From dafbfa07a6e957c0f2c6da844055fb4072bd6c42 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Tue, 29 Aug 2023 17:41:54 -0400
Subject: [PATCH 1/3] August CSP Updates

---
 .../mdm/accountmanagement-csp.md              | 315 ++++++++++++---
 .../mdm/accountmanagement-ddf.md              | 369 ++++++++++--------
 .../mdm/clouddesktop-ddf-file.md              |   6 +-
 windows/client-management/mdm/defender-csp.md |  79 +++-
 windows/client-management/mdm/defender-ddf.md |  74 +++-
 windows/client-management/mdm/euiccs-csp.md   |  38 +-
 .../client-management/mdm/euiccs-ddf-file.md  |  38 +-
 .../mdm/policies-in-policy-csp-admx-backed.md |   7 +-
 ...in-policy-csp-supported-by-group-policy.md |   7 +-
 ...-in-policy-csp-supported-by-surface-hub.md |   3 +-
 .../policy-configuration-service-provider.md  |   4 +-
 .../mdm/policy-csp-cryptography.md            |   6 +-
 .../mdm/policy-csp-fileexplorer.md            |   6 +-
 .../mdm/policy-csp-filesystem.md              | 135 +++++++
 .../mdm/policy-csp-mixedreality.md            | 106 ++++-
 .../client-management/mdm/policy-csp-start.md |  66 +++-
 .../mdm/policy-csp-windowsai.md               |  95 +++++
 windows/client-management/mdm/toc.yml         |   4 +
 18 files changed, 1070 insertions(+), 288 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-filesystem.md
 create mode 100644 windows/client-management/mdm/policy-csp-windowsai.md

diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 9863ad1ccf..4fdc019a91 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -1,81 +1,304 @@
 ---
 title: AccountManagement CSP
-description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
+description: Learn more about the AccountManagement CSP.
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 08/29/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2018
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- AccountManagement-Begin -->
 # AccountManagement CSP
 
-AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
+<!-- AccountManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition.
 
 > [!NOTE]
 > The AccountManagement CSP is only supported in Windows Holographic for Business edition.
+<!-- AccountManagement-Editable-End -->
 
-The following syntax shows the AccountManagement configuration service provider in tree format.
+<!-- AccountManagement-Tree-Begin -->
+The following list shows the AccountManagement configuration service provider nodes:
 
-```console
-./Vendor/MSFT
-AccountManagement
-----UserProfileManagement
---------EnableProfileManager
---------DeletionPolicy
---------StorageCapacityStartDeletion
---------StorageCapacityStopDeletion
---------ProfileInactivityThreshold
+- ./Device/Vendor/MSFT/AccountManagement
+  - [UserProfileManagement](#userprofilemanagement)
+    - [DeletionPolicy](#userprofilemanagementdeletionpolicy)
+    - [EnableProfileManager](#userprofilemanagementenableprofilemanager)
+    - [ProfileInactivityThreshold](#userprofilemanagementprofileinactivitythreshold)
+    - [StorageCapacityStartDeletion](#userprofilemanagementstoragecapacitystartdeletion)
+    - [StorageCapacityStopDeletion](#userprofilemanagementstoragecapacitystopdeletion)
+<!-- AccountManagement-Tree-End -->
+
+<!-- Device-UserProfileManagement-Begin -->
+## UserProfileManagement
+
+<!-- Device-UserProfileManagement-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-Applicability-End -->
+
+<!-- Device-UserProfileManagement-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement
 ```
+<!-- Device-UserProfileManagement-OmaUri-End -->
 
-<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**
-Root node for the AccountManagement configuration service provider.
+<!-- Device-UserProfileManagement-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- Device-UserProfileManagement-Description-End -->
 
-<a href="" id="accountmanagement-userprofilemanagemen-enableprofilemanager"></a>**UserProfileManagement**
-Interior node.
+<!-- Device-UserProfileManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-Editable-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**
-Enable profile lifetime management for shared or communal device scenarios. Default value is false.
+<!-- Device-UserProfileManagement-DFProperties-Begin -->
+**Description framework properties**:
 
-Supported operations are Add, Get, Replace, and Delete.
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+<!-- Device-UserProfileManagement-DFProperties-End -->
 
-Value type is bool.
+<!-- Device-UserProfileManagement-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-Examples-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystartdeletion"></a>**UserProfileManagement/DeletionPolicy**
-Configures when profiles will be deleted. Default value is 1.
+<!-- Device-UserProfileManagement-End -->
 
-Valid values:
+<!-- Device-UserProfileManagement-DeletionPolicy-Begin -->
+### UserProfileManagement/DeletionPolicy
 
--  0 - delete immediately when the device returns to a state with no currently active users
--  1 - delete at storage capacity threshold
--  2 - delete at both storage capacity threshold and profile inactivity threshold
+<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-End -->
 
-Supported operations are Add, Get, Replace, and Delete.
+<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/DeletionPolicy
+```
+<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-End -->
 
-Value type is integer.
+<!-- Device-UserProfileManagement-DeletionPolicy-Description-Begin -->
+<!-- Description-Source-DDF -->
+Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).
+<!-- Device-UserProfileManagement-DeletionPolicy-Description-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStartDeletion**
-Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
+<!-- Device-UserProfileManagement-DeletionPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-DeletionPolicy-Editable-End -->
 
-Supported operations are Add, Get, Replace, and Delete.
+<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-Begin -->
+**Description framework properties**:
 
-Value type is integer.
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStopDeletion**
-Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
+<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-Begin -->
+**Allowed values**:
 
-Supported operations are Add, Get, Replace, and Delete.
+| Value | Description |
+|:--|:--|
+| 0 | Delete immediately upon device returning to a state with no currently active users). |
+| 1 (Default) | Delete at storage capacity threshold. |
+| 2 | Delete at both storage capacity threshold and profile inactivity threshold. |
+<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-End -->
 
-Value type is integer.
+<!-- Device-UserProfileManagement-DeletionPolicy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-DeletionPolicy-Examples-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-profileinactivitythreshold"></a>**UserProfileManagement/ProfileInactivityThreshold**
-Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
+<!-- Device-UserProfileManagement-DeletionPolicy-End -->
 
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+<!-- Device-UserProfileManagement-EnableProfileManager-Begin -->
+### UserProfileManagement/EnableProfileManager
 
-## Related topics
+<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-End -->
 
-[Configuration service provider reference](index.yml)
+<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/EnableProfileManager
+```
+<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enable profile lifetime mangement for shared or communal device scenarios.
+<!-- Device-UserProfileManagement-EnableProfileManager-Description-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-EnableProfileManager-Editable-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | false |
+<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | False. |
+| true | True. |
+<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-EnableProfileManager-Examples-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Begin -->
+### UserProfileManagement/ProfileInactivityThreshold
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/ProfileInactivityThreshold
+```
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-Begin -->
+<!-- Description-Source-DDF -->
+Start deleting profiles when they haven't been logged-on during the specified period, given as number of days.
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 30 |
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Begin -->
+### UserProfileManagement/StorageCapacityStartDeletion
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStartDeletion
+```
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-Begin -->
+<!-- Description-Source-DDF -->
+Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 25 |
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Begin -->
+### UserProfileManagement/StorageCapacityStopDeletion
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStopDeletion
+```
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-Begin -->
+<!-- Description-Source-DDF -->
+Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 50 |
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-End -->
+
+<!-- AccountManagement-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- AccountManagement-CspMoreInfo-End -->
+
+<!-- AccountManagement-End -->
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index c6ec83beff..7589b07ab4 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -1,203 +1,232 @@
 ---
 title: AccountManagement DDF file
-description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
+description: View the XML file containing the device description framework (DDF) for the AccountManagement configuration service provider.
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 08/29/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2018
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
 # AccountManagement DDF file
 
-This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
-
-The XML below is for Windows 10, version 1803.
+The following XML file contains the device description framework (DDF) for the AccountManagement configuration service provider.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
   <VerDTD>1.2</VerDTD>
+  <MSFT:Diagnostics>
+  </MSFT:Diagnostics>
+  <Node>
+    <NodeName>AccountManagement</NodeName>
+    <Path>./Device/Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME />
+      </DFType>
+      <MSFT:Applicability>
+        <MSFT:OsBuildVersion>10.0.19041</MSFT:OsBuildVersion>
+        <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        <MSFT:EditionAllowList>0x88;</MSFT:EditionAllowList>
+      </MSFT:Applicability>
+    </DFProperties>
+    <Node>
+      <NodeName>UserProfileManagement</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName />
+        </DFType>
+      </DFProperties>
       <Node>
-        <NodeName>AccountManagement</NodeName>
-        <Path>./Device/Vendor/MSFT</Path>
+        <NodeName>EnableProfileManager</NodeName>
         <DFProperties>
           <AccessType>
+            <Add />
+            <Delete />
             <Get />
+            <Replace />
           </AccessType>
+          <DefaultValue>false</DefaultValue>
+          <Description>Enable profile lifetime mangement for shared or communal device scenarios.</Description>
           <DFFormat>
-            <node />
+            <bool />
           </DFFormat>
           <Occurrence>
-            <One />
+            <ZeroOrOne />
           </Occurrence>
           <Scope>
-            <Permanent />
+            <Dynamic />
           </Scope>
+          <DFTitle>Enable profile manager</DFTitle>
           <DFType>
-            <MIME>com.microsoft/1.0/MDM/AccountManagement</MIME>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>false</MSFT:Value>
+              <MSFT:ValueDescription>False</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>true</MSFT:Value>
+              <MSFT:ValueDescription>True</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>DeletionPolicy</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>1</DefaultValue>
+          <Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Profile deletion policy</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Delete immediately upon device returning to a state with no currently active users)</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Delete at storage capacity threshold</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>2</MSFT:Value>
+              <MSFT:ValueDescription>Delete at both storage capacity threshold and profile inactivity threshold</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>StorageCapacityStartDeletion</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>25</DefaultValue>
+          <Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
+          <DFType>
+            <MIME />
           </DFType>
         </DFProperties>
-        <Node>
-          <NodeName>UserProfileManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DFFormat>
-              <node />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <DDFName></DDFName>
-            </DFType>
-          </DFProperties>
-          <Node>
-            <NodeName>EnableProfileManager</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>false</DefaultValue>
-              <Description>Enable profile lifetime management for shared or communal device scenarios.</Description>
-              <DFFormat>
-                <bool />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Enable profile manager</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>DeletionPolicy</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>1</DefaultValue>
-              <Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Profile deletion policy</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>StorageCapacityStartDeletion</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>25</DefaultValue>
-              <Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>StorageCapacityStopDeletion</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>50</DefaultValue>
-              <Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>ProfileInactivityThreshold</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>30</DefaultValue>
-              <Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Profile inactive threshold</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-        </Node>
       </Node>
+      <Node>
+        <NodeName>StorageCapacityStopDeletion</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>50</DefaultValue>
+          <Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>ProfileInactivityThreshold</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>30</DefaultValue>
+          <Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Profile inactive threshold</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+    </Node>
+  </Node>
 </MgmtTree>
 ```
 
-## Related topics
+## Related articles
 
-[AccountManagement configuration service provider](accountmanagement-csp.md)
\ No newline at end of file
+[AccountManagement configuration service provider reference](accountmanagement-csp.md)
diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md
index d2884cb925..8128e3e6e5 100644
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 07/25/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the C
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>22631.2050</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -60,7 +60,7 @@ The following XML file contains the device description framework (DDF) for the C
           <Replace />
         </AccessType>
         <DefaultValue>false</DefaultValue>
-        <Description>Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling boot to cloud shared pc feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.</Description>
+        <Description>Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.</Description>
         <DFFormat>
           <bool />
         </DFFormat>
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index f526723268..fb4186237a 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -57,6 +57,7 @@ The following list shows the Defender configuration service provider nodes:
     - [DisableInboundConnectionFiltering](#configurationdisableinboundconnectionfiltering)
     - [DisableLocalAdminMerge](#configurationdisablelocaladminmerge)
     - [DisableNetworkProtectionPerfTelemetry](#configurationdisablenetworkprotectionperftelemetry)
+    - [DisableQuicParsing](#configurationdisablequicparsing)
     - [DisableRdpParsing](#configurationdisablerdpparsing)
     - [DisableSmtpParsing](#configurationdisablesmtpparsing)
     - [DisableSshParsing](#configurationdisablesshparsing)
@@ -492,7 +493,7 @@ Define the retention period in days of how much time the evidence data will be k
 
 <!-- Device-Configuration-DataDuplicationMaximumQuota-Description-Begin -->
 <!-- Description-Source-DDF -->
-Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum.
+Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.
 <!-- Device-Configuration-DataDuplicationMaximumQuota-Description-End -->
 
 <!-- Device-Configuration-DataDuplicationMaximumQuota-Editable-Begin -->
@@ -504,8 +505,10 @@ Defines the maximum data duplication quota in MB that can be collected. When the
 
 | Property name | Property value |
 |:--|:--|
-| Format | `chr` (string) |
+| Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[5-5000]` |
+| Default Value  | 500 |
 <!-- Device-Configuration-DataDuplicationMaximumQuota-DFProperties-End -->
 
 <!-- Device-Configuration-DataDuplicationMaximumQuota-Examples-Begin -->
@@ -570,7 +573,7 @@ Define data duplication remote location for device control.
 
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-Begin -->
 <!-- Description-Source-DDF -->
-Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days.
+Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-End -->
 
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Editable-Begin -->
@@ -584,7 +587,7 @@ Configure how many days can pass before an aggressive quick scan is triggered. T
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0,7-60]` |
+| Allowed Values | Range: `[7-60]` |
 | Default Value  | 25 |
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-DFProperties-End -->
 
@@ -989,10 +992,20 @@ Defines whether the cache maintenance idle task will perform the cache maintenan
 
 | Property name | Property value |
 |:--|:--|
-| Format | `chr` (string) |
+| Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
 <!-- Device-Configuration-DisableCacheMaintenance-DFProperties-End -->
 
+<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Cache maintenance is disabled. |
+| 0 (Default) | Cache maintenance is enabled (default). |
+<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-End -->
+
 <!-- Device-Configuration-DisableCacheMaintenance-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-Configuration-DisableCacheMaintenance-Examples-End -->
@@ -1489,6 +1502,55 @@ This setting disables the gathering and send of performance telemetry from Netwo
 
 <!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-End -->
 
+<!-- Device-Configuration-DisableQuicParsing-Begin -->
+### Configuration/DisableQuicParsing
+
+<!-- Device-Configuration-DisableQuicParsing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-DisableQuicParsing-Applicability-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DisableQuicParsing
+```
+<!-- Device-Configuration-DisableQuicParsing-OmaUri-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting disables QUIC Parsing for Network Protection.
+<!-- Device-Configuration-DisableQuicParsing-Description-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableQuicParsing-Editable-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-DisableQuicParsing-DFProperties-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | QUIC parsing is disabled. |
+| 0 (Default) | QUIC parsing is enabled. |
+<!-- Device-Configuration-DisableQuicParsing-AllowedValues-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableQuicParsing-Examples-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-End -->
+
 <!-- Device-Configuration-DisableRdpParsing-Begin -->
 ### Configuration/DisableRdpParsing
 
@@ -1916,6 +1978,7 @@ Allows an administrator to explicitly disable network packet inspection made by
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
 <!-- Device-Configuration-ExcludedIpAddresses-DFProperties-End -->
 
 <!-- Device-Configuration-ExcludedIpAddresses-Examples-Begin -->
@@ -2203,7 +2266,7 @@ Setting to control automatic remediation for Sense scans.
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 0 |
+| Default Value  | 0x0 |
 <!-- Device-Configuration-PassiveRemediation-DFProperties-End -->
 
 <!-- Device-Configuration-PassiveRemediation-AllowedValues-Begin -->
@@ -2211,6 +2274,7 @@ Setting to control automatic remediation for Sense scans.
 
 | Flag | Description |
 |:--|:--|
+| 0x0 (Default) | Passive Remediation is turned off (default). |
 | 0x1 | PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation. |
 | 0x2 | PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit. |
 | 0x4 | PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation. |
@@ -2494,6 +2558,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
 <!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-End -->
 
 <!-- Device-Configuration-SecuredDevicesConfiguration-Examples-Begin -->
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 00b7d76777..22e2b101f9 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/02/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1060,6 +1060,7 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="None">
+            <MSFT:List Delimiter="|" />
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
@@ -2194,7 +2195,7 @@ The following XML file contains the device description framework (DDF) for the D
             <Replace />
           </AccessType>
           <DefaultValue>25</DefaultValue>
-          <Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days.</Description>
+          <Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.</Description>
           <DFFormat>
             <int />
           </DFFormat>
@@ -2212,7 +2213,7 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="Range">
-            <MSFT:Value>[0,7-60]</MSFT:Value>
+            <MSFT:Value>[7-60]</MSFT:Value>
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
@@ -2333,6 +2334,7 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="None">
+            <MSFT:List Delimiter="|" />
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
@@ -2345,9 +2347,10 @@ The following XML file contains the device description framework (DDF) for the D
             <Get />
             <Replace />
           </AccessType>
-          <Description>Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum.</Description>
+          <DefaultValue>500</DefaultValue>
+          <Description>Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.</Description>
           <DFFormat>
-            <chr />
+            <int />
           </DFFormat>
           <Occurrence>
             <One />
@@ -2362,7 +2365,8 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="Range">
+            <MSFT:Value>[5-5000]</MSFT:Value>
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
@@ -2487,7 +2491,7 @@ The following XML file contains the device description framework (DDF) for the D
             <Get />
             <Replace />
           </AccessType>
-          <DefaultValue>0</DefaultValue>
+          <DefaultValue>0x0</DefaultValue>
           <Description>Setting to control automatic remediation for Sense scans.</Description>
           <DFFormat>
             <int />
@@ -2506,6 +2510,10 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="Flag">
+            <MSFT:Enum>
+              <MSFT:Value>0x0</MSFT:Value>
+              <MSFT:ValueDescription>Passive Remediation is turned off (default)</MSFT:ValueDescription>
+            </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>0x1</MSFT:Value>
               <MSFT:ValueDescription>PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation</MSFT:ValueDescription>
@@ -2603,6 +2611,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DisableQuicParsing</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting disables QUIC Parsing for Network Protection.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>QUIC parsing is disabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>QUIC parsing is enabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>AllowSwitchToAsyncInspection</NodeName>
         <DFProperties>
@@ -2729,9 +2776,10 @@ The following XML file contains the device description framework (DDF) for the D
             <Get />
             <Replace />
           </AccessType>
+          <DefaultValue>0</DefaultValue>
           <Description>Defines whether the cache maintenance idle task will perform the cache maintenance or not.</Description>
           <DFFormat>
-            <chr />
+            <int />
           </DFFormat>
           <Occurrence>
             <One />
@@ -2746,7 +2794,15 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Cache maintenance is disabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Cache maintenance is enabled (default)</MSFT:ValueDescription>
+            </MSFT:Enum>
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 4ff3f47d51..3933d2fb17 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the eUICCs CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -108,7 +108,7 @@ Represents information associated with an eUICC. There is one subtree for each k
 
 <!-- Device-{eUICC}-Actions-Description-Begin -->
 <!-- Description-Source-DDF -->
-Actions that can be performed on the eUICC as a whole (when it's active).
+Actions that can be performed on the eUICC as a whole.
 <!-- Device-{eUICC}-Actions-Description-End -->
 
 <!-- Device-{eUICC}-Actions-Editable-Begin -->
@@ -147,7 +147,7 @@ Actions that can be performed on the eUICC as a whole (when it's active).
 
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-Begin -->
 <!-- Description-Source-DDF -->
-An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
+This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-End -->
 
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Editable-Begin -->
@@ -226,7 +226,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE
 
 <!-- Device-{eUICC}-DownloadServers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Represents default SM-DP+ discovery requests.
+Represents servers used for bulk provisioning and eSIM discovery.
 <!-- Device-{eUICC}-DownloadServers-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-Editable-Begin -->
@@ -265,7 +265,7 @@ Represents default SM-DP+ discovery requests.
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-Begin -->
 <!-- Description-Source-DDF -->
-Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
+Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Editable-Begin -->
@@ -353,7 +353,7 @@ Indicates whether the discovered profile must be enabled automatically after ins
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-Begin -->
 <!-- Description-Source-DDF -->
-Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
+Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Editable-Begin -->
@@ -393,7 +393,7 @@ Current state of the discovery operation for the parent ServerName (Requested =
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the server is a discovery server. Optional, default value is false.
+Indicates whether the server is a discovery server or if it's used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Editable-Begin -->
@@ -442,7 +442,7 @@ Indicates whether the server is a discovery server. Optional, default value is f
 
 <!-- Device-{eUICC}-Identifier-Description-Begin -->
 <!-- Description-Source-DDF -->
-The EID.
+The unique eUICC identifier (EID).
 <!-- Device-{eUICC}-Identifier-Description-End -->
 
 <!-- Device-{eUICC}-Identifier-Editable-Begin -->
@@ -560,7 +560,7 @@ Device policies associated with the eUICC as a whole (not per-profile).
 
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
+Determines whether or not the user can make changes to the eSIM through the user interface.
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-End -->
 
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Editable-Begin -->
@@ -609,7 +609,7 @@ Determines whether the local user interface of the LUI is available (true if ava
 
 <!-- Device-{eUICC}-PPR1Allowed-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
+Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
 <!-- Device-{eUICC}-PPR1Allowed-Description-End -->
 
 <!-- Device-{eUICC}-PPR1Allowed-Editable-Begin -->
@@ -648,7 +648,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h
 
 <!-- Device-{eUICC}-PPR1AlreadySet-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the eUICC has already a profile with PPR1.
+Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).
 <!-- Device-{eUICC}-PPR1AlreadySet-Description-End -->
 
 <!-- Device-{eUICC}-PPR1AlreadySet-Editable-Begin -->
@@ -687,7 +687,7 @@ Indicates whether the eUICC has already a profile with PPR1.
 
 <!-- Device-{eUICC}-Profiles-Description-Begin -->
 <!-- Description-Source-DDF -->
-Represents all enterprise-owned profiles.
+Represents all enterprise-owned eSIM profiles.
 <!-- Device-{eUICC}-Profiles-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-Editable-Begin -->
@@ -726,7 +726,7 @@ Represents all enterprise-owned profiles.
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-Description-Begin -->
 <!-- Description-Source-DDF -->
-Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
+Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
 <!-- Device-{eUICC}-Profiles-{ICCID}-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-Editable-Begin -->
@@ -806,7 +806,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.
+Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Editable-Begin -->
@@ -854,7 +854,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-Begin -->
 <!-- Description-Source-DDF -->
-Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
+Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Editable-Begin -->
@@ -894,7 +894,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-Begin -->
 <!-- Description-Source-DDF -->
-This profile policy rule indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
+Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Editable-Begin -->
@@ -933,7 +933,7 @@ This profile policy rule indicates whether disabling of this profile isn't allow
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-Begin -->
 <!-- Description-Source-DDF -->
-This profile policy rule indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
+Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Editable-Begin -->
@@ -972,7 +972,7 @@ This profile policy rule indicates whether deletion of this profile isn't allowe
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-Begin -->
 <!-- Description-Source-DDF -->
-Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
+Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Editable-Begin -->
@@ -1011,7 +1011,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-Begin -->
 <!-- Description-Source-DDF -->
-Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
+Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Editable-Begin -->
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index d1293442b4..5a070577f7 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -84,7 +84,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>The EID.</Description>
+          <Description>The unique eUICC identifier (EID).</Description>
           <DFFormat>
             <chr />
           </DFFormat>
@@ -129,7 +129,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
+          <Description>Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
           <DFFormat>
             <bool />
           </DFFormat>
@@ -150,7 +150,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Indicates whether the eUICC has already a profile with PPR1.</Description>
+          <Description>Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).</Description>
           <DFFormat>
             <bool />
           </DFFormat>
@@ -171,7 +171,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Represents default SM-DP+ discovery requests.</Description>
+          <Description>Represents servers used for bulk provisioning and eSIM discovery.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -199,7 +199,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Get />
               <Replace />
             </AccessType>
-            <Description>Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.</Description>
+            <Description>Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.</Description>
             <DFFormat>
               <node />
             </DFFormat>
@@ -224,7 +224,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
               </AccessType>
               <DefaultValue>1</DefaultValue>
-              <Description>Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.</Description>
+              <Description>Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -281,7 +281,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Replace />
               </AccessType>
               <DefaultValue>false</DefaultValue>
-              <Description>Indicates whether the server is a discovery server. Optional, default value is false.</Description>
+              <Description>Indicates whether the server is a discovery server or if it is used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -318,7 +318,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Represents all enterprise-owned profiles.</Description>
+          <Description>Represents all enterprise-owned eSIM profiles.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -342,7 +342,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Get />
               <Replace />
             </AccessType>
-            <Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
+            <Description>Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
             <DFFormat>
               <node />
             </DFFormat>
@@ -368,7 +368,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
+              <Description>Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -396,7 +396,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
+              <Description>Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -424,7 +424,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
               </AccessType>
               <DefaultValue>1</DefaultValue>
-              <Description>Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.</Description>
+              <Description>Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -447,7 +447,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.</Description>
+              <Description>Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -482,7 +482,7 @@ The following XML file contains the device description framework (DDF) for the e
               <AccessType>
                 <Get />
               </AccessType>
-              <Description>This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
+              <Description>Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -503,7 +503,7 @@ The following XML file contains the device description framework (DDF) for the e
               <AccessType>
                 <Get />
               </AccessType>
-              <Description>This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
+              <Description>Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -570,7 +570,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Replace />
             </AccessType>
             <DefaultValue>true</DefaultValue>
-            <Description>Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.</Description>
+            <Description>Determines whether or not the user can make changes to the eSIM through the user interface.</Description>
             <DFFormat>
               <bool />
             </DFFormat>
@@ -602,7 +602,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Actions that can be performed on the eUICC as a whole (when it is active).</Description>
+          <Description>Actions that can be performed on the eUICC as a whole.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -622,7 +622,7 @@ The following XML file contains the device description framework (DDF) for the e
             <AccessType>
               <Exec />
             </AccessType>
-            <Description>An EXECUTE on this node triggers the  LPA to perform an eUICC Memory Reset.</Description>
+            <Description>This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.</Description>
             <DFFormat>
               <chr />
             </DFFormat>
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index b1d980b61f..d949612f72 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/07/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2182,6 +2182,11 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TurnOffDataExecutionPreventionForExplorer](policy-csp-fileexplorer.md)
 - [TurnOffHeapTerminationOnCorruption](policy-csp-fileexplorer.md)
 
+## FileSystem
+
+- [EnableDevDrive](policy-csp-filesystem.md)
+- [DevDriveAttachPolicy](policy-csp-filesystem.md)
+
 ## InternetExplorer
 
 - [AddSearchProvider](policy-csp-internetexplorer.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 28d800cc4a..5f25eb4ff5 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -634,6 +634,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [HideRecommendedSection](policy-csp-start.md)
 - [HideRecommendedPersonalizedSites](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
+- [HideCopilotButton](policy-csp-start.md)
 - [DisableControlCenter](policy-csp-start.md)
 - [SimplifyQuickSettings](policy-csp-start.md)
 - [DisableEditingQuickSettings](policy-csp-start.md)
@@ -836,6 +837,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md)
 - [AllowInternetSharing](policy-csp-wifi.md)
 
+## WindowsAI
+
+- [TurnOffWindowsCopilot](policy-csp-windowsai.md)
+
 ## WindowsDefenderSecurityCenter
 
 - [CompanyName](policy-csp-windowsdefendersecuritycenter.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index ac553b2f8e..f0e33b1fda 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Windows 10 Team
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -263,6 +263,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 
 ## Start
 
+- [HideCopilotButton](policy-csp-start.md#hidecopilotbutton)
 - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites)
 - [StartLayout](policy-csp-start.md#startlayout)
 
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 27e164c141..f7695f6a8a 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4,7 +4,7 @@ description: Learn more about the Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1118,6 +1118,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [ExploitGuard](policy-csp-exploitguard.md)
 - [FederatedAuthentication](policy-csp-federatedauthentication.md)
 - [FileExplorer](policy-csp-fileexplorer.md)
+- [FileSystem](policy-csp-filesystem.md)
 - [Games](policy-csp-games.md)
 - [Handwriting](policy-csp-handwriting.md)
 - [HumanPresence](policy-csp-humanpresence.md)
@@ -1175,6 +1176,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [VirtualizationBasedTechnology](policy-csp-virtualizationbasedtechnology.md)
 - [WebThreatDefense](policy-csp-webthreatdefense.md)
 - [Wifi](policy-csp-wifi.md)
+- [WindowsAI](policy-csp-windowsai.md)
 - [WindowsAutopilot](policy-csp-windowsautopilot.md)
 - [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
 - [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 26ad80a56b..a5874803b9 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -4,7 +4,7 @@ description: Learn more about the Cryptography Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -228,7 +228,6 @@ Override minimal enabled TLS version for client role. Last write wins.
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1.0 |
 <!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-End -->
 
 <!-- OverrideMinimumEnabledDTLSVersionClient-Examples-Begin -->
@@ -268,7 +267,6 @@ Override minimal enabled TLS version for server role. Last write wins.
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1.0 |
 <!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-End -->
 
 <!-- OverrideMinimumEnabledDTLSVersionServer-Examples-Begin -->
@@ -308,7 +306,6 @@ Override minimal enabled TLS version for client role. Last write wins.
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1.0 |
 <!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-End -->
 
 <!-- OverrideMinimumEnabledTLSVersionClient-Examples-Begin -->
@@ -348,7 +345,6 @@ Override minimal enabled TLS version for server role. Last write wins.
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 1.0 |
 <!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-End -->
 
 <!-- OverrideMinimumEnabledTLSVersionServer-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 3be567246d..8c51b03f44 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the FileExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -167,8 +167,8 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | File Explorer will request cloud file metadata and display it in the Quick access view. |
-| 1 | File Explorer won't request cloud file metadata or display it in the Quick access view. |
+| 0 (Default) | File Explorer will request cloud file metadata and display it in the homepage and other views. |
+| 1 | File Explorer won't request cloud file metadata or display it in the homepage or other views. |
 <!-- DisableGraphRecentItems-AllowedValues-End -->
 
 <!-- DisableGraphRecentItems-GpMapping-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
new file mode 100644
index 0000000000..98bb86e6a8
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -0,0 +1,135 @@
+---
+title: FileSystem Policy CSP
+description: Learn more about the FileSystem Area in Policy CSP.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/29/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- FileSystem-Begin -->
+# Policy CSP - FileSystem
+
+[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- FileSystem-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- FileSystem-Editable-End -->
+
+<!-- DevDriveAttachPolicy-Begin -->
+## DevDriveAttachPolicy
+
+<!-- DevDriveAttachPolicy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DevDriveAttachPolicy-Applicability-End -->
+
+<!-- DevDriveAttachPolicy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/FileSystem/DevDriveAttachPolicy
+```
+<!-- DevDriveAttachPolicy-OmaUri-End -->
+
+<!-- DevDriveAttachPolicy-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- DevDriveAttachPolicy-Description-End -->
+
+<!-- DevDriveAttachPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DevDriveAttachPolicy-Editable-End -->
+
+<!-- DevDriveAttachPolicy-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DevDriveAttachPolicy-DFProperties-End -->
+
+<!-- DevDriveAttachPolicy-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DevDriveAttachPolicy |
+| ADMX File Name | filtermanager.admx |
+<!-- DevDriveAttachPolicy-AdmxBacked-End -->
+
+<!-- DevDriveAttachPolicy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DevDriveAttachPolicy-Examples-End -->
+
+<!-- DevDriveAttachPolicy-End -->
+
+<!-- EnableDevDrive-Begin -->
+## EnableDevDrive
+
+<!-- EnableDevDrive-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- EnableDevDrive-Applicability-End -->
+
+<!-- EnableDevDrive-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/FileSystem/EnableDevDrive
+```
+<!-- EnableDevDrive-OmaUri-End -->
+
+<!-- EnableDevDrive-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- EnableDevDrive-Description-End -->
+
+<!-- EnableDevDrive-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableDevDrive-Editable-End -->
+
+<!-- EnableDevDrive-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- EnableDevDrive-DFProperties-End -->
+
+<!-- EnableDevDrive-AdmxBacked-Begin -->
+<!-- ADMX-Not-Found -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableDevDrive |
+| ADMX File Name | refs.admx |
+<!-- EnableDevDrive-AdmxBacked-End -->
+
+<!-- EnableDevDrive-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableDevDrive-Examples-End -->
+
+<!-- EnableDevDrive-End -->
+
+<!-- FileSystem-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- FileSystem-CspMoreInfo-End -->
+
+<!-- FileSystem-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 00d0c1acb3..ecefad6b6c 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -490,6 +490,110 @@ The following XML string is an example of the value for this policy:
 
 <!-- ConfigureNtpClient-End -->
 
+<!-- ConfigureSharedAccount-Begin -->
+## ConfigureSharedAccount
+
+<!-- ConfigureSharedAccount-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- ConfigureSharedAccount-Applicability-End -->
+
+<!-- ConfigureSharedAccount-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureSharedAccount
+```
+<!-- ConfigureSharedAccount-OmaUri-End -->
+
+<!-- ConfigureSharedAccount-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy specifies the configuration for Shared Accounts on the device. Shared Accounts are AAD accounts that are deployed to the device by an IT admin and can be used by anyone with physical access to the device. These accounts excel in deployments where the HoloLens device is used like a tool shared between multiple people and it doesn't matter which account is used to access AAD resources. Because these accounts can be signed in without requiring the user to provide credentials, you should ensure that these devices are physically secure, with access granted only to authorized personnel. You should also lock down these accounts to only have access to the required resources.
+<!-- ConfigureSharedAccount-Description-End -->
+
+<!-- ConfigureSharedAccount-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureSharedAccount-Editable-End -->
+
+<!-- ConfigureSharedAccount-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigureSharedAccount-DFProperties-End -->
+
+<!-- ConfigureSharedAccount-AllowedValues-Begin -->
+**Allowed values**:
+
+<br>
+<details>
+  <summary>Expand to see schema XML</summary>
+
+```xml
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <xsd:element name="SharedAccountConfiguration">
+    <xsd:complexType mixed="true">
+      <xsd:sequence>
+        <xsd:element minOccurs="1" maxOccurs="1" name="SharedAccount">
+          <xsd:complexType>
+            <xsd:sequence>
+              <xsd:choice>
+                <xsd:element name="IssuerThumbprint">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:string">
+                      <xsd:maxLength value="40" />
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:element>
+                <xsd:element name="IssuerName">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:string">
+                      <xsd:maxLength value="512" />
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:element>
+              </xsd:choice>
+              <xsd:element minOccurs="0" maxOccurs="1" name="EkuOidRequirements">
+                <xsd:complexType>
+                  <xsd:sequence>
+                    <xsd:element maxOccurs="5" name="Oid">
+                      <xsd:simpleType>
+                        <xsd:restriction base="xsd:string">
+                          <xsd:maxLength value="100" />
+                        </xsd:restriction>
+                      </xsd:simpleType>
+                    </xsd:element>
+                  </xsd:sequence>
+                </xsd:complexType>
+              </xsd:element>
+              <xsd:element minOccurs="0" maxOccurs="1" name="AutoLogon">
+                <xsd:complexType>
+                  <xsd:simpleContent>
+                    <xsd:extension base="xsd:string">
+                      <xsd:attribute name="forced" type="xsd:boolean" />
+                    </xsd:extension>
+                  </xsd:simpleContent>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+          </xsd:complexType>
+        </xsd:element>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+</xsd:schema>
+```
+
+</details>
+<!-- ConfigureSharedAccount-AllowedValues-End -->
+
+<!-- ConfigureSharedAccount-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureSharedAccount-Examples-End -->
+
+<!-- ConfigureSharedAccount-End -->
+
 <!-- DisallowNetworkConnectivityPassivePolling-Begin -->
 ## DisallowNetworkConnectivityPassivePolling
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 1bab3b26fb..c3738fcb56 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -974,6 +974,68 @@ Enabling this policy hides "Change account settings" from appearing in the user
 
 <!-- HideChangeAccountSettings-End -->
 
+<!-- HideCopilotButton-Begin -->
+## HideCopilotButton
+
+<!-- HideCopilotButton-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
+<!-- HideCopilotButton-Applicability-End -->
+
+<!-- HideCopilotButton-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
+```
+<!-- HideCopilotButton-OmaUri-End -->
+
+<!-- HideCopilotButton-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to hide the Copilot button on the Taskbar. If you enable this policy setting, the Copilot button will be hidden and the Settings toggle will be disabled.
+<!-- HideCopilotButton-Description-End -->
+
+<!-- HideCopilotButton-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideCopilotButton-Editable-End -->
+
+<!-- HideCopilotButton-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideCopilotButton-DFProperties-End -->
+
+<!-- HideCopilotButton-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Copilot button shown. |
+| 1 | Copilot button hidden. |
+<!-- HideCopilotButton-AllowedValues-End -->
+
+<!-- HideCopilotButton-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideCopilotButton |
+| Path | Taskbar > AT > StartMenu |
+<!-- HideCopilotButton-GpMapping-End -->
+
+<!-- HideCopilotButton-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideCopilotButton-Examples-End -->
+
+<!-- HideCopilotButton-End -->
+
 <!-- HideFrequentlyUsedApps-Begin -->
 ## HideFrequentlyUsedApps
 
@@ -1430,7 +1492,7 @@ To validate this policy, do the following steps:
 <!-- HideRecommendedPersonalizedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- HideRecommendedPersonalizedSites-Applicability-End -->
 
 <!-- HideRecommendedPersonalizedSites-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
new file mode 100644
index 0000000000..3eda0ccc64
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -0,0 +1,95 @@
+---
+title: WindowsAI Policy CSP
+description: Learn more about the WindowsAI Area in Policy CSP.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/29/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsAI-Begin -->
+# Policy CSP - WindowsAI
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- WindowsAI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsAI-Editable-End -->
+
+<!-- TurnOffWindowsCopilot-Begin -->
+## TurnOffWindowsCopilot
+
+<!-- TurnOffWindowsCopilot-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25929.1000] |
+<!-- TurnOffWindowsCopilot-Applicability-End -->
+
+<!-- TurnOffWindowsCopilot-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot
+```
+<!-- TurnOffWindowsCopilot-OmaUri-End -->
+
+<!-- TurnOffWindowsCopilot-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to turn off Windows Copilot.
+
+- If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
+
+- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them.
+<!-- TurnOffWindowsCopilot-Description-End -->
+
+<!-- TurnOffWindowsCopilot-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffWindowsCopilot-Editable-End -->
+
+<!-- TurnOffWindowsCopilot-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- TurnOffWindowsCopilot-DFProperties-End -->
+
+<!-- TurnOffWindowsCopilot-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable Copilot. |
+| 1 | Disable Copilot. |
+<!-- TurnOffWindowsCopilot-AllowedValues-End -->
+
+<!-- TurnOffWindowsCopilot-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffWindowsCopilot |
+| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
+<!-- TurnOffWindowsCopilot-GpMapping-End -->
+
+<!-- TurnOffWindowsCopilot-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffWindowsCopilot-Examples-End -->
+
+<!-- TurnOffWindowsCopilot-End -->
+
+<!-- WindowsAI-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsAI-CspMoreInfo-End -->
+
+<!-- WindowsAI-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index a909cac63a..9125eb9388 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -440,6 +440,8 @@ items:
           href: policy-csp-feeds.md
         - name: FileExplorer
           href: policy-csp-fileexplorer.md
+        - name: FileSystem
+          href: policy-csp-filesystem.md
         - name: Games
           href: policy-csp-games.md
         - name: Handwriting
@@ -554,6 +556,8 @@ items:
           href: policy-csp-webthreatdefense.md
         - name: Wifi
           href: policy-csp-wifi.md
+        - name: WindowsAI
+          href: policy-csp-windowsai.md
         - name: WindowsAutopilot
           href: policy-csp-windowsautopilot.md
         - name: WindowsConnectionManager

From cf16c1f9879c109d90a991c5a22986c6d372b7b8 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Thu, 31 Aug 2023 11:37:52 -0400
Subject: [PATCH 2/3] Update GPO strings using latest ADMX/L files

---
 ...icy-csp-admx-microsoftdefenderantivirus.md | 15 ++-
 .../mdm/policy-csp-admx-terminalserver.md     |  5 +-
 .../mdm/policy-csp-fileexplorer.md            |  6 +-
 .../mdm/policy-csp-filesystem.md              | 27 +++++-
 .../mdm/policy-csp-humanpresence.md           | 42 +++++---
 .../mdm/policy-csp-multitasking.md            |  8 +-
 .../mdm/policy-csp-notifications.md           | 36 +++++--
 .../mdm/policy-csp-privacy.md                 | 95 +++++++++++++++----
 .../mdm/policy-csp-settingssync.md            | 17 +++-
 .../client-management/mdm/policy-csp-start.md | 13 ++-
 .../mdm/policy-csp-system.md                  | 12 ++-
 .../mdm/policy-csp-webthreatdefense.md        | 19 +++-
 .../mdm/policy-csp-windowsai.md               | 11 ++-
 13 files changed, 239 insertions(+), 67 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 7cdc026046..f462eeaba0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -3239,7 +3239,12 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-OmaUri-End -->
 
 <!-- Scan_DisablePackedExeScanning-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to configure scanning for packed executables. It's recommended that this type of scanning remain enabled.
+
+- If you enable or don't configure this setting, packed executables will be scanned.
+
+- If you disable this setting, packed executables won't be scanned.
 <!-- Scan_DisablePackedExeScanning-Description-End -->
 
 <!-- Scan_DisablePackedExeScanning-Editable-Begin -->
@@ -3256,7 +3261,6 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-DFProperties-End -->
 
 <!-- Scan_DisablePackedExeScanning-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -3264,6 +3268,11 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 | Name | Value |
 |:--|:--|
 | Name | Scan_DisablePackedExeScanning |
+| Friendly Name | Scan packed executables |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisablePackedExeScanning |
 | ADMX File Name | WindowsDefender.admx |
 <!-- Scan_DisablePackedExeScanning-AdmxBacked-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 845fe646f5..690350461f 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2457,6 +2457,9 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 - If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
 
 - If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
+
+> [!NOTE]
+> AAD Per User mode is deprecated on Windows 11 and above.
 <!-- TS_LICENSING_MODE-Description-End -->
 
 <!-- TS_LICENSING_MODE-Editable-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 8c51b03f44..75e9fb777f 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the FileExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/29/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -145,7 +145,7 @@ When This PC location is restricted, give the user the option to enumerate and n
 
 <!-- DisableGraphRecentItems-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Turning off files from Office.com will prevent File Explorer from requesting recent cloud file metadata and displaying it in the Quick access view.
+Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc.
 <!-- DisableGraphRecentItems-Description-End -->
 
 <!-- DisableGraphRecentItems-Editable-Begin -->
@@ -177,7 +177,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
 | Name | Value |
 |:--|:--|
 | Name | DisableGraphRecentItems |
-| Friendly Name | Turn off files from Office.com in Quick access view |
+| Friendly Name | Turn off account-based insights, recent, favorite, and recommended files in File Explorer |
 | Location | Computer Configuration |
 | Path | WindowsComponents > File Explorer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
index 98bb86e6a8..57ec3f91e0 100644
--- a/windows/client-management/mdm/policy-csp-filesystem.md
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -4,7 +4,7 @@ description: Learn more about the FileSystem Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/29/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -40,7 +40,10 @@ ms.topic: reference
 <!-- DevDriveAttachPolicy-OmaUri-End -->
 
 <!-- DevDriveAttachPolicy-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+Dev drive is a drive optimized for performance considering developer scenarios and by default no file system filters are attached to it. Filters listed in this setting will be allowed to attach even on a dev drive.
+
+A reboot is required for this setting to take effect.
 <!-- DevDriveAttachPolicy-Description-End -->
 
 <!-- DevDriveAttachPolicy-Editable-Begin -->
@@ -57,7 +60,6 @@ ms.topic: reference
 <!-- DevDriveAttachPolicy-DFProperties-End -->
 
 <!-- DevDriveAttachPolicy-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -65,6 +67,10 @@ ms.topic: reference
 | Name | Value |
 |:--|:--|
 | Name | DevDriveAttachPolicy |
+| Friendly Name | Dev drive filter attach policy |
+| Location | Computer Configuration |
+| Path | System > Filesystem |
+| Registry Key Name | System\CurrentControlSet\Policies |
 | ADMX File Name | filtermanager.admx |
 <!-- DevDriveAttachPolicy-AdmxBacked-End -->
 
@@ -90,7 +96,14 @@ ms.topic: reference
 <!-- EnableDevDrive-OmaUri-End -->
 
 <!-- EnableDevDrive-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+Dev drive or developer volume is a volume optimized for performance of developer scenarios. A developer volume allows an administrator to choose file system filters that are attached on the volume.
+
+Disabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.
+
+If this setting isn't configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
+
+A reboot is required for this setting to take effect.
 <!-- EnableDevDrive-Description-End -->
 
 <!-- EnableDevDrive-Editable-Begin -->
@@ -107,7 +120,6 @@ ms.topic: reference
 <!-- EnableDevDrive-DFProperties-End -->
 
 <!-- EnableDevDrive-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -115,6 +127,11 @@ ms.topic: reference
 | Name | Value |
 |:--|:--|
 | Name | EnableDevDrive |
+| Friendly Name | Enable dev drive |
+| Location | Computer Configuration |
+| Path | System > Filesystem |
+| Registry Key Name | System\CurrentControlSet\Policies |
+| Registry Value Name | FsEnableDevDrive |
 | ADMX File Name | refs.admx |
 <!-- EnableDevDrive-AdmxBacked-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index e0cc0d9db0..6584e6372b 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -4,7 +4,7 @@ description: Learn more about the HumanPresence Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -38,8 +38,8 @@ ms.topic: reference
 <!-- ForceAllowDimWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
-Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
+<!-- Description-Source-ADMX -->
+Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowDimWhenExternalDisplayConnected-Description-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Editable-Begin -->
@@ -72,7 +72,12 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowDimWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Dim When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowDimWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowDimWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Examples-Begin -->
@@ -97,8 +102,8 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
 <!-- ForceAllowLockWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
-Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
+<!-- Description-Source-ADMX -->
+Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowLockWhenExternalDisplayConnected-Description-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Editable-Begin -->
@@ -131,7 +136,12 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowLockWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Lock When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowLockWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowLockWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Examples-Begin -->
@@ -156,7 +166,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
 <!-- ForceAllowWakeWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Description-End -->
 
@@ -190,7 +200,12 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowWakeWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Wake When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowWakeWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowWakeWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Examples-Begin -->
@@ -215,7 +230,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 <!-- ForceDisableWakeWhenBatterySaverOn-OmaUri-End -->
 
 <!-- ForceDisableWakeWhenBatterySaverOn-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceDisableWakeWhenBatterySaverOn-Description-End -->
 
@@ -249,7 +264,12 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo
 | Name | Value |
 |:--|:--|
 | Name | ForceDisableWakeWhenBatterySaverOn |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Disable Wake When Battery Saver On |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceDisableWakeWhenBatterySaverOn |
+| ADMX File Name | Sensors.admx |
 <!-- ForceDisableWakeWhenBatterySaverOn-GpMapping-End -->
 
 <!-- ForceDisableWakeWhenBatterySaverOn-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 3fd43b32c1..c12b74e90f 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -4,7 +4,7 @@ description: Learn more about the Multitasking Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -37,9 +37,9 @@ ms.topic: reference
 
 <!-- BrowserAltTabBlowout-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This setting controls the inclusion of Microsoft Edge tabs into Alt+Tab.
+This setting controls the inclusion of app tabs into Alt+Tab.
 
-This can be set to show all tabs, the most recent 3 or 5 tabs, or no tabs from Microsoft Edge.
+This can be set to show the most recent 3, 5 or 20 tabs, or no tabs from apps.
 
 If this is set to show "Open windows only", the whole feature will be disabled.
 <!-- BrowserAltTabBlowout-Description-End -->
@@ -82,7 +82,7 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled,
 | Name | Value |
 |:--|:--|
 | Name | BrowserAltTabBlowout |
-| Friendly Name | Configure the inclusion of Microsoft Edge tabs into Alt-Tab |
+| Friendly Name | Configure the inclusion of app tabs into Alt-Tab |
 | Element Name | Pressing Alt + Tab shows. |
 | Location | User Configuration |
 | Path | Windows Components > Multitasking |
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 10ce383407..1f7b42377a 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -38,8 +38,16 @@ ms.topic: reference
 <!-- DisableAccountNotifications-OmaUri-End -->
 
 <!-- DisableAccountNotifications-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile). Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription. If you enable this policy setting, Windows won't send account related notifications for local and MSA users to the user tile in Start.
+<!-- Description-Source-ADMX -->
+This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile).
+
+Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription.
+
+- If you enable this policy setting, Windows won't send account related notifications for local and MSA users to the user tile in Start.
+
+- If you disable or don't configure this policy setting, Windows will send account related notifications for local and MSA users to the user tile in Start.
+
+No reboots or service restarts are required for this policy setting to take effect.
 <!-- DisableAccountNotifications-Description-End -->
 
 <!-- DisableAccountNotifications-Editable-Begin -->
@@ -71,7 +79,12 @@ This policy allows you to prevent Windows from displaying notifications to Micro
 | Name | Value |
 |:--|:--|
 | Name | DisableAccountNotifications |
-| Path | AccountNotifications > AT > WindowsComponents > AccountNotifications |
+| Friendly Name | Turn off account notifications in Start |
+| Location | User Configuration |
+| Path | Windows Components > Account Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications |
+| Registry Value Name | DisableAccountNotifications |
+| ADMX File Name | AccountNotifications.admx |
 <!-- DisableAccountNotifications-GpMapping-End -->
 
 <!-- DisableAccountNotifications-Examples-Begin -->
@@ -318,12 +331,16 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- EnableExpandedToastNotifications-OmaUri-End -->
 
 <!-- EnableExpandedToastNotifications-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 This policy setting turns on multiple expanded toast notifications in action center.
 
 - If you enable this policy setting, the first three notifications of each application will be expanded by default in action center.
 
-- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect.
+- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center.
+
+Windows 10 only. This will be immediately deprecated for Windows 11.
+
+No reboots or service restarts are required for this policy setting to take effect.
 <!-- EnableExpandedToastNotifications-Description-End -->
 
 <!-- EnableExpandedToastNotifications-Editable-Begin -->
@@ -355,7 +372,12 @@ This policy setting turns on multiple expanded toast notifications in action cen
 | Name | Value |
 |:--|:--|
 | Name | ExpandedToastNotifications |
-| Path | WPN > AT > StartMenu > NotificationsCategory |
+| Friendly Name | Turn on multiple expanded toast notifications in action center |
+| Location | User Configuration |
+| Path | Start Menu and Taskbar > Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
+| Registry Value Name | EnableExpandedToastNotifications |
+| ADMX File Name | WPN.admx |
 <!-- EnableExpandedToastNotifications-GpMapping-End -->
 
 <!-- EnableExpandedToastNotifications-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 5102bebb64..b272736200 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2946,8 +2946,20 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting specifies whether Windows apps can access the human presence sensor.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence-Description-End -->
 
 <!-- LetAppsAccessHumanPresence-Editable-Begin -->
@@ -2980,8 +2992,12 @@ This policy setting specifies whether Windows apps can access the human presence
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_Enum |
+| Friendly Name | Let Windows apps access presence sensing |
+| Element Name | Default for all apps. |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence-Examples-Begin -->
@@ -3006,8 +3022,20 @@ This policy setting specifies whether Windows apps can access the human presence
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Editable-Begin -->
@@ -3030,8 +3058,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_ForceAllowTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Examples-Begin -->
@@ -3056,8 +3087,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Editable-Begin -->
@@ -3080,8 +3123,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_ForceDenyTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Examples-Begin -->
@@ -3106,8 +3152,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the human presence privacy setting for the listed apps. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Editable-Begin -->
@@ -3130,8 +3188,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_UserInControlOfTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index 7a792dc92c..954bbaeaf2 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -4,7 +4,7 @@ description: Learn more about the SettingsSync Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -101,7 +101,14 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-OmaUri-End -->
 
 <!-- DisableLanguageSettingSync-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+Prevent the "language preferences" group from syncing to and from this PC. This turns off and disables the "languages preferences" group on the "Windows backup" settings page in PC settings.
+
+If you enable this policy setting, the "language preferences", group won't be synced.
+
+Use the option "Allow users to turn language preferences syncing on" so that syncing is turned off by default but not disabled.
+
+If you don't set or disable this setting, syncing of the "language preferences" group is on by default and configurable by the user.
 <!-- DisableLanguageSettingSync-Description-End -->
 
 <!-- DisableLanguageSettingSync-Editable-Begin -->
@@ -118,7 +125,6 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-DFProperties-End -->
 
 <!-- DisableLanguageSettingSync-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -126,6 +132,11 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 | Name | Value |
 |:--|:--|
 | Name | DisableLanguageSettingSync |
+| Friendly Name | Do not sync language preferences settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Sync your settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
+| Registry Value Name | DisableLanguageSettingSync |
 | ADMX File Name | SettingSync.admx |
 <!-- DisableLanguageSettingSync-AdmxBacked-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index c3738fcb56..a62fd83d3f 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/29/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1506,8 +1506,8 @@ To validate this policy, do the following steps:
 <!-- HideRecommendedPersonalizedSites-OmaUri-End -->
 
 <!-- HideRecommendedPersonalizedSites-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting allows you to hide the personalized websites in the recommended section of the Start Menu. If you enable this policy setting, the Start Menu will no longer show personalized website recommendations in the recommended section of the start menu.
+<!-- Description-Source-ADMX -->
+Remove Personalized Website Recommendations from the Recommended section in the Start Menu.
 <!-- HideRecommendedPersonalizedSites-Description-End -->
 
 <!-- HideRecommendedPersonalizedSites-Editable-Begin -->
@@ -1539,7 +1539,12 @@ This policy setting allows you to hide the personalized websites in the recommen
 | Name | Value |
 |:--|:--|
 | Name | HideRecommendedPersonalizedSites |
-| Path | StartMenu > AT > StartMenu |
+| Friendly Name | Remove Personalized Website Recommendations from the Recommended section in the Start Menu |
+| Location | Computer and User Configuration |
+| Path | Start Menu and Taskbar |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
+| Registry Value Name | HideRecommendedPersonalizedSites |
+| ADMX File Name | StartMenu.admx |
 <!-- HideRecommendedPersonalizedSites-GpMapping-End -->
 
 <!-- HideRecommendedPersonalizedSites-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 58708cd210..700b3d03f2 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -4,7 +4,7 @@ description: Learn more about the System Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -111,6 +111,8 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage
 
 <!-- AllowCommercialDataPipeline-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 AllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -120,7 +122,7 @@ To enable this behavior:
 
 Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device.
 
-If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing".
+If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing'.
 
 See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 <!-- AllowCommercialDataPipeline-Description-End -->
@@ -189,6 +191,8 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
 
 <!-- AllowDesktopAnalyticsProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -751,6 +755,8 @@ If you disable or don't configure this policy setting, the device will send requ
 
 <!-- AllowUpdateComplianceProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -876,6 +882,8 @@ Specifies whether to allow the user to factory reset the device by using control
 
 <!-- AllowWUfBCloudProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index 06336a8d08..a5834287ac 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -4,7 +4,7 @@ description: Learn more about the WebThreatDefense Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -40,8 +40,14 @@ ms.topic: reference
 <!-- AutomaticDataCollection-OmaUri-End -->
 
 <!-- AutomaticDataCollection-Description-Begin -->
-<!-- Description-Source-DDF -->
-Automatically collect website or app content when additional analysis is needed to help identify security threats.
+<!-- Description-Source-ADMX -->
+This policy setting determines whether Enhanced Phishing Protection can collect additional information-such as content displayed, sounds played, and application memory-when your users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.
+
+- If you enable this policy setting, Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when your users enter their work or school password into that website or app.
+
+- If you disable this policy setting, Enhanced Phishing Protection won't collect additional content for security analysis when your users enter their work or school password into a suspicious site or app.
+
+- If this policy isn't set, Enhanced Phishing Protection automatic data collection will honor the end user's settings.
 <!-- AutomaticDataCollection-Description-End -->
 
 <!-- AutomaticDataCollection-Editable-Begin -->
@@ -73,7 +79,12 @@ Automatically collect website or app content when additional analysis is needed
 | Name | Value |
 |:--|:--|
 | Name | AutomaticDataCollection |
-| Path | WebThreatDefense > AT > WindowsComponents > WebThreatDefense |
+| Friendly Name | Automatic Data Collection |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
+| Registry Value Name | CaptureThreatWindow |
+| ADMX File Name | WebThreatDefense.admx |
 <!-- AutomaticDataCollection-GpMapping-End -->
 
 <!-- AutomaticDataCollection-Examples-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 3eda0ccc64..5d7b09569f 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsAI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/29/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -38,7 +38,7 @@ ms.topic: reference
 <!-- TurnOffWindowsCopilot-OmaUri-End -->
 
 <!-- TurnOffWindowsCopilot-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to turn off Windows Copilot.
 
 - If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
@@ -75,7 +75,12 @@ This policy setting allows you to turn off Windows Copilot.
 | Name | Value |
 |:--|:--|
 | Name | TurnOffWindowsCopilot |
-| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
+| Friendly Name | Turn off Windows Copilot |
+| Location | User Configuration |
+| Path | Windows Components > Windows Copilot |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot |
+| Registry Value Name | TurnOffWindowsCopilot |
+| ADMX File Name | WindowsCopilot.admx |
 <!-- TurnOffWindowsCopilot-GpMapping-End -->
 
 <!-- TurnOffWindowsCopilot-Examples-Begin -->

From bb77d24325c98e6f6dda5428fbb8b4dfdc14c63d Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Fri, 8 Sep 2023 11:18:36 -0700
Subject: [PATCH 3/3] gcc-relhealth-8337541

---
 windows/deployment/update/check-release-health.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index a5732df6ef..ba7b6d264d 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 06/07/2023
+ms.date: 09/08/2023
 ---
 
 # How to check Windows release health
@@ -36,7 +36,7 @@ Ensure the following prerequisites are met to display the Windows release health
    - Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
 
 > [!NOTE]
-> Currently, Windows release health isn't available for Government Community Cloud (GCC) tenants.
+> Currently, Windows release health is available for Government Community Cloud (GCC) tenants, but isn't available for GCC High and DoD. <!--8337541-->
 
 ## How to review Windows release health information