
+
+ WindowsErrorReporting
+
+
+
+
+ This represents the state of the Windows Error Reporting service.
+
+
+
+
+
+
+
+
+
+ WindowsErrorReporting
+
+
+
+
+
+ WerConfigurationDiagnosis
+
+
+
+
+ This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.
+
+
+
+
+
+
+
+
+
+ WerConfigurationDiagnosis
+
+
+
+
+
+ WerTelemetryOptIn
+
+
+
+
+ An integer value indicating the amount of WER data that will be uploaded. The values are: 0 == "Data will not send due to UTC opt-in", 1 == "Data will not send due to WER opt-in", 2 == "Basic WER data will send but not the complete set of data", and 3 == "The complete set of WER data will send".
+
+
+
+
+
+
+
+
+
+ WerTelemetryOptIn
+
+ text/plain
+
+
+
+
+ MostRestrictiveSetting
+
+
+
+
+ An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted. The values are: 0 == "System telemetry settings are restricting uploads", 1 == "WER basic policies are restricting uploads", 2 == "WER advanced policies are restricting uploads", 3 == "WER consent policies are restricting uploads", and 4 == "There are no restrictive settings".
+
+
+
+
+
+
+
+
+
+ MostRestrictiveSetting
+
+ text/plain
+
+
+
+
+
+ WerConnectionReport
+
+
+
+
+ This provides an XML representation of the most recent WER connections of various types.
+
+
+
+
+
+
+
+
+
+ WerConnectionReport
+
+ text/plain
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/security/hardware-protection/TOC.md b/windows/security/hardware-protection/TOC.md
index 86788da403..3dac21b0fa 100644
--- a/windows/security/hardware-protection/TOC.md
+++ b/windows/security/hardware-protection/TOC.md
@@ -2,7 +2,7 @@
## [Encrypted Hard Drive](encrypted-hard-drive.md)
-## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+## [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md)
## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
diff --git a/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
index 8b6124f000..c26efe3d4f 100644
--- a/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
+++ b/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
@@ -15,46 +15,37 @@ ms.date: 06/29/2017
Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard.
-Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesn’t protect the rest of the operating system, information on the device, other apps, or the network.
-Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network.
-With this, Windows can start to protect the broader range of resources.
+Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make the these security guarantees:
-The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system.
+- Protect and maintain the integrity of the system as it starts up
+- Protect and maintain the integrity of the system after it's running
+- Validate that system integrity has truly been maintained through local and remote attestation
-
+## Maintaining the integrity of the system as it starts
-## What security threats do containers protect against
+With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system. This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
-Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of.
-The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it.
-Let’s look at how an attacker might elevate privileges and move down the stack.
+With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) we have a hardware-based root of trust that helps us ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. This hardware-based root of trust comes from the device’s [Secure Boot feature](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-8.1-and-8/hh824987), which is part of the Unified Extensible Firmware Interface (UEFI).
-
+After successful verification and startup of the device’s firmware and Windows bootloader, the next opportunity for attackers to tamper with the system’s integrity is while the rest of the Windows operating system and defenses are starting. As an attacker, embedding your malicious code using a rootkit within the boot process enables you to gain the maximum level of privilege and gives you the ability to more easily persist and evade detection.
-In desktop operating systems, those apps typically run under the context of the user’s privileges.
-If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on.
+This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device. At the end of the Windows boot process, System Guard will start the system’s antimalware solution, which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start.
-A different type of app may run under the context of an Administrator.
-If attackers exploit a vulnerability in that app, they could gain Administrator privileges.
-Then they can start turning off defenses.
+
-They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator.
-Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy.
-SecOps tools could report the computer as healthy when in fact it’s completely under the control of someone else.
+## Maintaining integrity of the system after it’s running (run time)
-One way to address this threat is to use a sandbox, as smartphones do.
-That puts a layer between the app layer and the Windows platform services.
-Universal Windows Platform (UWP) applications work this way.
-But what if a vulnerability in the sandbox exists?
-The attacker can escape and take control of the system.
+Prior to Windows 10, if an attacker exploited the system and gained SYSTEM level privilege or they compromised the kernel itself, it was game over. The level of control that an attacker would acquire in this condition would enable them to tamper with and bypass many, if not all, of your system defenses. While we have a number of development practices and technologies (such as Windows Defender Exploit Guard) that have made it difficult to gain this level of privilege in Windows 10, the reality is that we needed a way to maintain the integrity of the most sensitive Windows services and data, even when the highest level of privilege has been secured by an adversary.
-## How containers help protect Windows 10
+With Windows 10, we introduced the concept of virtualization-based security (VBS), which enables us to contain the most sensitive Windows services and data in hardware-based isolation, which is the Windows Defender System Guard container. This secure environment provides us with the hardware-based security boundary we need to be able to secure and maintain the integrity of critical system services at run time like Credential Guard, Device Guard, Virtual TPM and parts of Windows Defender Exploit Guard, just to name a few.
-Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container.
-The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device.
+
-Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised.
-Anything that's running in that container will also be secure against a compromised app.
-Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time.
+## Validating platform integrity after Windows is running (run time)
+
+While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
+
+As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
+
+
-
diff --git a/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png b/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png
new file mode 100644
index 0000000000..1761e2e539
Binary files /dev/null and b/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png differ
diff --git a/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png b/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png
new file mode 100644
index 0000000000..fbd6a798b0
Binary files /dev/null and b/windows/security/hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png differ