Acrolinx enhancement

2025-05-12 13:27:23 +00:00 · 2022-04-21 16:18:20 +05:30 · 2022-04-21 16:18:20 +05:30 · 837570d921
commit 837570d921
parent 577bdb4ba3
25 changed files with 222 additions and 222 deletions
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@ -19,9 +19,9 @@ manager: dansimp
 User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. For reference, see [Well-Known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
-Even though strings are supported for well-known accounts and groups, it is better to use SIDs, because strings are localized for different languages. Some user rights allow things like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
+Even though strings are supported for well-known accounts and groups, it's better to use SIDs, because strings are localized for different languages. Some user rights allow things like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
-Here is an example for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
+Here's an example for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
@ -219,7 +219,7 @@ For example, the following syntax grants user rights to a specific user or group
 <!--/Scope-->
 <!--Description-->
-This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
+This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it's only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
 <!--/Description-->
 <!--DbMapped-->
@ -258,7 +258,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.
+This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services isn't affected by this user right.
 > [!NOTE]
 > Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
@ -340,7 +340,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users can log on to the computer.
+This user right determines which users can sign in to the computer.
 > [!NOTE]
 > Modifying this setting might affect compatibility with clients, services, and applications. For compatibility information about this setting, see [Allow log on locally](https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
@ -430,7 +430,7 @@ This user right determines which users and groups can change the time and date o
 > 
 > | Error code  | Symbolic name | Error description | Header |
 > |----------|----------|----------|----------|
-> |  0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request is not supported.|  winerror.h  |
+> |  0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request isn't supported.|  winerror.h  |
 <!--/Description-->
 <!--DbMapped-->
@ -469,7 +469,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
+This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption.
 > [!CAUTION]
 > Assigning this user right can be a security risk. Assign this user right to trusted users only.
@ -510,7 +510,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users.
+This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually doesn't need to be assigned to any users.
 <!--/Description-->
 <!--DbMapped-->
@ -549,7 +549,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.
+This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it's not necessary to specifically assign it.
 <!--/Description-->
 <!--DbMapped-->
@ -588,7 +588,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines if the user can create a symbolic link from the computer he is logged on to.
+This user right determines if the user can create a symbolic link from the computer they're signed in to.
 > [!CAUTION]
 > This privilege should be given to trusted users only. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
 > [!NOTE]
@ -631,9 +631,9 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System.
+This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it's necessary, don't assign this user right to a user, group, or process other than Local System.
 > [!CAUTION]
-> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
+> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
 <!--/Description-->
 <!--DbMapped-->
@ -672,7 +672,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
+This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications don't need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components.
 > [!CAUTION]
 > Assigning this user right can be a security risk. Assign this user right to trusted users only.
@ -833,7 +833,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set.
+This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account doesn't have the Account can't be delegated account control flag set.
 > [!CAUTION]
 > Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
@ -919,9 +919,9 @@ Assigning this user right to a user allows programs running on behalf of that us
 > [!NOTE]
 > By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
 1) The access token that is being impersonated is for this user.
-2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
+2) The user, in this sign-in session, created the access token by signing in to the network with explicit credentials.
 3) The requested level is less than Impersonate, such as Anonymous or Identify.
-Because of these factors, users do not usually need this user right.
+Because of these factors, users don't usually need this user right.
 > [!WARNING]
 > If you enable this setting, programs that previously had the Impersonate privilege might lose it, and they might not run.
@ -971,7 +971,7 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
 > [!WARNING]
-> If you remove **Window Manager\Window Manager Group** from the **Increase scheduling priority** user right, certain applications and computers do not function correctly. In particular, the INK workspace does not function correctly on unified memory architecture (UMA) laptop and desktop computers that run Windows 10, version 1903 (or later) and that use the Intel GFX driver.
+> If you remove **Window Manager\Window Manager Group** from the **Increase scheduling priority** user right, certain applications and computers don't function correctly. In particular, the INK workspace doesn't function correctly on unified memory architecture (UMA) laptop and desktop computers that run Windows 10, version 1903 (or later) and that use the Intel GFX driver.
 >
 > On affected computers, the display blinks when users draw on INK workspaces such as those that are used by Microsoft Edge, Microsoft PowerPoint, or Microsoft OneNote. The blinking occurs because the inking-related processes repeatedly try to use the Real-Time priority, but are denied permission.
@ -1006,9 +1006,9 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users.
+This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right doesn't apply to Plug and Play device drivers. It's recommended that you don't assign this privilege to other users.
 > [!CAUTION]
-> Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
+> Assigning this user right can be a security risk. Don't assign this user right to any user, group, or process that you don't want to take over the system.
 <!--/Description-->
 <!--DbMapped-->
@ -1086,7 +1086,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege also can view and clear the security log.
+This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting doesn't allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege also can view and clear the security log.
 <!--/Description-->
 <!--DbMapped-->
@ -1166,7 +1166,7 @@ GP Info:
 <!--Description-->
 This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should be modified only by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.
 > [!NOTE]
-> This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
+> This security setting doesn't affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
 <!--/Description-->
 <!--DbMapped-->
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@ -65,10 +65,10 @@ Automatic connection attempts
 - When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked.
 Manual connection attempts
- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
+- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
-If this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
+If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
 <!--/Description-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -118,7 +118,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
+The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options.
 Value type is string. Supported operations are Add, Get, Replace and Delete.
@ -162,7 +162,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 <!--/Description-->
 <!--ADMXMapped-->
@ -177,7 +177,7 @@ ADMX Info:
 Valid values:
 - 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the Account protection area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -210,7 +210,7 @@ Valid values:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -227,7 +227,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the app and browser protection area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -324,7 +324,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 <!--/Description-->
 <!--ADMXMapped-->
@ -339,7 +339,7 @@ ADMX Info:
 Valid values:
 - 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the Device security area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -372,10 +372,10 @@ Valid values:
 <!--/Scope-->
 <!--Description-->
-Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
+Use this policy if you want Windows Defender Security Center to only display notifications that are considered critical. If you disable or don't configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
 > [!NOTE]
-> If Suppress notification is enabled then users will not see critical or non-critical messages.
+> If Suppress notification is enabled then users won't see critical or non-critical messages.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -391,8 +391,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users..
+- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.
- 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.
+- 1 - (Enable) Windows Defender Security Center only display notifications that are considered critical on clients.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -425,7 +425,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -442,7 +442,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of the family options area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the family options area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -475,7 +475,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -492,7 +492,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the device performance and health area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -525,7 +525,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -542,7 +542,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the firewall and network protection area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -575,7 +575,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
+Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -592,7 +592,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of Windows Defender Security Center notifications.
- 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications.
+- 1 - (Enable) The users can't see the display of Windows Defender Security Center notifications.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -628,7 +628,7 @@ The following list shows the supported values:
 Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
 Enabled:
-Users will not be shown a recommendation to update their TPM Firmware.
+Users won't be shown a recommendation to update their TPM Firmware.
 Disabled:
 Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.        
@ -689,7 +689,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -706,7 +706,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.
+- 1 - (Enable) The users can't see the display of the virus and threat protection area in Windows Defender Security Center.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -739,7 +739,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
+Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
@ -756,7 +756,7 @@ ADMX Info:
 The following list shows the supported values:
 - 0 - (Disable) Local users are allowed to make changes in the exploit protection settings area.
- 1 - (Enable) Local users cannot make changes in the exploit protection settings area.
+- 1 - (Enable) Local users can't make changes in the exploit protection settings area.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -789,7 +789,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
 Value type is string. Supported operations are Add, Get, Replace and Delete.
@ -833,7 +833,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
+Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@ -883,7 +883,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
+Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
@ -899,7 +899,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
- 0 - (Disable) Do not display the company name and contact options in the card fly out notification.
+- 0 - (Disable) Don't display the company name and contact options in the card fly out notification.
 - 1 - (Enable) Display the company name and contact options in the card fly out notification.
 <!--/SupportedValues-->
@ -1143,7 +1143,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
@ -1187,9 +1187,9 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
+The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options.
-Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
+Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--/Description-->
 <!--ADMXMapped-->
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -83,15 +83,15 @@ manager: dansimp
 <!--Description-->
 This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot.
-This occurs only if the last interactive user did not sign out before the restart or shutdown.
+This scenario occurs only if the last interactive user didn't sign out before the restart or shutdown.
 If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.
-If you do not configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
 After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot.
-If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
+If you disable this policy setting, the device doesn't configure automatic sign in. The user’s lock screen apps aren't restarted after the system restarts.
 <!--/Description-->
@ -142,17 +142,17 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting controls the configuration under which an automatic restart, sign on, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign on does not occur and this policy need not be configured.
+This policy setting controls the configuration under which an automatic restart, sign in, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign in doesn't occur and this policy need not be configured.
 If you enable this policy setting, you can choose one of the following two options:
- Enabled if BitLocker is on and not suspended: Specifies that automatic sign on and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.  
+- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.  
 BitLocker is suspended during updates if:
-    - The device does not have TPM 2.0 and PCR7
+    - The device doesn't have TPM 2.0 and PCR7
-    - The device does not use a TPM-only protector
+    - The device doesn't use a TPM-only protector
- Always Enabled: Specifies that automatic sign on happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
+- Always Enabled: Specifies that automatic sign in happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign in should only be run under this condition if you're confident that the configured device is in a secure physical location.
-If you disable or do not configure this setting, automatic sign on defaults to the “Enabled if BitLocker is on and not suspended” behavior.
+If you disable or don't configure this setting, automatic sign in defaults to the “Enabled if BitLocker is on and not suspended” behavior.
 <!--/Description-->
@ -207,7 +207,7 @@ This policy setting allows you to prevent app notifications from appearing on th
 If you enable this policy setting, no app notifications are displayed on the lock screen.
-If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
+If you disable or don't configure this policy setting, users can choose which apps display notifications on the lock screen.
 <!--/Description-->
@ -249,13 +249,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
+This policy setting allows you to control whether anyone can interact with available networks UI on the sign-in screen.
-If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
+If you enable this policy setting, the PC's network connectivity state can't be changed without signing into Windows.
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
-Here is an example to enable this policy:
+Here's an example to enable this policy:
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
@ -320,16 +320,16 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This view applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
 If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation.
-If you disable this policy setting, users do not see the animation and Microsoft account users do not see the opt-in prompt for services.
+If you disable this policy setting, users don't see the animation and Microsoft account users don't see the opt-in prompt for services.
-If you do not configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer do not see the animation.
+If you don't configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting isn't configured, users new to this computer don't see the animation.
 > [!NOTE]
-> The first sign-in animation is not displayed on Server, so this policy has no effect.
+> The first sign-in animation isn't displayed on Server, so this policy has no effect.
 <!--/Description-->
 <!--ADMXMapped-->
@ -385,7 +385,7 @@ This policy setting allows local users to be enumerated on domain-joined compute
 If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
-If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
+If you disable or don't configure this policy setting, the Logon UI won't enumerate local users on domain-joined computers.
 <!--/Description-->
@ -427,7 +427,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
+This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or don't configure this policy setting, the Switch account button is accessible to the user in the three locations.
 <!--/Description-->
 <!--ADMXMapped-->
@ -446,7 +446,7 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--Validation-->
-To validate on Desktop, do the following:
+To validate on Desktop, do the following steps:
 1.   Enable policy.
 2.   Verify that the Switch account button in Start is hidden.
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@ -75,9 +75,9 @@ This policy setting allows the IT admin to enable or disable audio input to the
 > [!NOTE]
 > There may be security implications of exposing host audio input to the container.
-If this policy is not configured, end-users get the default behavior (audio input enabled). 
+If this policy isn't configured, end-users get the default behavior (audio input enabled). 
-If audio input is disabled, a user will not be able to enable audio input from their own configuration file. 
+If audio input is disabled, a user won't be able to enable audio input from their own configuration file. 
 If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure.
@ -142,9 +142,9 @@ Available in the latest Windows 10 insider preview build.
 <!--Description-->
 This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
-If this policy is not configured, end-users get the default behavior (clipboard redirection enabled. 
+If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled. 
-If clipboard sharing is disabled, a user will not be able to enable clipboard sharing from their own configuration file. 
+If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file. 
 If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure.
@ -209,9 +209,9 @@ Available in the latest Windows 10 insider preview build.
 <!--Description-->
 This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network.
-If this policy is not configured, end-users get the default behavior (networking enabled).
+If this policy isn't configured, end-users get the default behavior (networking enabled).
-If networking is disabled, a user will not be able to enable networking from their own configuration file.
+If networking is disabled, a user won't be able to enable networking from their own configuration file.
 If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure.
@ -274,9 +274,9 @@ Available in the latest Windows 10 insider preview build.
 <!--Description-->
 This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. 
-If this policy is not configured, end-users get the default behavior (printer sharing disabled). 
+If this policy isn't configured, end-users get the default behavior (printer sharing disabled). 
-If printer sharing is disabled, a user will not be able to enable printer sharing from their own configuration file. 
+If printer sharing is disabled, a user won't be able to enable printer sharing from their own configuration file. 
 If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure.
@ -343,9 +343,9 @@ This policy setting allows the IT admin to enable or disable virtualized GPU for
 > [!NOTE]
 > Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. 
-If this policy is not configured, end-users get the default behavior (vGPU is disabled). 
+If this policy isn't configured, end-users get the default behavior (vGPU is disabled). 
-If vGPU is disabled, a user will not be able to enable vGPU support from their own configuration file. 
+If vGPU is disabled, a user won't be able to enable vGPU support from their own configuration file. 
 If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure.
@ -412,9 +412,9 @@ This policy setting allows the IT admin to enable or disable video input to the
 > [!NOTE]
 > There may be security implications of exposing host video input to the container.
-If this policy is not configured, users get the default behavior (video input disabled). 
+If this policy isn't configured, users get the default behavior (video input disabled). 
-If video input is disabled, users will not be able to enable video input from their own configuration file. 
+If video input is disabled, users won't be able to enable video input from their own configuration file. 
 If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure.
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -84,7 +84,7 @@ This policy setting allows you to turn off the Wireless Display multicast DNS se
 <!--SupportedValues-->
 The following list shows the supported values:
- 0 - Do not allow
+- 0 - Don't allow
 - 1 - Allow
 <!--/SupportedValues-->
@ -124,7 +124,7 @@ This policy setting allows you to turn off discovering the display service adver
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 - Do not allow
+-   0 - Don't allow
 -   1 - Allow
 <!--/SupportedValues-->
@ -160,9 +160,9 @@ The following list shows the supported values:
 <!--Description-->
 This policy setting allows you to disable the infrastructure movement detection feature.
-If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure.
+If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you're projecting over infrastructure.
-If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.
+If you set it to 1, your PC will detect that you've moved and will automatically disconnect your infrastructure Wireless Display session.
 The default value is 1.
@ -171,7 +171,7 @@ The default value is 1.
 The following list shows the supported values:
- 0 - Do not allow
+- 0 - Don't allow
 - 1 (Default) - Allow
 <!--/SupportedValues-->
@ -211,7 +211,7 @@ This policy allows you to turn off projection from a PC.
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 - your PC cannot discover or project to other devices.
+-   0 - your PC can't discover or project to other devices.
 -   1 - your PC can discover and project to other devices
 <!--/SupportedValues-->
@ -251,7 +251,7 @@ This policy allows you to turn off projection from a PC over infrastructure.
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 - your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct.
+-   0 - your PC can't discover or project to other infrastructure devices, although it's possible to discover and project over WiFi Direct.
 -   1 - your PC can discover and project to other devices over infrastructure.
 <!--/SupportedValues-->
@ -287,7 +287,7 @@ The following list shows the supported values:
 <!--Description-->
 Allow or disallow turning off the projection to a PC.
-If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
+If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
 Value type is integer.
@ -303,7 +303,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 - projection to PC is not allowed. Always off and the user cannot enable it.
+-   0 - projection to PC isn't allowed. Always off and the user can't enable it.
 -   1 (default) - projection to PC is allowed. Enabled only above the lock screen.
 <!--/SupportedValues-->
@ -343,7 +343,7 @@ This policy setting allows you to turn off projection to a PC over infrastructur
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 - your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct.
+-   0 - your PC isn't discoverable and other devices can't project to it over infrastructure, although it's possible to project to it over WiFi Direct.
 -   1 - your PC is discoverable and other devices can project to it over infrastructure.
 <!--/SupportedValues-->
@ -419,7 +419,7 @@ The following list shows the supported values:
 <!--Description-->
 Allow or disallow requirement for a PIN for pairing.
-If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
+If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
 Value type is integer.
@ -435,7 +435,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 (default) - PIN is not required.
+-   0 (default) - PIN isn't required.
 -   1 - PIN is required.
 <!--/SupportedValues-->
--- a/windows/client-management/mdm/proxy-csp.md
+++ b/windows/client-management/mdm/proxy-csp.md
@ -22,9 +22,9 @@ The PROXY configuration service provider is used to configure proxy connections.
 This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-For the PROXY CSP, you cannot use the Replace command unless the node already exists.
+For the PROXY CSP, you can't use the Replace command unless the node already exists.
-The following shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
+The following example shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol isn't supported by this configuration service provider.
 ```
 ./Vendor/MSFT/Proxy
@ -62,9 +62,9 @@ Root node for the proxy connection.
 <a href="" id="proxyname"></a>***ProxyName***
 Defines the name of a proxy connection.
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
-The addition, update, and deletion of this sub-tree of nodes have to be specified in a single atomic transaction.
+The addition, update, and deletion of this subtree of nodes have to be specified in a single atomic transaction.
 <a href="" id="proxyname-proxyid"></a>***ProxyName*/PROXYID**
 Specifies the unique identifier of the proxy connection.
@ -93,7 +93,7 @@ Node for port information.
 <a href="" id="proxyname-ports-portname"></a>***ProxyName*/Ports/_PortName_**
 Defines the name of a port.
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names.
 <a href="" id="proxyname-ports-portname-portnbr"></a>***ProxyName*/Ports/*PortName*/PortNbr**
 Specifies the port number to be associated with the parent port.
@ -104,7 +104,7 @@ Node for services information.
 <a href="" id="proxyname-ports-services-servicename"></a>***ProxyName*/Ports/Services/_ServiceName_**
 Defines the name of a service.
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names.
 <a href="" id="proxyname-ports-services-servicename-servicename"></a>***ProxyName*/Ports/Services/*ServiceName*/ServiceName**
 Specifies the protocol to be associated with the parent port.
@ -117,7 +117,7 @@ Node for connection reference information
 <a href="" id="proxyname-conrefs-conrefname"></a>***ProxyName*/ConRefs/_ConRefName_**
 Defines the name of a connection reference.
-It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names.
+It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names.
 <a href="" id="proxyname-conrefs-conrefname-conref"></a>***ProxyName*/ConRefs/*ConRefName*/ConRef**
 Specifies one single connectivity object associated with the proxy connection.
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@ -21,7 +21,7 @@ The PXLOGICAL configuration service provider is used to add, remove, or modify W
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-The following shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for initial bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider.
+The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for initial bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
 ```console
 PXLOGICAL
@ -46,7 +46,7 @@ PXLOGICAL
 ```
-The following shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol is not supported by this configuration service provider.
+The following example shows the PXLOGICAL configuration service provider management object in tree format as used by OMA Client Provisioning for updating the bootstrapping of the device. The OMA DM protocol isn't supported by this configuration service provider.
 ```console
 PXLOGICAL
@ -74,17 +74,17 @@ PXLOGICAL
 <a href="" id="pxphysical"></a>**PXPHYSICAL**  
 Defines a group of logical proxy settings.
-The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It is required when updating and deleting existing NAPs and proxies and must have its value set to 1.
+The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1.
 <a href="" id="domain"></a>**DOMAIN**  
 Specifies the domain associated with the proxy (for example, "\*.com").
-A Windows device supports only one proxy that does not have a DOMAIN parameter, or has an empty DOMAIN value. That is, the device only supports one default proxy. All other proxy configurations must have a DOMAIN parameter with a non-empty value. A query of this parameter returns a semicolon-delimited string of all domains associated with the proxy.
+A Windows device supports only one proxy that doesn't have a DOMAIN parameter, or has an empty DOMAIN value. That is, the device only supports one default proxy. All other proxy configurations must have a DOMAIN parameter with a non-empty value. A query of this parameter returns a semicolon-delimited string of all domains associated with the proxy.
 <a href="" id="name"></a>**NAME**  
 Specifies the name of the logical proxy.
-When a list of proxies is displayed to the user they are displayed together in a single line, so the length of this value should be short for readability.
+When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability.
 <a href="" id="port"></a>**PORT**  
 Defines the bindings between a port number and one or more protocols or services.
@ -94,7 +94,7 @@ This configuration service provider can accept a maximum of two ports per physic
 <a href="" id="portnbr"></a>**PORTNBR**  
 Specifies the port number associated with some services on this proxy.
-If the PORTNBR is 80 or 443, or the PORT characteristic is missing, it is treated as an HTTP proxy.
+If the PORTNBR is 80 or 443, or the PORT characteristic is missing, it's treated as an HTTP proxy.
 <a href="" id="service"></a>**SERVICE**  
 Specifies the service associated with the port number.
@ -104,7 +104,7 @@ Windows supports accepting WAP push connectionless sessions over a Short Message
 <a href="" id="pushenabled"></a>**PUSHENABLED**  
 Specifies whether or not push operations are enabled.
-If this element is used in PXLOGICAL, it applies to all of the PXPHYSICAL elements embedded in the PXLOGICAL element. A value of "0" indicates that the proxy does not support push operations. A value of "1" indicates that the proxy supports push operations.
+If this element is used in PXLOGICAL, it applies to all of the PXPHYSICAL elements embedded in the PXLOGICAL element. A value of "0" indicates that the proxy doesn't support push operations. A value of "1" indicates that the proxy supports push operations.
 <a href="" id="proxy-id"></a>**PROXY-ID**  
 Used during initial bootstrapping. Specifies the unique identifier of the logical proxy.
@ -120,12 +120,12 @@ Specifies whether or not the physical proxies in this logical proxy are privileg
 <a href="" id="pxphysical"></a>**PXPHYSICAL**  
 Defines a group of physical proxy settings associated with the parent logical proxy.
-The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It is required when updating and deleting existing NAPs and proxies and must have its value set to 1.
+The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1.
 <a href="" id="physical-proxy-id"></a>**PHYSICAL-PROXY-ID**  
 Used during initial bootstrapping. Specifies the identifier of the physical proxy.
-When a list of proxies is displayed to the user they are displayed together in a single line, so the length of this value should be short for readability.
+When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability.
 <a href="" id="physical-proxy-id"></a>***PHYSICAL-PROXY-ID***  
 Used during bootstrapping updates. Specifies the identifier of the physical proxy.
@ -150,7 +150,7 @@ If **TO-NAPID** is used, the NAP whose **NAPID** is referred to by **TO-NAPID**
 The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-These features are available only for the device technique. In addition, the parameter-query and characteristic-query features are not supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned.
+These features are available only for the device technique. In addition, the parameter-query and characteristic-query features aren't supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned.
 |Feature|Available|
 |--- |--- |
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@ -37,7 +37,7 @@ The following parameters may be specified in the request URI.
 ### Response body
-The response body contain [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
+The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails).
 |Error code|Description|Retry|Data field|Details|
 |--- |--- |--- |--- |--- |
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@ -29,7 +29,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
    ![screen for registering azure-ad](images/azure-ad-add-tenant11.png)
-3.  On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal.
+3.  On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. You're taken to the Azure Active Directory portal.
    ![Azure-AD-updated.](https://user-images.githubusercontent.com/41186174/71594506-e4845300-2b40-11ea-9a08-c21c824e12a4.png)
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@ -17,7 +17,7 @@ ms.date: 06/26/2017
 The RemoteFind configuration service provider retrieves the location information for a particular device.
-The following shows the RemoteFind configuration service provider management object in tree format as used by OMA Client Provisioning.
+The following example shows the RemoteFind configuration service provider management object in tree format as used by OMA Client Provisioning.
 ```
 ./Vendor/MSFT
 RemoteFind
@ -35,26 +35,26 @@ RemoteFind
 <a href="" id="desiredaccuracy"></a>**DesiredAccuracy**  
 Optional. The node accepts the requested radius value in meters. Valid values for accuracy are any value between 1 and 1000 meters.
-The default value is 50. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 50. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 <a href="" id="timeout"></a>**Timeout**  
 Optional. Value is DWORD in seconds.
-The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 <a href="" id="maximumage"></a>**MaximumAge**  
 Optional. The value represents the desired time window in minutes that the server will accept a successful location retrieval. The node enables the server to set the requested age value in 100 nanoseconds. Valid values for accuracy include any integer value between 0 and 1440 minutes.
-The default value is 60. Replacing this value only replaces it for the current session. The value is not retained.
+The default value is 60. Replacing this value only replaces it for the current session. The value isn't retained.
-Supported operations are Replace and Get. The Add command is not supported.
+Supported operations are Replace and Get. The Add command isn't supported.
 <a href="" id="location"></a>**Location**  
-Required. Nodes under this path must be queried atomically in order to succeed. This is to prevent servers from querying incomplete sets of data.
+Required. Nodes under this path must be queried atomically in order to succeed. This condition is to prevent servers from querying incomplete sets of data.
 <a href="" id="latitude"></a>**Latitude**  
 Required. Provides the latitude of the last successful remote find.
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@ -17,7 +17,7 @@ ms.date: 08/13/2018
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
-The following shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
+The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
 ```
 ./Vendor/MSFT
 RemoteWipe
@ -60,7 +60,7 @@ Added in Windows 10, version 1709.  Exec on this node will perform a remote rese
 Added in Windows 10, version 1809. Node for the Autopilot Reset operation.
 <a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment**  
-Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
+Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This node works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
 <a href="" id="lasterror"></a>**AutomaticRedeployment/LastError**  
 Added in Windows 10, version 1809. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT).
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@ -48,13 +48,13 @@ Interior node for retrieving the security auditing logs. This node is only for m
 -->
 <a href="" id="retrievebytimerange"></a>**RetrieveByTimeRange**  
-Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime are not specified, then the values are interpreted as either first existing or last existing time.
+Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime aren't specified, then the values are interpreted as either first existing or last existing time.
 Here are the other possible scenarios:
-   If the StartTime and StopTime are not specified, then it returns all existing logs.
+-   If the StartTime and StopTime aren't specified, then it returns all existing logs.
-   If the StopTime is specified, but the StartTime is not specified, then all logs that exist before the StopTime are returned.
+-   If the StopTime is specified, but the StartTime isn't specified, then all logs that exist before the StopTime are returned.
-   If the StartTime is specified, but the StopTime is not specified, then all that logs that exist from the StartTime are returned.
+-   If the StartTime is specified, but the StopTime isn't specified, then all that logs that exist from the StartTime are returned.
 <a href="" id="retrievebycount"></a>**RetrieveByCount**  
 Interior node for retrieving a specified number of logs from the StartTime. The StartTime is expressed in ISO 8601 format. You can set the number of logs required by setting LogCount and StartTime. It returns the specified number of logs or less, if the total number of logs is less than LogCount.
@ -64,7 +64,7 @@ Contains the reporting logs.
 Value type is XML.
-Supported operations is Get.
+Supported operation is Get.
 <a href="" id="starttime"></a>**StartTime**  
 Specifies the starting time for retrieving logs.
@ -81,7 +81,7 @@ Value type is string. Use ISO 8601 format.
 Supported operations are Get and Replace.
 <a href="" id="type"></a>**Type**  
-Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this to retrieve the WIP learning logs.
+Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs.
 Value type is integer.
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@ -21,7 +21,7 @@ The RootCATrustedCertificates configuration service provider enables the enterpr
 > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**.
-The following shows the RootCATrustedCertificates configuration service provider in tree format.
+The following example shows the RootCATrustedCertificates configuration service provider in tree format.
 Detailed specification of the principal root nodes:
 ```
@ -82,7 +82,7 @@ Node for trusted publisher certificates.
 Node for trusted people certificates.
 <a href="" id="rootcatrustedcertificates-untrustedcertificates"></a>**RootCATrustedCertificates/UntrustedCertificates**  
-Added in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
+Added in Windows 10, version 1803. Node for certificates that aren't trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
 <a href="" id="certhash"></a>**_CertHash_**  
 Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. This node is common for all the principal root nodes.  The supported operations are Get and Delete.
@ -90,19 +90,19 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 The following nodes are all common to the **_CertHash_** node:
 <a href="" id="-encodedcertificate"></a>**/EncodedCertificate**  
-Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.  The supported operations are Add, Get, and Replace.
+Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc.  The supported operations are Add, Get, and Replace.
 <a href="" id="-issuedby"></a>**/IssuedBy**  
-Returns the name of the certificate issuer. This is equivalent to the **Issuer** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the name of the certificate issuer. This name is equivalent to the **Issuer** member in the CERT\_INFO data structure.  The only supported operation is Get.
 <a href="" id="-issuedto"></a>**/IssuedTo**  
-Returns the name of the certificate subject. This is equivalent to the **Subject** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the name of the certificate subject. This name is equivalent to the **Subject** member in the CERT\_INFO data structure.  The only supported operation is Get.
 <a href="" id="-validfrom"></a>**/ValidFrom**  
-Returns the starting date of the certificate's validity. This is equivalent to the **NotBefore** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the starting date of the certificate's validity. This date is equivalent to the **NotBefore** member in the CERT\_INFO data structure.  The only supported operation is Get.
 <a href="" id="-validto"></a>**/ValidTo**  
-Returns the expiration date of the certificate. This is equivalent to the **NotAfter** member in the CERT\_INFO data structure.  The only supported operation is Get.
+Returns the expiration date of the certificate. This date is equivalent to the **NotAfter** member in the CERT\_INFO data structure.  The only supported operation is Get.
 <a href="" id="-templatename"></a>**/TemplateName**  
 Returns the certificate template name.  The only supported operation is Get.
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@ -16,7 +16,7 @@ ms.date: 06/26/2017
 The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser.
-The following shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 ```
 ./Vendor/MSFT
 SecureAssessment
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@ -22,9 +22,9 @@ The SecurityPolicy configuration service provider is used to configure security
-For the SecurityPolicy CSP, you cannot use the Replace command unless the node already exists.
+For the SecurityPolicy CSP, you can't use the Replace command unless the node already exists.
-The following shows the SecurityPolicy configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
+The following example shows the SecurityPolicy configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
 ```console
 ./Vendor/MSFT
@ -65,7 +65,7 @@ The following security policies are supported.
 - **PolicyID**: 4111 | Hex:100f
  - **Policy name**: OTA Provisioning Policy
-  - **Policy description**: This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.
+  - **Policy description**: This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for a carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.
    - Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)
    - Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS
@ -74,7 +74,7 @@ The following security policies are supported.
  - **Policy description**: This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.
    - Default value: 1
    - Supported values: 
-      - 0: Routing of WSP notifications is not allowed.
+      - 0: Routing of WSP notifications isn't allowed.
      - 1: Routing of WSP notifications is allowed.
 - **PolicyID**: 4132 | Hex:1024
@ -83,7 +83,7 @@ The following security policies are supported.
    - Default value: 0
    - Supported values: 
      - 0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
-      - 1: There is no user prompt.
+      - 1: There's no user prompt.
 - **PolicyID**: 4141 | Hex:102d
  - **Policy name**: OMA CP NETWPIN Policy
@ -201,7 +201,7 @@ The following table shows the Microsoft custom elements that this Configuration
 |Elements|Available|
 |--- |--- |
 |parm-query|Yes|
-|noparm|Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|
+|noparm|Yes. If this element is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@ -21,13 +21,13 @@ The following list shows the general server requirements for using OMA DM to man
 -   The OMA DM server must support the OMA DM v1.1.2 or later protocol.
-   Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate is not issued by a commercial Certification Authority whose root certificate is pre-installed in the device, you must provision the enterprise root certificate in the device's Root store.
+-   Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a commercial Certification Authority whose root certificate is pre-installed in the device, you must provision the enterprise root certificate in the device's Root store.
 -   To authenticate the client at the application level, you must use either Basic or MD5 client authentication.
 -   The server MD5 nonce must be renewed in each DM session. The DM client sends the new server nonce for the next session to the server over the Status element in every DM session.
-   The MD5 binary nonce is send over XML B64 encoded format, but the octal form of the binary data should be used when the service calculates the hash.
+-   The MD5 binary nonce is sent over XML B64 encoded format, but the octal form of the binary data should be used when the service calculates the hash.
    For more information about Basic or MD5 client authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM\_Security-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@ -17,7 +17,7 @@ ms.date: 01/16/2019
 The SharedPC configuration service provider is used to configure settings for Shared PC usage.
-The following shows the SharedPC configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the SharedPC configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
 ```
 ./Vendor/MSFT
 SharedPC
@ -133,12 +133,12 @@ Configures when accounts are deleted.
 The supported operations are Add, Get, Replace, and Delete.
-For Windows 10, version 1607, here is the list shows the supported values:
+For Windows 10, version 1607, here's the list shows the supported values:
 -   0 - Delete immediately.
 -   1 (default) - Delete at disk space threshold.
-For Windows 10, version 1703, here is the list of supported values:  
+For Windows 10, version 1703, here's the list of supported values:  
 - 0 - Delete immediately
 - 1 - Delete at disk space threshold
@ -154,7 +154,7 @@ Sets the percentage of disk space remaining on a PC before cached accounts will
 The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
-For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under half of the deletion threshold and disk space is very low, regardless of whether the PC is actively in use or not.
+For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under half of the deletion threshold and disk space is low, regardless of whether the PC is actively in use or not.
 The supported operations are Add, Get, Replace, and Delete.
@ -166,7 +166,7 @@ Sets the percentage of available disk space a PC should have before it stops del
 The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
-For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless whether the PC is actively in use or not.
+For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under the deletion threshold and disk space is low, regardless whether the PC is actively in use or not.
 The supported operations are Add, Get, Replace, and Delete.
@ -187,7 +187,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 <a href="" id="kioskmodeusertiledisplaytext"></a>**KioskModeUserTileDisplayText**  
-Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. This node is optional. 
+Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional. 
 Value type is string. Supported operations are Add, Get, Replace, and Delete. 
@ -195,14 +195,14 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 <a href="" id="inactivethreshold"></a>**InactiveThreshold**  
-Added in Windows 10, version 1703. Accounts will start being deleted when they have not been logged on during the specified period, given as number of days.
+Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
 The default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 The default in the SharedPC provisioning package is 30.
 <a href="" id="maxpagefilesizemb"></a>**MaxPageFileSizeMB**  
-Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional. 
+Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional. 
 > [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@ -29,7 +29,7 @@ The following table shows the OMA DM versions that are supported.
 ## File format
-The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification.
+The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain extra XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification.
 ```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
@ -107,7 +107,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM
 **Code example**
-The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This is indicated by the &lt;Final /&gt; tag that occurs immediately after the terminating tag for the Get command.
+The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This command is indicated by the &lt;Final /&gt; tag that occurs immediately after the terminating tag for the Get command.
 ```xml
 <SyncBody>
@ -124,7 +124,7 @@ The following example shows the body component of a DM message. In this example,
 </SyncBody>
 ```
-When using SyncML for OMA DM provisioning, a LocURI in SyncBody can have a "." as a valid segment name only in the first segment. However, a "." is not a valid segment name for the other segments. For example, the following LocURI is not valid because the segment name of the seventh segment is a ".".
+When SyncML for OMA DM provisioning is being used, a LocURI in SyncBody can have a "." as a valid segment name only in the first segment. However, a "." isn't a valid segment name for the other segments. For example, the following LocURI isn't valid because the segment name of the seventh segment is a ".".
 ```xml
 <LocURI>./Vendor/MSFT/Registry/HKLM/Security/./Test</LocURI>
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@ -27,14 +27,14 @@ The SUPL configuration service provider is used to configure the location client
      - H-SLP server certificate.
      - Positioning method.
      - Version of the protocol to use by default.
-    - MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.
+    - MCC/MNC value pairs that are used to specify which networks' UUIC the SUPL account matches.
  - **V2 UPL**: 
    - Address of the server—a mobile positioning center for non-trusted mode.
    - The positioning method used by the MPC for non-trusted mode.
 The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used.
-The following shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
+The following example shows the SUPL configuration service provider management object in tree format as used by OMA DM and OMA Client Provisioning.
 > [!NOTE]
 > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION capability to be accessed from a network configuration application. 
@ -76,12 +76,12 @@ SUPL
 Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. Only one SUPL account is supported at a given time.
 <a href="" id="appid"></a>**AppID**  
-Required. The AppID for SUPL is automatically set to `"ap0004"`. This is a read-only value.
+Required. The AppID for SUPL is automatically set to `"ap0004"`. This value is a read-only value.
 <a href="" id="addr"></a>**Addr**  
 Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) server for non-proxy mode. The value is a server address specified as a fully qualified domain name, and the port specified as an integer, with the format *server*: *port*.
-If this value is not specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
+If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3.
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
@ -92,9 +92,9 @@ Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0
 Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored.
 <a href="" id="mccmncpairs"></a>**MCCMNCPairs**  
-Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL.
+Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the device uses the default location service and doesn't use SUPL.
-This value is a string with the format "(X1,Y1)(X2,Y2)…(Xn,Yn)", in which `X` is a MCC and `Y` is an MNC.
+This value is a string with the format "(X1, Y1)(X2, Y2)…(Xn, Yn)", in which `X` is an MCC and `Y` is an MNC.
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
@ -146,7 +146,7 @@ When the location toggle is set to Off and this value is set to 1, the following
 However, if `privacyOverride` is set in the message, the location will be returned.
-When the location toggle is set to Off and this value is set to 0, the location toggle does not prevent SUPL network-initiated requests from working.
+When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
@ -159,7 +159,7 @@ This value manages the settings for both SUPL and v2 UPL. If a device is configu
 Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60.
 <a href="" id="rootcertificate"></a>**RootCertificate**  
-Required. Specifies the root certificate for the H-SLP server. Windows does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error.
+Required. Specifies the root certificate for the H-SLP server. Windows doesn't support a non-secure mode. If this node isn't included, the configuration service provider will fail but may not return a specific error.
 <a href="" id="rootcertificate-name"></a>**RootCertificate/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
@ -265,7 +265,7 @@ When the location toggle is set to Off and this value is set to 1, the following
 However, if `privacyOverride` is set in the message, the location will be returned.
-When the location toggle is set to Off and this value is set to 0, the location toggle does not prevent SUPL network-initiated requests from working.
+When the location toggle is set to Off and this value is set to 0, the location toggle doesn't prevent SUPL network-initiated requests from working.
 For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.
@ -283,7 +283,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil
 ## Unsupported Nodes
-The following optional nodes are not supported on Windows devices.
+The following optional nodes aren't supported on Windows devices.
 -   ProviderID
@ -299,14 +299,14 @@ The following optional nodes are not supported on Windows devices.
 -   AddrType
-If the configuration application tries to set, delete or query these nodes, a response indicating this node is not implemented will be returned over OMA DM. In OMA Client Provisioning, the request to set this node will be ignored and the configuration service provider will continue processing the rest of the nodes.
+If the configuration application tries to set, delete or query these nodes, a response indicating this node isn't implemented will be returned over OMA DM. In OMA Client Provisioning, the request to set this node will be ignored and the configuration service provider will continue processing the rest of the nodes.
-If a mobile operator requires the communication with the H-SLP to take place over a specific connection rather than a default cellular connection, then this must be configured by using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) and the [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) to map the H-SLP server with the required connection.
+If a mobile operator requires the communication with the H-SLP to take place over a specific connection rather than a default cellular connection, then this configuration must be done by using the [CM\_CellularEntries configuration service provider](cm-cellularentries-csp.md) and the [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) to map the H-SLP server with the required connection.
 ## OMA Client Provisioning examples
-Adding new configuration information for a H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
+Adding new configuration information for an H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@ -16,7 +16,7 @@ ms.date: 07/28/2017
 The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
-The following shows the SurfaceHub CSP management objects in tree format.
+The following example shows the SurfaceHub CSP management objects in tree format.
 ```
 ./Vendor/MSFT
 SurfaceHub
@ -147,12 +147,12 @@ SurfaceHub
 4. Execute the ValidateAndCommit node.
 <a href="" id="deviceaccount-domainname"></a>**DeviceAccount/DomainName**
-<p>Domain of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+<p>Domain of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
 <p>The data type is string. Supported operation is Get and Replace.
 <a href="" id="deviceaccount-username"></a>**DeviceAccount/UserName**
-<p>Username of the device account when you are using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
+<p>Username of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account.
 <p>The data type is string. Supported operation is Get and Replace.
@ -208,7 +208,7 @@ SurfaceHub
 <a href="" id="deviceaccount-errorcontext"></a>**DeviceAccount/ErrorContext**
-If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values:
+If there's an error calling ValidateAndCommit, there's another context for that error in this node. Here are the possible error values:
 | ErrorContext value | Stage where error occurred | Description and suggestions |
 | --- | --- | --- |
@ -242,7 +242,7 @@ The data type is integer. Supported operation is Get.
 <p>Added in Windows 10, version 1703. Node for the Skype for Business settings.
 <a href="" id="inboxapps-skypeforbusiness-domainname"></a>**InBoxApps/SkypeForBusiness/DomainName**
-<p>Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see <a href="/SkypeForBusiness/set-up-skype-for-business-online" data-raw-source="[Set up Skype for Business Online](/SkypeForBusiness/set-up-skype-for-business-online)">Set up Skype for Business Online</a>.
+<p>Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you're using Active Directory. For more information, see <a href="/SkypeForBusiness/set-up-skype-for-business-online" data-raw-source="[Set up Skype for Business Online](/SkypeForBusiness/set-up-skype-for-business-online)">Set up Skype for Business Online</a>.
 <p>The data type is string. Supported operation is Get and Replace.
@ -255,7 +255,7 @@ The data type is integer. Supported operation is Get.
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**
-<p>Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
+<p>Download location for image to be used as the background during user sessions and on the welcome screen. To set this location, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they're valid and installed on the Hub, otherwise it may not be able to load the image.
 <p>The data type is string. Supported operation is Get and Replace.
@ -273,17 +273,17 @@ The data type is integer. Supported operation is Get.
 <p>Node for the Whiteboard app settings.
 <a href="" id="inboxapps-whiteboard-sharingdisabled"></a>**InBoxApps/Whiteboard/SharingDisabled**
-<p>Invitations to collaborate from the Whiteboard app are not allowed.
+<p>Invitations to collaborate from the Whiteboard app aren't allowed.
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="inboxapps-whiteboard-signindisabled"></a>**InBoxApps/Whiteboard/SigninDisabled**
-<p>Sign-ins from the Whiteboard app are not allowed.
+<p>Sign-ins from the Whiteboard app aren't allowed.
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="inboxapps-whiteboard-telemetrydisabled"></a>**InBoxApps/Whiteboard/TelemeteryDisabled**
-<p>Telemetry collection from the Whiteboard app is not allowed.
+<p>Telemetry collection from the Whiteboard app isn't allowed.
 <p>The data type is boolean. Supported operation is Get and Replace.
@ -430,21 +430,21 @@ The data type is integer. Supported operation is Get.
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="properties-proxyservers"></a>**Properties/ProxyServers**
-<p>Added in <a href="https://support.microsoft.com/help/4499162" data-raw-source="[KB4499162](https://support.microsoft.com/help/4499162)">KB4499162</a> for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names, without any additional prefixes (e.g. https://).
+<p>Added in <a href="https://support.microsoft.com/help/4499162" data-raw-source="[KB4499162](https://support.microsoft.com/help/4499162)">KB4499162</a> for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This FQDN is a semi-colon separated list of server names, without any extra prefixes (for example, https://).
 <p>The data type is string. Supported operation is Get and Replace.
 <a href="" id="properties-disablesigninsuggestions"></a>**Properties/DisableSigninSuggestions**
 <p>Added in Windows 10, version 1703. Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.
-<p>If this setting is true, the sign-in dialog will not be populated. If false, the dialog will auto-populate.
+<p>If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate.
 <p>The data type is boolean. Supported operation is Get and Replace.
 <a href="" id="properties-donotshowmymeetingsandfiles"></a>**Properties/DoNotShowMyMeetingsAndFiles**
 <p>Added in Windows 10, version 1703. Specifies whether to disable the &quot;My meetings and files&quot; feature in the Start menu, which shows the signed-in user&#39;s meetings and files from Office 365.
-<p>If this setting is true, the “My meetings and files” feature will not be shown. When false, the “My meetings and files” feature will be shown.
+<p>If this setting is true, the “My meetings and files” feature won't be shown. When false, the “My meetings and files” feature will be shown.
 <p>The data type is boolean. Supported operation is Get and Replace.
@ -452,7 +452,7 @@ The data type is integer. Supported operation is Get.
 <p>Node for the Microsoft Operations Management Suite.
 <a href="" id="momagent-workspaceid"></a>**MOMAgent/WorkspaceID**
-<p>GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this to an empty string to disable the MOM agent.
+<p>GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this GUID to an empty string to disable the MOM agent.
 <p>The data type is string. Supported operation is Get and Replace.
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@ -26,11 +26,11 @@ Depending on the specific category of the settings that they control (OS or appl
 - OS settings: Computer Configuration/Administrative Templates
 - Application settings: User Configuration/Administrative Templates 
-In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are leveraged to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), is not required.
+In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are applied to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), isn't required.
-An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP does not rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
+An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP doesn't rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
-Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](./policy-configuration-service-provider.md).
+Windows maps the name and category path of a Group Policy to an MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](./policy-configuration-service-provider.md).
 <!-- [!TIP] -->
 <!--  Intune has added a number of ADMX administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows) -->
@ -62,14 +62,14 @@ The following diagram shows the settings for the "Publishing Server 2 Settings"
 ![Group Policy publisher server 2 settings.](images/group-policy-publisher-server-2-settings.png)
-Note that most Group Policies are a simple Boolean type. For a Boolean Group Policy, if you select **Enabled**, the options panel contains no data input fields and the payload of the SyncML is simply `<enabled/>`. However, if there are data input fields in the options panel, the MDM server must supply this data. The following *Enabling a Group Policy* example illustrates this complexity. In this example, 10 name-value pairs are described by `<data />` tags in the payload, which correspond to the 10 data input fields in the Group Policy Editor options panel for the "Publishing Server 2 Settings" Group Policy. The ADMX file, which defines the Group Policies, is consumed by the MDM server, similarly to how the Group Policy Editor consumes it. The Group Policy Editor displays a UI to receive the complete Group Policy instance data, which the MDM server's IT administrator console must also do. For every `<text>` element and id attribute in the ADMX policy definition, there must be a corresponding `<data />` element and id attribute in the payload. The ADMX file drives the policy definition and is required by the MDM server via the SyncML protocol.
+Most Group Policies are a simple Boolean type. For a Boolean Group Policy, if you select **Enabled**, the options panel contains no data input fields and the payload of the SyncML is simply `<enabled/>`. However, if there are data input fields in the options panel, the MDM server must supply this data. The following *Enabling a Group Policy* example illustrates this complexity. In this example, 10 name-value pairs are described by `<data />` tags in the payload, which correspond to the 10 data input fields in the Group Policy Editor options panel for the "Publishing Server 2 Settings" Group Policy. The ADMX file, which defines the Group Policies, is consumed by the MDM server, similarly to how the Group Policy Editor consumes it. The Group Policy Editor displays a UI to receive the complete Group Policy instance data, which the MDM server's IT administrator console must also do. For every `<text>` element and ID attribute in the ADMX policy definition, there must be a corresponding `<data />` element and ID attribute in the payload. The ADMX file drives the policy definition and is required by the MDM server via the SyncML protocol.
 > [!IMPORTANT]
 > Any data entry field that is displayed in the Group Policy page of the Group Policy Editor must be supplied in the encoded XML of the SyncML payload. The SyncML data payload is equivalent to the user-supplied Group Policy data through GPEdit.msc. 
 For more information about the Group Policy description format, see [Administrative Template File (ADMX) format](/previous-versions/windows/desktop/Policy/admx-schema). Elements can be Text, MultiText, Boolean, Enum, Decimal, or List (for more information, see [policy elements](/previous-versions/windows/desktop/Policy/element-elements)). 
-For example, if you search for the string, "Publishing_Server2_Name_Prompt" in both the *Enabling a policy* example and its corresponding ADMX policy definition in the appv.admx file, you will find the following occurrences:
+For example, if you search for the string, "Publishing_Server2_Name_Prompt" in both the *Enabling a policy* example and its corresponding ADMX policy definition in the appv.admx file, you'll find the following occurrences:
 Enabling a policy example:
 ```XML
@ -85,7 +85,7 @@ Appv.admx file:
 ## <a href="" id="admx-backed-policy-examples"></a>ADMX policy examples
-The following SyncML examples describe how to set a MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. Note that the functionality that this Group Policy manages is not important; it is used to illustrate only how an MDM ISV can set an ADMX policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. Note that the payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+The following SyncML examples describe how to set an MDM policy that is defined by an ADMX template, specifically the Publishing_Server2_Policy Group Policy description in the application virtualization ADMX file, appv.admx. The functionality that this Group Policy manages isn't important; it's used to illustrate only how an MDM ISV can set an ADMX policy. These SyncML examples illustrate common options and the corresponding SyncML code that can be used for testing your policies. The payload of the SyncML must be XML-encoded; for this XML encoding, you can use favorite online tool. To avoid encoding the payload, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 ### <a href="" id="enabling-a-policy"></a>Enabling a policy
@ -231,13 +231,13 @@ The following SyncML examples describe how to set a MDM policy that is defined b
 This section describes sample SyncML for the various ADMX elements like Text, Multi-Text, Decimal, Boolean, and List.
-### <a href="" id="how-a-group-policy-policy-category-path-and-name-are-mapped-to-a-mdm-area-and-policy-name"></a>How a Group Policy policy category path and name are mapped to a MDM area and policy name
+### <a href="" id="how-a-group-policy-policy-category-path-and-name-are-mapped-to-a-mdm-area-and-policy-name"></a>How a Group Policy policy category path and name are mapped to an MDM area and policy name
-Below is the internal OS mapping of a Group Policy to a MDM area and name. This is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. 
+Below is the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. 
 `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]/<area>/<policy>`
-Note that the data payload of the SyncML needs to be encoded so that it does not conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
+The data payload of the SyncML needs to be encoded so that it doesn't conflict with the boilerplate SyncML XML tags. Use this online tool for encoding and encoding the policy data [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii)
 **Snippet of manifest for AppVirtualization area:**
@ -306,7 +306,7 @@ The `text` element simply corresponds to a string and correspondingly to an edit
 ### <a href="" id="multitext-element"></a>MultiText Element
-The `multiText` element simply corresponds to a REG_MULTISZ registry string and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc.  Note that it is expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: `&#xF000;`)
+The `multiText` element simply corresponds to a REG_MULTISZ registry string and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc.  It's expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: `&#xF000;`)
 ```XML
 <policy name="Virtualization_JITVAllowList" class="Machine" displayName="$(string.Virtualization_JITVAllowList)"
@ -347,12 +347,12 @@ The `multiText` element simply corresponds to a REG_MULTISZ registry string and
 ### <a href="" id="list-element"></a>List Element (and its variations)
-The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It is best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This will give you an idea of the way the name/value pairs are stored to express it through SyncML.
+The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this element is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It's best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This location will give you an idea of the way the name/value pairs are stored to express it through SyncML.
 > [!NOTE]
-> It is expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: `&#xF000;`).
+> It's expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: `&#xF000;`).
-Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It is expected that the MDM server manages the name/value pairs. See below for a simple write up of Group Policy List.
+Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It's expected that the MDM server manages the name/value pairs. See below for a simple write-up of Group Policy List.
 **ADMX file: inetres.admx**
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@ -19,7 +19,7 @@ The UnifiedWriteFilter (UWF) configuration service provider enables the IT admin
 > **Note**  The UnifiedWriteFilter CSP is only supported in Windows 10 Enterprise and Windows 10 Education.
-The following shows the UWF configuration service provider in tree format.
+The following example shows the UWF configuration service provider in tree format.
 ```
 ./Vendor/MSFT
 UnifiedWriteFilter
@ -114,12 +114,12 @@ Setting the value
 To “move” swapfile to another volume, set the SwapfileSize property on that other volume's CSP note to non-zero.
-Currently SwapfileSize should not be relied for determining or controlling the overlay size, 
+Currently SwapfileSize shouldn't be relied for determining or controlling the overlay size, 
 <a href="" id="currentsession-maximumoverlaysize"></a>**CurrentSession/MaximumOverlaySize** or <a href="" id="nextsession-maximumoverlaysize"></a>**NextSession/MaximumOverlaySize**
 should be used for that purpose.
-:::image type="content" source="images/overlaysetting.png" alt-text="This is the overlay setting.":::
+:::image type="content" source="images/overlaysetting.png" alt-text="The overlay setting.":::
 > [!NOTE]
 > Only single swapfile is supported in current implementation and creating swapfile on specific volume will disable any other swapfile created on other volumes.
@ -141,12 +141,12 @@ Required. Indicates the maximum cache size, in megabytes, of the overlay in the
 The only supported operation is Get.
 <a href="" id="currentsession-persisitdomainsecretkey"></a>**CurrentSession/PersisitDomainSecretKey**  
-Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 The only supported operation is Get.
 <a href="" id="currentsession-persisttscal"></a>**CurrentSession/PersistTSCAL**  
-Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 The only supported operation is Get.
@ -180,7 +180,7 @@ Required. Indicates the type of binding that the volume uses in the current sess
 The only supported operation is Get.
 <a href="" id="currentsession-volume-volume-driveletter"></a>**CurrentSession/Volume/*Volume*/DriveLetter**  
-Required. The drive letter of the volume. If the volume does not have a drive letter, this value is NULL.
+Required. The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL.
 The only supported operation is Get.
@ -203,7 +203,7 @@ Required. This method deletes the specified file and commits the deletion to the
 Supported operations are Get and Execute.
 <a href="" id="currentsession-shutdownpending"></a>**CurrentSession/ShutdownPending**  
-Required. This value is True if the system is pending on shutdown. Otherwise, it is False.
+Required. This value is True if the system is pending on shutdown. Otherwise, it's False.
 The only supported operation is Get.
@ -243,12 +243,12 @@ Required. Indicates the maximum cache size, in megabytes, of the overlay for the
 Supported operations are Get and Replace.
 <a href="" id="nextsession-persisitdomainsecretkey"></a>**NextSession/PersisitDomainSecretKey**  
-Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 Supported operations are Get and Replace.
 <a href="" id="nextsession-persisttscal"></a>**NextSession/PersistTSCAL**  
-Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key is not in the exclusion list, changes do not persist after a restart.
+Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart.
 Supported operations are Get and Replace.
@ -286,7 +286,7 @@ Required. Indicates the type of binding that the volume uses in the next session
 Supported operations are Get and Replace.
 <a href="" id="nextsession-volume-volume-driveletter"></a>**NextSession/Volume/*Volume*/DriveLetter**  
-The drive letter of the volume. If the volume does not have a drive letter, this value is NULL.
+The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL.
 The only supported operation is Get.
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@ -19,7 +19,7 @@ The Update configuration service provider enables IT administrators to manage an
 > [!NOTE]
 > The Update CSP functionality of 'ApprovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies.
-The following shows the Update configuration service provider in tree format.
+The following example shows the Update configuration service provider in tree format.
 ```
 ./Vendor/MSFT/Update
@ -62,9 +62,9 @@ The following shows the Update configuration service provider in tree format.
 > [!NOTE]
 > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
-<p>The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It&#39;s possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.
+<p>The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this presentation is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It&#39;s possible for multiple updates to share the same EULA. It's only necessary to approve the EULA once per EULA ID, not one per update.
-<p>The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (i.e., updates to the virus and spyware definitions on devices) and Security Updates (i.e., product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
+<p>The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
 > [!NOTE]
 > For the Windows 10 build, the client may need to reboot after additional updates are added.
@ -74,7 +74,7 @@ The following shows the Update configuration service provider in tree format.
 <a href="" id="approvedupdates-approved-update-guid"></a>**ApprovedUpdates/_Approved Update Guid_**
 <p>Specifies the update GUID.
-<p>To auto-approve a class of updates, you can specify the <a href="/previous-versions/windows/desktop/ff357803(v=vs.85)" data-raw-source="[Update Classifications](/previous-versions/windows/desktop/ff357803(v=vs.85))">Update Classifications</a> GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
+<p>To auto-approve a class of updates, you can specify the <a href="/previous-versions/windows/desktop/ff357803(v=vs.85)" data-raw-source="[Update Classifications](/previous-versions/windows/desktop/ff357803(v=vs.85))">Update Classifications</a> GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
 <p>Supported operations are Get and Add.
@ -130,7 +130,7 @@ The following shows the Update configuration service provider in tree format.
 <p>Supported operation is Get.
 <a href="" id="installableupdates"></a>**InstallableUpdates**
-<p>The updates that are applicable and not yet installed on the device. This includes updates that are not yet approved.
+<p>The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved.
 <p>Supported operation is Get.
@ -193,7 +193,7 @@ Added in Windows 10, version 1803. Roll back latest Quality Update, if the machi
 - Condition 2: Device must be in a Paused State
 - Condition 3: Device must have the Latest Quality Update installed on the device (Current State)
-If the conditions are not true, the device will not Roll Back the Latest Quality Update.
+If the conditions aren't true, the device won't Roll Back the Latest Quality Update.
 <a href="" id="rollback-featureupdate"></a>**Rollback/FeatureUpdate**
 Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions:
@ -206,7 +206,7 @@ Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machi
 > [!NOTE]
 > This only works for General Availability Channel Targeted devices.
-If the conditions are not true, the device will not Roll Back the Latest Feature Update.
+If the conditions aren't true, the device won't Roll Back the Latest Feature Update.
 <a href="" id="rollback-qualityupdatestatus"></a>**Rollback/QualityUpdateStatus**
 Added in Windows 10, version 1803. Returns the result of last RollBack QualityUpdate operation.
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@ -1,6 +1,6 @@
 ---
 title: Using PowerShell scripting with the WMI Bridge Provider
-description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the WMI Bridge Provider.
+description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
 ms.assetid: 238D45AD-3FD8-46F9-B7FB-6AEE42BE4C08
 ms.reviewer: 
 manager: dansimp
@ -14,7 +14,7 @@ ms.date: 06/26/2017
 # Using PowerShell scripting with the WMI Bridge Provider
-This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, as well as how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
+This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 ## Configuring per-device policy settings
@ -89,7 +89,7 @@ class MDM_Policy_User_Config01_Authentication02
-If accessing or modifying settings for a different user, then the PowerShell script is more complicated because the WMI Bridge expects the user SID to be set in MI Custom Context, which is not supported in native PowerShell cmdlets.
+If accessing or modifying settings for a different user, then the PowerShell script is more complicated because the WMI Bridge expects the user SID to be set in MI Custom Context, which isn't supported in native PowerShell cmdlets.
 > **Note**   All commands must executed under local system.