From 7e1fcb0c4e2cf2696d39696b56409117bcaaf2d5 Mon Sep 17 00:00:00 2001
From: Benjamin Howorth <v-behowo@microsoft.com>
Date: Mon, 29 Jan 2018 20:41:42 +0000
Subject: [PATCH 001/119] Replacing with updated image

---
 .../images/onenote_checkmark.png.png            | Bin 0 -> 88325 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 education/trial-in-a-box/images/onenote_checkmark.png.png
diff --git a/education/trial-in-a-box/images/onenote_checkmark.png.png b/education/trial-in-a-box/images/onenote_checkmark.png.png
new file mode 100644
index 0000000000000000000000000000000000000000..1d276b4c1d01e19ffc8e8031137b6d7729f12ba9
GIT binary patch
literal 88325
zcmcG01zS~Hv^F3m(jZ;ZNJ@7oNH-`5NOyO)(jncoX{5VDO1h;>x}_WL+~<DxCwx9<
zKL;0^wbz<+jCZ`TFjPrF5)Fk21qKENO<GD^1qKFI6TDcE5y27a8GQ)&-%C3wO-C3Q
z^d9I7Hh~eH7#u`$l9rc1`U^{nOOD8+gSYhGAqfp9F=r<;TL+lp@?j}(2-OK35;t}<
zbTGGbGPkvX!Fl<H3LHm)9{*r#=k8!`YUTt}iZRR&j-vl})WKLE`c?`jb8BN5u4{~!
z;5#p&-%+(SadOpnFow~wdxpOK)qf{9cQmxp2XA$NY3Qtt28WTMhd=8(*qGax!gLaE
z2ZLis|NHaK4u-}sm(PI*|M#{Jw$|3hHcl{C!-*Z>7$Wp-YUWN>#xO<4lXNgJ6fn}_
zVrp*bhi$Iu>RWZs&nrh4{N6!?1bVx0a29MD?>WP&Huoc&24-|yL$@y@nQ7k@U`7f}
z^t=lF2yu_uRkxKpt`m>Egs3q2A%7r8H1X5-;8RstHBDM2_q;MeL=+p0Jk1<CFivs2
za^Ls(Q<GUId@%oBM<+v?%zZOPl8g@i?`jL|e_v*qY$jMikM_S5|2nV@zUiJW`v3XR
z?|$uH>&O4FqnZ$ZCU-du8@6!_Z|*K~sx0>x`%;NvBK~~9U5TSb)-W_BGf{X>>KBX_
zjN*xs9tf+}V@~|Q43C4lEXdt!7EpxT*vhU4DR7QRzdglU(0ha!JpLXR_6Zc17R9_y
z`mV=-q{{OSE$aSPk`Y!fqkbxFQ>{(it!kb&ZpF8}5HrmT?LLB2La|Dt;Y1oq24X#e
ztX~;)(TX%t3InMWA#e~TvX29)1c-VhZ2>=U{oA8Z%d`+-iqf$t)egl(uqF6zLa4)k
zlVRboalZJ#Ba-M$k4*8K5(1B^UIZr<n@?X`y6)vtifJ5UrD8bSvizGYri2hnT>3_h
z9#0ILjWe!q=H1-_2d<iXaWYYL>D3FTGG;@hx0=fJa$a0zhWlCNBj94lh1+Af#9YFu
zJ=M9N@)N|9!Va;q;Pro>j)~98;a2oqyc(n@Ia;jvCT#Pf4Lbwv<<}-#fdJ|=MOXP;
zyIOLga?<*Y0Q$8n*<{+<laQLn5p;10qbuXwe~6n@D$}u)kOD65wz-eCs@U^1nuDY8
zy^Jc{48I$vP?Q8Gm9OpT;gv;QURrro1<pRTktON=jnyh-yFJe@k|sS*ex&i$m8$kD
z-!FX}60T=CSc_-<tm3Xhpo~2}{Yac}h_|<tqIW<{x|<qGfs!0_xvEzc{>~8+uZRpO
z?khAnAJ~`*&#gA1kr0>Pn{J<zk<@{66&1Te{sT8DUmM|EdM)|7WJjE#?4<^Z)SRso
ziOgr@52e`mV8`O4DFRdjkbjL+ZNhGa#`={LA3kMgWt=!oHS&Ly{E!}d3TvXR5k-JC
z!R4)yK~*OmkARA{|JkY9Qy$e-sc&39B0ZGBkB5Tes8wb3?vI8bZ13Jqr9*}<>Azdp
z%a;L<8Geiu8{uyo1+gKN2C1~P1%?x7j2nJq=uDn@cTvClg`C>ace|yGNy>+F9zW>W
z2}}CDtd@mz2z3XKHDnt*^}}&HzZhUv=I!gBUnT1A;gDrhUoLhs)A~rX8nfWKCP-?r
zg6`$h(~d$x!RyEstNUoTwR5`ntN(K~oS7!6qUhfX#=akf<D$58Rgm!VKI+~XVcJaf
zh&(A|%5O4dxowNA80Y4x1=1{ryidx?*h+$w0n~FdKZt9s;Kf8$N>8j{ottRHB|14N
zk|y2--<iw*5TblBqPe1>rg)wR8$e^T1dHG*T2*>1wnhCGjwKpCKs_o`Ky)AJ*~#6Q
zI!S6i53`1~Omr;8$~!ls0Iki+qb{Q)u6tNR$v=}z6jP~{5>mTbk^M9AL>aSdD-M$y
zmf12J?T(5jDdcZetpZCfhr7?qE!AIAVWLHI@+{`o$PmhGw>*86ZkvWfyqIOmAnx6M
zuFfs2m?el~E4SK<d8#*_5)tWjgi(2d#?jw6d&n(Pvx^a%E%Z_oiTk(e6kax$Pz`?a
zmGAtWvdP}e;R9*y7^#-*8JDNl6pamznt){kU-cZ-`0yC}yqhV+8*iuT`eRJ$bS!uF
zq$(dj4NqTmrhj0g!v(HY8TWSqC+c!_SlLwKWkj)7wW;RsL|=_~1j`Lhd1?u#h0LM-
z-4ZU*SV{`dJh9uV&5`laQyx?tF_>QFH%;OZ>Fe?N#fVK2{`6niS!Aw`X|i_^y(jyz
ze~fJ4M1qpOOb;ER<G8PuS^7%IRW>pIBimh8q`fG7s+~VosVdD%<--u+rV7!E3{8W3
zl{^nFqi9j(x~$k#n9eoG>%FCnyqY(msl)4MQt|RAD(vsf23E3FaN(5%u|0V%Cfli^
zatPxiFjV;YLijdsY&G3zV`Rv46{BM1Ev<C^yelOSp#Cwm%UQlBHkJ~R`MP%_X`(JL
z`Y~~AyoX#p*+qdN28Gq8LtN53-D)zsLMU86`Hw*&!rhn2+9LuAoLOW%_o8&NKHY3g
zO9j=2)>raeMae{YjSCpaJuMuZGgrCAh`9y9cJ9W_L>q~^D!Bjf>3_%i>Aydy=hZ>8
zmwSQo(_2mM6%{gV%WU7SwLDJQKNT*HfFY`hnIGBCS|VYJCKm(B0W>W9E;MHIlhGpk
z1{VWZxD~Y`1iX#UJpwgOC(_s_qi~oE=StjsA%A1ooZ_CYP?@#vVEo_J<ZiMfS}!90
z(56hF`;Ls)GGH9pHG;LUkGN|k_4g_iH~JMtQ<R^OnJqQHnnLthN<}0sma4KU5wWg?
zVK!B_s3e}EXpWCMT>w3s$)|5>x=|XAK_!Ixzl?1h2m`m}y`4@J0_c_4R}|;JVa5h*
z+>`D8RuL2yT_+$PNxPT6-a<}jE>6Z<>999O<0p>0;3^!T<`RTWsUCO(c};ea?w`mp
z-&P;I@`saVBjB5)yV?A-V&$B~?KE38<>YK)f%QGi-V;d|B}T3S$~qe3ACsj1LTpL=
z8*HmrgQB96BLs;ZsIpjFlZf;23M`guXVQlnI2)0@m(+%QY-NTnjnmzGpQF|{!{5Th
zja1av-0jicEwX>=;VW|-+)B`Xs4@Ta??oqkk|gE)&+3PmkNYdfc~%B~;WlYur6HS$
z(a*@)#;9Ic__`14)NtQfKCvuEX3h{=)Hk(KUjA%$yInadGS4{g5QzbWN;Jh;wl<do
zkek*BC)F?`C`|j4C}IpLV~g8PbjzNFlmP*4n3mBmLWy+GDRF8|qob_r3AM$3bKNq7
zF6Ov@@J8J2OG7_9O1ifaZU#HX@;aEi&qbC4h8XSV+ol-EKFdG^y7vpy=5ADoL&;vt
z#fkcdPdyoPW;H>=3KoPv2`)%&U9jo4`y%#kXj^&YM_y+x$!7oVO*-ZcjZIal@0jme
zlqE{>5hFBIWE90ki0E>x_!|>am*;l*L<$CdKxDJY8roYqfr@V&6=ae{bKRrY9&Uyc
z3gVi1+cgrkv;BKEa%*RU5h*z9ODA&K*^|NLgjQa~2{Vc(xeYXEv}y_%`n$9&6;9&)
z#yH{fKZb~I0#IU<zsgPB$*G8Yq{g;ZxzWWkv9AwPUU^|s3H{hOh#r2Uv}w?LLOg%=
zQJ`2DO)gHUIBm?!nltNm-;CWpuFiK}vU{IkLy@)f=yQ>8A@LO3>G#(P?TrB(73F<L
zNp3qLsqW9AZ3L-N<(e#|lP`U?pF2(?vOa%X`FXbP$ZX|X6PN1#UCJh=%+`tRq{N~`
zkvY%Dn2s^&xWMr<oK7A0=4lr5n&WdtP{3Q;uM<8p_Hwu^Q*77I97a{i1(zwkENs%3
z#Q;2%9$68-4J~n&hgLn^;;lT7(e`B$NyH*RzgpP;JKS0sF>oHfH=p+F^^XblZk1s_
zK{v1EfA1O5PA)O&oj6X2H;PgT?W3kXEYc28wpSW7!Br!jm?uiQdVAe0m>%)WhM
z!UCn=Sq9+-z9t;m*2l^3PCu2Q>2RbtnPANnei<y$*TJx5DxsT?+ln9hNuPxcxyt{<
z{ZtkyT9xK#n=X3EfR)N~JykEHP%RL?Xp3+?T{~K2u0KeJFyBTSL=ixt*+r@R4I^v0
zzeMD)KrcQCK_odOC#Che=W8OXb)J)hUsd79+qDiIR3{UuzH0bzZ6|J8Ok7wl%kjnZ
z_wwc!+@^q?ok@!c`lMLNkmGfIj^iim__gF)25~Y7DPMjmd^05cM`-bVue82GTPe15
ztu{$hgxJuw@LSVwFB2N)8*-vEPOg=_WnfLc8GEjH1T-&$g;1SLi})Gj<~P}_1rS5H
z3a>ekqF_8mJAV@%E-ol;>=QJbVA9)RmHiuEj(_hGYF08Z>e`Hq+f1K^D~<`j;_1M8
zBGi;LDJ{0GE0F2b(buAQsJ}J&5!^LH3Z{5Glk5A%E8gA>xO9(s`Y-ip<JHc77+IDD
z248**WHG);nk0Bmf$JM#7Il%eaxcp$vvpp(KNo&m5L~J{oPD2D#^S%osw^ZRBbFZx
z#yYfw+eXY4np$H4IR$H<0AOVUjlpZZAXF+WBvasO&73TYiNurrmt-fW=oo?AllIFE
z1!hrIG?hm_I0Tkfef(mL#HT-~?eFpT{7I^1MdRU7-g?XN6;7WD?DOF$SK?ikUwfFj
zbs+UJzPk>akn70C6%vpdB5Kw{Ac-n2ifB!CG|#9i#QnE*Z<75JQDR28R_v!2^>3Td
zxpq$9`&$>e<uk3(r$Us`n~z*w*cd5!eNkH(7o7P7u3unPN15O756b#_1_@bunrjnN
zEhia1EWNjYqCLk4Ur)Rw#ey;$m|m)PrxBC^G>PO|D&o`<;#X1^u6grMpXdr~*q>^?
zPp5yCQsA0<6pN4tpz3KIq59Mm3wbBZ??StG^84@E&_#o3NTTNeH76L?7j>rKASRQ`
zJC9HBm5syo9V$cnxRIy!Pa|Br{CW3|)P|aH5-cj-eEbJEn+}KpR!#5V^|onV4|li-
z-g94_&MwwZ&L`(}Pz9#`G1p%HpsN*h#vnF&|3uxF@u@TO();0P#k$ryn*37`ytJtO
zD=VM6$UY2%p43<{88^@vhg<Ukeoa6x4$~M`C|{MMBH7Wlv<qK(cPYVW$ddGT*zX>W
zFanVVKTtj8*Pe4tCE;y#-th`3lyBjJY?Qv>m~>&#sd7>ETy5#J-i7lU+)r{^?;8Fk
z>>YlboiM`To38B=O$zH!>LOMG13WHl3pvT1q@$K6&u$cLgV5LG&6m-&w&%GIrXK=I
zQm|-!%fJ0S^+Duk=WJc=&cwJU*d0_++L9RaPJf-)F9N4f6e|HgKr`OV+?86GX0~d6
zOF+|GJuD|ikv2&vv^cgo_PXX2G=AHH0>DN?#ZU(@%OcXW^kODyV0Ad=>q`U08)W7;
zDL7b|Bvr(#PnUA2X2|s!QfNac;}u`NLHQxSw@bcG%jQ6vGhq|fCvHB^FWO2Mo|E$1
z=A|^Y6b+Y$7Kd9m%4s<h>w^_zvx#P3fKd~^%Hvz(xDU8dR}-yG(SMF!_(|J3rYeQ@
z^R*u==&|+Ga%Z;x;Vgb4X@|o{`)PRSRY=?oBlI)3QQ~f~=H?g6AT5H~yrAewJ7-hG
zYqb<77p%yip1bpD5O2wJwF;TW;SaTgo=U#P5_t_=BMTjehGR(HW+hR18io~a)TkpU
zBrlN(f{d5(qpsdCP<B!Bw8J4dCWYptP<yI*XiX+3$46YN^1l&P;G!?N!Y=+d*;@Qu
zNlA@N5eD~yRMX=s{~tWAg|OD|X-C-<4~5W#Lj#R?F=@PHFPC>ThA(!T#aabqX=A#H
zmFJ#J=(N7tB2gqw{xFIWZ?HfZtc26Z#|gxZzRW2=3;THg61REJT*eTUEY_vs$aq9I
zmB4I_;w>D69zD|sF^&q+Sbk_fUg00d)5ZG-W&G1jrYdi9LD=tVwox6+HKaPkPF0~l
zWG(aV)KDZnF$BomA2!x|80NcR)P1#5dB|5J&bNKGwYkIQlcFFMTqD)NE-|5&yL>Mc
zMYmt^$m<Q4(xX{=m@UlpZ_h65S}L9=OmHZ9;qlDmBZJMItakUCYsbB0Y~j6RRF`5|
z-!S#>%EssnyCBdI=KiQu?Xvb+)tNH4RomfSZ9mcVbkN(`%B||PtI~GsiM+UrR*W69
zAtt>8$KIiV0CMCeUPe(H>tBQE2sUOdM6*R<QSRax>0P;G!W_HWG0hv~`)4fbpBc>-
zD#8p<_R&<TPpa%M8cICRsKPEBa)@XClUURO^B=r%!7yu11C4ws--qt|<sya*`z(eY
zeES?zwBTcE20R4Yk*Rx)^BwPqEUiw{=MEw-Wqd|5>+BpF?!P7`HPjbNPt+J%d?*ku
zhGr9q#n;hN)%~LKd+2eSxq7>_d^38Z`3Z7@Ey(lC*esW8;q<#D=Ju9II;4LPSs*4(
zs3UfBOdg}z4j+@NrNtZwUnKQIdR|APW$&Q&3&j%~1vR!}r-(<%sl0$)f(=b%er!EG
z@L-pYbk`;C&Z`MC*T6Bn&5gu!o!<*%lM=&uhxVJA3kYI*&9jYHj8K4&HMqT`xz^L;
z_`5KMGrFPr9jCwufvI<VF_rdD`Y+<xl(Spx5=92RnaPjr_Grr3KeRusK?)fLzSV>!
zJ1D$75vfaRNaP$}jHR8A`w-9M&*dCQh_8mp<W#dgcCT^2;|*jDyNL_zp3kLWgR%-d
zcH7&<MCWW{=K}9812hu$V$n{>HUZnwt9&S;1mQDvEF{k>7qHUjTD|{4I@B`I$2CZc
zMCd64Yax@H`vy$34OY81A+))sALs7AAXz)VaN?rHr177qp=t~~TQgW3n_%Y*{A({3
zkpI==>XH(f4V1&LEi#pN38TvlC~t+N!lb0-{q#c9>PhY4<pybk=(9*5ZdQJO%IvRv
z=7P<W)#T8C?yEg~%0rjNlkRr}s*(a(iHqacG;4gNqdLZ;wI&_&?GGHA=L$XhFUw*n
zc1=i?1XznJhei*3->rP|BS-tby}scmkqg&RVq1_MX{DUbi^}9EwPNjtd_(j8LlA+H
zOp6<JibJnv_A{J{k#cI3xmS0Wb|Qi1Pkf%2%sAv_Ds8N6wy`RC%gSDXmCO%$)&`u#
zq>uLDfX!iAN^^|I<T$<ei^Ge@V!5n7o;Qg|_opChJ=Zv5d*^IP64sA2cPElzq(YRB
z^J3cTj{}v{G#yjw*A!FnPqJjsH@r47+({GQ&d^ULd-y+n9BdVrbT^+D>?969(5!Rf
z0SsNp@&`v*wnFvitzLnK^~lDMsI$o$fzV720%w)vfC=Hd*(=n$U*b!!DXOd$5PN3~
z=EaTHHY0reRsICKrkx*r|L}ZO=y1kz3OM^Y)myPWp9%wc@MdxgoWzyahHXC?n*H)|
z>B>G+;^0q#{pq{s6S+%|QRq___J`E|s{Fus>x7sgjX>}2`_|!C;#_xCk+Ie06v#eI
zQ>g+#?lE1S%vgILRJ1|5VC1A0^A)3}S2DElMZz=|`H3>w2ek9wg3L7@{^-R7&+C>@
z)bsTI;o&zclf``Nh;uUR2dmp`Nra&814$4L=(TaF2!9hs$-!Dep|M?H7J<Q)A9pCP
z!rLdi_YI~%*eYb)87D~+V%C~f5b168phYZC>@m>eNNw=8DIzLyhI!~S&u>}>f>dX<
zhBAHdv!Rwou|yE$IFZkCkAp1Du7z%f_CinnxEEqcA82!8?n6SF%TtWvh~~e2<j#qc
zH!CWBQ(PP9r23&Dlfwb;<O?R#0soivtxegF6SE7ygYdP?7v>}@=j3%|5nV;M88PJg
zHyRTC4ilv=x7@apoat>spRPD9`t&AKdZ)eWe?(<SKYVBLxXN?8l1#&-_BT>Q*Wpl(
z<2#`LwzV_X<G5M<sY7ncp-e7CcQDi0`|y#i@0F`{KDh60zszOn?ME#xW1PUiYp=~3
z9AWDpHjV2+0#W%e%GCitif?SHAcF5kq*)fGeCf{>^-r^UPd8Jjth8mgk1wOl!Ozmr
z)58&toa7mDB+oIPNwbpCORSRIo*e<zMH9+o2J#I2MA$d4bil~(1Z|GGOg)hyAy4S`
z9tE72mwN0CCOo5RsiSGEKYGICDQw>uW6xGq$c4oM1!xYnef_~5SzzsG?$sA8i!lCO
z{L15(_>LjVAb)~VLmIA{>Bp|}fH9h&*mr4DTxI@ue)O+4ClQO=NdjQDR6hW;3w302
zx_=GmT5KC1m~X1vN$gvWG`p$(6et&U`Fj>}*l$mj&gUuL(~zM^-iLnjU_*<O)21Sx
zwYxR4*na))xE2l=&Q~FT_F)UX1^Tc+SLx%x4UC0Mp{F9YGFA~^+mC^BSxk7xXK&a*
zLA`kz?DBt*pNM;~L$2<V?puv7*qb7{k~I;4Rg=>}CEGvB+aB_MWbZo|(4ZD-ZK4e=
zXw^BoBT~r<vL_|;mLPP5sS@G*TUm^!LAZd$Bur67Wa3C*e$$7Ql*S5mHQifE=)s96
z^!x&wj{`^Wp-iZ&x_v`OlYf81EtiFMn33{}F#?-}a<-L9h+Q$#2aZyC?&6J?19E~t
zlkE#%XBYE354D7F<r8oe`VH>s1B2n_mA0Hv!#6NLWE-aqX{v9GCtncF=PAq#BX1}$
zQqSjNzddK$bL@3{z#h@MQ;OryRS09dnuZe>6CEP_7PbuFUeh7woz$gea&z6h0$)SC
zXbdsc7}Jf~`=Xye1q#ZhOrAjbr&>@9P?B|gqX;DkGH3Q`kZNX?<j!A@ZvKHABmNl=
zhY?5aO2g>JN~L?eG$K#5XUj<6yhMz<81|12JWEAHCWjQ-Cdp7QzA{P2mQ<u#96w-Y
zJ@!aOL!Wt*BlBpTgI`&sb~9+h;RSQ1O^>UGYoDP1jvAZbd^1x4*+QjO?j(24xj|aQ
zSDoN`F+lV8CH*H+M$=nN31x~TuHV!S6n_1z0^+{<KO7R}&5;BA7U`%kV()-gnK~|o
zQIuSe5W0;%nB4r@3Y*41-9j@CLcfMSC{@jcKQBh!I7FB0Mw3p}4-0(QFMSIXxX~dz
zc|Q(^a`K&Vv%dAS#;H12OEYH7Y{l8TQ==|ZaJZ#^UZP~lI&Azl`A9S`j^3c#N1P~q
z`K1u0mr=_mFo!2yKYz&r+<uOh!`}qv*-qqn^HhtOS8JEDQY-^0lA2gC%Wx@;A3Zu3
z{^4dtEZRoOvL|lYimWO;4%(RLu!kWu$WaoH<!qq>BS>6=I%yKixC`>H*I_qRta9Ag
z`a<X}#OStNLX(0+k7n&R%gYAcg|P_YVMGq6IHQwnZF<U;Y=h;+AD=6;zL3<!)<v(J
z={09(RP%DmD`7J0<0Go#qb-XQZQ@!GhWpU8TosO_2EC?#hsZ3WjF(Pdo>&LR1l-jY
zam=!xuSCuq@TMTX(kzT<pNDq49hQt6IHh#i(c5PRj<d9CRal*;q`x~am^4tC^1I?o
z4L)fN%60Qk5~aSA^Op^qp{<1bf-X79;;K}<$sTwV@OX$if45v&#b2rIXxECEP;ppo
zgFWTAtslr#J+xm@taS{dT&02DYytV%*X3wXSkx@BlL`E5RK&c}Q~dm{)6dS-nzeA&
z!4~16hAC8Y3~k$$o-cwT6SSOSm4b9$nSZH*HLrXeP2OUnN!tJHzL$A4U9oG>_kByd
z)(+*kOI~GmSie=>vm3M0$JSt=S1H9|a}$%DVE_(7$$$J>l_wZs_3Y+iea^d@+j^_>
z;owbp7bhZBL&{?ovCC-dqo?!l6Ab$Parx<KpVbTs^xH!z0)&7%dZ&cI%m&A2jKeXp
zM}h1|s(Sgk=eA6a3CH{MYe|d3Ob({6oBpedTeKH}eN&wBoHOtOqdf2Dk*;PGUXB`H
ze5l_NH7kLge;h*}@~c@)nhu`Pw?#%8&EhLM#9-1TR(TS`EM1F9U0B@?#629ZM|D4@
zXs^|W7zdjSX=KTkcX1aw4~e8#X%ks|X*ka2rN}hirR^JULR7PERCE{TBZSl8$OsQT
zyMFz!+Ieb>PokiQp3{kbcQ1u-vVpQ&g>oTD|IM)E+H6QDb=4>R9dFFh6TG0Q86t$5
z?beY7SM82~iy0o(gfTOOk8fe;>?XLcs^!($?+x<Tf%xe2<)}Iw=<VN`K^llf$GyQA
zEhs!d5D`bTKvBp=?m4&tzm~lE$&>!;>NDP|BEf{RtJ96-U-~Diy3089Zng=>;3oGY
z-gURZgHU?b=#A*yPt^tHl+xJ#qA=32=@Pc7v;h=r*Z0b}Ti+O7OmW(`EZ;mn8RFGO
zFPebAHEF}c`D1mQy9tU@#^`T22<p#bMSgsV7)a-pgO;Hs9g7^?-MD;=!`~pORWHQt
z)A1aVi2)BMxs0!j3*Pm++DpT*o2;c<$d|g(*OSS5Y{M5rG9!W_jIyL;a(OwDJ}k-s
zTLP<_ZTI-Nj}29uW!B!Zw0}b^(U?=dd&{B9a+ZbLW=Tp@bN(HJlQQmvbH?$pjg!vv
zZ|+wBh>i-Xs$$THxs^VB3R*k@KMya~x#gg&t2<Vr{*#`Ov3uuSpP>JmWdGDHq}M?3
ze3)Z;c9z5CPy_lo75$v@Mw)#Gmk@KJYNj|jTFrVZ!XSMmZEdfm16+96tT80N@&j_q
z7g!Qlnu+t(#;*iikMkf9IAvVP_*c@gY^Z^*EAGKY?9%S;xBdI!5c-}C`%h(Gz7K6d
zva?}yW-&baj$CpN_^X+wR#%}{l#X`Rxf6|hMdWt9>?)nF5}%m3{rZTGK+<}^qwVX}
z;e7XX`?XNL&9V#|K@X>V>sQuL@qnzyL(|sFKUz`w=2~=AFS{kZO+R45FDxvW+1Px<
z1iJ%s((x>eA@aahtTw1zP2S)&#d&(`MUDLuk45|UqHTxJFhALy*8O#t-Vf)4Kc~C7
z(Xj(Yc1_x&u3syXE)QnU$3I|9EG~xkZ}1gGL|bh5Kl`q6uq1`6z3qLxUL7NU`iJCl
zyd=$?CPDJX_esg{pYj%l_orCu$-P?D;MoHjyznZgJr%G^A>a%~x8&-_Ioq0;@TlF{
zU~^VhzEVpQed>#OSUI>nyE~{bP-pP@zh?o?dvFvr@F(d9L!24I0`v(UPNRK|ZqK%&
zwmkFLH&5Mm_xJyHA(7{mmmgCMY2r#CA|jeuS&6HwKlq4{l9E1b^K|IXmh0SjwNs@A
z$7Iu^q!vIg1-b`gJH+-JgN!SRh*4h#WMaj+(~QA8spF(~%&fGkTU?GP@xu9D^&VVe
zhl+=YQ+DG*n1;T+e*>A=4UzQKssdjovgiylR<ypCkoaEHi6ADbjQeZ-pIHA~j%2MF
zrwj$A9qv=57(uPk5%;3;otJRou@v>+c<XD&BFZZ_L3lXW*a7ODEMH;Yn{IM?W@efc
zxxd%<pt-uEZtA~tIZb?|#0u!j-azF0r(vE-8zc2ir^Q8COKa$FZ+O%7is#GVZu&5G
zt3$B8WYPV6@}MWN?hTS&t)1V3juWTE(q_TW&(F7-um0|N(uOY`3pO-9KEBfJ)L>NL
zL@;(>Q_PSA<$HQur&3ZZ(-62G$V8E0G5S%OJ^_577^nQk=Z?GAp4Z35(?!Zrf7Nk&
zW8#$PIU$UFPxqZoRmP>+*?yuFYY}Y}$fGq^OW)q-=%1NiuZt4a9bm(+Q>46x_lH0z
z!AkcAVhBr7U{YX*@~(zLb|ZSFw&u?<(St=M>nOq?H7oF96a=XJY5bsBX>n1o(1S@e
zm2kHxZflmw=qB5)eF-H;SP1y}J|J}AeXW=cXVU7u_Y(H-@F=RNki>*9`S~-LAxJ)r
zdtz#;yU~85sHB84LqR}NLOOPwGZK_@mCZ7LNlA%DlLJj0t^BVohxPN@ap#OW%USH`
z{uDuXcAt(cIod!7J$=}(C{h74YwP^#>e$nb{<sm7VA7eO`uQh$EiK{{xgc;m_123)
zB_(nh{4>g!E{iar%D@8U7Z-<C8TS8mX_??e10U<0(bxA8<<+YJBlg3Ey6~_tl)flZ
zS=u<US!b|WkB^U~S`Fw)LlW}xXhK3lZf##d*|2>Umz8~W(t3^#D%5sWn23nzw@Hmr
zjppFsV0x~Rx3`c@Lt1q;JGgHp^@Lx)-a|2fCCPAqx)_{ba*s2Xdj0y|+|tqz6fwAy
zxhg|x+PK#9QGw~1nJR}ZnF56j8FO<6;jA$}8&5$papk=B_RK$jK0zkv<LDFt#>I}9
zNK<3i*46^3>^oj=+1uOGpUjiS#l`)hP?*7|g!^5CsSiNZ9Dq5?*>W19NEJ0Taee(a
zP1;eB#5~yHz4QzW(4UZs{Z>Neb)QNfHo7!-R%1Mb*WBC;wguAMyr8^tMLP~QYN5{Z
z^!{;lE>DG_U!u<W;1j=qKyi7w$#C*Jso2fmo&GWaK3opxx<KjngGJY<vv^%&GU5>5
zG<%Q_E}T@rMM+0TUP1z4&uM`#r>>zvRaZB9^~7|c*4#~yj6G#I<Z{j$R6Hnu1Tjnk
z4ii+c%|`44eUZciCN*FKp=;=JvLY`?W_mbRHTuywm3Fb-y8Gl>fF--NTF8gj1Z7rI
zKBSGY;!9mvFu6~1c{vLVOWTD?`|XJBBtUD>hMF}dXw^(qL+m`uPB^CN_J{yqt9}_&
z5%}IsWtmx6Kyq^fd&BY1yUCw^*zwA-r);`*+>^Gro)py8C4}P8IV@T?C@U+Av8Naf
z#L_Tn)el$kmbc$ou(bYrKe=}iBFwu;snK9V>icw_1+CP`$jHORhUj9|!n3KYr}%&X
zI7!~XE{bBcu<x(%!NA54y1*PtV%@3gCo??#+l%}9_32t5#$Sh~AI2$Q#lSu`J>4BN
z?LxxA0WcK*{nUL71NaMSU~6lOlbhRNglqO+FRM?CKkR{y7N|J&pPx?8hFGT-76xN!
zWTmLFot&I1!FG|kt-%I#QM`EZV##q#NG?k_!}GW)I7!zh#Wc%1Q96zmOjt!vPXVxJ
ze}hFH-b|R`Y9_j$kMP_+p7<(qr}c8m<1uN7YHAV=B{Jt$R7BIrCfdy#C!H!jUnnm5
z+#hK>O-N|_+-^C!xSW9#_-_p*36w+jrV7t9PP~HcH~Ol~r)bGMcHht{q)RzEa*T|O
zK*7y!{XMN*vM76s6L;g$V#E2xl;YI<{J{B`$k<Aor)Hzw8|WqbK0jKmv=TNf%2URy
z9oCF(Hy@Nc#@|YTdNE7wqly;%)pF8)(1TUp_!kBGqL%)3<Wgh3$nA4Gq^qK(CHwg^
z{!Y3hI&|9sF1rbiR`@<zek#>iCqS6haV1Uq>aiEXLZr3VcDMht6=3zn<t20{9A?x%
zzq4N8G}7Ge#n+{dks2Q#_oJ46*rXF#kKh>X<dpyF`{)eDN?3t;-jw<FSk@RC&ywHJ
z7G;vaP2Ecfy^4}jXPlz&0Ceg$bUa!s@NMBrlBK4ly+aK=J99X0zqbJZ(fD|^c)O?Q
zJ4k4n?ypZ!s@sv-a@-t#;<Y27_W3hTH2G8HYj+a9sFYuq%9XBbx=&|GQO^hdNMvhZ
zxm>+uh`FuS+V77yI-c)4Qh031FobU?%F4>31Srx*uu;A@f*Rtx-HhV{OV9{zE`{5g
z2w*^&Rs(n(sN<%WRRb(DxzEj;ijF7#b-QHzuWtU&w^`5YNFq0|V}j?XpiKCp1<#Nd
z8*It96$LTt5$;wzPhv()nszch8;|N2HQGG5#zdY4S(1kIslY<mv>b5*47oXW?U1#%
ze+Lk>$KV}mw`ijA7cDJK@a9)|OluR8<i?=;qsF*X<Qz`gt|`MP!||B^9=DwI0hVaL
z@zF`g6|dSn6`XIBcLTM&dH-!+1YtLG!_u$UpS8toZCNuiGCH3&ESd1A$f5-jj{ru!
zlaISU>Bs`zRc+9V@^m-b0WhxzV8|_KlCDzCnwt?@pKemurLJ^7N8aa$^V|K;9Wv_b
zuSM?X$8KhQA3s;mGXWm5+Z;7}uyxu`zH_^iwWGCqht~m6<Ypq;r>EKZzzsZl_=EZ-
zV34iu9L&tjOAbTKg8w>S)HXDn&lyI;@)l+Q<eDy4Z945EE-o%!Pqi#xuV1vG!bJXe
zp7os0W%=h{T-L)kC`uhvbYz0^3+;H=Vg;=G17g426m{GHo6QpMaqGE4rpG=5w5-UV
zZzQjdmu2a3Dbq&Ip6*XLOh-w`d~WpHuiH+b9S?}`7$!2j+kSDOMwI~qps{pgLf0fa
z8LniqiA?&}$IEVQNF4*9WC2moecIA(+>Dh?=C!AEU3SLD*KxuMpctQ-=^f1wXaYUp
zezP8|jQhQx%o9}^cfQIHspIj;Hbul&SW)DW6EIzJ#?R%Opob2`d_Lb_ypH?`g^H%<
zr+dvxJ=o`mv1d83Js5)jU<%C7?pL2P>9V}AlZK$g;`io298eJeJ5e<g0eNZ#wZG}W
zS0JAjRABDTc*VPs9DgXOSs6gVE9sCmCMifphZp|Nun$#1=u(ZJpWkgO;WKnPfbkAE
z1Rx*t&CZNk^;Y(H(cXE);2SwgA%FiG(8{N7!v6#`qH#ObGFjN0A4=RDw}*4UEXvFz
z`|5qEj)H>ngF19!;meW@57=_6xk`PFN{c)n^VGhcP@LO7p7ySby(#Dooo|oimY1We
ztApzWg5c?K^*JLd3LTI6OAjb1DcZOY2q4P#eW1SEFY;OK2WXPmocGn*?|>O|z;A7B
zJ^km;<n(mU2+!&;Lt*-_2ttm={gR&q0xnFc1!$H@<p*GBvsp~j3zA`M^hM^@)=q0O
zeOPyCAtg^MFqcba^S3N-3W`(U4+YqrG+$#{W7v-lwlP2HE2O9>B+a%x<s}ZS-Pr&g
zhvgrpu<&pOR@VNV^LP5c;0K3>GW1l~2=dCxB0qn1|IX@rJLGj_shiu{n*NHl^~cYO
z_SBi5pQo0VA|Uk8`4egD71-ps!|r;l4P~9siR<gzG4-*V?cc2zK%<T8`{L44Bha{<
zoSc;=BSgSLMQjHkqN1$a1^TiJ0Oc?!Y6T`d0czqNml!6EN<V*p*i7FicYu2t^3t)?
z4oxJc8P0e~Ixd8U{ZU(hlW#tpkL`f!&;xbKq}!f8kt_K^3E(y_iOJ4r2H2W)3XvP7
zTLwnP+`PPRdThV*q~id4d6PB*hGpZ~AS2)Pk|W>cv})7Er0m}AZgxvc8kj&+i;J?(
z&Rl6cwzLT{u$5l74r=P8+le*Chs&<3#uE?;ZI8YDhkwB$)VL^6rVfB2h20nhv^1El
z*pVMI9H49Pr$YC{>a4D=4tgttgEEtQPG1MeOi30OEs&yz>y1qnqpULsg8UbcOxAyW
z7rYq%pzS=PKAa(tq-E3eU7KZxeikU)enk(kK{$ZG=f>#RyiIsN#o0e*DsVG2IQY+_
z?c(BsSNOfUdT9R!m^~Aq6T$daQh(jeR#aS^)7nZRKlKqcV7~Ho>gq{hVPXGilC!I;
zfJ{9oXMpy8&|yBMAP~8|y&V|fdPS?Otu4o&K?@X$Lz7+0G7w4qy5{!^M;<{@{%B&D
zzqcHs#`t5Tcx^BQvJD9O*s}7L@dfDTfO;=52SN$8n}RHQYHsc~XoORbHYZnCj91_0
zeGFSzT5N&zU0#N=Fu)uEG<$e@0?-AkqNeVAw*jOKVj#eJfMJ-(df+K#ZJRlby=Db)
zyR*)K^aAEnU(emID8$Al%4DMR@vFLeZ?*Bz?#T%qE(%}bveF!CvhKrQeDH}JVD7@0
z2G;F)aB*>=A5{YN0{Z&PmoK|}dv7unpe*47hR`N`8{inK8XCM1k-3kwaiAiA_CIx7
z%CT~9`wBSy-ob(6g4s|**~9a>$a5Un4fvx1#Vq0BU$ueu5c)F!n{42dd>#*UH%{Hs
z9l%8bMrL}sKT}i!ruuLS2htSh?Zb}980bAHv;F5L2(Iq@cFdQon~g+saN}mZD4|rJ
z02dGM@1=*ijSVd(@{ge{pg^HYuDxAYMphOGi*%<+>4&R^4r4H;ptEAhzMu5rre6dQ
zd587y_-9a-q`?%#G^CIxk|IZ@R#<+}xNHOG@3)~i<D3C4A_A?`mSr0NR!}C>u<FyI
znrV$jjUC#3r98#SDep*G^&!w0z@qt7fwHP<x2mF$1Q=}i+IIdmyy&=UTKWr*HQ(p)
z&VUI3WEUp9e^3zO-Q8XK$iC>D@nYBvr+mK*N^rLkdrBZ2O^`mXcUAw$3I$aRGN5WO
zK%P1@rQ^8OK3htb2aifnW52;f9-o{H7~A<U#R-@t=o$L3_nbt=dU~Bz1xHt2xFXY;
zB3Wa=PRMU;B#@snv$Wg*i|xcc2}I2M9Lz4gafTC7nml@xXptvgG&D3p(7wazd~x`?
zUNOM?7&nhDFbBN=V36VMTe$4@b}}#yIEfJSx&jcO6Zhikik~=nYzIK|@sGz!MST~$
zx%zsvZUPh0xxpzLThRD`PdIoza=$X#wLM%V4C<QgcydlnO}&{P^Xc=xUY2xsZ;Fes
z--zUK_@ikG43mRt)**I45K~i$06Fw8Kak55ghDIHMC$L2jg6vZgpv{!9i0*L!i>Id
z43XiQF=1IrNhETwf3V^BtOY=ZPAQ6H0JQt+dBnAUaFD`fiHAd{U<5D>ETAyp7}Y@8
z0jUVE6d=qQ;5z*8O}ken(7N^dqeu@|+7_$iFi<__5^Z=%w!vx{EjK$u6%n{|AZdSo
zDx-`WKxJI5H&a(9EzkyFR=~z3@AyqeT^(L*t!4F*1uAM9Ry-J?!n8{dvzsl5v?ZvT
z@UXYA<ZVd_J0J}(WS)obu8tP_!RvN|{8>s%E6s2VwRe1V(K>_Q`7PK;C<2d;DnRK|
zH6YP+ccll-IOEm#23kE~5WCY}{2IXJ6PYyMgKL8N4fj_^qXmCfRz|@TPlwTFNpjTY
z0<wbp`IP**YlyW&&evDOw(Sy6QRou4Fw2MEurK0Gj1(%dq?XuR7Adl3B0xRB?^A?4
zuh_uM0%z$1=%>-{#RobPP|PT(PI<-B*r`v3y6hG-s>+?_%pEzB#&dqN5j{0C^BqDT
z)v~sgq-z44CMb0;6nP8<Q;oy-$qOj?p~LwaO`u1eot=Sc0`?z>(}cKmz+WX%vlj;4
zPFC80=EjQdCp9*=t-M+?VkeZF+AOUZ1&dv2HP0SQ*#veCFjou*q?Cez&Q6%ALdBi(
zmSaeLeWJigYaCEy3c|NWK>54v<tL@1<$>dXS9FFYXxnumwBBx~jq=`kwFfHTxs#BS
z)X`X)>gaeL)d4^6xcPvk-x@05%NkZ>G&NH;JasyJgn;@|#%)>;BBp0yfoh!%K)1IR
zSD&~gBtYlA9Oc^~83op7U{s87R&+RPdoolKX!|~1E`h2>Iz<g`ex;_qmA3jo3y6&Z
zt`OjpVCT0-GY&N3D@8)|90jenfG{A*H%a{j`M!GMx<tY4ynVH3TL^S6@E0>;W3k`o
zjI$|}k9gPNCygu)Z#l@N^Tv=rtRX!BQojL4wh?fd)YQ~~suzm*Yt+5XAJnZcu1uXE
zV-GH`(&gxj4-mo74N?Ude{%}JRd6)sMl`B&^@J{IC`OJJN+)Nv9nqkalC|vun=CpQ
z^ix_2hpEGYdEq-iplsT2O>A0EKe9CMQUWN4m7NE?Z3c`=J3v8kLdAi+1^z?eL3zt4
z;i?k-W;$o*m(8oW1%Pc<+_Jzt(Y^VFuhHzpAmDPimg#xCPA78v(sjumiD%V|0|5a6
z6&2NP#eIj*pSMNZv%K|d#nd&h2V(&)(rN5EG!>PXyKD}Q&UrqZ_M6+<76MKIia8w=
zqMsaXcirsQp$eZ%MkxOY3k#FVR~b&@iAH#Z$NMn<;x@m&&I4dd6)2zo2-5T82?w|%
z%9!75t0f~93i&GO&VMwuK@|u--E0WnAJ#+-?E|L##Fh(V*I2*jlnO|g1Gr5A|6aiT
z`<FZp${xTJ+5s!?1m^{)98DPH$A}43?m@YEjByH|<8}nSCA7k()PoDmfj6nFo&fdP
z78YcvvGuoyQ^a$XgEOZlCd71fNPz%^5=vl$#VQnny#Zw<{P6Ds@MDXLitKJGkPyAC
zhV-Ti<bj}P_q?)_o67t7GkkyFqJOO3bc{@H$_OkyaI)0YjUVqWfy)3b;&=wtbObX)
zGXn`_WvqmRgxb0~;PP$cm4e^yP*sh?5#K*N%quJm2B)EnL0(>7hDu!kw*3}lJT@fN
zOf?`I__fXkTu|fyQOX!S(3$Z`NnpB5(c?N`qe4XjwX`-+EdRY6253OD^PvDn3Fa8^
z0gb^W-FOM(O1w#tJ6jJX2c~#3Kwuz0rDDawI5;{wQV{L^ge)&FKg!Dx7Qi%Qwc4JM
zA>hidJpsHKT#1~vwhUmOgNlWEeV$i`Z-8m0qy#lOlZLAFyAc-_7Xi061#8);%>r&+
zPtPwg5f8|WbhIk)vrkVxre0Pw<}L2*DX746L(m&d=ZnH{1S<qc5pX_J-WeixvWZk3
z37ean0~P}fE`Y@d#5&-(Q2W)w!eS1n?ANbf14|bSija@FKyd(LO$=CPK=Z*fCH)wo
zxc%3S5!!12+K*Ro%}r22RTanB*jPMwBGBm1#%U$6BY}4hC2z$=MS5eILLij@rZ`Ex
z|40Yg_xHc6hXIdCcTWaX7XV84Af5!4{M1~FE33b#A22_G4-LpJSlV|$O@O|e2Nwhm
z>^6@A-T)OXde)WmR*Am%4ZemT;dt1U6meMMcPH^BNxC=EVM+QR)9@I0h4uSNV8Q=w
z+OsLS^N}2VB@<{G4odQI7s9z$TrpC>NyZVaE)y5f?7Zq~UbX?<XSnqr_rR<7{Ds#J
z9Nxtv7ZnX_8oepA!?lE=Er<Q9TQBtBspFaqEaQ7d>)9Z0a#8LynhXV;=zgFK90Lqr
z;j?VEU9TAKP3A`saShIw9@a1Lody&2TX7%!_;)m7Wu^sdDtD+C#Wd6%i+X5Z$yW+c
z$BAE_Hm+;uJg20@v6Y1Xx&CJlnW1JP>D#O_daLa~Az>tyxFws0IHOo8YLbI#lXSDx
z?cW1ZgaKsHNFZ-(pHK0uCl*u21=KOMfN!s?UU3?|dER*OsA})a)!dxn;rT7FhNJGy
z%ml35oj^*HJU6z;F3gE+q55<vPPW*_#@Wb+TdzHT%qs9nf2dujfmE?_C{&zM5QrM4
zudT^QWNv<-yEmJv=rH>w2BL6xZ}Ymo0@7X&7EYxYx8v!uV!p|d4tRpljst^Oo@coS
z2(d$Yh$8z(m3TUf2$3)>2gvDl>AjSF5%<Dz`S!Mn&-4B2IiMhC2^C)7Ei2mo=#y{S
z8~pI)__d1V^3M=V_0q3x3j;U&0G;^u^5RJNr|67TL57K6|9usF2q46g#>O<jF3S1v
zYIvjPO@+~OR3&pe2pN`8jLCz~QMjWw&=#2ubYnpjhvDG3Y5x%8`#8LcRd2WWw3WjY
znzOnS(|_tmngozMDt*iNuxI1jiq4Pzm~J*yI_dQjghg-r+K$H#znsq$3%-lIF+RH+
zp*e&BmCxeNjRK+3bWat(UqOGz^Mjt`KM@-{NnDBGlz-9~sHBWmPfmcN0#Q+#g7XfM
zJFdqhfW)$?z6C@V=q(j<8>hV5$2esVhum{=8Hz2fo$p$GXrm2-+d{0~j;<cun6TDE
zZ7{%sKu1R1%+QBH#+R2zfG?>?j|<7m+r+^sCM(H1<ouiay)6Au;0q6kG(jK$@;4AA
z0e_RV^&cE)E+FhtWvPUT<~Tcn=MFWc019M;H$>yPEZl)L@0-k*1quu5Zv$Eketi||
zQ^nU2fTPGDaecH%@9t_>{A=rbPn`QPk`fmsqq13;ftMxmaGYv-+;Dol1LOLk|MA%F
zh)*p;Qe`Y>UtmF)bl>y7P4T4to&{K^qd!%mYAcWu-D?f4&(pGi2nPd?)Ju3ZM6y3-
z(4k4&$=Uf7WOh)@2v+pqJmOFELG|tfIt2886_EE}AOtNVoZ1@=e5z#pRJztjY`Y1F
z!VdWT+Vv=b<24|Vseu{;{yL7LpqQuUeI<{XmzoIrtYpP3u!^;ADxU9H=@9Ou;tzBB
z26xU+|7h7(nN3jsJ#Fkh_*!d*1&Cqd`Ij^*<`cWs$cr{0Z=0G@fL}D(Bz7dl@=_#`
zdv1&bU6Rs}yikz1|H1@5t<z>zhGvKzXi3o4tqu}XoWV*qtY-HDQ?)kagGTIr#>`+a
z?XZW-(QYik>XG*!Qbl^_CXh1JW!ysO`OUw52)zM~Y71A%x>6bK>Ou@CG}91}SlYGL
zlKL<F{T$sL*i%UG9<Oh`MlXXvU}4^nA*jFF$yqx_LqlV=SRV;B870ZR;{i{Cni}?X
z2zGh&mF8cPTIPB#Uu4z9v0G7!tSwRLB^lBYf{T%SNxH8>)FRxm8VypGM}&H8qSOe3
z)B@FV`Y@0g1vBe6%qJ4w3mH%iL<qG9P>`sYSi!Yh-_HA!s;e_FGv@<F8BFF8A`y-U
zmG+jFjA0Ov@Mm}i9yO5<oYnT9UC!$6fW6oRj_?jt2!PrHSWpGRoI++7IAEl>97|N*
zqus|Tp>tJ$Sk4}8ZUFO2R_3UxPL~Qdx*x+JYtHfAMcEKQb|dz^={9HtrI<AecGaJ0
z2&xF6J_8hqWLewd@9sQ6WW(lL_J|mpW7&HgmjO>TRP9(bH7<@WfHgoCozu`bZ<tSy
zQc@BtlmAi81gYFxD>G=ch1s&C1ifXqkMo)?ZtmP__T>5=q~=8>`xg_!GiW;9F62R1
zi(io>9g0VlTV8>QTv0LBROSO@5Y(0j-K6yOD^zB<Jzma&^h@p2C;pCek2Yv*H~ZBy
zvbmWb*k1rT6?TY;iJ_(>)S?BRHZ*!sK3r}|n$`8q0Ni{hr~v2(5R=H*+gCa2_XAfK
zq>q!6DquU!t*qeJfLBMIG^DJf6IoJH3KAtCxYK~CyE~Daac~dDXVB1=0g&>o!1Kh#
z$5&NRd2emaY}<N@2oyMQLnL$Nc$C|&7A&E2{W+`c96hc?@cwxxeotVLQA<PP2Mdjq
zrWk^<LDyO8teM>KPw7LE$ajhGIJuz{bDc$E5-&oO)uyv){U|6%<KMO&{$g3YKOR1u
zcJ%Qb7RIPy9Kq`vzHYwwV&XdLp6QtBn04PYbe)!-F6ZIFUtnGhcvNwK0FXadC##AL
zHp@~nG6uj}gGv!-micogZ1p5byGpCU2I_)=j7qUur<X-^0;LuB?!tGwQ~;&+{*<LH
z5uGeG#R1F4OPKt8XDlgI^S#i_p3~&y<S&Rs_#9YUyzuXUF~y~(4uW`r>SZ4m$>0Bb
z7Qh%D{%9SzJ5V79M0IPcAj3=z2=k!^<=eNw|AK}At!{v2l!Bzy!NEaEUHz-B&a5U-
zKv`aAF9`_=jf{*cf!2gFQ$UlNnwrjF9eGKhyM24UQv)!oy1E+N8zlki*}Q2M7Rq;!
zG4JR;-{Av4VRL6kHZ+N6#VrsdXHvyPRd}<dn%zKHLK9~ys*R8;GyUnejEv9_gFwiG
zQ&ISq+TGn95If)u69~Gofd?i)fBz}d>IdhRH#aX<+xR^=7@MK}>1P56Ppb90;Lu6=
z#cgcL)!^_rQ-RrFFp|o3^XPMSehzh|L2kJH>lG_C9bGWsnAH|DZzrdww(5oJIYtbs
zD#1bn2~8<&4Q>JX`+I1I0m_e!3}3l;#L2@`1I`XUIv8Y0B<OLOnJdzXed~6ZDBm}0
zCRbJze0<sk3&(a00kdS%X^sce9IRhnmvfUgwCjQD_*AYf4aU&z?QMKQ!s%XNmIG9l
zIqoPx)2d|~I<NqaIWKYyKY@M%$>@BeJ(WVCYCX{_Bz+KVLMvXBLe#{hz>7h%?30X)
z%pABOO-;?S?_1aRnjqqY0WC>If?nfsX#sTtKrjgYP}9=FDQRjB0Nj_7mrr2r0wJc|
zzcn#%i&4bE&y$&@BPO{eC1Ftb^nZZ_DR~Q=`}N#tVFSS2OLbZj0sGwF-){uZ#xw!n
z9t7vmB(?S7Y-sYQHmDR3d=~)28=&Cn-*8sotpoPve!guFk`6Y9O(|$lQfoft*Nv*;
zeSftDbQ2Po#|)|kQVX5npM&@YMK0yskEbWT&uP%i1%&1`K+D)PgI_(p*z1NmI$+7A
zrKHw?xPxlkO%U1`F4kK^HLu}#wiqyRxUCm@z|1BD1q139P{uGYx1mC{y!8xtpvGH+
z34)IoQ=;)1mQN42OCS!9AmNJz2{3g35m5;!>e4<&67>SXj{o-UTMba^K$UobxCI84
zTsR$yG62Wq+ncPpiJ_5&Plqmc56Cz{WB?Vi0|NsfOMse4$4xtA*x1<6$Bv-+%yNrs
zVL?IA3nX+lp9eST#2RSk>wTdNeJo*k*a%z-RO)~=_pxc&wBs!*E87C0GceQPgS(+w
z7&Ien0&pb|lf;{$01fg1@W0t(1kTlvb;EKWFjxMA-8Fxt-Q^aZFi556wGA`?0e}b%
z^uV9m`g(`^qXx&@t)yIf6p*#(193o2Lo)%u0?f*u7Z`#R#-D-x0-6W{;s=m_LNh(6
z1p?~p1`ICf(-6Si<0U~yL?`(T;)%|Fa^Hv%lkOvzxRjKEA8$Sg?<63zn)imi29G`1
z9o5Ymq$;<guIs-VQ*LcF8A+7@K?gA5fQ7*Ber5#q?g4HAv&M9#)jbx@VWvbKYLFNi
z8~^u!g<J}ymeFTGw}72T>*@^F7Klwpu%J_AT0BsHMZwtD0O=pF;VO*=u-Vz!!Q)vb
zK>97Yu6hG`5eA-BvELnkLzqO$=RgfI*iIn50KAc)BZ2BmAZwr6%L9)~fecNK=n&9%
zI}j$@gRwRB=T9H-5r(%%(yA7Zrl+Uvz+O6lQ56>--;*ii>2_GvZ)RrJX;7tC_hoM)
zH+Xu@6WB_?SSR7N^ZTspod9J5>)pYw5I)fFP?s5$*I;Weu%fz;8dgU^WH|<MJa=GQ
zfT%`%iW3y~2Yvk<>TeGG8K8X5K(c)X6r|(Tys2R-?a$8@+t8$QfG(@&<odkx1x6(>
z{Qy*%TUh*s(h3k<Gv`W1Z-Wqf2Z)MI0GLz)0%@WYouF`_l?321;b=~>J1J@)tW3_`
zoll`K4$6+83>qNlSGRQpAMk+18Q_gj!Ta=d-61QV3++It-2&!%G;}J1^8up{WP_WV
zn|7e1|NXyIa~wR&(CU5;FtQbdJD@s&j|H{#n*RNIW$f#Hm?&!%W6<CW(3Tcl6*S}m
zPimZjK&i&{<SR6G624h`aoo6pzT$N*4<`4=_wV8EuTSXSyzvL+l@9FkDsaExNtP~<
z-FIr)w)Ix(cPH~X(t^eW8P`8x8Yh6{Va5Ae2l`^?;BW^PXnvCNmoJ0K?+n3zhya&N
zfaZj1HK-d0jeWqhd%7qTIX%#QPW=#!ehNJcct(lCc11AL`$`iLgKVkTSI3SGiVlG7
zLTeWKbV(I}eQv8cQE-hwjDy8vX<UOd8Ot1jZY<Dwtl%*sl+ORv2XblLkpLqyp*bE1
zeiW)SsvbE<iXx={ho<k2=jwgq{-%<hy&`*W*@f)AeXPh9vO^`K?7hj(-g|~3du8t=
zJ4C1mS<iKT&-46MFXc1tbME_kuj@K8GS`tD2dGKHaF|rA+ml>eS+M+q>xf%4IRKU)
zvYv?d3tOWIjLp_Xb#MwGKlA{ofNCm#5Kt9<;Qmg{8>HV}tl<XZP;|nA7kn54JER#l
z><h5#Q^a2hfuagOQE*BJ6YD)<8^f0T-=F^vcp(lSlDPmd`r!Pa3-LT0zP^t`?%{N&
zmayX`zju;Xr=#oNzbj`2sNYt&rSk|>yVTTF*rJg7Vl?;UlmQ16w&nE$MAL;uijRxy
z0DCbSP#M$<<nUkeIsOHa!UM>K0N5ZU<#`+l-hD|?7QMK5CR|-4z=7mI2G3GbQWQZ3
zLg=!Rs_Oc2`<1wol2Sajj6)H;hzW9EAr>ui@PP9R7-bbXBY}<}A}@H*F0f(#Ae#rt
z2O%L&<bx**PDcJ_!bnpkc<KlD#VK6q9uRW}5poCBq-NeB@{Vvc6d~Sc-&K8oC%of@
zTL2EcF#)wU0mR-%<Zdv<tu5+HOR>NtN8&7SK1B9dtibEU&uRl@g{WFH6vb0e2uI+f
z!MX7Pq6JVFVEHt_pB%k6`k)Jh+hIsY(0AR&-}pr?=FSQW>3uk^;Px020CXH2DsCpu
zfJTwi1IgvUfeUWr3;0e<3PIVW#60>0!J={N-}UX~VXs*|d2-Kgf>DX|Ym>7n)HNv3
z;75T$+6U*B9cXP}RD&Iin1t|wv{0y8d<b<-w)^>kbJ77eh#H`eqoX5jjxy7BUvD^z
z5P1}K0H}Fjmd7pdURya0yJJm`4iE(i4jukncnjsL8p@=D&>h5sgB=C$paZ@#m<jUj
zz872bbu17Gq`!Ah=XV1$3(GyPL)#2>7Vwa*p-4lF3=$GUaDtKxIgrB!=oC-`WlqFp
z`9G*muvYzX3`mqpQBlzh5@d%zrXw!Sj)&Z6rBXLtMBt~{3Nd#99Y+_ayyXWpk@|^1
zSoZ}*QKly)jn5$g5+2CS^*7^Hgz-~{vS8N?!9g1{Y_kSVfd!O0M5%-$q0Q&)J&^CM
zrFKa`Cjd3hkV`d@PPAETz=>r0KpJ;@_6(8mAQ1`~C{6gKN|V;D>9V(n|G+~)@_Jpt
zxNBfh_weE%KWOv050a>D8uP5GygYhZ;W%6pfK&)*1^5lwDn6fo?#(2Q4h~305N`P#
zRxAL(u+<14f4S)NWVJgC00cS;B?`XK$)@C$5^S@zzL>Xe>(c1rf`Unhhwf0!8RtLT
zxaB%a7WukZRb(ca7mQ56^(cK4InWR>gQVd#f<fROo0?)gS_ND4B@`}3!xN}AN*WqP
z1qDIigvA2W0$i`8uAa=-33LpJd}(WIpDgbCDi|51t^XxC?uR-F1r>2-ATaO-96T_Q
z!1QfjE=+f_0Ld9#2FX~un>mSeZj_jqm~h`wgb<?@g8V?s#uf&4VG5+r0B5qjO9K5G
zN%%mLhILj3?l|y6016>GGV;d%j&>A48~x~Y6kl!wiYsFE=L6{hrxIdG?|lE2d?=##
zW+m^2?DdPw(@pp<IkmNfa#~<k<^eJ=sL+GEy$^{SfuId4E%-;oavl4}3CYR5Acmg6
zMMQ*LavX$lRkmMx0ZRcV@Vnm?#9%?vhO2;c_dyCc6wyUlUg3ZX21L9Z22v|`G6|>q
zI`#Q${q<4(k0Cf@SvL<vCO(Yd*FkC_TY?;9t=<k~@9sLtM^j<`FGJ>k6PsMno)})k
z8ZL+1o28eVnXoj-5rV{7kP0^<w!=x$M8rp~RfrbS(4wuQ1Ls^mcshVlQw1KidRBPf
z$%JUo;qE-qyHOS*Y5ER}rUh%m=ojR2@p9E<KY<{_9#pg`f&+-kWEP4sfU(qA0;~`I
zfAkKcLb}Y6YpbTVq2c$B2(A=jOj!dkMoxBZ>8}EL<&Qy#M$USmLGm$o)nM1oH9Dpr
zmfyH%AVS4V7}lS!BSKYJQUdqBl%8I4ViG|^gvn69>{$UQKXCU#fKjPxKR1Fq7p_w#
z;ak{4nyj)QGXhLWZg1VK9Rg;tvD^`mNf=JQl9ZLjJzsKT(}|HV2NEs-A>hch?ve+t
zi=^H1v4R$UCU<{zNlDjZeS{JJ2YAxIzdwhNBNhsEf0XdIeptmm_!AaCoN<b@4}TCn
zC@ARjJIQx&^8)5u&**L;x@{^g?QdmD<Z2)_`198b$ZL52+b(kZ3TuVfAmH2Hk<;q$
z?*|0fANz(k6s!;USvnHpgY5u}W__;v-|>qFU`{~c=d>*7>}oKo5D*kpB0-l@<cZhn
zd=<698+tSYzBuwdGwKlRkGwiWkC5~uoL&I5T}7zeiipeNIrg5h62~hU#C-zkBNJmv
zCMVV^fhgDkSOOBKLhiWBi?e4yyiP4Xz>4vzB|!3(59*HZ`5MhLNKg$bWAZhDv5n*}
z8=aT9iOj&0&B@7;`YtUiJ-p$jgu;=!#x|4x{+r3EPfSpi9N`0@AvSma?x=9CQT#6`
z1n?|>dc!YcUt<90RfIqmU}9lN?1Jm6!c`p^iE{~C?Eu*ZNCyBis&57A&D)Gj&(_Su
zL}G{~0odPhC+H@(tgDj=##sUMnV9%oy4VRQ^aN{<S9HxEd`XUQdU1b1WJz$w0gXVT
z<+u~*AMj$U<p*onvoN$@;3FZI6G>*kb#Fe~Ydr;*v=<>)%`Us1_rVXa0uKr4wZNek
zO9Y`}=%?OpO;0X<FxjV{o|9u^NTL<^f93iF7Y|PnRI2|nzq5bncs3#mA=Z`KwWSZq
z14bpzRI@aQw@jf*eRb)=omjJXcJ5noK`78^HjVSJ0VgR?F-3Lt?>QlN<6Fso9sB>#
zdZ1dfMA8>6*e#9ibbj&+vHLg;YXjjk-fmhL2A6_Eus4v5@vbJp?=*mrF%tiZ6T1m|
zRX@uqo_CL^d^lNj5{A-<z_ImpE2U}MrUfXw1%O6?I3XJyqA=?|Po15ge0qH?@~(Iq
zT;dgXF~l{7By+quzw6@U<m5cmj$rfHxVSf6D`vn=VOxT_5lt!lU?N!`f4S9|8_8B8
zkpNMBt(OS+2Saxl;31SFGEjV;fPod*Wex=kHY}25Htz}^XrSTPnDW4Nrw+m38qN|=
zAL4F}1iViyrv={CyY(XU_rN5PBo<<K=@hEwKz0X7u7Oo{T8k9%kFSnxfRX}ZL<((f
zT^;b0M6^oDf8#O0R=Xko2|@+fc%Ym>guZzOFn38=SzbwrQt;hq{gI=j$lbU>(;H-E
zp(YsnJmfh1z$y>`5B~8GkMA#R$kFZ0R9GHvjcfBb0EKlc<ILv+#}R6H2dGy7QkpX%
z^$#4X4mJRi;SI*U(+h}AUP%cmWrQ2Y$}}?*6CVH|<R2fu+#m_YqaK9BL`iAsDx^8%
z?&|HT#Y}%D3>;Yf`M|0l9~@xDp%0Zi2q*>U&)vLE2)!VO-rc`$G!^HvPAvNzblfub
zoVP|YqKN+R_@h@`S{gfMuVo3P+9V?%AHloPKKK;2c6KX(E1q0kUQE<s-9Vejiy6Mr
z)X?CHc;dEWw2!@i$wBQ0k>~^5N(iY3w&U5-2dzM`>yRKi(j)Zx+I57c!x0L=AqWsZ
zya$|G0Fhdr?~fE~<w5f3Qp(ARdwzZ%feBr_NKW!UiRV5&(K$P5m^aXn)FGlqAn|Y{
zeFzmq;&hz|v^xr3vxh}bF~>ttp-xyn6=2`OJBCi%BV8DP$NAj1G|TnMben*~n(cjU
zMouHC0Q7-hAcKRMcnZNOL{ygIC5HeiH(ZWdkn!;DKIjMbMccGnWBnvIqn{TC;XMH5
zKZBlwBvp&c%h%!RT6P9vX82v6BH=m&$0E50enW&*f<Fxf;2lJ>=NyEP-U(n(fED8(
zx6Fx~K*|qE@*ux~IQVd~!~YlzC13!QT+FF5;b9W3wM%M&oAv${#C4G<JMsnyDTQ;i
z&gaY%vOGvEb^w$Mco$F#1A&?$?*caQn}-iewIzW$)e;r}K#XHhP?n1^pvYoKa_LFN
z1&!$~<b4qp6Jd{D$9qu#$RMWz(Dt51cj&0c*Pb@kOm!9rYF$J60YE7QIuGd#MJ1(`
z+9B?>AhO4_92^mV@O1`>O}u~gASyUCPfXiegBSs>EZjAS#L6HaDUzdiSjCtRM};*@
z_(2-nC;1~utZS^Sth7{klX(iakv0J2t0Tb$T@(}WWq8>H=&V4p#t1L}b9K3NwFXBu
zf*IF0Hga~vzy@CdX^av0a(%r3Tek>Abby5p!j<VC9xiZRYKx@4pBxx?gF;|*bo4F7
zq>ISs7~ew%kY2z9^Z)uchDP%7j3_BFu{-<ck%57@4W@8H>*2xCQ5M3mSO8KW41KbU
z5${FL#5H3OY#IIoF8bRhVt;dE12#$c><)r4AXR*R8}zzDFxnB_0J#dtndc(H%E`GN
ze8(yFsIb%EF(htwm)hS!&L}M-gUajZM-MP`D<w@&&&CfLD=v^kgXMshLi45th;;jQ
zf%?eK^ep%`%?M;ltwN<Z@4C`BL#6{tF&tfSD>2X<VcuX=W55aPuIRsYfA4(&($E1Y
z+A#Tp@ym@Q?H1$nii2{n5ahkQTF#rGhY^|u+m|$!+I;@^76>^rdA=A_T8c;;V89LR
z7Zwx@EC%B<fE^5*5;=VWF^S-V1}DBi6310-|Jb2YB8TQXkP*P>Klq;RY*9CV^6j{d
z#Wb?h))XS9ppNqbO}~U($PoD={Py}@ad!4Y32c9=R)Ew1R^=nfI{@$v07W~6E<peS
za6=EBY=NWrs8BVv6Rs=hYY96B#hd5>QV8D%Q4$F;!5W$M$I?w0ynJxCH-=^u$jC4(
zI(-roBFzCWWmmcJ%*~CF?-e6q+-S9dFj}YO1yuUTrTtAr4jLT<Tosbb`adXd{|S_P
z$Vc*fpSU!8B2h~u3zOyh&knRQ(2*@6dJWR?pdf8;TypYEi2zRSh@!ncI}&2|J6l*n
z`XeYrTxbE&MH@ed^ai2`e}L34h(QRmha%Fi{@^n`g@i>nhGDRv*{A<f{g6~JG)*Fa
z2(gYJ)ruU-NEinSCvwMt5oryG2{}UHeBy(^{d@&;ueX5ZSwRV2kId4<1bx%zLc2kn
zhA|f?_-{LdS1YD~?t+L4wFCCG%IMUJOMh(@#5S5=1fKuSkqH6U7K)CHa&YLMy@jUR
za$4|4`2_`X(H%QStA9=bA|yws2&f}M9<-c+#x^iKoV3sb28-z9F5Y~%@`ay!Qy6rI
zX|OOrWe|QU`^dtAzQat@=^{QMVMAu&>sQXE&fLR7kZ#MSl^;L83kVrxa{;xy;$r9{
z94{$nYV1IgGuk%tiG$!~fTOkXGUy2e&>7FBdiYe7m7#b*)O#Gz4?uEJ(Po`o1!AkR
zQuc&9pzs6nSLq3XQayjgeYY1r!P=1*NTYN>y1kD2TG~2?khBmB%g`w_-s<S-%?zZR
zUiiYARvT~v9cg|95m;#8fNg12c>3wh^|_y(fF8h8%Wr8(gHr-3r4?a8O^sHtqs9HQ
z?qo?gR{)j+&qY)RE34Rq1cv7-cViTObYBB61DfOzE~!S2LZM(AEW0(sk|y3fl-?|>
zuTKPO04op{76y87Kh||~4ET1CcZQd7kKZGR5`bUQmNNRR(QPY-CdkI7wD%&g+-tVc
z#C6HTqzIDag@w$3E#T|L-8>IAM@(=)jbH+SN;=p}^{W%CS7<1W&&*UaGNOE3)ig<|
zNh~)4Js%a5m1+V!D3B+hs}0!3xIh#v84xZlV!1&MYa1Jg4UH+yOG7R;3hY1#3yL9)
zNk}G61@qO4F)#!zeSKiWl)yG>b#;qhfqbBH%HZl3^lh<58r?KZL(lymh8;oNI+|7N
zxuQ0kf2b@YV<35!Vq544U(FE-wNYpFjerhy`|6qrj@%2)emD1|I09i_JtrnTxBN2W
zaPlhFbg_wy|C)=JU8t*ggFAU6nlf3>qkj?;$}LH}t4c7A!9YFSoHKOjdmAeordAwQ
zTROKNt}aCItbXC=Z;9?kN6#c8vQ47fH5jR(FB-R|cG%14zu)B$J+!W@QWOX$E8Y4|
z^o($TsfO8-$-MhxSkf5*wN{O`sD(I&T`I${Y2>s;P5;ZVm!VHx7*nYUhKMbRHc6R6
zS1&_FvDP;KoUS+E_u)UydzvB}sU_fyah;swCSxy8R>IuovSP3jm5#eYSiI1$rkbbv
ztn`m6X4H2cK1g4+rdM8;wJ;?2F#l|siRtR=>c~Z^Qk0)3qURu-W{^;mbK5l%QAME#
z=r_1;nwpxlqfEX$4jQv-p-U0mQZ;|O$)iJ@gX-_kH0=GbiSVQO`Nz^{Q?dR2INvAz
zJkv9N%ahW+f2Es|A7@<7PyOQl_+-wmrHg!vi$1gNy=LmL=)Jge5|OpGBXakkd5z}h
z1JmP-X!l6VixI#wKnd>pox6g*_kJz<{`=K%4y*D9f5|N#E3{OZTHkfG4is4pUAvDR
z(S!KKh=cTGGz;M-X1pgf)|cUT=Kt@%6MQFBDxH~`xe_VZQsR>Q<Kcw87RnHPB@sIJ
z($bRQ;OAUof)PcBMGaMw7f&?uI}xi3E??B`8SWfgApcW`dMP|k{PCSMTm5uE;lLxi
zZ0ar)<i4%KKZ>+*dovA9Pak+V@)0#yxy)6Uma@zISJSKKt$(9bP|XsY67Ut|W|-K+
ze+Pw9{NLYk^e%Z_#Og&_Q6}+DgLJ;ER2ibfoZVy@?;zfnOCa*Kl2wFHF0Pf8mrPYl
zx>jzBGtA#Dj%!zWm`s7nwcC|{1^bTSid|!4BhtV$2_n`&VLPZ{ASsCMl-Dt?O#s;J
z1$RM3T^$c-unq7PsA1^1l--E8d_Oap$CSII+w<p_9*DMC&&J!1B3})5ZzPRm7Kq6-
zpeeYzy0VZK!GbVECt#Y27}GZHf<}h8z)%D<erSk8rYb&2oQWw2$uj_6jY~=C2XXs<
zg&K;ZovrOMXveEDe&=~sy++U(*ACguQ-I4IAkx`7J1d}2^Nq)dH!-E7G4QM%I(9jY
z>M=}a+x05WL{?8)2!^f`ob5AQko7&sF0}J)b^)l%2pSuLw7`jmc5eW)$YBTv28d{E
zP-%gpAYTFT3BYYSfK+x0H1$xZO&Wmd313VS3ARBFn1L{C3@Q+qGNT}7GBpQJZd=Wi
z8-fNOf+RBlsf>fU1Qr*|faK~?y=zAJNv`9tYew411fSt+XsSV6W#HcPt<S3%y}toB
z6!$s=(E{l`g4dCO<4E7cBWdalrKIlzu$GbgK-=mU0tdT83F1YUw%vb&)NWQ|@c!!Z
ztodX$0?u`4K^OyQsYFWnzpGrks-pidM4C=X^iN%>(*Mr_uqwU^lAi=U4lxVCSO=B1
z7F=qG)mfQh1xfQ0)6O{oAZ1{<E~mvvmS1S6?LE5fj@Ca{W=0wgmy+6K0M-4ZZ;dW$
zZ3<w8X<Hx%*y3OcBI6a1NE0Ic0<RGP?-k)_0D8;;GXmZkt9zn>eC39xWNd6~kUrJX
z(UDP7!i389)@@LFLI#Dx>G}kd3=mPDqw>8!ShjBwjS;}EE~*DyxEh01*K!ec%+Qpw
z*!(aqyGSmd$g0hKQq{@x-|~7ckFs2QDas9Mq)TCX_Tn8B>J&oH6auygk_X=izH=YQ
z`!4}hrQCmBIi=SEiVS0nJ!exP^oO21{$3w|0Le3GL#=^yn7avLu_dbh{q<#DMBOt~
zaPg?UvOVB^&PAnED|A|39$2??Qes0W4Wi*TfSckQzS`8e!iy`@uL3tmx|ks1FjsF!
z1OexB=x&V1ssTw3KnNe8FT;3`<xkhxNW_7%g6^XZp;AO;0>>XV8gRS&O0C@leFKq|
z!AFXrA^2^NPK=82ZmxZNJ%@+cOg0%gXuuIJEh7`4J4yUY-xVi2L7$RCnZ@23!Zy}x
z{wHTA>5|b26gArHCP@L7<0wz2XdN2Z1A+`3qyeEN;Z})eqlC5mHSs*sxlH&Nim7-x
zbqo?ATmD2wN~`w>C;>iA6w@fNGr|eQMKyp;f{v<>0MU`H5hLW|!W`-0Nt%S93#Z)8
z)BUQh1o0moF|<Sk5tYC3`p$M=5E8g{|8iV2ke^v`QLHFaWSj`gZ08tN@HTlzDe{He
z=&NKGZ`<98y-Ms=TkLfMY~;wFab1hxjZU~}qEgr5>1@bJT0(p$OcoHtRtxvWm!2gI
zt<m>!;)3`Ks)RV`VC4X}1f-MCYbin{(R^yP7P_V@wL8K-6G33k4@Ww<Xb=zs)N-vq
zWWu86zws~oSM>tQRHnF{V?SEBWeWYLlvx@2tZ%`2{q$3ur-{WG&j+2Rg+(@Q4xHK-
z4{^I<J?dOD&H-cu`#T7wC%$+tLbcVRZed|@c<DQNeO&h@>Kc(qTmccEYUGQWPXy*^
z2ObanOn->j^od7GUMa{qyi9&=msXp{Cn-q-`fZRj=nc=6iIM8L;xD4^+a2ryx&#jP
zska26PY8&EVCPpSuct+eAC8Y9cm2H2OG1rEmt>ce8l}@dCB0++pp854u%hdRoKCf<
zAiY$8%O{Z<;Tf%HOApx?BFwC1SJg2`_B0gJR)m@SXP)Pm`@9zS-?vnnX!ZR(K9kfh
zEGRAIlp#hJdfet=Py6?A7+E1iTKM?l0D3{xQO(2SNcf4B2gw&S0?*mt8be0|!JBL3
z!GNPayy3+(ihZ2gs7`XDF9@xL$^J&Z@HN>^bUMGlghf8h#I38(dG8Ox3-K{2b*T@{
zpYOcat{8v%=jLWXF_!#Xc4a<w$bvtYl;jW5)~xml?uW0QhOSfHN<)eNGl;qOc3-T8
zxxymB%(tCpQlMa#-72}eQD-WskI1wL&tgAe*+A5N3!ldCoDXDwFh0JgA6b38<W+xy
z)^i=Z+Lmgv-$*y87M<q)-(-Slas$pUzoPOmOAF0B>|dlwCssLSpK88JH27K>H{PY>
z*)FR~qHd(_9E6v5GuYgB#3_y0z>(e2!<Y0yWBN6sI`Ut6-u_uUZ58!mf~C)2r5=Y+
z<DB~n^~`#*O!@A<jm`D%$*J90H1gysS(~`^FCk--aSNN~*S?_2;qYC&%VYBSIV*jK
z>$tQpMQBSe>3+1{)DJnyJg{98@t}PiU1%2%#;3M6Aq=~*f}uBX27<o13Es{>+z{;l
z-l{PON=fD{T9*#_Pv>UD2H2!!Z)53&j9fMxm1p_jYxv+R#7CEMytv~pl2BoMknWqm
zc^~71{@rcrP$IUFE3Vb(&I4Ag%m?xmkM;<YmoeTw54TJ+Q7@9kP03~5HPnh}7nHri
zG-Um;`SGFLH5?*So!D4Oe}8{F_duDJth%8Ti%qjY++9r4mfIS1qO;Ki+YVE$BQjK`
zTD0pi%Z_*hqhcoSqW6nQgMJTlO(lDg^U@KO>GXx3ACo_NQ^{n4R)dSN`n<-$*yKtg
zI^hoew>_}))YPnj10fxo=jYxqa{z_~LGSP79d&Out$jf%z8c#;(+31y4^}EZ=DzN!
zta&0w{fA~jPLD>I?4poINpw8A_HQyi7s{7Y?`GG3ul&{fX*w_zDgrU*j42DR<@~k%
zJh!T;r5ofj)@>2v6c!+Hy-cTPmsguKM4r(~Ui{%F3!U)_cDND8Xo<HDa4gqSeiBfO
z@G^|=%Xf}HGbpEAAk(!>;av?mm6c}xS&^fjDqUyUNg5Jf%3<5$&!E*OKt~vfk45F{
zGK{zX&1P29<0gXzAr?8gd4O5#8;-@n{DBLMQ-%|90=w59e7A3QUb{{-=8>eyD@HS%
zYtf)k6*FCuvxQ~T&A1g~7KkHICNEtY<n#0g+rrn+$CoT*={kK2#1DRzZ?fT;v$pDC
zc2jB*JSSN}Bj_R-#&nJOyWSC(mSf>3gmb-VAqqNM!S93`=MRfHB5~#b!Aw}pAr6KN
zoN6(FG<I)JA79DTk3{d!Z(nyQG{ij3m8avIRM&GBUU~hdicRrp=DU2(`$BJ{?fxrN
z`ssVSv@kx=Q9&!aCYPGQHa^9%$X=f#tuX#umy%=Htq4?4oI{THBkX8dj*?Tna?hy0
z-)Tb{Ut-?E(f&itxH*S;GtcR%isS2S7FGK<0fmE}X@fqn_w$ck%sq-v#LWj)jD9r+
zRvV!HmKXP>TF{C15gggx|LB^_LtAFTFn0I*SRpA+7h_(35W@hWU?jT1E_;gR$08C9
z8GQZPq{A%CExjZ~5qp>0j*cCBGp>w}_;BHd%ljzUo#XhJUMk`6uDY&CK|`;GawS~#
zE&)|tlvGp66wRS_-K>msOVpt>3u(GMtC?m?PU`nkPhQo(Rd$~;oft%C-`I$H;T*T3
zYqfaf_fnWY3=+Qc%5SaU5er$M6p0lo_i$wYc*qZ!X>3NuXYf@KEeNy|M3DsL9;!ZL
z(5DhRE0UYTx!Sdr1R5r<|M<?|c~S}=ed=kv3hG+AN|EQg5Nn=fmp#XiTYL}T{-h=3
zHxym_uTu98(f$M6;nLclN!N9~XOzEfEA5(2KJ=s!-uyb3ps{(EevFi^IX&}YCtbu*
zm2%CAE!X}P2aN_#PJ__vQn^0C^II=*GE$-n%N)Gg<1-_kZlN;dhwt)K2>z^Z3M6+o
z$Fua)3vCzt{7-nuw(_@S0~_b7oWNXylE{Cq*GkdjVl&X0v06;>YCiY<-c%7eG~~!a
zmsAqPWBxjxekiR!Rd*O<_{U!KY<5N=>K%{t@qU5J_bZb46ze=2(>vH%b82vgWVl*O
z05+_f?fSjVR6lj2nrZ9(WVyjEC6}Nt_lXBhyxVTE(bS`*w)eq<KPv?E8`hrU@vW~?
z^%^e`y<_<t+#FK;Wj?r+t^EA#n%fx*|Mw?B2AN_j57+yTf8P(x1I3oPDO%QUF6jqv
zv@?w~uO6$#(=_JRL+}nDDFQBBI0*+b;6+qaGy{6BQwo(Jip~92CHY5Yyu98tEmfpu
zT~pM$@vZH}%o{#&41Fv~wn<X2RPgUv<aX=!-FRTm>4_^B7EBWvt2F=JM*9zy_tmUV
zb#v|`C%;E26Ae+3=dRDWo7-tTo78ohV|qq+yW;ZiZC_rB5PC?w+`)fpL&I3n8j;1I
z&DV*Jy8oq`Wh?T1>FcQnEKf~2))It=wr7^q_E+6UJ~oqKzxx_sqebrb%DKGJwsREU
zTARAY7!~0(`n;-mGm_>z-}doE@wdf6|Gwjc?MEBNE*hq~WrHp4Z|nRVuUl5_C|xcy
z4mJwZ?FJDVZ|n6g&Jj%p{++?^c>Tsn->%a3$uHAm!b6IT=dXAOpY0}AI+`7o^Os|`
ze8?hgmA6cN`&&&7=W6MJ_HX0zERWY3-#A(J53R65id_EUYAI#^3wYdiRVMLXyWEyk
z(1`u7X}D#Be_zy(0c<%ftD(AS`=mg<Tz?orRSnaiU?!EEudf6$r6N36Q%md3&;~#)
zu-ZLaFQy#IqI%VEKMd2AbK_2XMY{3SF~~U0iZw2W_!TVZrs9%uS2HL*ImoBN8dapL
z7z=U=n@MEe6eagG<i07BptQeYv8m8dKYfe*C~q(S`SVrP8vc`2s?Un<WmJno>~n+y
z!512LFM6%xwbm`xr%y$6IAQaI+e|C&>~(&hsumI8k05k;BA41HAxu5VICq!MPm!O&
zFGWK>CqjzM-SX2*!>QfB_*mpqZ@uOl%A=*0MhlM(x3@f#Cc`KDCB@^!Iez>S45^tD
za8D0*LXC5=ztWo-*Bu{u`TTITzK&mU=o$ZN=^oAp+WY^ce^g&zF}s1%r|^8q?K3(+
zU-lfWNAhPh!@P9Q6RzSkY5O-s3c1lXDEL<NB@1z#cY$^PmLWIn;;lBSa3cd45L#%5
z1O_3O%L{Y>k)+D?I6x(XfhUza6K5V`nMH*xPbry8D=nV=sGmOJ>oTp~&K`Om8LFfm
zo!RYh|0fq+q~f7*;kE4`?hGZ;FOOtW&|gsc-}q>r+-^*$R(LH1-!_JHM}dBP0#Cm*
zDUs@yuSTdMxvoja$_$?>Q5SFCfJm3DAnh`49#s#m+-7;Kj}cm$T+aek=l6+f7Ngvw
zj@M0mMn2V0kZ%dYfDiI5(x5_i$q_5;m4`P_T2=|ccG8xq@75jeQ-~8DGz4PY!hz4B
z{hMlwl;qxo)-x)8mnUD8I8;CFW6JfFmxvH@)e_Q8IpJfbn?3wQCWTtdGNLMCzHw2S
z%L;Zp#D`#G!(V{@c69{YLU<e4(U9nXHg#spy&O$NW}XY*D>i#82D4|j?mO@LF9mVo
zT5h8<)LF;k2KM@GI7$fx|D!%CDy@|LS$eIsQa<V-SvqM{rbqW+cTTPntlgVZxflvO
zIhO)M3jUHi;e~{Fl&tmw=ouM~EE92|(o|Jlc|!E#H<IabVyk5ae?2Cq{y9(>W={Lj
zO(qZ?2gBfy%Z~N2FF(OB5x&B;F4?B1@3pxMGAP@=oAtdETlEj7IQl-F@{cRXHq1b^
zmYwpR03SWIN2aoXw>hOk3U)5rN}$sdD%T8m{4AjB9X54wsi|S0)Wc{ZbI6ip`2O3*
zxg!(_iElNvsP#coYp+}%F?<Z~I{6s^sY&8PBGx5;*3piz7x{$*N5rq9l-DMOhv2ZL
z5WOH&Qfwl?k`;@zo!XM!5f=1s!)Pm{)oZ#LF`2&|8<VUIS8iw1{!xr>@zefi0XEkZ
za+6$M1@6h{^l$I<&Qi)Zu|ma0`-V|yPWA0K&C@1_hm2Oa_jPwM#a3da7~R*UuZjyK
zzqsP;hKU86$HzKZo?NYu?_uU<<A=SjVtZZ47Gn7^g%#_)Hs@}MZBYaB!*AJEoo{%<
zu^O1}cG3|s{ryJ0{iS<OpNNQoSnyxt4eAIPhI3P@7!VTVMX2OwJs_O~rmHzje4u*p
zA{J3;Bz*pj!9WxkJycKt-E`5=D^dCdG%w0;&Y%0k6()CLG?z%bbMMlPkY86r*&f`$
z2*xFzS`(9^^Ak`vI-is#Ra+cdXkY9dQ)!J$aa2I%G!JS#je2)U#6PgT)|={JzL>$U
zjhz9wBmFx{t940bZ`sPw$2oA=HokC3q>GM7koe~xct+Q>?)EcJ^!uc<2bb?WdB3+v
z8`}xl|E<?*EJ>Z@8KiSIqnGbyq!JLbh!3eVSjm1v5baf;hU!VODX>t$z9l5EqTFDi
zF?K&mTrT2D4G?0UO8hqrg;4@5a;taA4?D)JBz$Xbpmg9E!gRKbT^#zM2*+W6kEj;U
zhk&L}ktv5__cAN4Ds8rx{@&Z0p?6S^5-+2iYbw3lx<J1lAfmDPl<4AfsH_Z4TIupg
zb&a#y^@5!{iae^HzK8avM_t7eR*I<mgi;!SE~l)FMADErBJ}KNLk|<6bFgP>8%2q+
zz$;*sti~V-J?Id&vBD)X7Rr?2x~u2J)=|pVCr}%X_U$2glas~xv}NORIR3+8@y<`!
zwKXh1%3oDv6ioiL{K?vRyHP>$=iYLC4TaTV{k`v3ScaF{Z2Ol^_c85A`MsDlc{wRi
zQ9>NHDYkkf5i)0Ah4h<Bw`QWzT#4X@HT<}!`u?ME*%Rtz)0o}PR0q0c%mhi1o6lQF
z7%b%PPwY}=PDCiz&!Fl`Wu?)>(XX@EXnib7I==gL<n^CAikBYON(=G%R1MpL2$?*`
z4@c;tZ4+Jt4ai;)7`c3@A>rGcxWSVY8*AT%kv{iT>|<}f0*_nYDJnuaTU=UR3vJDL
zr{_1B%8UIsKSkmz^4CSTeQd-~_ZLECRaI{iNBH;no_tB6UaS3*XUUHnn!;R^nbh$H
zSM9T(!)-Vfp3NMIk8!g1`blBxQ!PnYgw?nHe%S5H?811IY`_!&%}z)pwr|ZGQYc91
z5zMA@-}b~l!u-YD8b&HS72j}8*2AOzQ7T+4e5^Y+7+4yub+xJu+YPiD3rpaX`PNH&
zbnC;(qr9GiXhsgDc|D+N#DI9&1@ulz7WO;7&kSs*D?W{)VX%l#-j~(N+19-8>zo3Z
zPC(sG-m)3@)(6%!WurDC;(KX0Kg{av%dj=;s-j{grM2}0-sBgLzg2yt_Mfv(>=fE9
zp^#`yS$}lgTRwB~?(z42Qd1j^8PBVCNzo{YdTO_}ehM}BoFJCI#DGr(ke|`|3m*=V
z9Ll!xFVR7u(*B<8^pvfm1FQ6Kme7|U0dtFDhH~7yVWg2Rhdoo8-@8)ndorD5v`BU_
zDUWV>PwhH({TO4VOzmZPHZ*@Ss_c8vznxDeR=l`h@KKcbqYyRj?Krc*-~fqTB~nr5
z#oRF?vTPeu_wrP66Vu3D7Er0sqM5EHr?;>kV@l~1@3aVHK^F`-Id!0I;&hq8hy-NC
zLF)MMm`5mGO^+(njjN-SS?scVbg4M*=2#+8L>-pwXCmi{n_}ULdEW|cv^JVm8PbXg
zGd07}Nz;Q%pMP*fi?e+rPURHWPzKl*JNk&ULS4<P+9ctAi<(?RF{?W-+s)i4Jk}5x
z!Y`Nm=qh?Wxu=8xGhOzaTG;evgpACzZfA#L;$Za<6-mR|E4l#1Wf$BE8~t$sInS1y
z*EU*X6_m;fq0EFovK4kkqNhs~B(W*UbGDklQZKrMmuj{aMTtIlW^PUoP}!py<9odo
z!M=45FN9C5mm1y#t#{?=s%Bn+GhKq&tCRM^3LyZ_3ioPF*cgN862BGZ;)ltC-v}qE
z76glsevZ*iWDZO|gl!SiZh~{XnARv~rT=kFF6+{VxQm!oR;5&i%VDyYTQSy*(a%R1
ze2#73Q9Bze+)<bv)i6_KHuESJptgU~^ZEK*hM1_&BCwCSn*3zNvE|&QL#F3ugl`&M
zR7-mJdXMG4gC@O%AD!RK>>IuDM-b<F`fzaN4&;t3Y7D^Q&W5}O;v2k%d>N9)LEY9x
zC1sj|+d7C%{q)#JIoXApgypxUAMR1T>DCK{e-~lCp1FR{0=b*ks9B8SZ7ejZW0Uvu
zy;bf-SxXR;Ae3T#!pVw+3I8zoeo|^C{%Wsav@=DGkzLK*a^C8eO3Spu-E{~8BkQ59
z-TA*EPe~9hkIl@Cf=M|Q6>7{~vR_eJ#Hs6Iq_+;94<$scVM`^>*(KYCGE(t^3h>B3
zy0k3NdnF<3;6b!Vi!}K}r8j<O9!Wb{IB`qm8cfT9sh$v>25%ghtY~Ay42C%j6X;y2
zW;DK)pRdWeGCCf)`~O~fn^oza%y^?^nNAFIeJ8rPpU7TZuj?TF%yN(0N$-RfRxTMt
z(!uODthK@frv;>HcndH|Xz?-JCrpX@B;pUx#_@$~UCk(&R~~-02z&mt$2ELac3_l?
zG{S)jX&Zyqm~2RZfju6dm8A|LT_^;MjEsucIpU#}u7Rkj<JZU$jaJzOJ@2rNYQ^8y
zc+soeXD5}P??><BSajXU^;Xs;{jath3nF_kdpTXm(E>sP5NQY@V35zYqlC)L+#@?J
z1)0d2N7*_Lgl2Rk2-{p6zPK<-)4E%f7MJFlP3CQAn$C@6*^*wdu1)=<l%Jy|6wvtm
zB4zv^YOzxOeoZIK$wwlQN+*;SmvVjm=jCTf*TX59xME~KkG_57^X3nRXRYEKBcWKw
zn!9_+wqB4~D}jDx)LMR5+-kK&gmaAnj70d)8^ZJmyoN*oG<iYZ1BU!4U$<{sD2OA?
zeG4v``t=;AUlkOFYB!xfnK_$asLhT~uRZr}xP=>EPUmG~V4XT1_E0OgSG}$qpZ<;(
z$?G+W+j3zx^N&gwYQ6}T<6Q(AJtPtQlJ&z8%R*%=&qTvC;8tZZ*0=ApbnS0AdI&e-
zq810r0P6}Qo>tEZ>?$Sm6o_RPkH2tGX`orGwD6EEc%i=j3P3#Cx9ar>aXsT7ifPuM
zn_Ii&?^VpbYsE6c(h$<~T!fXjquiOTdIH8FBpL!%S65kYyZMN_%&Cwt@~obih|fBU
zGnb*=^&^j1><MjqX;9Dlrhhy;TXTA9WN*Svn&5gwCH2*cK%PZ7X_5NVig)3TTrchf
z6sIY>MQ46}69&Wz?OVSVS7T3(mj0^sw}6H1S9<7{zB73N49jzyjV<mV-fZSQ`Rh8v
z<HfuDK@}~lYDTQIc$~X-cwb+;rR~lB(qc#;&YhLNTk4+#^2DsZu}l7WHz%_)Mm%zE
zcWkTEK_*}YYMiCv{VQ*?`{D|Pz&yn<Lp~Qj@yghDe5Bho<A>t=RViWh?t8Shz}=4Y
z=?X2i+BLS-UV^?^%!nSCUR`@nCDw_Bg$0J!AmfN(B0}Et{cjoI_h@;<;xTg-O)Ami
z$Eq6Dgp;DtQ_<DWw>6}cV`itkrxp`sYb5#?ZJw6+<42fytW9F2W*wWuBhBG|!h^QQ
zfi<n}^mIgiPeYw979&p$Z`XQxj9q$&JKaKMPv^vq-@B#|UQp*>MnUANiRXuICa+4R
zB$g_tUXJ&Z*Hs0FEb@F)Ywrz3>m;dU@$zw?T?Mx6{ppt79ulTOqA{bLqK{lR?E6Zh
zr~h*atRa`5GJ8VY>{4jJN1qvdaa!Z?Sw)M)|C?exlc<&AW22VOI!&chGzZ!Zc}blF
zc8vK(xyE&HM=-expq30`W(3rvb7H4fv{6ZljM5NAfsij`v>|to2ga-{#ORUkir>x_
zWf*~*UIKR6M2=Tiy-XdrU5xJj_6;jU>mskCg$!E<XZ-YQwzfYK<0yUqy5O}kQcr*>
zGrT9H_rZAZ)$P6Y@Q_=v@%xNhQHp3OiesU@f?Zk`KZmYB&z8P3DOP4k;{HfCOTJod
zTQ8}4iFP?Ec9JEI=7CTOaEWYTe;cjpIh3^Tbvcw6u`?ZUs97N1qYB&mmCUD(T~cej
zT}euPt`Zu$44aj*mbGbuU(g*iLP_;P0^~Qz9TmQ!p4)4s$#gO93Nwbh>2h3|kUZ?e
zNFPr&$9rem<iUE3p8L2qr71hEUL;qUs70-(L^kP}%w;iFm5mlG>-=#{09;uaEm!nt
zD~_yxuNiS-7@~Os@=&+Cofa>AB}pT0z8!+`<z4m-gm@u_5Y-F8qqczYd51f*F%W$L
zY>-wsAmRwO(yy5+mBNcD&K3Tk?};%<_im3}yc#h6yZoO+CF_}Fxb)s@*$J$S4=<PW
zW=2H2kN3rJQTnzehk3SG(N@@~)-Qkq_f+qwZAb`21Wy;_q>RfNu;S-jKD=Y@7r1WB
z(xO&SFc@-g-rp(0ZK`nwy}DU|bHvsl7wCz0V^sERw$~F5(zo*VZA8PAOn>$6zaag9
zd(FuHI!Fu3S=8w|R~BE(<aMK|h)O--t55(^t!@^Jwv;8(O#_Zoo7wn<Hd+?D<n%9I
zbYO9fBj;0vCUz|nQ=)-uk3bo%7MFGtR?yY0nFwL%@t-ar*vO3v7Wxn+Wq<7D!nn=2
zDK=KYF5jK+)fCcO>#3S;udgByoNg~Q8AII_#SmSEM)w*ZR(Sv}j1PsLXGn2EZ-f#E
zLr_nkV>)lAWp|ZOxxRBbJUE~#TxX)6-CkF+%*ux$?sZ3h8CG?x`v*0tW)Iw3IBvI?
z#*cS#{#H3=17Wn!3b5YaEou-_w26xl=h)en5C}7WyHUGUbp{G*5`q3kP72mA$`=F<
z<>^X2(4(gw+!_(!I4XEN(pJNAQ$~BPz4DE<A4kr~7c_Kl$@I)e_6CA$|M`rJWaoTV
zINB3B&*DWed#dEmySN;I<_n$nLVlV-1bi3`cNnb~*e>npny(YaT+QsJymQj|C2+$)
zG%s;NBi**_c5L$I`fhr7|LzJsA)glS{E6qyM^`3`IsIl6YmvJ0SNTA2gp5khIlb+9
z7DJf%e*EwzRx7CB{`C8;a>>{6@E(FB6^+l;T6Lpc^TMQY@jL&ar0Pl&y(biZKGv9`
zJ?p}0p$%E3dEO_WI`i>yFR+U2&RR0%{_QoJuUsFiMN!h1{aPOnMOH;fqmR9zZw3a?
zlH<gurYgZ`P8b~k1&$x`pk9A>mB34efjC8zY%28#*4QS^+Ml(y(omx7DK>5lN|d?(
z|FZy6M_EE&Q-whM98ck((#yhCn9r?MSD~fix2yP*XY^?wSEsh|nubg)W)msj3vJ;@
zjQW`yU^p54q`c;w5|g!{a5}?0@}coH_Wq8Fr=)Oe^2~(G*sVhUQhx#g+p-uvv@QEY
zt5%z;kO~^zIG?oi2$tibr4v=5kB>Sk3mT~9XR-?hH9BI6+x+xRdzU66g0D-=eCB4D
za>_Q0ZVR>gtc!XW^s$T*<EAR}*Kg@{zB37>CXVH=KH_xo)-(&ir5k2(rnXo<H8j2~
zx`yblz?|n!)Nh6tW*09zV!(-<ch`ZobHeUS<iPGaL*?LF=c|A5!Xl}eL-r+-%R3m7
ztXrf>GijcGxvPpc`vsU6mtxL42FfoKD9&aD%~ZxHJk%t_6^bl8eq=neB<PtX&3!~H
zo%8-p)Y=eTV=k>w7mu&rG^<)E^zjP|lf6c|p<q}loW-C^^It;lH4+3=biK)Xbv5){
zhn<~IY}*65?6RHA*G$P5EAJlV2u9j!tDwSqjkGj1T^NnXeP42)%EV*b#HGaZ8m}0?
z>pNVk^;?O-Iz9dU@}5M-<<<PFectB1owl=QXPMs`&1*=gX&>UtGDy9~kC>aXHjHQL
zQ`6$SU(3}OX2qmIsNlOg%N1?>`=5seM=j^0S~;a;t9Xl>iuklxn1mm%w|@HDRyVo#
z_3!1c^!xW)4PIy8(7e&S`BHIrWaO*Rz0Is8(WT#6HdI4-r^)0&uIX!|c&LApx@VPW
zHX9LiN%S@6SzbcE<s^o2irfO*q5=aw0YqQ_x!jBAbln{Fz*l;Tc6;~C*xNB<k|#2j
zhKHzZw#xh4#G&Mdzsf}}>m$FM02k%FqnR7miwZ@KCop=-t3QbzUPvT6I-C7rS-4ib
zAIbMZtgj@q%i&~O&&otzFz9K84SU8MU+3w?+Jl1~mG?gbhDDM!{&2a56In+~@EQE1
zcoqGS4n70XjzsmtY<haEk0C70CqHfsHBL{~3&?-yc!*+3)9+PkOj%bLl8$&TF)-41
zC-O_yQ{Ml|rg1Rht15S3&R1|q$V+G}8rb}UOlgOqYP=E>j|Jrt8N)1ULU&qh(_lvO
zbf0noVQJ~e*3hMhs}8f_64^*aOGzv>E2{9I?%fTyn=nUCI)daz8tuFVVa4n~)O;s-
zjT^PK;R`d|tYLz(d$x}=vjwazH;n1+qFP2UO4&wnxe`8k_<Sx_{`2ET){ag}eVlcu
zmAkhoRnuLqe!OIna|6jdvOfl*A#d*K*cQH!srs9&XJRA1k~dw?8BVI*AC)}bg*6@-
zosVH`?>Uv5QnxM6-;rl366yG|xaG5f2Eo!%wHuz7?uUzb&PGvp&u~TUyq9YJZsU0=
z4VWwfKkmy)in){>7{62elI^P$=+@E0eP-K2uZfjJ5{REcAk4tAuY2q1A52e)O5$05
z+tMJ7VbV1`LWk^pCM80cAdv%O`;ECntPN2$jzhJY#07&mb)04Po77Z8M`_ew6P0Gl
z-cJj0hPl}sv*wXuGYS{gaCA;dWZM(QbB_D5hfruK35Fa{#YHhGb>61ce_PWXIQrI}
z_1>a`&()7)k)&AbYc;>w!^WQVjD~ZU_T>B#%{u)}QSLwFkK+6BR@T+=-FW2(gJ{z=
z!D8-o<CS<0U%ZF&x+~gILly#6%9<k)Ok)$RKLTS6R5Ru2711U(l0RZuNcBGFNNOI<
zV7w`1lcIhuHL9<dpBme=ym@Lk>ut<r(}ZRd;c)$J+%^Aoh>k#(2%hEuxpSnQ722+m
zJ`<QzSUc~4!fq6Lb1TU{w)(oRR5scDS-x}DUxl`0#?DPf4`@bz8F(uMzoq%Pvf<Yv
zJM`m5T>Tpp_tIqcCx0W|&QqnFeDcFyB+$hlpxO>{Z_*Me?O25<ulEh*8+G=F2bQx%
z9uvEAI)6bs!&*4lR7{R%Jb$k)A^h3EG)}|&R0!_qIFc8?HAZ+{yh{DK+6q-r^YckG
zctrvSbd!|kJ3OA68P&fyieFD8UT=#@dS1#CiwaZBRClUZb?VNoyr=CL5_z0l&Gq)n
zX!^eC%d1sNm8AUJ@&<CZ*({a?t6uWb)X^)tH;~v@pi3PXIBMgDqP>xEcyM<U5^u;5
z7=QrCD4s$)Vyv4Ej|{YLPR(UY<A&b2CQe%DVOyo(hPxWvGX1YDdr+O2YHHTCEQu*>
zz(4Be3&n|@*6Cyw?xReC#`7|~tjo!J-pB1!))xv!N&=K8SsJ4&oIJi8XdcvbPFDxg
zE2$e{k8_2wiTBTz#g^~iU9Pj$Nz-qe9K!bVdGq|LS35Fv@bn3~XtSjvqj7_qyOdw8
ze9^?S^C9)AXZC-$&k~>E5&6gwMlq9_rZ3Ow1SH*_7hp1Qc(V75tZ&D(_xEr1s%M-r
zs*h5lkCguU<fXp|P+w>v?qN&UxgQdi@9yMdbxpg6{%eDe_d?z?neeym(?gY2#<YoJ
z7)%1{dsJ(4_X2XIvpl>ThS+F+rELB?$%@I9VXTO|!*$PvJtANA_V9N)<3Fwi#cJgZ
zN_;N<NsJ}z@2MZw!|b@e7@8;G?IXjyU;eT2UaArs94YKU52&CCF*}f7?d5Cp#@NAn
z8(j2ar2(6y=?jNnvz3xX=@!1Wx4`L9duSHNhvpfH+W)5EnV1@6FL#gC@k^>3%Ri{>
zIAS*Xco7Wr;%~&?{}@^EHQ#@S?WUxPMS4_3-q$~=au2TjxDU3-qVbh&0~08@o)Y3@
z4iDqU#aWm73lTokU#;c*_F&f2@MuroE5`ce>TUHn1AO{%+t}?$-uXx6)x-INHA-($
z-qVgM9iz{@6|LTU&=g3mXrBu+5$l`u^G#kyBbp`Uc+Dj_`*_+Y)~bf0Y%9+0_Mgg8
z&ehX)vC*chHG)ny+<TSdwPI3N+ib=QReP??YlVMJS1xy2EDBt`W-($eR@joirLOF0
zJkOP%dWkXX{W<iDkW@u_$L_|*&6m^Nk2p!8FAfIAM$<@+fL{-BNGoVXCl8k5ep|*o
zXZGrv++VN1kE*uMor)h-+$gBkTxlUaDdLox)6~j;s<ZOjXZ+Q)G<(8@+&>K)Hg&Q7
zG}#tG*~waR`<{Q4-N#-B4tRaP4XWvx$@Sx1{C`TOG8h#lJSHcc{9WC-JkREZ_e4uA
zb>sQ$GmAca9-oitw=YJx1S&%Bjq6*TcxS1;N|8-a^33i&IHfv@$d&ye8$f*<eZ&fe
zh4wOO>FO{`+CSTFz*N2&G9!pdEMtCd@uqi!Pns`jW$!`II6t;tw<fN2aJ2NY@xpU@
z6~+>sSqg&Z)`m9c+F2zl{AwJlTXcr_w94G#3d|Jy92T;Iq?|Evw)~&o!j8U7Fzmz(
za8D0oR3SG{T6reQO`R&M$C&&rbLBjX@9~K;8O=#m(^xHY$EN|#gaEm;<Q`s2G1@ts
z3zpgx*Q9?VtZkbNW&A`Ja$YeuVT^)CPHMTf6FWboKlk0|u_s#ET{q%LrY<(KOOqF%
z+!)J|*@Zz>$U{kBGzH8Rf@#gu8@^m0$~+~dUaiXOR@SZcwoVVuN*u?sUr!Ov_gD?c
z$6!GjR=k&|Padf>agDCP942<xq%$H^y(fiT_M$Pwgz&i-Dk02DfY^jUXf}YU?etN|
zFQ1cx{Yv?1rVm(uKGzt3sEq-~yTru(i6V_XU5zRxYilW;nT|wf5bc<GH8x(>BiCWn
zhF#IDXk`K^;Xsqvhu>0yvioz~Ehx-RBQn$W-09`SAlV!dXSsTEcKUna%tUHC{#=F1
z>++m!N2gr|FW=t2`bN2uwR~C}EYfDi${ejkg4aPp_Sk9+_oiXO4UZ;~rG(6w<~%)Y
zp_G5OC@UNEc;LZjij2^qg3MPzdf{P06SQlEJ0g!+a5t&a>uC_5YYsMaj$k}1?28c_
zsQjQVNbJTydUm-&Z?9;+@<U{UExk*U%IaMEO-Orne9!azq7ZrEAMdM<WhG8HP0Z8N
z=o0SK%^ycO5zE=ERJabljIq?X&F?MI7tr32Sg=4DShMQ=xeqs#785;XnzjQCb!Sge
zw)`s|mB=R$0U@+{9W*?6js?GjM6_Mn^z4i>75WHzM<d!w3P)JG@#uRtI%EAP8bLnP
zrnZEaqWtYL;}_N$ZI%fq(He|-bsLfu`IbJEttV?rl#d;+^v^H6oc;7(WEE#0g$@S!
zSRURTU44ai`>fx&D*M^9AH5mJ-k%ki>{oQ9R<RYYr4>R?+lE^zGE*9++SK}9cp(E<
z;L%KOZnfdAxQ|U+GllakK5BosV4vT?*Or^80<`q@ft4J6{LGj%`-cD7U-#?9^(KrI
z<!tG09WvTX^lZ2c`I_7&3dbR*FBJNA2QD3s{f)@qat_(1=~2I+23rw^E!4sM*qKTb
z6^VCG92{^=X3KJUJH|L)JKb!*MgOf~dM7>3d&xIx*CX`5O-gl&$$w>)EJin+XR|Dl
zl$Z&WDFby@%}0-_u}H>$Hm$uJ?Mo+Y=qh|zCpd;vT=6gfgI#N(5yohXM0de+bGCo{
zKqOKC38X`{{hNPK>3c>W-xwJ?{%m){b=w{;b=pkWCFy+T^WZqM=>ciVH|Vq)?Td<_
z5c#eA8=LScS4Z{?J98|RDs#f&@$sJt6&^l*{!U~BO`70Scs*jQAc}>QVaoJO-GI%u
z`HFx$++QmC->!*Qk+yCA3C5QYmI^v5tWmD2&3kFH<9*J^p!njNCu&kab+UYr5FKU9
z#ShUAUQy8jP?nqBw+Ug|0Wxx5RZR_LdM^N9C*kvx{WBH{VS#~vpJY1<-Eo~7B>Wlh
z@1bx|ZQlcF%lu8R<i#tU3_dIWt7SJ2)E#6ZYw~ui{OBxTC5K@<R4UuNjAfvYoAywf
z@h~)8-?K(V_&fP`OTdqBY@ROvw<ChL;r0?8jW&A#oqX=0(hem4rL~A9euZg3XXR*r
zKgNdJDL+Tr7hk7}n$<^iP6qKP>l9Xz46471Ou4pIYeuE4ghZn0IVEUiq~!ha?j9c;
z<m@#CtsdNZuv5`NukB8UPc&Ce-0L{<lcK;$E72;!)yJpOJ65oRzxCiZD?G%I(>OEV
zTuHWiB0Ie4ql;OjL8jEjYQJ^;>S;>M9croHI>ZG=A7Q$fUD|)s-DRv;@YukC0VQOV
z5>D4Lv=h-&M)8Y@83mbNdxlr_Ej;n(9ixF{hqo<O{*F%<Gz-dj^hpeJpD>P=vGAC+
zN(6h7)Lb_;C?jSb+&#0AJc`KUY`*uW<?oWP7}`zlzQ3{7n8TXn`@_Gd-j2HLS8?Y0
zYTf&m=!3!yc^VyF98s=Fb?(G-tIY$Gi;;6UUBCAr<5PmFh1(~aKGQ7g(?wi?B|^V5
zddBZ-ToesAUTc@=lDxpwyx!=j@6!zJXB2nttc9^;WgBz<fydRv!0>E%$kwk1w<iV4
zY~Rq@Z`Vqdt$1NNnZ~@Y5jVsXxT%U-W$#2y^B&ptRL%~`lyaMsm^?m{qT$$gG&}t(
z_F!}HrRe+l;mb3JNZ(J9E!v;IsnZ7LrSZ?dA-vT#-4)-;&-o>zM3L+tO1)j6Z>Nf>
zl>cT!8Xuu;aOYeB+O77<q19oE#tZFRSsa+yhZGeD%F;>Q==tHkU3WxBg)g7G(k*#;
z^uTQkDI==Bjz&i~Hvd{;2cf|<OZ6g{E{SXkU}#$GNiSd^8ax07=k{%V*V=11*fu*)
zRP`I2lZ2%3g{e%IUrJQ6xXYVfHP5DavtueGe+n&T4R-4(=Nuw5GLX``X4>fySf%&r
z-E617&CcB27B-mzN-naD(ysD-%v-bB``c%_jJJC_3`Em4jV-r~vw#VYx6#Q7SZb!Q
z1~5{Q$vW#1pv||9IdR>Z@Ovg#K%JY;Un}(Ua@pXn=RnW#!x&Z)ql(e+S9c8GGY=R%
zzgD)aCuoz?d8&6)P4D(V=k6F;xYb4{Css9G9wkYUu@Y60iCfTRCF44!ppM8qx*yN%
zTt!*%gD$&Swq|JyH;Hd?T4f~ooEuL~Fc_8S@5X=~gJ_wMA%RDMe7m|lCW`1GCnqn)
za=Z0@cAiwALFvd#nfP(l`)xYoc+TOEKPnD6P$q@PTZ|Vhg|Wn8$&Xg2c%uEePR<sq
zq8XG3aU&Qqd|ds*-XMRguT;ynC3Kos5F}w7DB4*Tk$K`~YaaC1gYEa4wfWq8v5_8q
z7LkAJ|JAa)`tFk#D20qfu@ReuYHk%uU!_tNnNrCM6Mu2i07&9Gw6`IgOxq!E#q6bW
zNR^e(Ye%HMQ@@nV_}JO(t$2%R=JLs8z<cftZ>Rr5(^&^Z)ka(Y6$O=$ZX}0p0SW2u
z9=bcFyQEX3JES|MyE_D=kw&_^@56V$>z~#PbLKo}@3q%nzmU*nQhLjENXn>%T%CLR
zf1~or1XOmQbIeQY_S<5{Di0$Y1P|@60?d|E9*%L~t%?d~Ia&K{`k_Q_WfgXXUOlui
zi#DAV295X`Gfy6(p7c6ZhclQu|6rO>B~`Kc-AEFc{QKX$!Et30LO34Xxz|d87Q<_B
z?to-r1F-i0l5z$r$`@WBO}v4bSz(Ia$Nr*XTiC_)l4rbwV@bszzR-r<*n>0$RIO-Z
z*R4gKm%GzMtJ}d-=hhin)4M#K4VhgZTl>Sa?YFgGZdl7`hV~uVNwxF$m!zqD%R~7;
z>azlSQyY&{6FF|u3D>^^yO*u^G1W$^2p*Q0xo)D-g<?jAQ0(g6MP>>qyMaPGm0xk_
z+EVggG6J8kQ4bBH;;O!L?H8xZjOCCi)GRGq6M|-llo?5K>^M@@_Hk2Sl&hqn!OxzO
zmFb4(*@WNDnlTecFrfMAsN!~)GfKvzj<!IG{))7*E}P0lOmo%w3v|@szoe1gPYtxL
zGz|3psHxn|DZ@ccUXSZOf4+xF{2+&7!<vLw?YgCqeD7^dot~<QK}m4sSr+ba-yf3e
zSPd#jRdUzs?F3X=bI`QT-zIJcbQ-q`I1j9YE4%cZDkaVu5YV&c*>aeTbwZ@4{o2J>
zBPbpMOr4@tYCU#oxbLq(6$!Xh5ifAW55XmvR(j*wsXt9AXX_OO(`lCzBvhyb2h-fW
zlT-;0^}G8u8V|h?Y(LI{SDL#<PE>2)63C~IpzHj7OOTGQ*s>iSF3%cj`gDQF$hRQ1
z{SWbQU#aEnknrkJh#jAAawzCW&Fbr5qWz77BZa*$q#Oyudv8;i4DsZiPR&0*IU<xC
z*$Bgsv?tZ>@-Pp!wpRy4BAGYo5N_P-a&=nr?QFM=Gl;5KY(7JN3&B597R;R{ZmU;*
z8oQEnK^xnNaKd(7N0vJs$;@06YHtpzJyz#u%{#pSr+fc+P1VB@R~2_fv~v&k0MhK$
z?w1VX;qm%kR+c=xCzC5qRmVgOlMRre>gN4qygD-tEaS^=8E`XxvghruZ+8utZCmM&
zp~rQPl(xMI^*(x>&MWoK4b7TTG76@LsPCK{-7Ydv+)H_$w3p?(K_l8W)V)tu<WA1&
z-5al07zEru1`K*Gr76%V;6OV6L&k^vUGR<D-~fyw02Kh=|CjB3z;1fkhypoQ^Hz0D
zhZ<5z{B#s%?^`mk=QPQe-H{@Q*gd11aQp2!Pe+KOBRadF@B0`q2fx4jJ~QY`>eZhw
z&#E7$Hj8EQC|4h&fkV1%R{bxUBFc;6F5vITX~A1_on$?rPN2x{3$t+T`xFPxEXFjH
z|IkHMW$s$f$P300d=E7%P)XBPU7j5{b7A`#h>@@i73&YeAp7e!MD8NmuAvC=d>_ff
z^37sk>Dp4tObt(D%9!hO?)=lPi1dZ}1wnF01a%i;m0v8|23`!!xD}r=oSXAto|{ve
z)3FUj%7g?RQ^UFGVyFr0*x|<<E!)t1)}tF?{EzhomHAc?A(HuIU4O)r?FU~=bk%X&
z=U}1zuHx-IYu;z>qIq3luf@S6+Mkahs+RR^^npG%#vEbl@{FT5^bC49w!QK1JMkc>
z9m@Boo%vV!|I=G^hN=?BO9I3Rr|Svv+YbbKAb<kO?q5~K9M-#z7<QOSU+vYpai~5x
zBtLdPN1iz7i#GmP@vEV(A+{+}tY(aVn%q;BV_uYn%UwK+)i}p2d-NwX0wa9>Q*Wuv
zqBS)Hnjhx`iU^75ca$|@sjnL9ejCBAN$VxHz_ZPYAyDUH2b~TPsw|i7j16(*4M$^C
zzsWdcX49hhi$xLhhf0=<BO$ny1A>)=qYyaQ8S{I%tl^Z)nF*ztAZ5#gH-<FY9O;$(
z5EoUGnW6ALVtx>P7I_H`fxG9o*e^lUTUMUqrU#1ALF5Vt*;0!Oka{0mk_yk};3>vP
z+kK($rA_Uj;-Upi3VpR+V{NRG<5?1G*~C&9zdoN*<hWaZg$r8tY^h4(S%RmT`KBjN
z%VLHD*LM8N=h-`wkY@-uzF%^V|05$Kn;xoHk^fQ{u_8IWiyvCA8&lST9E0dQU*HB!
zvu^(rs)VKFs2=~jn<lG4C6Ei&U`9aMCi|5YjoP3p#Ze61U4B=VlgU_NpgEK%w&xQk
ziu$RSuUZoA{LLG)|0L8bRL98YY*w@Kf|VOY--fPsz&J5Oe4F^uURMamhT$r3-n8oI
zJhW@mEyS73|8;_3;}G1)5`jM5d5}D2rg57kT;1OEqgW=M-mGfV4qx&{G$UQbJAbLA
zs|*wH#iTOsos?xU{!<x&s$he&Va@ApuVDGjOnoLI&oc@`dzKuae8YPOOn$Y1pc4@6
z8T67`0$LV`1b7C$TdZS7%t_HRrL~7$Y@J{4o3x;P>|kG4xzF)@&nDCtQtXGg>aW<j
zC8~%Q`$#@%O%fwRl2#pT*ev})qcDZ;(*m?Q?)W}n9WT0OEUz0qE}wuD_apAk7q;Hj
zc><YX!#BiwE7!ErjCR~JaY|kf8meE~_H$CukfcZnTx)`#VwJ#8Ey}`;p`Crd${{<S
zQ_ez1^T%?o9D;ywk>vnOFiaLR6OFm!t?ySAE;7Tt^ad@>^=pW5PUrpeIgJ6X|KJ*$
z$J0@EWlVHul@_az{+1U~sdr^G5jbp}pRKV|d1nOk=^-j8BEgYJ5?WGe4&K?))Z0I)
zCNXX3&g~pT<s0FI%0XOy-e7_xNPries-cmYanjcDzBQIj<LCsrh>aj<qKYouN@b1(
z)^Djco1wPMZ=uJ7g?tfTRupG^Q45FeXUVEI`BY)G@UfY|jqhN^u?oI&vg}~q_70>!
zgP?=jqaiZbgbLKIYgfn&n;yDceL1?^Lx)6Wq6pM!E9_xVTX4F_3fdtxZ^CQFr5xUs
z%W)p-X%f1t=^v6IxIQ4uo^58Pnf$#^9sC~8`PjwOTl!t4bH_bWu5^r_%_x$W^P36H
zAEyA3_2fVi5j393#{9!J<nsMro*u6$T|S)O9A|Du%GJf1BTRVN`l+@pcGDxXR_Tef
zSl}u#aJU}r>nUhwBHZ`8K0T)yo_=(aM$$aE8-o4xktD&o?ClEWgpvK-t-j8!EOPSI
zyY1^AcBi%Pfv)qriv~<XIPNE@K7!!_^LJk*^*wBn-(7ggSh1SRe>>WI8UnN(cjuBQ
z*fswB86&~69;&>{q9CwrB2E5LFE=8J*})nF@MM5`+uhy$65<Xzp`-R^Z;(4AUZmVr
zO$Unf7p`S@b?Kg^>9v7Pevbw|JKdl=udoafXX18k?Dm9Ce;L;Mp*lG(NY>yP6#Y{O
zZ%($P5f^EMGq&q#iS~bS;S3Ws0@|i=W25GT52MCV51Uct--7V<ypsW_6Sh`A)LMN@
z2L|FTrmo*CvrOZOvS1FuCg!<J+Z|UhtZms`pKLyJ$Uw?|8A;)RLOQPPhmtb@tb++s
zAi;wy5#z%p?9uZjd6L3+M@t+YEyIwVdvKDmDj|8NqdHHJHxl=BXX<t?w;%uO;L{eI
z?)_x-7_2dOqJ$6)v6Uh$W{B0m5oDR>q`dAlESf<{Po0`0|6%$(i>rlzRT^S9J6?|-
zW)6M^P~L?Zx*goQvu8E*#eCUUJLgBwYk3`WBEQd<kar*d-bjWtWuo!;S9s|3?wrVv
zFTC@SCdFyXY$LZ`h6B~YO*|uhn9Qev$=g1yWu%34mRTCUlL^^WAOj2p;-I6WzsT;L
zodSfOCjuZzToRDI0tJ0txpgq-KE%~p1nZp4KyX^38?wgU*~1ELw&=tI*t%4VyfN;0
z`yP!>z?(LNUMt+iv*HK{4MS0MO{59@Rdl=q&M~7OawtWtyfkJh<4OUCu|GmqfY~IO
z#9UoC+m=B9R9Q%H%J`yi$VfMOkR;sEGD%)=Yrow+N-by5qrCy9o-QV&R8kr#l+dJf
z`9IIFSOdk1WDB;5xazI|rZ{=VS&~wD-P%e&Q;&%2_?}U+9CS;jlOclvia|8l`R<|l
z9evDEWrp@>iR>W;*|_)QP8c#K2a2!2fU!0}-YMB$NBNJ1cxNq7p9g|CZ>|REoXA@+
zlhUD87;BXN{%%esd$1$qUAFJGfBrD2`#1SRAJlMpN~6rMtOJT0*FBe%nN=AbuT1I0
z{e0iKoY?#?f9WM!Yhps7&T3xJ)ReN<0Cl*!I3U25LklzHy#{h8uYZsBVq)uj%n?$3
zW;FQ(QR_^)>ntd{z23kRL(HlK#4+)#8duld1ljr70t{)Hc%myV-m(eFo0mjDbUO-b
zq9QDBUCYJnCi~8b|Kjx(%Bx>{ZICiPjJgp%xD3At>!n(--38)M4RiiaK-rQt|Lg^Q
zHHbawulimDJya^DuxU!A9-W}1D5NukCwM2E5za(Iyz`exnCkbT#I7?2d{OF@2#YZ9
zT5WsS7(uMhn~JbbB(P^Ob(B=UUKw;?Z&##zswQp2Dc{o8-Kx5Eoyu1E#3XKil=zJP
ze_nuB_8sTk1pNZDmll_MZiMCg07(o83RzhsAW^k@XNL-y2larPG2;98wI&AOZ){@7
zQw#-I`|bzZ@{E0};geMAWn4mVZL`?_BSFiB3uI{)ojb2(n6%bkN22K7cDP7STAv9{
zox3ZNeWg@oNi3;#&-?XH)$_ojN2{0C@V>r@lea_N<npP4CGKnGSiQp&YVp#nsBdpI
z5=2O&i2?TsSe-=0#2Q~hT@Mb@UQHCs<f`6r-hBMJ>`mA5kwnX(*D7L~E$A5G!Loau
zYPg=AX;NFy{-<#1@}_SvcBPRNoO*&un33-Bc-Ift1HQ8>9UCH>%}e&<YXe@IH4a%Q
zNLmH8ZM|O)o|+3tP5=ZfYzD0t6sl{+3#AY6Ou^fL4!%3CaWz%0=99e<^p!$@Hq1q;
zp-I7Wh+w;vlivZsRfbSNL>-~KnhpVFq?~vSZrEEy0YvS-h!r3Rg?RWAm`ngzVq|o5
zbaBtxs8;k-;ptd&S<6IJz_4$;%Nx!PbT0+Vp=7zr^V7OW{-3?T0GkI=HsMMHra?Xk
zkkr4)Pk}JYb&wVgQZQa%HDDPY=i|pRia8gH7M2CrSrSh<GZf{VuBVhAx2|8rexoC4
zzz9^QrKJ2X?E%b62srHnUI>ps1Ogal-{NAxnR)pPBxt|6wN9-EsZ^u+8U2K+=~i54
z=4++;cgfK~{>AQlwvdsE2Ssj-d{YSQ*8dL>WC0ow3_xEhG?3&e4pLr$hFAdd)<Z+z
z(+wBbp<69_i&3aG_{Lk=a-JvnJ0UG=!cZdUYYU{8L7d9&<9bAC7--iSJYRE-#gG!f
z9b^Yvs$QT7!hfAd7o?h9`?dMDRZl2O%ky=HmhY;I8WsxuqL@liM@!GKjm3>%J5Uxo
zOFhD+|AUD5g=Gl;_o^iZ(eTirqDe+QrH-))9)tNN4Q^Jj_+dQLkVtj09wO!7-S^rn
zjGt~pa+?i1)uOJ~`FD7&HGqnQ(hbK+l7pmv5P-ye1$a>)W)XmgUQ}sTyfR75;$n@z
zqQqV|veGr+p+@sb8tbF%hi2h!eMgZdnsBKE@@iOorE0YaBb6nK3RtEu-(Q#QRjUxb
zKJ9JGz{{^DRY<GZ<<TInWfHC#%T05^;fN<!F-0k3FAv8r&6WUu1nCRRqWus(;b~mb
z&#LeesCBDel#~*zK_Too7?jp`a?+@}dT27c>=^YlgE1)8MF&EP5YZ+C@VIeGM>T3B
zjXaNq*If-D7wKc*AoeXD9w-j5bmRC14<mtQgfV`~c&}N>1L|VIF!55Is2VSU$)pYP
zYKok~U(z!)20U#%2=%2y;ts1t#?Ym2>F`I*pE0!I#w!}!#T!1@+^}#iy75o3{@2&v
zUsO@i&noj0pZ+pR*qbhC1mP<HQ+;}Rx<^dc(YDv5Lr&d-z7cd~6mFcT%-uJ`cDMtt
zT6?2{85&N;`5}F;&yJh*aHvgt`XsP70#y;`nAXmF1!sc?c5TpjfR#RcvWhn_dvG@H
zXE}LIrR4aUM8-qxl-2Wy!3_NmhqVKYmB(?h#>3W8@LQxqu*dz92W?<ny>$?t0}3HG
z!rOI8jTuOBKyV3RW)YKfRR@cYbAk+!rSTL{3xFHs`9b%G-7KSH<*liPox|Aoq7&4F
zos2_h?2l4Of}4JzOeJsT__QP#IfU3R-wxJjd6N9gAo|65yMzMN14ydO2c8+Ruel?8
zZ}BBq1K%)<puI1T`^9;|DD=lk*i1VSh4z(?yN9oj=5e${(}zd}g8FETWZ?0TIv#q5
zCT`mu-78Z7>gU7{GOO`k5Abeq<EDdkTpBhq%B9``B>&d>?<81L=-OEPH*Qw%shUQN
ze4?kCMa?x6jXJBT>b6LRztP#*_Y=zwlBt+7ajF?idm&LZMJRoc<}pP>^3zX%NI?7I
ztrw>=yVsavAONsA;q<Ya>BX`D-2N|#;Z}c}FlU{TladO*zD;7LDv4+CEa*id^4u+!
zo{MV4A}J5ag8%MsIbX@=#m@J1LEQXYj^BI`UC17#oO}=^a!qS!w9pNH)`0mHr+1-Y
zXU+6ca9`)iVkXqDeFMSugBFMF$98g$S9lgZTJB@qOqKNPZk&g*Czsx@3hrSC0v*tp
zZkgx{=y<XkoDYfwBx66<x0wovtfON6jV75O5Cj_jHYLPGO(G-)Qgw}wjmw$2o$wa_
zRO<(s+=YXE|GU7!PuI_VpNwQUB&dQS*bb_mi5RQ){>nHmM|U|`?4+mMlpfvpiRe7)
z5Us_@QspZqRW>@h`sL>_<0S}FFRuTiib)!|O%!!I)V(unrVlNqZm27C)tsRyE<=#O
z8flCjN8aG%wcd{@)W@8)pFm7L@<)F-`5{;JxI%}<Yi*1yqDm#ZaPW910{*|o4b#Q>
z$IGvt<J(ur^{Wf(|MsNTSqPZwVa!yR{=m1?_!)Z_DGSCx{vVs}<w+)+$vX-X=U>1h
zU<g)KRfP+~{3@D6yyn<Q|0jNV7x^0^&p1o_l2&I4egQ8i$63#Raz3}L;q^vyXTJ`6
z@T4K0Vd}vL{O`$14Zu(gnnVM~Rb0OD9$FaoPrzx=>|QXU7hATxjq#u#Q=4NHzFz}Z
z9sQBLU=vMtr{$hKL4lzOgK|i`I07}=&MKPVwH@~CRps!qBcm)<*L-KK9ghzj5;Ud&
zy?dG=Jp29Ig^ngsg+RixT=6(5hENLsw?3BCDr2aAe^cn(>x|b(OAE8h*5`R+xb~9>
zi275^uL=v%Bu8r<C3P^rcwP(&D9ii<9nFRZVXs7@CZU<|gfV=Maas&QHDsq=)EGbh
zdbz3v_mGe$S2>*$#-hq{oI7I`Zz#-_kGnr}5mpWD;@|mwA4j`O+&yn|04O`7%eh5`
z^X$~)z<sf^lw`8SgS6RyXpR&b<yS1hqI!+CqaO%N8}sLv;Y&}QCZD}pK0*_#!avLl
zgv$%|)-4U!P<s-A?#JzBrGi+oK=scYBv&$=q~XX!I?vE6OtpP>SWV9NpXT~a<W0nf
z^x-Tsw2ee~L8LKYJ(<fRy=6}Qr-|nHRlMq-F9rCDF<S2{8EJIKotHBeRCuz#_807C
zD!x%wPbk^+@0cJ?mNvkF1FrQAz+Zhywtrz;QeglLLSfz8{EG1<zIODD{6O1XlH|2>
zH=UbQ1V=0J)3)atH2Pdc1}<^l9sT&tF8Msa%Tt1#FR8|$A{L1^*FZ&QC^bfw@QW^o
z$)ipMCW9v>rEGV#RN}Nr>WIY)0-OR4^?Y-6f}be?M%vljYm?2EN#cFr`2%sU6Qd~H
z4_UoO;|cDMHVO?a+349rN{b2B6`+nt8)xw(2|gBlTz_}@QQz}<fiF%&JS)v*mzRTK
z1Rq<BRzd}iap!R1f&j_AhT_&PJR`?#k7njmj<y>x2Sk~%Mngl_5MbeCWk`lA^`L3W
z4mgWw-R$&`KRxb|M#(#jq*A{tIV5Ywe(rBE!*3XmgbbCe9Ft990R|U`zo~s(^=Dv`
zAT6>KMAqMtj*LFy&e)GN5C7f38dUmDMyGjm(t}m1dR~|fgW+RFhlAIPo$qsSCB5p7
z;?5^S9uYV>xwS^#U98xqtB}gmB6H|aaiteuqeIl)*t?JTli9l93MTZQl{sM)SY16F
z0==3d#HeOBb&VhdO(I6#C={sRkN_@?jrDi)S!gL)=o0vtw3nQ43Gs(TL4JfOva;no
zWm0RZ$}wCs1uvdF|AGRuHgex$gjX4%ZD`h(u|~mk6n9~)6%qar?k#1ZEFeqScNz~S
zAc|$|Y<Dd)<6((J8`=58Q&qi6MJS|DQ%|U(D=ChNm!<%Y!xoU{MZo140@Uwnz@`f8
zB?Sc^6lwl8>C4w4u=a;mP3iz<1S(_t-C`OOf;54rXU604Pz8~r=YQmpd|$*l$`yv@
zi3gV+cV!d)Y6ow2?_!H_)H;OBXvQL@52H$0(zTF_dXM}I_Hhi$a!~5QLzLxa3Ba8#
zVR)UAB|oyj{b*{ccK#dY=xIw<wAr5f8hcxK%XeJZCiH+Gn8wC{xgY}AR=`oWqvU@8
zb_{AN`6+;q^x3O4esQ_|zuimTUu}iCXNJZZ_rnesgsBh}Q&L)gAn<08-MOa#izLnY
z#WVNt$4oQBjsA7;7dGeHImCuj-ZUzNcO?ONAy?l#PPOgtu&<4d@I*n$z+vW*(O^2R
zr=0RNqjzmMOLI`@Osbk&D(tYK)r}bfr7jKy9|Oj~hbISQQ1$<I_DG2Z^En`$AU_?^
z7+k`sEE^xMxHwpBqnKzFW^VNl(X|(3&}UlpOTVkSOn<&7*iAsu5I4@Q=rQWefAAfr
z&oVAkYsv%@hS$%3$lkbxeJ~N;%6hI$lWs0t@Ox8W_A=oF-_%m?!uMp^@9gjc4x3S@
z)vmL!fLTQ7;Q1f87MFR```p`G*Ma_`Q<FGt$R2IWqs_d(Ld+!lhnlC`j?&6d+p{@L
zLuk08<{XFEG`_?q$ThJ^L&~NcScey`Z+A$Nfpw=et$X2`?R?M01BZi0WWVfvsh`+N
zDBY>3|7I78icZJ~`wH6jWVFQBk~vzab&Qq^Tq>>F@>{M7(7ORPAo%6_FWGcp%l-wH
z2yk6c^iqffPLQ3_V)xQc17~b0=~|pN7?R~`3g&7Gu~^qyX3`2YZf1!Y0S%lMm}Zqy
zs&BWS?bBXAyM~TkN(fS~VK7ZX^*Y0Femq>+UsQ&bigVv@o8oY%Zh+6ta4qExn5iG!
z?VoRo()N9eXUy7Ge)x_O`j@6DZIONGN>``nv3;31O|#uG4P4=Vp=bT%!fMaZ#pT73
zYL{s;OEkHs3F@n7C1fB`(P_mtSZpZIKs;x+d)p7Q_v7sdAC?ps*mH54<4mtro0AA?
z0yMDL`mx0a2GMR6!hMyLmd<IV25N$t$>2?OaP-G#n;I{pDL#AV!WJByA7rK*&psb!
z>r1>mLDGGkGSJ5nt1lC|)ZA4+29|b%DoZ$Lu$iwu4irLfnu<<VZRmyAj9*#);?Wux
zixJs+8PvIMec@TU9d!QcR*5PS&+%~cUvv9{2*kMZ5_>^GS$|>9$=0u#Z+g({*_l~r
z8^QBgs(=1^ln|VZ(M0w0pdkk1v4(3^EEYBsW>*ayqoz7F`Zuclpm`7?2kPlxG%V}v
z6rK8b7c=cty$vx<&_jRaV$V}|vl04^Gd9BBeeG51C$yc<>hfgurMZ2kw_}(3vro(S
zJk3u@3a}-sIx|mas8i2HsNp=i`=UQ+=0uQL%B#<`F9Vd|z8X7iEf8kq%1(vhw2J-O
z?57*4dk2OXNzCyt0vfnK!0%c;ga~_&7}R_j&mJ{+mYop#LG{N;w87CeW-#lMlePW?
zMR$el^XuobpW3VUyuc0ty1$q28K7lRVZgtn_=3e|(D_lUo3V0%%q`vt9YS`~n0VMF
z@*NQg)!pl+y272$KG{eziB)F|;K{Nz!(pn6N5*b~Uc_?3!$b;iNobyJE<zyT$KoNn
z>+TkD_-w)qrf@&wT-5DVgC5k93)(z2sB9!iqiOdXeNc6As2CPC`kSuV$RsKqErYg>
zi%m~1FnT5MS&FOwWr;>4g~dCZaA!t-H+TPmka{>%0<CU~A~@jT9R!0^t0!0d`nCdG
z+T%(yL%7*9TrQUujjE6y#%XcEFq@}IdfbHN_)Z6}A(2F(AD6(FTiR3+4ctak#tGKr
zwnxZfxQ$W$Z)J~gOu)rz*g&@iUNJD_DCeQO>&&QJR$xsw>+4ALEKK4EBP{LuQ`tMw
z|5nY-hDXz<s8vuVp<#df3l29=Z|Fy%mpUbGD5?|~OBeZCP}JjhN?Fw0ba_m#BVsa9
zmfUC=2^78;N@n-wn!81GC4INN#l+D)$?{zaX<!!JN7SnKBMCIe9jxv@B>K8Ga-`tw
zwFLvZl^x9a{>Coa`$D*-)4|W6R&~48Omuy?mYb;iJO)mrq&pGRH8S?u?fT702S*t7
zc)KvdX!mq-7o#YsEiJ;Q@yiLeP%!HsJHXQ~Ef9wo{&wLW_KUXzYBOG<$ga1W-+J7r
zt4*}Q%!_5Mnlv;%1i8u`ottXQ3PdqpgjniBo61!`n(XiGf!J%n2zsf0rKdIxiSBU#
z5Hva(RT(OxfFV5vvCa3Qgm2ff1V(X{3q0eI!oE%Z_v1y%5C`#N3ADm|!Q*JU{tP@L
z`+=@n9#O_kCeo=nrE%0{)wQ_DbQj=aIL&}@S1a>WCn!xLdxtK8Nmd$SVWuJ;!Wdlq
z9tW8hqx!R`cxMO|Ra2oiRLP{Kq+_B04tIY{iJ?gvDN#W=3gh++J-HTLJ(^}bQN5Bh
z$hr}f2%bbE0b#hRYw)hh<Cr}A(jGVk2Z{`C22`JSqdwA|cJpzCT0=cs36Oap2{qlO
z=L5yU_d%>%F;djq%DxxHBpb@^Q5pM&m|7U$iz69BNEUm(1wtLwDnI!i!?SBj_}OaE
zS>DTC#t_kxNf6V1+MPjh1!nCDL3npzk!d3^NGt9&>XxfN8Oq^#IIL*t3Uiru7=Had
z0R66p*Y+fT)o@E21G;lQ#=uN2u^Qg}{=0SiT&K&^u$|7mH($w7S$hQb?)|H*|Ez|^
zF1-@Ij{a_A=-tH*n!9Ajc0B--iWl#|G#;AY7F*Bjg3V|(y|a^TRTSA>js(?RMp`Jh
z6(;q%yAf9x*dQ1PgqesC`1&W?+znAA9t@;6dK`oz(ioXM8Ghg@6j~yOljI}EAd5CA
zhK%eXzZHHZqEH-Joh1)KS$B_*xAPKpfVt}hm<VG0aR~{_KQ(x+Py(_$6-Ff;!W1iG
z_sm#uNb09S_wpa8DqxO3mW&;Y%f-?g=7C40d3AwS856=Pv^KeB_u>-==UMpY0tp60
zyRYL^tzr}m_wve@?;#!OCXu)Nl}{I1zDW%h;_IA(99q)(y`%h<-4u6{4<|lpUGyGw
zO=Lpa9!XUhq!nK6$0^LMF+aX--oz6XGDVu~(`oH;xlg?p5>$TtE|v3g)*n;{n|chS
zMBqY;ERh}dZuP4wR$<0Dl2ZKSV)AX=fBjG|`gZ9r40SLBuX>3gMC)^h!{d_@zjZV1
z&=ZWrH{I10Zx_kSGvF)cvCGBO*X-kfI|w`FI@`gdG+m&Iry6E3mSyb~#)iyxc2>_2
zZT0zmuTybi(rO>cs#6#Pnw0sZz=ZLPml;V>0@KRfVfV{S4LoFgRRwfLl1wGhOq9uD
zeh2&t{(%C$?imdU!>=~H1u6wzqUbJPv`9>6hy|--P?Z!Rl2kUB`y8qE;j|`EP7#tU
zo2}1fe6v_n8k(PmChEoCLQ9Um#RJAWuu_3kafkJu_d4#o<iHOAB+Fby>btwUV%GWp
z_%x|7qKt8;SZNb4%M$e}@}c)8z2D1Dz21u?tVC%Z)@r?8IX@-%(d%LoGLw4nWP!cm
zMV^iOktN@tM})ipSCHW5=9dsC!h_pt!rpp2P}jG&<MKe@h^EOMnXG@pOrMgk%lM75
zdGg9p6{AX8nB{lz8xJzJ>8XDC%}E#wQC3=;EZIOzA3W`7*X$$HRU7;FqaIaee~$e4
zvci`U%?pyV7N-TA+!NA);)>lNG>B<w1{MtwrIHRrLR-rIhS%CeWcg^amT}b|tn0}e
zFS96AfWIK@(CH6-Shg6e0TSF+HvcEHAYm%-j(eOEXz(3AD!d9__x%{jq4S=^D#MHw
zSfQJAaQkbuNzK>b4&t<$ba5${jnK+U^hdR~?%X4Pln&4}{ff-IJGOKkx2afN&ypBB
z!o^fx*62rsfEOs=P)MpQc|Cz^gA^~k-3@*KgFfh$k5a>BaTC9#_$O##QoxB}tWl`E
zU`aLw+9=5yaw2wzr$l)Ndh0G>CFK2PaQ5)@p2h?X&is%}-*o^>FrkXMZl=kNRwS7m
zqI^4*puK*QeJ7cU4KO7*xX&^PZJ)DN$o|BGFDL7%ViU^Ypw`oHR})eAV=;|ag8+je
z0C0sbdN&9`9;hAx=vXt5DV#d0vIw7G4E>7=(<me}wXFEQPKB049`%=X^WG7PYfP(p
zzo#L6=V>y{0;059;n{Q|S}`dzhxz+@ja?`Eb_nm%sc5Wq=HBKYA8&6xuTRqA@~p7E
zz&oSPkiqY9>i5gAkQ6}-${>!*2eAJ&-0N?cw!|Ev%;_P4Hb_!P#eXr9qS|Ywp1zt_
z;esx?15~FA!sJchB#Q5p_y&vRJYT*6^{JPFiBw8u;t^Zb^BV6DF?Wp|-^CVX>VhZx
z3;V&l0K4Bln$}Ba<-Cgim2#p<db?pGE5rAyoiW7w=c-_{g`aLvKTvDyJPP<Yxsnb}
z^=~&$L4RtawZB!26cyJW6#^sOYq_)Wc87>Xz8aKKd5(IQxChtdX74Qj1U88T>k`xB
z*`{c6wHoSfSKa6$f$;cib`;6N9(*MCAJX>VqaXZ-vU_D~Y=5+_<`-CV*Gb|0;In<R
z_RQVgbj=7>zCL)hXGWKk9zQK9j)ZiX&8OBa6mi;(qq=H96M;#~;bPD`C81BeJ`k7p
ziwISDv>B_gV#(m|a>@}}9_*m8e?S=&E_TEq7%t<|9QZT`n<yMRn9jG@XZSoW0s1g-
z>i<lE2fn$C_Wk@emaZmb*7LpVyB&99Kao^L;YqHxeTSRi*WhEz{_<&{X(Za`$griL
zBf)1n5+nYUCkc=G#ndtp(NN`{aUv~MALw>??`8B>%IYckvylvUySZE3U)|ay0=g<N
zE_PJPSGHv$rLneDdN|n?0H(GwOEf6YYxQ`b-Bn4sky6LH3cV|!OE67g(9`TShz9Hc
zuJnH(nwk4{Ggdf9;i&nT7cKP7OV?{J*s)MN9Rs_pxXxHBU8nc+t@4j&N`=v7j(QD9
zcK%R@a%5}pcqqgpep~7t-q%lWQtaKvt(<QN=U{`k7Wd!xf;(!1^uB$<KUZR)y70{&
zSI)Qbg=;#!14Um@9{*c)aW~f@%yCc(n>cF0QFQy6`e`kf!SM^^eLt3H*rJac>X)ZI
zg7L?8Q?MQvgCGMg_4d-T!UO!hR18TR3bcGX^s@*@QBI0|ZQ1I*-=ujT6x4}h-_1XJ
z*930JA=`sz1*o`o=i<uiD7fXMvxFp&)b&NX{(E&i(GBnNyf3TOZ#t{WfD&d2!A_!E
z(fN@d8Z+!5VvHfV>u0z1ULaLmQmn*w>9ljK+3~Ba!?9`N$yp8$_i1oJfDay836T~5
zM8LrC-{&TDnM5EzKN9$uyqi5W(@n(UQC2q??Uspf#B^Q%AzO7MgwS}el#YW6%c9e1
zkiZSB837ya1a|^_Ui}oOURlVtE2fE+7v+d50(9r#U9#mWYp|`8?&V8Um6Mc^uIX^G
z4ptSwO^{`awE@vwy@u02{n|viGlPt7e5#D3Nf&>+?wU<C@zF#}40-lQtbvemUa>zV
zIF;kX47oT91la<^7EmV!nt5AsM!{s4HE2v`!o^Y13{IRkE1=ISQ@bmB6gMpPGpO*0
zm-Y0719EIR^41f0UgR*Ulz?M+zFH?DD}5n{kd1M~7^@HZ!WdebmGI!j@e=#x5tD&d
z=X!HfE>43a^+uL+3X5XiN~Neh=75DwV-s}93o}OVDB0}MVHN(8z^Q<tl{{6?3mOzG
z3k@25;y&qk4MBSk_C8CP7?VUlv_R4J;z{)~;)jjTZn-DSYKC;~C3=vYM5F#gCR+SZ
zYE(g3{U#;*1g`Q1DpG1cX53P*+}R;Wm5)}&BJb4LwRnXC+5(0qU~Kp%=lzFb!YDfh
zzA+jtuSKeQLU>}!LQWo;I?nzx88$qa4Cj;ieJzZ*!~*_FU@BQeLnLCMNod=O8Q%OR
z!cmSUTYS^DqagcTog+c4rBfIo)GNYqn>vCMbnHoXzHh(hB8?<TQd`D?4ciL#-_mZf
zRj8vFG}_(RXAKFot7>-NPo+dAV8kuJxlp7KZmZQTy`$z9T%;eaCfOeniZ8^kq#~2N
zWSd+i1?x%N*a1<od6!bYAD+8?2MnAqOQmEqyIANV=rGjPG%RdZ%$)MTt&3uV7>!S@
zAI}YLaC_KLppT+^kyrbZN0Cp`XUnWA(|FBZB@<vY%!w})UKo?`sr1pfLQ)ZxW%8NK
zSvci;oIDMj;EDqExo0b`h%L!5R5_nUP{yAx-IlM3R41K1!axUGB!D1-UFgr>i6neH
zJ@f^P$3jhn<8LQ{mUA{w!h7<i9>tQ?PKp6|-@evFXgex6CT|MHf?H<V2)J9_9<C#Q
zZEb%6-4@wai`3UrY5kUned(2V+~bsgvA{d}7rMeXI3wp&`EcYess7feigXZ3ea`sD
zCd}G@2dWF$<r^#$n!@au2Hz<%Xf=?c<AzR6gI(8bnp`*Q6Q?Ta0yN{~+2RGW_#tQ{
zSmAaDbIc%jUJ7^$0NMaKOTJK}6Ryy=-rWF+)a>mW#2T<VtdBE|CBT1=G<G=3QNi9>
zcC}En7jLj7wmwap5|B+jfVmU94gW7nGplMS<-dPYXwz*4rGs;@RaP_7xa#q+Ql>NV
zv{3|aDu*-lcyR@}ep7o4NcOfh(`kIDrpXG9PySlj#?LtrW;<DC!KiHX-)qSt6RJ7#
zdckANN6luAsokq;2i3stQV5j5Oq*yFrAED;j@Zhg*K3ygS4;fw|MLQXQWvL<ll=J1
z2%^x+4BO3Aa3H4}ON_g34_gv$X8uN5Pl72KL%WOGZH`<{OH-y8e*29zB2-nF{4I=}
zrA(><e4}Wdq{s(Au+0lLSDn)+Cdsj|uRUDTSY8s6$h07T1_q}ddJpc4<HQ^>C<e6D
z^I*NyaxHv1zy#ixWc<|iZhS1e_|x^%Ld?+j{*o)G|BUo%h*cl!2fm5%2}(HEo%7*P
z_LMnTRf1p4zsRwE>ghbqkjrv^>FL&0lVHsmm0y_@gs-MkVBmn(8?U@oNA3N#{XW=e
z<@&vtjHt)i!|HY9q_btpVf&Iq<Lc@hVaBnF)4P{h=F5oy;KdF5<<0*krKR;$)3M5w
zFf{v<-;AONNa@v~8qwdajdEAi$M??~Yotv-k3M)@ri=x7j=p-;d{7(z4Atjm^J!l=
zR$X|)|9cd_-bA1~Y6q8S&p<42_@sAqev#~yzP&KEf3O`kTY1$uYg<}dF--;!wxJ0g
z*NCO+rzdJyxzd*^&X(VzeHYrc4?x2k{P!C%cs)7Y@RUzI9_Rig0)Prc0F0fV8*J^V
zrT_l^^{1~W>3?Yd37~`$3-~3+8BLv;(Jyj2IB(T%RT_?uWn8+JZCpaWZ&kUZkBv#{
zyd8qaG7ozNiI({94L=OA_-4ddV+rkS_<euH^8TKvMa+L9@?PVeoZpX%6N>>X&E=Tg
zahuuUv(sVpq~r76EC?I~Z{%=DACmyhL8N4#=2N#5Z~fUyb9p$SVxy-~1g)5;`fZ>|
z7jS3k415Uc)&~)>U_D{|WUc!pFeIK<6|8SCBl?4!ONv;5mjv04k0PumYL@xtveo#i
zP)zj%AcPCHRhN1(#TuC!P<%CR$ewi8CSg^I<WG_{BgvXK$I1sqd(4tDtGPRk?NNYy
zboBGhqtL9A6f`BG*gqhmc*i^ZXMTQ=*Zq|p0B~Z_sdX&WT7n^UTN^K6)MaOPVgER#
zY5hXd3FCcfvG^Hq`@|vZeB8>=OXfD6#Z`w1hNRHs8@iy<xP(|fnOCPjaFuHHhJB6$
z<-gLJW2lj?0V+()sLA{<Q{=yY|Gs2$1AP^YTJ5wGK}ExxS)fLT77F|b^C`uZm+BuX
zDDmID0bGTrQ*3zH=j(6ChUX}6b>cF&%LGYBY}ZWIO+OLbkI7UjJ;y(fB8Z?`n2UBo
za1a&L)g?Y9zrZuo_<S<JD^!6*J0e<3oFK+Ohvs;$!v|l;TlP`ky^+TVBom7SD0arE
z@oljFDx6?kJztus#YZ2sARUt)T4HEoeV&ZSNa8wmCYbf#>V6v>%qt`HD-qon`2`aM
zD+BJ5*S+)qm-5sA9t2cipyvaag5$r?uPfTTICpf>NafgD{d={rK|w(rz`|^3Xb38{
z=cf2C+wM_}ay?6S1kcy?n+;!S1EgS}{HQhy?Pqw`<+S=<1p5gk6v&yfuIO8f(MjAD
zg>tp)F+=&4nOpaJ?%g%1txuxI$ww|bCifXfRbD*~Cur&U<~TvV8yp}rEi*8$crSO$
zju_=9;BIDQ5WZ}iLnKNyYQq4$1wIgF-U@5ANk0Ef;vpR)qe2ZZ4Z8vnUSdSWAzebq
zJi?^WdPYV)!4C2Dh}>O*yqRJN#xTC$<XUbZv#WLF>hCM<aAi_A5lscN_S_Y+Yg9y)
z*9EqMy!B#NDACeOhj_7<?UpqE?K<T=(lptcG9i3+KD|RJ`B5z+_nO}it>ei8y>$_*
z{9Em=fI0{H(tn??rVu3(0?e9}C!-tYO%D?YC?o}!od^A`XdGn}jIx+lTmNaK+6&M(
z%Fg9)2o<$FzGFuqDO8H|Pj}~z)nP|s-wu6j_Kx4%ZE&Yii`=-``A@F=cb)YM1Rf3!
z&UHPMvaqD&ytQHIK6<uz;iw0)e`&-fLxutW%64lA)A?vg0`S!V%9IKd6BF!2-FGu1
zhoT_D0S*OD&>E#~#rmT(g*r4SI%4ovAvs?dHicBTSAzywBmqYjllg38X&Q$reRULB
z27zjT1}B53o-XdXRoJ7sji{J`WiokVvN>l&9jdKZb9XZ+KS5zz4wnCLKLG108qID{
z6GQzUr)!NYIHRD7%?3xkIJaw6rFpcj&%EjOGknkZ+TCa~PzKI3u1G0j(x6YXseMv0
z#8z_&{>j)$Dm+vOG?vty!|+rBz5RQ|uNsZW9BK(m3q)4STFTQ`1M^|Dj*pjD4>!E>
zx4wBS)_F-=Qem8V6zP2Oy4^|~H2KAS`A12Z6!lYbgblr+`b+_r@iS}olIBQ>H1I+^
zK0dzS>cF38c%DhDpK^fjulFVL%^?gjkro}6S3!szT77Ma^}+`yDDw<`a_?wTb<CUA
z9M0u0$(_~O7pduqw5zQ1xt&FauN^<)V>gwSS5h?|V{5(>u6_ThgB}sv?$-~;f3ExO
zx`N2mz#qZq920LOP{NAv*<Bn{Iw!4n!e=+HN#wVYHhz|`d-D-2_QlU3Gt<b&aowzZ
zdg*MQFzY36d{YT5R+W++ly|hVy#0!PwTQvjx<^}+SqcQ2@{+1vMaiy0m7DR<I&BG0
zF?ZQ~jynV7B43!Sq`v9`eDn4S(Hon_pRiDdHuj;aM2|sA89^u)ZTno$!B#wZI9`>H
zNPLuXD41-C9G`-LO09D-s3SQ~KTi467`AdQ-}x}UVn}V{RYgG=lK4;_m3+Vxzg~8%
zWpq^yfAnaN5JM+3T(?-lz(Y>=%~eZ{)Q#Q`VDCT~4bls~fKvznXybrO4LJ4ev}bic
z_{;=oe}!^H`WvhBiaJ|aMF3Rf>1M3l*@9(7mD9e;3pN{cd*I46luL0F_A?;@i$sDk
zDk9tj>u7slCgkh>s#FYrjFyoEQ#;1(-LuhqWp%-ff9Oyon%v-UtH&AK<wphNEXnWr
zy>{!N#2a32XXYgk+_y@XCIKqDMl>m=J#P&-X;%0-rR@XxWzMzj+D^oz%(N8()w=`|
zHW-XWn#@y$Cj#cKpW53;Jf4>hHz4GYi%Pl+SS|jxyCg~?<y`>EcBP1PI&%w$=VvN|
zsGr4#SKgz-E1fyTP3D?Y6}rt%Cvq5dQQ1GQ=&rRAx#R>>{wW+1nlZ9kG+tQ=-B;%0
z>r0!SPFwskf)AWXT9X&JUKw%Ogo?Xg;tlqFIAxrB^d^Lys8V|Nee8qI?}I>h=v&yA
zcP;96zG!OqQSC+#hRo*IWqU@}eYc%&IDH_V;y?rrflq5Dvd->CmoF+r{i<EJnnEAT
zih+o5Ye%Y8i<^Un=Hl!)fJXLd^Xips%kp@~Eu#3OSl_-op>_=97O$eX80|-Yqv!35
zAF<m>`^EnX?0a5bUf#5w4pFU`?>B$pWaP;*B%TNRx3;#9q_BkpsBbt%xQLF&Ase{B
zUWaftBE%ACRceR;yS;s0ze(b_c#2z&5V@Z%o%6;a-%YSfQ)>Osm_SqH_w$kGs*phB
zKl+*<BDbRC)Wxd<pp_GT@Z#h{kdWN0cVT5>y78EAoF-|CZafz9%3W8W)(8?DECIBy
z>AbildCe6^-tj1~{ajUJ2vgDUlUP;Li`!|6RZ}HL#VJ|+?L;R5br24*-l#<+hp3Ap
zgm3Dnu5*<79e!Ex6aS+j(YX@eBf@@uRC`$e_x*R6#<&QrB#8YXrL?M9>K-cWqHUG*
zTY5-gxr&`116`t7ze#6bt0<AGicw9JtF7y>mCtQ?Sewyts2xp;;2T4{-n2k#=^KZ}
zJR0W{=`i#~IJHZMQLDQ<EhCZaud;EfPg4>MtzWvTDN~}fuqDtl^NcwOZWDPgqPkdo
z8j=<`Q72!+dfy!LuC5|CnKjqri3Gd&{1JgVL=`;ip`P9mhku?ue_Y||Yv$X__tqat
zB#grhl?oPBP!7GtN7wRniEAdbB*su;J`+rvbs|y0ej~B|@PrDwelcR;*3lL==5eH!
zx_-Oyr&jE}urkRc%Xi5B-;*r{IIub^O#yiFfZ_Oidb+pG>s}m!W;Is{yyIgX9pA?7
zX|Te*8E08!A6kStb4P#moU+<tis*ZKzR-GSDs;!eruclFH9klV$gZoKAqwi<u;Z=|
z)-?X$w*76j96ofZ&=)JJ(DKJmSY!C^u0Bp2%*eOp2n8-k2B{wq2*pFzf@oMg$;b2j
z$wo9)g$!f^PJLm-boY#BCOOd13S5v4G#L)BXMa1(#q;T%c4Lmgy&OvS+o%gF(1}VW
z*_C8g)#Z<Qk53xFo1n$TDo9*hZL9Rr=@3=g@T^A%K{DcUljBT~u`xGv|DWp?Uq-f<
z3=;h?O@OhKyvdG1Q0(H{!AKld#xlL9JB<~TaSsm9hT6>K*o}c=>BS+71r-%iOI1bz
z9@?bx>savri!vLc+Mo>?tV#aOeA`HF5@+1da=r02%sf0_WSwA9MMZ&Ku13sAo8pV&
z=0!P)MuO_Q#Gq<{^iuJ;{L%QF4M!g)SrS79mM_x%K^iovf{40fXPqUFMq)@-!&_T?
zydqQU93Sz~*A){9ZDSB(NOLUEvLt1wbQ)1?-u<))tGKjXJK@kKf~eoQlA)o!Hl13!
zbmhVPF3@)$7C^&_#iKS3jx9lp%5VD}W~v!Z?URyB`7wLr=w%bhE<Q-$^NjxZIfVU<
z9bKZ}!urLSz}~i4a(!J8n11`Vu~2i(kTab{R;-gtFdes9+>IMITpZy@5nA)p%sqAQ
zj~og7`6m3grEtehid`)$&c~VjPq1pIdxtv|`T}>G%#%8ptMUiQ)}OyFiPK>j+S;OY
zGXbhz4-?|qZOhG3JOS!a&)Upo*O#~5Oi_@*3V9whL54(d*u1QafGRCsRp*7Wy$xW4
zIRNPV^yE#%a=^*w%I6ca?;yt8r=^Nm`)^tI`<s@l%rV=o0UY1TJ%sviJ6Y+=EIorC
z{l)XP%8Q2~9`*!x`q)LCq*)C?(Z4wF6p@>s?nuRScCw<XcE6<mi|6AVY;+L~ND^~{
zg*SVZ_1S4B_-};s);p+K?mYs*jSeOF`!EI0h<eEk;3GRd^Wo@S&7*U7-D8nSBGG_l
z&U3a}gQLA05aiB3Ru1#>@kn;`i8j*BU~ltEAY;5DrtVVdq2V}qDmia?{42HDN8i`v
z&~kb>Mc~zl42>;6Yn*fpooa@gzuMl$ZA&BP`)X^kNZgJ6OE3v9S`Sl(6h(pa%7W<2
z(>hEHDS8=#?WV5#&B=FfAKcQn#$(6$YpZ-t@O*4C$rr>5uRp0qMpoV1Fnn@UDE#^H
zu7IKLX;9tXkRnV+@DoQD%)r3Bnu!F$tmTTh9^Pjty*?J-Qb#EJTaGJ9K5!SFUb!$#
zw6KmnII(>j-Xb$RcwD57xW*o&kcse<5%GFAj1u2!9rve0nJSkq#tT-fKQEg(!tnjR
z>!Q6>jPHkJ{nzRV@@%1N;p#yZM&_E((Uw|4u9J(gwMjQQPXVj$EI0GCo~3t`^~eVC
ze;O~MK<ros!o8T8u98rtVCv4s3L>#W-OzcOG1zp&K~w}O4<LhJzSV;rRH`r5I5XBE
za15=aUfAa7Sa$kTcoBA!DT7!k(5le-*i^<#=9yVq8iF)jkfQR!U@zBd6x7yEe<q%C
z`pX_4FgV-ZVvr&GWo@j~NSm3;ytO%Ow0*iW<9VBu@1dT^cGeJS=}{RSN>5@XM8#Y5
zs*~+{dAo_2`e$IT{k)y_N-zzJ)@El#J&TJB+u$-c-<>Ys>SJPnM`^Ltll|Yt1iIlJ
zedf*{ti4<CfcRuZczfvfXY_~N?eBMdPmjo)r+xn+of{5>ZL0Q~Ok@>vjtI3gCq|DU
zV#<(YJUxnthY7n^h8Q<RTw^snCoZU+iGLIw`$y^H7=v7YRdut*WwDsuay|Z6i#KI+
z*QY%M7Jt9;V{rQOHRrNVQDPlt{GU1zs()4x{%J@UY-$eUrQ$rs=J1L}5W+?J=uh)%
zzN|#dP(9_X$3&0$`@d49_ggA6PxiFch}I>=yPUkTCJo{>qWuH&TJA1!3C8iP3=xL^
zD3OQgx=9k=ot)T=<v1B*RxJ>N8|PpAvu8?pu&DZJF9qS#s2jLhLZ)GFx`-G$snpO9
z(-r6Pf9q?X@YDCN>}-!dI|uPAlh4O)SFLFB8ykiQ4jD}NJFzl^O#MdP0?mSW!wyN_
zMQ6A*^{e+H^z+Ra1R%E_dAJQG?G0E(jG-&GRe!Y@$MHPIw6^!3!*L0z4tDNi8y;{~
zK;}~miaELMN)x1ri+`PTzFB-aAmE`?s`;xK2<g1_B2x?MZgFBmOp}sB^e4ArI*^6w
z_TckK8nf^4q{AY^LA2ldL%r;MZ(Uqm{IWjURL;W11s^iwC&nrdotEQY{>&?P2*b#I
zifz-eO+wY;aIM_;q7|sNongLwz1p)6!PZBzG!QH(TS3>@PLomWYs-?A{N)P1xlVpS
z_rcbW(Z>T<ipXZQyUgoFSppddl{kI_Xfcl86?IcQ1qd`d+_1Q#^v3pR!f?aGf>0b(
zW~1chF@DXS#$DGb-NjmS7QPBJmSa_%CCp3uY_5h;V6FgL^h$r#wQO`QztSu}H)n5Q
z{cAl^>c1^aM{fCW>!vq3G!C<W^io4MhSaq<I3yb+DKkHFK5TrAv^ngDo%DALVlauW
zRrIM9zK~Z=HY*$Z9Y|Mjji|p#r;(r{KY`Ly7m%2cEtR&+)3bc6V{$tsQ~Ioty7E@1
zr7=UWFZ)_KOi#=3Mly0@jNl`_1*jnC9PH(0s<gnr{^TNqG`I}2eT5WFNS_UBT%7|K
zscq5A@r^73KRsq&*bO+>CTKw)ag1%Qfw7GM${o{ZTjpy|eXQWNmBHlJZt-H_%L8D=
z?5&zh*jVh9UdW&=4-B|DC^zmQAq*hhqDhf9$?XXA&#5UZ&CX}@%M}N9SUt_pi7WU*
zS1rRRt<J+3%hnSM|54T<{Tx7R%pELB_pd1{reH3Rek?iYXvy7!Dib0Oc7JtecLONM
zl>F0WkK-zbZCMLTOE(Y{5+Y3c(iBTf$6lOkyw(vssk?VW_<?qS%9fweu9}AxE&`Su
zUXWk9caw>QWo5?uGi9DPYr&vz>{>g?z48whxq36g1Jmyq6zpO`j^Lg7XJA2j6#jIz
zqW+hw0}nXI2^OCo=%Vq`)um{Korv#Q@c!GRUNx9SZCwzLKiW?m3aj*0aB_23TT~>^
z4h}&0rclEyBX%Q5J;_G-&u>iyW-77Rs^5_^3Mu9!(*7e8eO3`oBk?|3wcubzFA0zG
z=0JFB_NY8pR6aRo!1`Y9t7L0VvscOY?F)TRJ`E%L&zG#zzsO2&4A32pE66dF<uTqj
z>p7fca+z!4nEtJ(%PK@`WXAuf?~f+;X2;VfZA*@A;&F|mvqAK{8lJAZZBN5oAUPwJ
z`h$0StdY$tdSb(WfstjU@@D`v;&A++ZEByLVC0)}vpTH<$7p;TXhUy$btY*wl~qjL
zgFKe&b}gpOx`HXDVgyeet|u)tjp=jC$WYh7?I*lST4X?}V{q+4-H7oifiFqfDLE@#
zy|2ms4H=DQyAxbL9E(j1K0D_#*p?tHqg2E^;Zyy!gCh4vy`d=5knx&nCbi&NIpsn=
zn*7JieZt@Bp<Kpo<twP$^lmgFxBCu22Xi_f;2a(vmg=@IyCh#OAr1u^dC#nCFnri*
zKd<Zp`{RIja57!t9Y3q<lRm5CfizsLR%?Oj@9z)7QyjIg(H$E<(67c~eZ_FGiox_!
zfHkVx6pBgmlEeJ*bOZ!E_DI_;+n5B8Vo5k>gRa9ln4KSpUmNXIiYCv4jJKll|A(fp
z46ADE+V%*DD4}#CjdXWNN_T9!L8QC8q>=8<O@q?ijfixEG)Q-Sb3fPn{W$+PmwT->
zV~l&;5#yy(ITzjA>+L;tlz<*d|5js4>NULfgZ)NIYY(HQ3jt~c9j*IK12418qb$P*
zu~zG;zESzC-|6C^{lP3*w}E{+JZXOelkeTm6((x-W_A8O24fR0icezw^ZAPHZLUoC
zphtbsF(dJT>=4?6MeF#lVtaU!q9?i5iAe5uYk5GprZ7qWc4j=jsw5iL{3*^3Xd9gM
ztqTFa)NIh;ph5m#&}5}%h*Cpic)hZ4l`m<;&OA%8P+nX#R;0g|rctcS37RhI<jozO
z>iX?Z$;(|P;a0{E<x_}nX(-VH^M)dwcfP9`mcK@=Jc=cz`M?yFpI~5TyzCzEK9@jy
zbOA6uBZ-w?_o=PpuYW_7?0LWiKMh%TTuBKhjoU`MToRmyYc~Xsgq}ZRzSHsG;|zS+
z{bu;rdYzLWD~v_lU?K3mc)k)yAtppMUgT_XJ>CWx1Lb;cX~2!*-szW74Jb9wNo7~+
z&5X!eP4>7^0ofHyVN6XaV+5{nfn3CVg4jgU?CIflu3iqrEY;HY_xCGe_E9st{aHR+
zIr_O#Ux~A%ysDf|<)Wfi<jx%@DVe{_!`kyoOH%ml&|H$JS;05!w|!pXiLd+E!AUBK
zf)zH6U{91havc3#L0d$r!zw-7BS8>H3L6zJ`sm%alJ>ESsO}olcWR|yQKvjvgTMbQ
z$t1|F6cG84$Et_FE9+pDDE@mq5*O@ItO?H3KgUcI@6?(u{=JqAh~HUYbQJ=AD-(cj
zxvIN;bgUzyY?|N~Y2A}?|JBal_38A@yi(v52S*-mdaZ-9(<vTG#z^%=n8d$(hqo1U
z(7|H4S}9TP{v`CMP42lOxeo<7`xq*=$Lqx<te`FGZ$7^uB>5auB38!nYTO*Q+tcO^
zUn&I~$wLlO+|&2x4WZgSKzS_bGn$k4QBu$pI4-{X>6owj2eBlbfLssfuj<ewB<I~5
z9XIooqC$J9wg|GTS(B4w4t&;QJ|+JnVubtMD$~ZiE#vy+s;=K=XR2;sw~$=_Gb5h6
z_J@z0RBp%FEqelj<GR}TzXHxUj_h@C^gpy@C>$d-0??-h@)tOo71h<n1IoL@guwO9
zP@^Kv4L!4Mw;+Z_=uT3OMVfvgDl)PG?km^_cHAB{1c*fjzkA&N{@3hZYeT}rwTB}@
z@&jCl^=h?o6eYEyn>^9F_@Wwx1iwwN#PftSbG|Iloc%?*oL)?N9b_`z&M{b;DLSgB
zCsm-H13%s-Agk*c#8XygFB=+t$&s<bGB{(KX?VKL+wW1U!_WMt(4wB=t)M51wPB)~
zx}*`0k8aJ@?=k&Rt-1Q$N1l3eh&iPf6oSzFGH_pmA)X+pat}Sy0@Q^LW)tsPp0@d|
z>B>q|iTY{g@-|NO=w%>DqAZq38rpJZTN51T3!vFRdp=@G;$QFs^AkIR6v@KzB7F>q
za?20GSvc0)fWF1mwxIIiQ4pB+Z1qMb`RX3}Sm<OnN+D!Zz2Ai0fB&ZSGINBxbD?Uq
zAK|NZ&!17$^M5hTkUI$6m}_5^REP5@(s{S&>Tx&y9Ij@>+vCWadZB1I|7z*YZkmBr
zLX&%ay&QYt$fPZ-!ioO6ewU_$?;eaq_?wqP0x}aw!kFB3p05`j8n2tMyAydmpF2hf
z-E-4F``VJeC6TP&h#0eaWGZ&MjZt8>wGIHqK8+az=c7kUBh~vv&vxbrB47KgidA0G
zk>A|KE~vS$Fx7o5uqDyWuaUniq&k&XiBDr4=D|U4R{o4dC<CNy$Qo|xd0O2>E-#jL
zzI6^Yj=s*om;te4R?1l>WyTW<-#hl6Q*0}c$-gAlyF$fY{~HAX@+&ZR$>ei&czST3
zsn8w(fiA#81N05ZJwUVwkls?&Hv{%w|DI%JQ77zYG5k+)jY?I+#mKt0$I}0sYp^9r
zE1H~~1QGEWe-<y}9BUx0rGy1%QMO*2=?z<A@51UJ?09lTxC(`m(fZG;5LR))<Xpz0
zcW<Fw`bNnR);-d|niWE0T?7ZI_<2{2nkS7NMGhJIb6NrsRnB1C*4SK7Q$ff&1LT|m
z&~X0yjZv7N-`T}q3mr^q7OrsXrop&gH+>*<|DvlI1|9J!q#{kKzWpKPGM8iOPMIi2
z`a4h@R9Y2uW#6b@7G4GRLNu}<BE{~S!K<DZoD^%ytXL?*4#uyRNupIa=wyw2BEiWD
zO%oZ_(jxU}K{t^I$K^?{S5t#0qpewZAs1m(5Q^L^B+K$Ul~SF+WN#Ct&@gF}gzX!Y
zXPz9|<<Djj888;k#0e^H-X-)a?qqfgO?BZ`K?=L7BGKnm_Ma7oMqw`ic{_!Lr^7cW
zQU9yiOzoS=q?9uRJNjhFLWw+qVTfxMU1<E;r-6QW@Q0NG($<!^I3-_Re<uJznsylw
zvQJYRZl&f7oI4Q4@3fiQrir+k=~<f}C3w&O{0N!95gN}mwLpm8V)o*Z@hFkJ_nrnE
zCt89)&;#uWCFb1++ILU$60~zBYszc{To^R{8H-X>A}QGEvG-6YEXlw!>Y3eETzyZT
z%+Awcn*!Ztjv%ST2;^1ykz+L?JSnzFD`55O2eZV7a_|!J-7OHN>w>eyKS0+T8LjD{
z7FvV@oI(G(zqn?(>H5u&l)aeDzDlYkuI=1hk%{YFwCxxxlu3p~kiNyHH}LXW(s;PW
z%(q&kdiOd9x=-Ej>Z8|ViRBg-`#}*m>(q!H-xLHJMn*?FJlxm=0|)Rwfn^ytRIs|k
zIO}s#?>Y9kY*Q*KZl)!|RQcKCJH??z^`nl)oLft!7>ju#L>=9~Bs|CfvYs&d2F?i2
z0@F%F39FQXSy>*z*;)g6kP4-D*l%IB*~ey&!!(by^56rhLK?(Vgd>hjw?)L2TJ|Zj
ze9Kso=<|ik_d?)Cn!q5_cX~jIu;_v?g_5i&3#Zu}K62blS)akEGFoD#lKlU<0I3jh
zM23PltrhDx0v5vy$kG-k$pl=%)9#7Yf~${QINbL$?}VPSliydpRUU=Rwn}7uiZJEI
zWDU66=Q)&?mHj*I7irmoS?99%P-UMfz34!cY_!nrOp2=#+$N)kTxX*B0*iv8LpKi*
zE3y?_n@If}s=EDy+Je>)<{6VWh0`$p5gn^p*IA~mnr>DOz5)+blS$BCb6)jHd^%T0
z0wqh06V-w1&1wW|h#^n&r&(ucSs5NK?%EjFstG_X5lOsa!Pu0AmsgrKmEzs&8}45Y
zxws&O#5J-~8*2+r_}IfTZTny^L`38-fBaB2Ag4DsH@lq;QKt&|3c|s`39|OItZ<P#
zExFv|`3Cck-IUZ(X{N6Av{aV3RVMzK{vAb^G@dtLu8mq5#l**@#yPQhpsx~MnNZE&
zT4)?*@iXrYe}xdKtGMlN@$ROug3LVWr?Zus<v7eNzObKLd!(QV(x=0*ccd${Xu5tn
z2&Q<;9!#+w|Kb6=M8^e{a;>C1-2eOMHlpT)E$ZhTDQs)`lV8vL3N%K`V%U>>Tna>T
z>V20kBhgbrzKd<`5a~U))`_JW9ny@=%yhE5R29=#!4kbe5vS8Q2&&E-d>gt#NU_eR
z@K}fCmbw$aIqG_MD)&{|WeUaqamP<+Ok;lfl_<Pa5S|x1vh|BS3aC3?AtJ&MUoZl&
zT4_xMa1EQF;J<4dl%5m+bG?Whogbb>ac#WAiS@(FANVCwDi2Da(tr{J92-C(#;DWS
z32;Kq78eH4dkYE*mU_Ry=ov2adD3z7O3dzxYFF8sTC$XNvAxUMd+=^v%pAWOUU)Ob
zTXfL&<Z<7$0>(t%0tL)=jAO7)b<Hb8%rjxYrz#L4_bC?FrtfFQKg-rxdr-$)5=^ym
z&Uzkyc3(}HRrr~E_4j<(R@qi@i$O@BC8a{U0cbE`BT)thhKsAKxREX3$?$Zhu7t@h
zcg|td2JcnYc%9vF@+w?!q|-6r#Dr`_n*$`W{soFm-$!RK-0BAe0ubB&HjaXYnfb+<
zui46u79)8n&2Z-1^)$>Wxv#&SeV!;5v+k}Hw76w=aE11dh4wA0PPqo`k;FJanVZ^{
z7cQQTE+!})kooTvSOM!E*k+rwkX$xao!*^=x!hi?)<GGMbE(jg0MpuSGm0zLG?hBb
zEdUI;@9yuZg~NyAYeSbW;(BBeJReUgr&RlsX0=YWUe{Z*v9gMQ0(e63o<4fB+Vk3m
zUCy{C1f|yq7>ki5nciLr>A6|M_b>}mCmzZ!J<+VI{frGz?cUKFgQSI7it|h?PtkD5
zIiic#dxi0Ga`qoob;#!`uFacgQ+}8HwY)3`2n~QUVeTh)xtex&F1y6t8oKbuQeB?+
z1#n9MjdATf{r?GEL0m$$=?FHsbHR#v3hxHyC-tA$q+F=XHdMZyQ5^hy+ijTZ94lX3
zW4$=bL4=EIFk7ih6W&c8!!H8PNiZVx5)=x=zrpO$exE>~qOPX)K1#xUC)3pp{0I5*
z<vp+>`J{vy-j`?lYu93u7M6u_m+|ARnGw}LzmwgJ%7Z&mY`H1Ww~Nm@GwL??f{6w2
z3gv$|=>hIJ9mhMR56SsxW*b-is?wF8C1Gc{|0h3?#0!3sJIKWZ?!E1n)ljHl^h|B}
z;$h^AFX0#8pX8D+I6f|Yd<OrDVBk7Zt6O=l6R#XdVIf3y-2FxBa}r1boIMD*Y`_`A
z%+0;aBqW*}yQ-HGwn(yK@Eao}Od|gUZ~$Qg?-u4{)@V<jnVESwUl$7684!P(WXhU~
z41W1@hqukoIFNs`#qcJCqpc~B;ys#$*vqqv939HYJoYWuN;<nL5>XEW@HUe^HzhWh
zYJvqyAq8eJNe0Y=AUT%@sQihDh^&?x-%G{e5)=13>jJ8SepeEjmDx#EgOKdh#p!T}
zA&3KHMh>*%lp*_`Q(GI?6N**`R*janwmTpfR9mO}`~L^_g{DVCg>H@{v-*!l?pMyB
zeBjt?zG98bBOPHSA41O0$HV4=51KiUBVLH(n>@TOPc2mDxL3kB{K;I(#)3h@F??UB
zq8UL<KH{tkuoo~hFanE&klW7h{<tF>7@L8TUQ|@H1iFu=(0c8rX5B>gXTm5!fA*{^
z@!I#8gX>QF_PMG74Nc}ic!PfAjKmIf?~Rosx~|LOH4vC6;s2QG78az5(tvz}pm#fy
zc{i=ZZ2gsvcCOKi6WXb(5RTq85{l&#)9-%V8yu%y;dMzcEQ0b{;5Rwb1@rI3bEXtE
zr*E@}0Fl)So7qnZwzO=N=S9_o*excpX|kJvH;pZJ`(wdb7iJ9t|FRVrjKSPffXR8a
z%aIoF?gz+0J1W!=_vwBl{y_Gml;4EEwfwW*Nd`8c)c{*2pmD+!H=Ks5r4$XpjJE-0
z$a1Ef6tuURNxv@JDiAgErjulitGdymxfMroUbo*0V3NnQUh$|3yjWVo7gd6{zPQLD
zz4#`w7*0z#(nrr5RL1@tBBQF?a8ak4m!0UVH0>wLVqSOMl3el?wPt@ut2(@1!QJU}
zg^qJWi6vOVdj5F0duOR7VK<jcefli=0BS9_9ODRjov>^l*$R3Ac>iQv0rQt&+f-J9
z6?1jGI<ejp+5~uTFo%L6lep7Ud$RA}getP2qH7=Rz4eGtY_L~2Xk4jIe0DAs1w=wz
z#|-io7zX;~r-L)`^$-rMSIMK@R=%ic8d=U(QesEcSk5vwx3tUy*YWe63F_n#Z+x4d
z|D2b<vY|R1&&yw4Kc~4Z@*iR;_?0tfQXB+>en($>B(P&9`g=o8uV#bn=WmWdScDpc
zq0kY*;^o1&#aav{ilg(ufpIu5bpP9*U6aso+@vUCB^haHj33HnG^1}5{ivs?*B7Es
zN^7Yb?<(omc|{fz(Y>cflP48)h5x%ev|RdKH5L$T@eRHz$;psX<3gCe2g?IKJ3);T
zqk(@oJ_oEq^NGkRkWcBvI|jbpE^zc7ilYQ{ua_gWxFjUk4Qk`qY5UZdb+p|_!G^ei
ztVByk2Y4tZb@M~<55IfH2v|LOBhS>k{`~dK7dsFb9o8V<isYSQ|A-v{mcvG01Td@9
z&~p!l`Jn4R^y!=YTWZQi4?5s=89)&*XVJe$O~TIGZmMEaU;M^q_nvI(8K~5&PaJd<
zbUP@1>uy|UF9}K(XcgzN45kW*V*bXi`xiddTpRvLEce+e4a4?oGX>SVSh@AK*xW)B
zyVy`T1I!v!c<5et_PI)Y(bgS1Y@w4v!QAx{8v3FE3>bd7*kU<5<`34c^<^)yNH!|x
zH}j0nH-rvG;;}Q8=2)91{*q-T!qgR+G4Y5l-sR<#2NTkY>C~3yG>GmC&G@01)C^DW
zpc<QXUk+Pql+)%lwQeT1)2X+|MQUo(T-1M@iAHLvF3*605zvdm=7$kDOtoMmsaNUA
z(I(~<7Y}5MCEtrL?`}V9A|Ky5IXka&qXM0&7@2Slgd$P;HnFIom#Ipx&Bw+4<<%hE
zY=mVKtxiPaT9_}W%-gP4BIrk8EFYMEFaP~vT?5Zh^M}$m<8E;}vziw(w<Y$Z2WBxb
ztT&Gx-G@zL%S_J%0d!nljY?YPzU<<7RShzGnOQ%-nMe_OR-lnvs<80|DLD;NqC~g<
z=?U=_2)%z&du!HZR^H-gjf7RU9)Sl&s?`jkJxosdudwns@PiY?jr1_<c28zp8CmS8
zMCG)DPFMH`^!}Nib8XkyIT8WDI#m09u$X>-F*wYS(c<JuMxgw8fl%G26psQ=(;v)r
z8~{`sHvL5mLzs~eR~W6V{NXqK-9*v+6PO>8&?~a>jrPHjXDqM`CaoUj*x3BN<85F&
zEe%OVE>@Rbc@_|2>|ve*Gd0lRGHBQTnwgQ{OsCA0zpu)aKFA0g0uEk@iHX4QsRj`K
z%qFtNfY_&`q~rr}%w}_?kX5)uemw0&>7V(S`<%2pLA1+t0Z3>_2&C2oDOd3u08FER
zanva%wWg-T@0Wk0Tl-FgywZ1zn0}qebOaaBM7G}X54qN>v~BS~i9JzY%+}k~b`6mZ
zbq5|CYWJ9ggwG}Ac+^*xZ)7pCuWM~^1maB5d$;;;DR3EXGw9uJst~%@B)eN$rq)5j
zC7u09o^45(!88u-(SvV}S&$|JAx^-3=2@C<Y=o}n4QF5E(2{4F=Hpui*i7Fmr}Nr(
z$2+=hVd5bQ>4#qcy$o{3MD@dvM3T^QkTGxT!vHnUnF!kX%nWD^cY5muuO5#m0rJxM
zsGk~ztqxeN7_W!^#!=lrU9m<VokXna$uGCk!0oWMULX$eJWMR}-?b18LfHd@ZX$y=
zxk11PH{n&-E8^1+m~RZzsKAY6?B<qo|F0z`IvN!a6NgOD)zltmF(dl$l#&U8G&mR`
z)qWzmodBkGf4be#1cxhF{t`-<;C3@58Ob#BmpW<KOZ%{L=*Ca9V8wZG9Rk=F;~6~s
zj~7#|z-FnTB@Szfq|I6Is~lWD(=)k;9MM-(6mo6fPfkP9z${i_uq&o=jq#N-y5tSI
z?^a8qPEc#k7OST_)=0LMm^x)1$A5q&GNHZNCTZ52<Kv_1Ci0(1Z1oRKDM{S=6&0yP
z=-1qJ=xe_8mTc?1*q?aK8HFkJ;Bft`Ow|_|Osrfjn>;^43%N3ZgHq)VIAaUxOpJH%
zD+pR_q@aR%jPf$NSx;5{`|@8jX7uQeWMCLHo-f5KBwM@N#S1tu08ItHtn2uh|Ip%0
zKFj8Xy@+<VMwv~$xybj5B^zOFu2caDYE<#-(;E7w;7!8Xx2r1`0N?@>1NfK!0Z+CN
zL)qUxkDAtqved2r<y}`VfQ4?`eoF-?WPr!grNJ~}R_Bw40{^m|S;3ueJAR+vO=`7H
zi%Skech<WhoX2q+)IK)8an9l50TDQp7niHW_e{^<x=0>4;-LBJ)5^~>9f4V29w6yS
z@2D;CP$P(;=2NpfM%(l{K~H7BuAE|Hzfr!F3=c|ekRcn&*$-DpIiVF%h`|;c5l)ge
z^Nfp7dq=j~c=8Xeg{RF^ad)(t82}6}@?yKe&19ONF?a!45|eN;KIsz*4Zwm(tyx!8
za_sF11@aUnwJ9U82s9H1qtY8Wb$Bugo>jFP)1(dl(tq6+ld(bM0<dJ50(I+*Uy%hU
z`v63a9q}GDREjDdW(TRmIM9P8BnvoP!6N_Z&H@T`J4Kec;Soz0|GNiS9U?shEgH;{
zs;Zq-^Q`r?u0R++7WkVHd+d^8Gid!?JaMDd+!{8~L+~tnhfjRgNzmyounw$=!G&h)
z7>9+TOo;RHJXz^^q(k&t-v@(QKz_68i75zY*-^%YtTiu4KY`EUf-#ZmUPN~Oex*5@
z4=+HQj7hRqRk{Gf*U9SpH%d*BX_FP-rsTlYW0S5TcmQ65f(u5!7+Pta%MXg7vLhP4
z(p-2i!mK?B4=<-|Vlv&w*gTl__pJt8`OOAB@62qhT$&{ME~#4ME1H{^3v8$JuhC}m
zp|pTKpwr|Koc-{Z`UPyOfE>!H#l;Bg#UK$<U`Wc0?4M8n6S)=XR#r!-HBqDnQczqR
z3WzH(^E^O5Y;if-2*%Mf7)#@TC3*ouBWRoEt!9b`JbEg%{p%RaH{4@uK&j4*E2gHV
zT>9r|V5pgqCOlG|H+eVwa`Y*2wV#-Ps(!tuOs}f+YydirDJOwOiy_N2P<LHlB_kF)
ze8%i1%M|uW7F2H-jas%jMUs&Eo~Fkhv4a4s+apw?un*+RnzhD7lE35FSsGgUeJG^}
zH9i!@eTlJq%6$K7ybvI8VQO~F5uECiMYSwJU<~83Q<{pA+mD47^5@fcuLUw(MQ_WD
z)ElQfuN;oc?F*Yq@En-p>p)ruO70g@ac(DFh_Ga&FJA^j&D<+%vmoqi8r96?_1^g>
z>{@L;yK{56pj-uGmZ?8~dO^oK*W${gtE&rBM~$X)p{c0>)%F!7<;e7}VT`TMa?M-b
z%MPzoH@TmB{xC-_%1Oim`Y`uYx`>AOfQsJDhspz1c4hct#Vf5{5;{e8X=<S{?-Yb|
zz+>Zq<Qt|k$`8d@tTbzh*e4pzP`%51mz4A_x;!{itv1RYFmnKkZSV0}2+Nr_Dq>TN
z);XN#^A99xYXn0XqODzpJGTSAWXaJe7%8Z2Kn48qec1fq!k4aEZ|Uye1+g_^FOv=W
zaLgtz4a1Y4PT<S3EJ<;d_V|-b#@p2BS9B%>CfLu$&ohmF)i;NXN`7~=MVqQAP4djL
zITNS=&0&bEsK*DV82p1<e*c^ipkXko!KIeZfT?4FPz=Ue1+_isUFPbeDh~vcT=wPk
zY;w3UW@FAMJFc1WiHQ2_2|K)DDJH=00M^Ry?(G@&g=2x)BQr1W{^nN!cE99u0Zfr5
ziK>AgElO_L#l>jlP}&ef15IoYd>$)hGuvmU^9_NcyNSPeTvtLVNFlDEq>=1E78^IV
z^M}qp87q{2b<S%Ni{XWMyoDC7@ve0Awf=rzB76nsJEao+ca&Nf#eh^?pmm-3iD;1$
zQmQojUi|HFiaR1hN%b9$*4(vgvior`@k|INEjW%-a7gt?=zo$EQhYX=p5QWGWCUov
zgJFlrqWARDqbyugfoAt^GsU*p>)z?O%%3HCq97jXmgOQxmc{ye3dUCIs(!Ekv9rVB
zG%<w~@>Vw%Z}d^^*-jc#kgB}ZvH6-6zM2O3V85DMhp*$(KwrE?cyp$gg@_YJ5tf#Q
z4_+sTj3S1`SOCjW*e(Rz{m#x80K8BR-omEt9H`9mN$T<Bb{D0O>E>l-{`BFU0SMO_
z&E$gt|FxjK06-ONykAmUdMd<qoNKXIU-h_OnjuFNy^JiQjk<bH-09cB+SF$A(~myT
zVqUg9yUJFFQU*P|+(02P`)J)zuBVGNGfp@&C?X=#t|E~GkIgpB2g-PVTu1-8y6xo~
zhp@)N{WlWhWZ9fZ{i-Hv%&jJ-8*MMXD*iW1$)?&{Lz?!>o*prO?OPH;UUQOkAfs(@
zG-Zg>*H03RO%wZ+$#WOq{4L*(Sc)fCqu_`qPX@5gzYp}1Zfuo+!b!&EpicB2p&h?c
zQA^Ze+}UJm%Q653FXkI16_uW$cxo61=eRSzwH`{+&n~BLO_x1!Kf@+8(#@DnG5qnz
z)-#jsx?2#Op8@kX`Vp9eRKto#1bBx4SApf*1AeZc*LdJkum~v#l0JqU@Tj>7oW-1{
z-VV4dE`KeInK5&|ef>rY{R?H;cBvs&aNkdS%mlSXy9XjkD6WxaNR;;Qb6k+^{o%Z^
zC1twJVushJaN68mGCu7h6%l&LcA^OUcWN!BjZcCC0~#aMGNRSL>)Da!9ix9rj~5m;
zAmQjDXudysv*=(}U6bwL#!OPxe43Q{LQYN&-0Lv$RhED!1duKO*&<(&CU(f=;p$Tj
z<boxEP3me>+&wNc96iNDuI*VvO${VR!SeC|mH+}e0I=TE?0oP|A|H@CfUTMr&yZ2g
zuI-d1;_{pC7kKxnsVQLuL5KsVhepb!2@@dCE@G-!!SP~O37>!fR)7JhQ<e(GHn;en
zUE*P}`40mjJ=qGA5o73!$Yer>5fJjDtf4UgY;gHp|NRA*YymJhl}qPj@w~DE7N}s)
z;=TeZjlmbkbuD<8F1#%NQ!Q0uZ1tcW_jAap7?7v|JH~pL5b0mrwH~MSLXh=h!PK7A
zoF>q9V0ilD)pk*bo$de3XjKyYMDJU1@Fo<-ss}bHy<r$Il*oj2C<KK7){8@-cY2m9
zFUkn39;Aptw7@vUJb1tZarfF$6V|!<G4R(ca`6Dpf+<1%wcpzSI@8(|Phi&vaI^zQ
z1q$?2I><=v!``{9*8`10fl9np6S4_U>u{iYpAn0ynyG<-A3%c~!60p6VF7Ta>hzDW
z-yrzjuY5R+=f^aUJCq&mW$!NgVqAk;Z(V1*Dmb1kGyzON0kIzi00ryohJZtX$h4*G
zdF!=8{lRTFAoa#g3Dxy{L+ho$*7TPeh}abS^Z99Yt@(JydPTzuNFY1wghQ(a319%o
zYG}Zj#hMY?k_?Q&s65E?+9X)L*`^je2M;+Rm9W~WXKJ#@85I>J8P^L$2Ryz{{0FmD
z=D?a5pld4h*Z^k(Q-8o&r@ZEGE-$huf%0y$-y<3GiuRP2z*V7NdXy!Z0;C8i!GKQ@
zxcUJ|33J&8NEknHab=}V+-^j}M5znsmOZ&;`XcJOvPtE^5ywX_od59dv5h}bHvOrq
zIo8>Y&l{rj4$L0!7M(O%LifHsN7qAVNTyW93>FcNHF44%uqOm{6A-zzd0sn!FQHzc
z)dz5JP^tk<6>v}oi*91)vEHxPn^p>a@=L=1a#O#gT}|<C@$nW3zNo^{W2JXxtEL}0
zu1OL)0YeRt76@YG&S$i3C+Fq{Vg3xZw$$-MvC@TJRaK>5Le2^fyk}H~kQ=bNDWwb+
z7`>$e^SpJJ|4A9PC=w}4_No>+GRf51kybOfqKnC>Q~t;aFy);KAvaL2<@YacQwt7y
zD~)u0Cl&NVSEKPC^uPI820NlI**cW2ckyaczk+?GrR3G&O>fRc0%)qZTL}hR!dgvz
z0ML(%%nDFVSlrpc!DjpYKVtxr19m2mpG};cCY5kOf0(UlXX_=zOI8*(Zh5bS=e>&=
z08dkAK5=%nXd5qG*!cW(ui57DQ-9I}PF7)|8bbf_2C{et|4(gn#dV|Jd0h=pf{lt?
zJky;4i9MBoN?tQ0_w=PeKDp{=OiayoLj-!e!dQHoyf5e;lJ5iPDg6__j}z7+pWfvd
z$Yl;yZ~J~B*D1Vnn^C}zLk_mb7yxX=Q)|;ABFapB0g8NJ=f)E6^}Ewq`0YnPN7Rxe
zWmEq93#~<J6v=Ux9Az$v&71y|8d*GE3JnX!Y#P<VH=iu>D9>~3k=~F;vMt$C6VR)@
zILr{ueFxMNFh~QG;^0Wy-Q7JYd_zY|YezUR>)%F<;MmW(T}&{m)$N&GS9t&yf|IT}
zNC5dWJq<(0z_ll8Ys&;<*5~ED)J*ag8UCpy#C2z7s~zX8TTPVQJj_hDXjycb)phz3
z@wb%KfOu0#%TaH?Fv>8X@VY%N?xZ-{VwL&k;tjmyD1bE}+<;X~@a#<R^GGR#X}i(R
zE&)sb3zd4Ay^K>d#jox+FycKR#gBFHkT4V&B>zAvYKi(JMw-p;_PiwspohYgn(vg=
zR-yHYYF1B|E|UeT0^iii4d*wbxUZt3@N7+Kph19e-DdetfCBceAg@S{4A1b8t2{2@
z>nWuGIGzuM>i1m%r~y16cv?W*h3QCCX}65&+SG;F@!QrvSyDCm+}Y><-RbIR&1$MV
z0Ba|1h@#GHY@<y7k@o)jcn3Di1I^%AI@c7K(Ss9ATdcYAK9Hr#hymw6rqyHXzIaLW
zx#&QPmM_C&9baagz(fktzK}FBm`E7L^WH>F1dR@$C7taZZKH9Y4*+dhoW<DwI9a>#
zK9#CljaMR!mTpMIRb8oXf;fL4s{0Y+cVP71&7<z3L#%1o;kT|Yu0C<CWfX6RM3Uq1
z=bZ0KJRp?wnZ^g%8K&iIBM*q^f9fS-O>mD!4Y7zKTLbeX;f-mv6u+#|HU}L_&dtu%
zQ^*WLbB=hU`NBx4hBkBvwJ%6b#nUeEH9@GcA-jcw2MPQpQ~^U>dIWukS70OT9A}Zy
zym9Dj7`6r9VByi65CXRLtwHaU-<Vk)===aqzjt`}ms;o+2_QMJu^gzNK$9$4s4N*L
z24qz1asZe9E@|?L#||+BK)a-NXi#(9S1@Jz*w`4%rEMqMH_P+5EqQ>%Hv?D&N=QgN
zxQI6WiW%5VU*KzZ6!xU-EBmA>{B}5KgBJ%a`efUePv(9BpYz#+ZxCH#hDy0Ge`W-e
zRRno)<eP_NSH13NUKFva5<5b^f#}DNCBl>B9B1{<9s}r7!a8C&8fm{|U(}3#e#K^<
ztYbr2UV8V_FK^`U0Lse4xg+53^Pi7V{-`MFw@0X$`I#GwCI5C4PUMRSIHjtk87+Y3
z#{<&ENqsj7N~uZH$c$j)x7P4#h~(z?E*n5>^a@L71Z%v76ru2f!A=*a?!%IsvmEx$
zQ7~LBS$?S6Xsf?95-IV(`<?w@Y-M0MEJh`j^BL2s=Te)!a+B;M`d7tWPMzcbE-ZpH
z+O(3krsz22HXm-!4_DgKK>-CqMZ)@wE-o%^0_o5ga%hGr5S~&S9lK?s^*HuXhLC$c
zWXfa23|M^qy0KTBUDVv129&tW?Cia;Zrsz84|tpae_w*D`8K^1qUSL?A~0|_{y{eY
zn)zH8`JhlAV`AlxJW%0OpiRN$PTp>>`hi|C!+oaAw3kbEbUkgiT|o*QqD!pa)Sk(V
z0r~^bpL$4=3fVaPE!4Y{FN)<zy*+@|yg|K<92;ihTyJJYAz}%5PlS{!$2=3i(=&UI
z$DJ(P4Vd`|BiUKO__5S#iCUkwdk=b?+Oz)-`8N0ga@pU0S(5+ODZiL>VyP8VbnPt%
z68ctTiy*3;xBh=Fz(RquDaT0mS247=oJt;ZYk$W7yHhA+dCNInVVEQ|FDYk<E0xsv
zu!6gDg*xfu%K*eGPQ)_Gi}>s9RihFwQ6H-#{Lk^AX2FotU`_BCy&NvWjA1WHfQk)c
z@&020LmIY*-2_{d7!)prhd>}NmVk}t&H+teK!qk;cCk%u>1W}80(on5jG_96AUy^U
zod_SL(Bx!jA&*<w`Yr1!_bUm@gv6RT?d@4Gjj-+NKkB*RVQHXL`))d4Jn$0GJAu5r
zqEv1wLl|{Qc%9`0q%Kj&)<L0QFbEocfFObJcbGI3Mga$o|F@yOH;AyC`|k3fw6c;4
zfX_3+#CayPcWd?QCZ<TW;sh#he$6O`v7)#M^V<IAODF)jCNyU#p?pv(70FZ}_!D8S
zw6{5a9ldwb``n)5M)rwiv()w@Ou6Ui`597MnDs@@52o&X%)W@*XL?tGs>nmv3*@C2
zS+Z<9D_@O%{`cl%JQpCnn_nSMHs^&8hrCEejXLd``HyhKaGlD(uq>6R$lZcaEqRC%
zrT$re2bVWH_cBXb2l00xg4wFB)Q9pUh7nVpp{<jc7JF;RHJu|oTM6^z1XjFPuA!v~
z1CW=Po#=!deiJtG!CZ85J04gr`7ae5_$6thLz#hICt5<6L@eN|aW@(JRT^)O>Z*vE
zipByeWbHNRz^|}NtdQTA&cLJ(V9ek|ET=rU0E7khhR?4xqA4u2HO0#%sM)>(5JL%2
z5ex1jR3}hDMvB+TS0T~lS|B5qE07>(Gdk(d&M4fu;RaN>UjcdM;F2BH)Q!p;YQ65U
zk#Fbm)2uGFLROx}1cdNN<*)Ng<BiyPoy^FfD+dRl7XUV3n-u^$usj+Pk1d9`0<DFH
zxb1>gx18o*>RjdBM5Ps42UL#E-o5<r(93_lI5VTZJ)S8;n+UTd07C{P5d0@98Yslv
z_NLjnSfiHFk0N&$ouqXJ%$pt_d|M-$o8AMaohg$OXxsct_RE|t{zDkC17fNqj%O$W
zN4fG8p&7Ukat{J2F3;0=E*=>fJNSk-pKVB81s43uKkZD~KW(K`D`MuRQ6^@5CBz9Z
zOszD=<3)?9*;;j~ezJ6wM8O8{^U3#Wg@3T}od5VC^YY*IRe)a2`xiB_Yp()6kiH{(
zEltJ{633v8AA_Du^*ugppfpmaG}3%HI=&`jPM%+B-c;cu)V>KlhRqb149CaOSi*^a
zfB9eRhmW!FNPh4&`IDZjmxt#At}Bim?O#5{GAO<Xu7dji^9008tJU+ik#j+&dP}H}
z!N>bf+2y^vg3s0zG1{u?D}~!dhO}k;Ve10fkTE&e>!~cX*SsvD*Rl=+`NpcD4&|+F
z{b`=BaOWXKiglXx^}QOt$0*|+?VWRXZ|W`mEvmP(d|V!<I2y%67ryvcJ*`+;J#~U)
z?|z1hC@kD%#dW&pf6T=`%oBqlZ;DJysJ^>LTtA)3MJ{Xgv7_|cl%D-1X&u+TH=Dbg
z+#-B9*c{EYK0kl{=c2y6jEIC>=@W7M+$Ux8*!i07Uy0!ka`y+L^B(f0t3jFy9+D2C
z4r6;w0c<)o9dH=KXy3<PJABBfs4&!kaKO;Pfz=r0b+P(JWufxNDXKBx$j-SJW$%q#
z!@aeFL=*1g|IM8sL^yvkXW0fe!T&6Dr=(sE={lbfn%ImH8eeu@9m{lGL5fZM+iv+u
z-8o80Dsd78E3Hnj%F8(5dlXhi0QzS8pVyBmPgn>x?Y^-zvafgGLbwt>qBJ|<lj_m^
z?d`%#TGcXr95;0vi{+NZT~;-l&g9sh@JyY?`b>*Y0PgwRm(w*bnY?c4Z6?hwX9Qnq
zU|Ed6>NT8|=0KLr`y1ZZApUS)RPh*TU9OmYWp|Ek+@RicVixEkP{5gHZX%j`S1@6@
znwF!2#&f^$vflWYMGysrn6PZSk>gYwoS*+JvSxjeq;+{`NTw*}SJW}Q?Dj2$;Sq-$
z2CRr^ax4|Sx{7S@Oj>pSxs02PwZS2m)7U)?z8u>#&G2;oZ-j;C?hv!e$MfZY+Isv<
z<iueqXIaC=`&*<Q%i;3Yx|l1GPrJGv_P2}CE8MA)7~uuF@8EmwWeb&aRcUKL#2YFx
z{~+iEhm#nf#~G>!NNqA6cDL=>a)PVZ_Jro&gVs^#t`<l<4E?|K@Atu@S0y5FCXY<o
zH1K%eu>%+mhJRzxshd>Tn3<V1ZbtJ#+P!#$-!XG>HI$_HJHM^XDWA{5a2yfsxu_aE
z*Lc3;u$ukr{d{O<#6`Nl{<ZL^^$)F@;$!bip?-F()72lyR@$0TK74t;?*B=C^PVnX
zxiC`0{KXc74ClpEWZT+F-cg_RsL$OuD|G$}jxOBl`M#`iFUuzmQih6z;b5BHUh{G%
z=Fh1XX`x{9FJq}rDRgG~>WHG>%_!((+AMGB7i9_9(g;1y`0t<3C_*fh@$F91NJCPa
ztHOBQ7nOJ$zmo)h+$k`s%<CdRU<oP3C6r#nk=14a%bE(+h>Uy-AKQvdsM|6`EEgTK
z<HStV-re|eIh}+!mo;Oeo784r-P-TrFI0KbL)ZQN8>F6hv(7MUabOPun}{y?+#m6u
z4U&&eOgR2q;sIPEJ3?ym)QCh{Jd3uQwdGE{Ckp}(f)9`-4Y_}o@8IEuWB26Yg*y)q
z>5D8tSopYcj6gpahPwgF1=#zCRh6zw_K1K7A*-N(0q_5{@>V|MS0dv-Ujp(EVHgkU
zgVsW9{eMq6Cm!~+RVB`>o^PaE&76iBZP4quU!?>{#nF6VC7MnnKu){}!;l@xnflf&
zhkf~;x>sp5%@YxKRcC8-9U<$H$@ZKpo2Pri+k?$Go%SZG(sUP_VP=J^^FTp&ZH{ef
z>HaiP*WV6~eoFC$g$o^F9L?j;;-R2)t|q%5T~p5!+U4_{o%Q-UQmbxRQ&pqqH^urY
zIi=oIlh@zdu_KB-!(L%a6^IQoXgH5JpFtDd%}EPd=@r`dW5t-;o4O|+ugu64oCB(L
zoQVyohoBpAZehkZEU3EQhnOSF4Grt&;hPH+5YdQXb}dUD2Nj1)P4U6O2xjKyLt74R
zS*}W{1?{%CL^hZNI#r@ouMYsFFYn8kG>1mZGF9>jNHLzPF-GKCcEZrV9oD${o!s8r
z<hV2U(-LPSiNV;zL#xlLYFmmz3cpd-T*V=k<fnIkR`c2Mr=K}t58sG7euOXjm?acH
zO{KTqMIkweznzjF5$33tiz~Fuj!$4qqg$k3)!FQgaLjP?NzxhWW`MLlKG0L6jvLMC
zSdD4DstERbYs*nXD88_I_Z{np8Qk`SbM;|gGVg`aj17sww5~V*WfPbCUYH{keoh_R
zq!^FYIZynr_{SKoCburhc;gULX4gtN?_uLH@4)h=29gE?`?EE|iqsFAhYn%2bA{;g
znu`}d{&GdHjkU4Kw$B&L?Vt}JG5OrGM_I&Rx&EP1*9GVN$<?`I1~+$TCYxP2)%nh1
z>rdB^&IslylWji3o4p|h3m*t=A}#?zzH+G@!0=!xG@Q08qX6X$IKBr+4pp6<c*iGt
z;`!os+s780$OA{6{gtp{vKkj6C+!OC^Ye4fGMJL&JWRnW0LB;x>@8y72YWDM75%AI
zs7k9VAT#rVaB=OgPW+>7#sFuF&hNqy(==H|r*GZw7Kb10$OjbH*0{*Ygs8rhiTE#f
zG)D&yp(;Eq_TVNtsBJR$+d>WM8wd5+RBak_U6RC*eCWE5dwcD>Gkt9{;+ZB+VHepc
zoT!*^cehxma(19~dW7FcsSo<KJm>rTtIrd*QytJxrAz~1fpz6Awtia;)7XykO7`nI
zL)+fZUIMGP@%dhxLd5HZ=_7w6beK`h<QqP!6A?eI+IBgqKCoYST)pqTsfhg*fw!z^
z=%f-X@Vtjxj5hY(g^aOv9$pknQ}Vyy*~n%oPPh%4e%lbuQ3w``-)#7wol$lw%TLC`
z#uMf-lO3&t;MZ*;nl;|<XjE@p;S2MbjC}4-<pvDs=bf_hc|kwzYVOA~{+@&3^2YoS
z3*leUC)(?3Rk#=i3ALK<ZBYaKinD#vVAPhDf6WoFk+?*D*Tn@pxMDFpzQ@T-oYx|`
z8b4g18YX>{_orWq-u$)av<o1l$<HLF02T2%&|ckOdOl;C2Ri^9F%#2?yiQgabVwE)
zX-*4rts@UVv{52U#vs$A$B<+M6P`U9)zh9DIjmRe*hswZgTs4nwxMsZdXc~{6cZN7
zHLH85$4@fe;1Hn|<x#g%_oWV7P#~m?TvaaQPa)T+hq!x^NF^{kLggy09IrnoO_hFT
zH;3aqBJQr0LxAkDXx2-uiPOv8-9*J=HC)@T4rnN8CaIV_WF?ZnK?fIQx#t8cG@mCR
z`s<+N%Rss}<;#MDwLdB2n5j<4BskUabaVrpG<@jD^qp}#3Z<>tCwBX34f)KrRU`b>
z#5sldMQSEYokW8dB(vnndtDgRSEfI=o0vz@NFl2)>E-jUp?`iCx~~;!4OJo-+Wbkj
zL9>1JxgQsz_jl>QS$1SC>)DXf)%y#*KvIfP$B3NveT_~;Q=N5y%jhtl<<iqGZg5(>
zzt^*ye~mWu7{WirtlCkmUe*T_x}p;C!lr#N6wZP(U8m8Gbc!~%p8Pize)F=DZDe*<
zZfFJt5*2Y|Nx4)5a@h5K`ve%waIJc=9l50A=(+g=LYKa2sVJP4%7(g-$>K#eg|M3B
zWA*ofAa4z+lReCje8omkVHr*9q_VX4AwI}8(0W$6#0#>Dpl;PMtW6rKGYr|qoIl4#
zDQgX);ogi<7TM3&zV7~A)0ALYbD4J1@0c$_<D_a&i;UkP42ffZId-4p!Qd+vq|UKk
z*f)7lPq4=LthHy`>^sH!jo-AC2b_L~Ne@(EywNm~VckFeE6B$er()5h>2ydG(IljO
zJImbVLZ2t;e90kKO>`NOurbVXN0j(F9-((gJ0&`=9Ixa!GC)l2_kS+(0wqF>-?Ius
zWRVqvUjah+4=n~*Cf?{MGDtcz2NS5&7IRJPtQ}KbY3HUMFTrd|Nt+i(3KPFP!-u?a
z?y}eiG1UVgjh7yo%B8(fwX!el_%K8t;4e>i$B_mLP&O-Dls4!pmvXX(n#>SqQ7LUH
zwi+%T)QUX}gMQIq{|I|$6=GoG9lQXEzDt;J^tF$}U>ZHk_4TIXvQ}$;jnii)N4~j9
zW$$46J6!7eo{j7i6y=w<LR+p35x#{3eRP~v%{$!?3h7&qB(mE9rMULlLX*PcD8qCL
z`y~{ATnl<u`HyBH%~?_jRPeuV99n~B0_lB1tP8ff?A3p#6V<seRrded;{neuD<^mQ
zM@3=s>rdEK1q0q~Y@+w}EC>gN=;vs{!Hmf*>oabMCN+Gj4%ervV)F~FYT<V#4xzkE
zTJ#GpEtx-Y-t;g})wvy1G*tS=>LyqpdlMbCQL^sicr$u4=-2aHp7F0f<dc`m9RJR^
z>he1x(eGm*!6iN0lz|gJc73MVA=^YBsQ+uu*l-kMx038_jilaVI&ti<`0#BsKt@ej
zSGrr?NdyrQF*QAXvt{+srs#dM!<IC-gV~5)8ouA1);7un1A^kIA)Q`=&0@<7R%xe1
zh8jD{Cj1c6CLL78FcwAnB%_)e#uxKt%ms0l|E$te;~4_vWh<@NYTL!ETXSv-g#Ozq
z$)2gf^p>_wDZX|_Z<_#gS(pV9+XTNTZU`)F1MnuaD%6uk(fd4aTNT?WG^w`YxO(+{
zctiPdSTCY`(4`^JofIqAX+CnDS#qTxG{pu+QpGQk`;1QV%ChjDEr{CC%KWm%KPQsB
zm!DZ208FF*dCEE5U07uK+*#<%!c@s%;)MbK-;oO+oOxIs<Mi2W2x?c<B%f1f8|Fa0
z#`Z}wV_6%tM>2vCU+L<4l^5R5_(3xNx@(%mDzgrH{R@o3KD-7WEn&oT#p8ehhJ5@V
z*&lps&A1WgW%_oitr{7*B!V>$<BMoIcZsA8h1D1HBPg5b9jmw+);e!Ywm9r3wJNZi
zbQtLf-}!l8PHWt*T(=LLZH>Stmf*CfE9Q`6i|E>RXd0c?9*%2cv56#^ZG<W$8~PdJ
zabs&-Y-;Ha&qkeY5`-9<Xg+3-UdOXA`rOnn7lpix{6xh?v+l3M_&JUOEIvcrSNZw*
z8Qk^(#aSNVAhc8P#2?Ls1tKLTIjYW^a@D_N6G^Z+AW->Lc7|CsrYbDh&*h!*Q!HLq
z>?b2;#o9e4Eok2PXKq%D3ZsINkc2_K1IIz>5ufME1S;nz{FJ`^J8Hv#EgIp|Ul9os
zU3^IONKox+V|15|NOYH`+yUu62dpv`dIfjguY;?=j16E!1AsKa=W^KTth>FvU0a!}
zY_QhM*nVtI#?qPB_%F)d_<?&sEox}t)o4B3IEVF2G};D4r~ba&R7(f4Yv<q+@^uB0
zFm!L&Go+21By3LlVYj57x~VowyB6v3=Ch^E4Juj(hT*r@W2-OCQQ!_+gAKp##C(M_
z-jN+`?JE^^Z1pxs(iUPK?Ht}vV}Rc!av9$^+9?L5#7hvr9l0<0bk>KLjN3f@5sMSF
zwSdM8vo(NyX~4G}1Jrmhq5@HkaTG)0NI^;;vP1jAwZP8pZ`9h{cP>NdrZFt38WbQ1
zX$lYw&q%kfdrrKyX;`4cwHYennO;X!$l5u=*?zr1ilhi_TDlu#PIo~u-boN!`^i4~
z1O4l<entWNTJ4cBU0A?P_=Tx|!bMf{@_6<&_r>LThKB`l6_HsVe1iagcUwnez+OB9
z>eIBQ`s(t;iB^0LMhAH=T#usqVH4MW>qW07Xq@pL>D~n8mA3b?&=0SLSI54pCR<RV
z#|9KyTc7iE*wCBrUt=KPJiZGdJ#z6>k|d2bmM&DDx%uV1EIY6kg5_zfb7b$_GW{}E
z9Yq&um<p-r&#YdTT?BR=wKo4PVilWnYhS;v=tUL%yE_(8G@WxjuLBfAeaGLo7JE^t
z5EMElaUpm9_#rj8YZuaVjO*jn1`u7|P)2;?g2LuJvqIYX1jY)F)fYxot6$CJa0(Y>
zj8fj{Kz?_ty|8rLPIPZSP0e?!h;=^3D`*|1j5gee;(Z%WY@cAj7anbv5^J)Ppi|zS
z_`*!<{bw!R`VuX=W%_@_#_EYl?Nvt5eGVS05f=NmNgmm%({y`pk`5AZBro|H;NpLz
z+bmp<*3vI!$TaCtoxrtsT;KCIT=Up0dJzB#b^o<@QE@Tg9KT4-DqeZg{G?^n+8Nb5
z%farWy1!ItLVbDdnO!w<)Z%*Iab$jJ?>vw2@p4bPZB1rvD2`x(2crY)^hk)Oe{>I3
z=z4Dql=s;b|4lK!en>ffzFj<gJdZ~%XRO^a9|#k{N|zOD;8;$!z)Pu@`s>Od#b*v}
zzE|vfm)R<{TZoUe*Yt5sc@a`{C$K9<p%nMC?-g7RYXYO6g;Bcn7k)mhCilHnc|HH{
zRtkAR)t;d$)hRsF+m^m3uj;MO-gdb1ksplg85z9uP@0(}jYgN9>U5D?Y89UgW83S?
zS)N|{>4=?VT)_M8RdgG~v#VNl<m6u<VtpZeXW~r2O9N`#_pj_{#Bq9FOm*7JIj{1P
zRvMem%3w41C>{l&qtmPGF$aB*F-_^s{jGvaxNmOgll6#*YIiusHQ#jZ^RL<RZIncy
zM_ZQC4?t7zVvdYdQ>4NCw#j{e|Eg1uU{g7*^{knAf3g8<ypH&4Z&^aHm|DsCSn}9v
zlFoWQ-ETU=&?H@N*|3fE@NR1eAF6wO`pA}X*TvuB>r6zj(h|9Cm9yX+A4@lXc$00j
zagpn;=dnSU?t-@Ymmc+@AwB`o(P}|JmXHd<6NrIm&T|>)UhnlqC#)MHy}sYqk-9co
z_BJJ{3siq|H*3u53srO)wJC!08^30$Q~0Ke6o1ZN{9>j%-tDPIW+W_gyjjG7)LHv&
zXH3)_D;TG|YT)PYO|yoZH>w2%KR_;MqH7$f*oqfgua1z+<m>Gmun+3dYHjXcut+V8
z>-ZDlw%*K|m*}6|kUVedMy_fV@@$&Vlv)rpip$vh{6`1E2K8@#<3)S>hKo!ao+C;?
ze6*tmBUtDIZ^JlkLF&!uDV04TTYFP~5n|}aKZF}J>z4vJkdzCEv$@bfcDCW2SiG9{
zUE{%V6pLr`m`qG|A<Ge)i)HW_S`2Mr6?>q?4t?7BfA@mE;VMjH>)2MDg516P6^|75
zVwlu_WjO217s0t<vA-j_RNL2leNnfaC0s5d%WPh~Qx#)Z?;T_uDz9|a4{3W;N9Hs1
zamex#M5B4DE`kszhEa`Wt@ts%?LBRyODJkkTe!7HU-rYYHUdp2&5(loE2sS|{<pl6
z2gldg*t?>(3KWR}yl@hoSIvj&mRiHSUVBv&ztb+~Z)0qf=N-pHkRMaLCW}~(9KD{A
zxsG)tOjAc(pZ?<JlGOR^u&QaL)^VR*B)r@}4BZ1tYz~Z*F(JX>@5gd1KPtrtsakI|
z%q7twiNo+&e65|cPdx<mI=jqXj;W;>a;V;ygm7iy;N5Q>uJbB9?`g}nDiw27dDvwN
zDewH6onZS>Ik>jZDivG3QIFrlm0V*Lm>O^0e);)xs?ZKgBXn@7iBnI&WEy)qN?qFh
zC_~DVajoguBX0fD^xy67n+J6<LMNt_3xqmHs(4#Y_j~tg>v|QmQsf=(cH6Z43E7&j
zG9=z3Z^25&Q8@3<dW*cGO7_MW)n^YmQ)00B{#ErkHj|KjG)}u)T7Sal(uu;lcXqo&
zj`Xr_txc|Jzhnjz>3vQT9ofxAZ5C!?;_J9Q-TbG7Qp}&MLi-aGoGB*$oW5cb@JTw$
z85z8*<sENG^Li9&?OL*k$^9vAHo@t>Wr<UQx}(`*{jG_O=;>~i<nPT$ycMJ&>?eVS
z;k1ZRLzD#sk6OJO{w(KOi@h^WeJbiSo+z0P`TMMxiby94q*ri~LFdDwe1ob#eI$i-
z=jD-!Z*5di(%*Xze~l};4@_-sfaB9=bb9y01Vv@&a!kQxaMtRuwRFQzz>z8%oi>mM
zc_c@GfCi`Wi}B8H0zU_LhJjuNEot3hR=3lzIvwtXHJqm-YtRo$680V59<u1&Y~XSJ
z!#A4WC!2Um#sHi8VX2sltvXNAcz9E$!~Gl1(><Pz&jjmIo;W6y7}D~*r<GJe$95`_
z$@FlC=5|DY)42Cfcp9Hy>NouNA?^Dj9^W5btIs_QOJ2_}R0h)jPzzwK#7ablg{OK%
z`CWk&g==Jk9a-L$zHozr9rKh|QG0&r_1kXG&&^p2U!utu5pOm+Jc7wrGfk{i5}6e<
z@&9>PMNZ18A;S?rH-x%-PaxELJ0XxC&_Q?*E)I@KOcn>!*IbR-ua5Q2S9cUnJE>=@
z53(!!#?!s-W1>&bX2<OZ^7EIR6iA8;6|=uMo?rdv@;J;J?u{B%${F)Ken5Eh@Ns5^
z?-S^GSD#(csm)I#eC_x~Y-lG_tj~Lo3AayX%^NRsS)$v#gX9;@r?#UW4y#theNu;l
z<EMgrBy)GoG9{+nnTSYQ{wtr|{<ZAo{hDU~#nK4-q`xwb)%Rfa5|6wR%9$cRS{h3(
z<epL9>Hk;LR|i%7ebE9E5(3g7?WH@UyX4Yc(jlFKbV>*)%_XI~Lpr6q5h>wIH_{F7
z@O$t1mov^da6TvYUTf{OyaRSA?H4bpRd_JIxHNsUU;L?8&b)Pe=hx7CE$Bh!@6!$U
z7WwU~HIgK`1Y+|+g78a{J{;UpS+4);16MHA-G8qw{fDH~$`=;TRjhnFQz*1G_LGC<
z3wl3ESz~SA{z|)8A$c6r{PmBo#SLlPmOj$uE($ycB&NoivA@fd0peKwfswnwS3<OF
zP**BLfRzr*cU@W*2UI-P%qXG16X<71^=bpr@MRH(R1S@$YA;;Ojk^QbztU@vIe0$3
z%=b(Bt>0NwX8|i`Rn5FaZF{*`r_+|7xuwt<TS&LdE!i3()~mSqIvF*VVzNPKTyYT@
zwUub`9g%@ifxl<QcP!>^x$?tJ_Zg2vL0s28@!JQE5RoLs<2MC=wkOh0=wEI8xet8Z
zen#h5!~S2q6z#TAC0BFy(4=L7$1aoQK$5-P+y0rwTAzy!|H#4Ovp-`*X%wXW#Uc89
z!qJC~K(moUKNNv!uC{D7>HF|)m<HC<oS<ey_RmW?sOMAc)wyrvYBVb%WKad(hCwG5
zIThz~oNojTOZQo;!j_YX3B1aGB>+ZHubi{yCYhrfpj8cuZzzf);Jfnrav6j(J5~f`
z*wTUh>dFf<A<+nR!7j%1oA*^{z(o!;5t|5q`6XHD?Z)VK0V>U8V&|wJOqImRdh|xD
zYbgb@zqMF;v22m!t95Zt;%4#&8bKgoao1OFCdW%o7L0$3uX&fJ$G<$C>0yfag+5(&
zjMjX#rMU93%ip_Qbq}##qo>ub2Cq|ra(zNoJyI;3bLE&sj%iK38P4^d&YIZna4Kx?
z^P3wEly;|7Nu$h8Za@Gag~IGhh@7akI>ggmEy%kme~s!I(;s)S5A-xEs{6X*l(t(p
z<%G<kX>bDjIC+9lBylFS%wFS5yU4kYH>QxGLmOspE6wq$iHOGa`WC)xyLhceu~OYm
zS>|s&l;0$Ll;5@B+9W9yy)g;gx70^7wvd&DYd&gsDoBc>nlYLS<jfprix}VMm<6Ks
zIEd~5)D-Y2)4Q(8nVFU*CV?MoQ&bVQx3)m(vTvR?yt(5l06w8h(^4H$jkW;3#wEFy
z<KgzI(T~j?F7<Cu>+gC@a-!XL-u{0rfR&zDyXkZ~y2nE?6jshK)sd4$!dmc9&O8S}
zGqao1Q25gLM&N61FaR&F|8*<`&qcg!C2GjRdt&Kc?TM_FGU@t3L1MNKP`2a~D)@%1
z1@LXfJv5e=6wC#MoAOf$f)FeUjh)BeYgZi!5A(JAr?x#^K+bT<$nUfp;wt%q$z~6E
zFmQ%murfJRo-8!bCG#y9&%*rlYTI#8!y-Q<(IxQ_yf_HzowO|cb4N(mcvkJqbEGG;
za!MW6;hACibcTwL4nv)ghlgq?vl}P~P4@I{?ys?rmECnl4B*?}hYAGvj8aD+_^_>w
zMSrU~!`-jyLa<cIG<iB(DO?$-J`21u{mn%BHS_Jiw@dm_MeFOHk2!nn!b+cW%`b0>
zl1yLh;QQU$p0>EsPQ<5qQLs`*#txlP5tObM<=J5)ri3v6jnT;hpwRrhZk*JhArHwb
z0s?}X3gUYE_~A|Zq+u}T3P83^7k*nhqte-;SsQIa^LRvz;huJ!C}zgr9yA|l!*j&T
z|4#Ma-l5z)W_BprGxztQggQsi7MM(=zq<aLNoMJn(;cO32QaM&e3hU4pF9FDTU}Nx
zmFoC!+XjE?8cVbvu(ww9d_eh_EHG*6^XdCQv~J@n$Aip|*fb`L3RX4p5$E$11_y8R
zggw~|KG{a6*1(mQL>+Z7@|{Ejy6%7;cB>JOjR+n|TX_Hi4|U~@KaOXb|0fYP6(GNp
z-|`CgTkEeM(ceF9>_Q*6o&>s3o}#~Fl(U%Sks5c9O%{ipf8Qkd&>-*A0Ixu5i+#fZ
z0L*V`M+cUd5^3t9I+WO6S~WyjY|fUf3zXt4R_M4Q{TXQ{014Z(3cU5qlr-Xhzhaef
zTJ-`oA<Q7^_=n|Ozrj{3h|paS5xDp|YTLjrz}c0yJ@#6L%9Hm!X|FZ!mt=|TfOWo<
zW|&HYF~{syUn5W07<NpDw=R-^VhQi$Cf^u!Kpk@=NC^liYYD_F{<(O_Ov)}Qs+>F7
zb0$FSf#yL6l_;Ffp0@+BbwwJC33B;(V)pvHVe5Peax?%v;bQrw&zdyo6tvcE1eE47
z3xS{O2hsa!ou~e)B$2?ZT}-mS6Eea_4<jUGH>NlYuKn__fn|}MT!`{@Wz&swd8o(o
z$@2MH1)f#1{d+X}FurvaJ&}r4^@#wq0Vm(bNjFcFJNoumd=<zYtJx=^@z$uxAbeEI
z>FB$F(e;I-otM>1UdNNIcH-M4LXVxy#G<H;`A7NEo8J`V|FQWW(f~52(>9pY-w(D(
zPHb`k^NZulR>xASD2lycKU<6iLx~@)NsyJsHYVl@J<jgb%NpCFArbtyBiw1^Bn6`Q
zXmjJDR_`$?+0OoT{ONRmJT~)rG-@9yVR=YEAq`R*IS(fQ<ebpG?LO3WXQsPMzFcSq
zkRkmzOpNpL{=Trv$D{qSCdYujpZ!g|1PRDeLwBzPVr`n<Y7T{(I)j&qL_~#`1r1l=
zJNxD>NpLnJJ>UHgbZ%DHq9{DRdiT&KE=BUkq&HRQv@q+_3DLiu4Np6K{$StH?PQvt
z-Xnzkre`9DCbxUXY1MvT`SvpCD}7Wadks;lPVH$!>!rg>!gIY1?R6hk=`N$aV|n|t
z2H|?ceGN-^*&0T9YU^;i@can#{B2Lbj#?ToI5cntW_h)Z-QNq9YcajBUOC2=Mul16
zO7D4>&N9~NeRpXpONOs6547Wmy!sLwLed=h1&SBqx<J;&M~#+SIvoGqw1~hi)F%^t
zd;FxkqAhTWM@O}`T46mbDTyRvSntjFS?$xUmf_tcQWQn<$6Jp`{mGBU(t&*m<JFc0
zM7l;M_rDocW2#O9sbn#tgoFnNleTodS15TqEMowNY1V=a%J=ypYKq7551u#SpVIx?
zqO4N@O;C07@b*uXxVMP$x_6Q){bK9s_p@{#XH0Od0vg=T;~3kJDM#hgbE8;yBII0j
zt4|DJ?r4JrF&k9Fq~PawM)6rm?VYyX^^Pt#dM67~yy<4qDG3m733X1u{weufz&crk
zYqvXRfO<!vjm&fr`C%PN%YK&*4Y%Yi68QH5oljqblIgV)ZETOovN#h8r!jQhv?;Kj
zBEJLbo77R57v!H|{QK+wGqeF~WOYLWzWYxfn$lmjY#9Boued<r@aJDA_Dzj+Sq^bR
zQj?vB@mGn=FDnr{Z$_&xw)=J6+(iow^;dh)&on|w>z}5OwH(PPPfgQ(G8R8$ajqn9
zraf)a42{A&7&IjQdWY0kFOVEAU97jdb$3@BC4l{=F)Hn1H6rKboEsPV<uT`OWuh~G
z&}04|+~!E%rWok)_QeX#LC*BbIV1-z)9!6R;hFly_`YOx>Cjcg8#V>FT^%ZicAthG
zop?z0vO{fEl^9VdU<Y#ObAU`lR5X(&S7^NZ>Onfu&-4T~Ok-2GiH9a#GRt`513y<c
zxOu7r`@XKj7gdVWU=n<M=V2&Tx@kf*WX8qvg-`C~i`mp6H_|o4HJyt`xw4-Er+e<D
zAv)jE<%N%-?st$t3eA|I!ITKP{n7~LY2?Ls{HG(_E4R71p#2{+Y7f5<gqgGys0GX6
z7az2SzowD0?iPhA@gt!t%%1STyCC&0UM#+bmf;9GhzBZ8D6!jLqzpu(P9ervyQN_b
z4Gg(<M>1GO*_IqD;Cd)cQe&<S@3De74)rRHsj<kfk{a&1a}W*<wL$hN6zV9#*RM5-
zE5%8BlVO2Bv`=;il&j7{(K?Vz?%yfx@R(u{D&r`~=5TkW!NE$JBh54k?DCkghE;!r
zykP4aOf!aDAI8`;g<9ygdR=Q8^51jjo2GczFAYa%4j1!o>n2ymyURg(JPh9qC**})
zzHCDmt8>@iOFzfBQ`59<(|m9G->`QL`>v1*SxoPnn3Zh#ojG(tSCRx~hc)qms~tS%
zw#0fTsGIaVD9?PoVw)jK*7PpBpkSI?U2<9)m<<Hz_4M>Kn8pX3&W#WGVtshd*I&QH
z0dV+nQ!ZU2(Au!Y0W&l^L-hi;aNJIclr9*AkA(yX^}ApeyBOlc_q>MUz3!(%?MhK3
zei<r`(|@dRmohATdAeC(ttQJRMrS|n(~C>18vo}fo{@ZcK}qoETl4thh7TLVn3DSu
zf1-+=C|Nu;$+TZ7d}wN#ho>1@;41%#$F{dC#597~KX8t{R)uZ~rc4%W@~6vPrq!HN
zcW{Ke@)nsPyO#dfO<zb$1?bca5GKjl%ka#*Gcu$ZlzCq$;xZ5G&kSlO<2W~0(U;O5
z`8hIH6NR9v5?S2U*(K_5<EZZnCfoc9UyET!(@+?8skKRa9{gDCgnu5SI<ENf?HdM{
zpkV*OIcbxAhF+aq|NbhHy^8~tVxxf_gTYW&3;BCCM^}c4+0wZ4Y;E!jSjeSbS6iY|
z+pLqkZujjaLNY>6%$|akTHKV40Rdci<ZXK<RC#P{Y|4uJYtGk{6k?y1!s*=!D{dzP
zUR+zYL^&XB2EBH7cQ>GD%C&~^=D=wI41%E2gHW(!X~p=|oc?2UPBPyS0p-rJ?JvqG
z$u+(%*|-GdA!=KG^iTTe!tEQzfQSh@zAMwMMV@o3y&jB4sK2c&C@zzqRs%KxkV{w=
zzk%x9;;^sdF;7zMUpC%~4MDc6rjFt2`>Oq#89y9Z9eo7rEbf<_OiT~y7V{8ih1%IX
zty0xujpuntphtgJu|IP>z;x0#drYD&%0w(%rITARb(Gc_PrV|c_IkNR*INulY9}ZI
zF6{A9jV801pb|67l;yTv85?oF-V33`y`x#a@<o(RzSn?EJz?a}Wd}>*+mE$_OG~6&
zTwJ>M8cR1yh4I#iKz0T+QfkFuT7;OCbY!RiJwyU|0Zi(wPsoV}1~iiA9>4OZkNNhp
z8&YSyE<LBDdq7ZN&2n4j_bN_m*IcmvyGg;#SJ#t&LeWZvxy*N&+yf+`Hh#~1`bpEc
zZxo<_@BUtih@8eovx|r*0bZ;}$l;sqrybmC_nIp`)6>qYiwhH70u)Tr)q&Wz&lcT+
z$F1>z%IxVu1T;rD%764j<})oMt&16v`C^)VYT*Ua=xLX4VRmz;dwMP|%jXMzyF}SZ
zKP2Wjr#mD=;j9a%O}xBFR;~bQ-_*np4xb5;%YR)+B;Sz%o&2$Oelx1zybw$(6>H?^
zFoP<KGZK$7bKJ6gp*Jq^)6}s3#Sjbsdou1#JxI8$MJiEfO6bex@tE|E9!ED!dq@6C
zW);Ii#g=92mv}|L_ucj`yb6r$Qn!>d=$M$ghuJztCUf5dAl&CabfeXYY)PL3GYT^>
z)u~acnL7IMa~E%4-8-1v#CZ^$>++pVog8bD+0)}g>+N3Y(&t5cyX9v5l`DR?J-h<z
zxbbZ+`H?fBH67JDNMx%9^XW3XSNT+a#l9Mp<;Ebo^3tzD+gA=paq4T03cWeLl7RaR
zw_*?_<;x%pSwI#g|M)Rlk`A7Tv(~cHL2gBG>Z<M2!2A?A0`14@rL#Z`k*mQNJG@EI
zYjNS>NJtcK7dy*!)9etKksNO+ffYR<LWuQZ@pBb3?r@D}GV`({QRx5p*K0p9ypZd5
z<(B2_SsNgd+i?}@n&>|h&Y`5-7T7@d1eu0_;A^Z%W5E%1j!ArT)XbW%7Oqw-g(poa
z;*&h?v&Hr7o^gLa{v-sPY6cxPzB}8$@(j4Z_}N-840yd!(3*hZFW~QmNg*-<?09;C
zjUv|&Fd*GHyGbxzx4esQT-ju9+xOjx)U329aLj$No6oGbTpr@^O@lB0)U!AW*MtmS
zb^Hvl;Ugm>6Lvg6c|hE+(WxSo1b&Wkt+z?T7WW$c&R`9?xfOvp8(ae~94T8mypDNL
z8D!~YnP>9zkT1?=aJ>aqBcvJ2aKqoCh>PLT>{63YT5*GZ_NU&S(1&uZ`YL%lo`^2j
zUmQ-$LYpq(5+=kqt&(GI&ZL4bG;i9=Fs@2O-f8nGOlu^*w*Cw#QE=sCY@b}ONB_^)
z=|4ihz%X*JuX6cuP1MKr(9dmAhB32r!4A5hUj|#&`|4<OrdZu>z9!^ie{LF-i`wdr
z^RLXY$`r(Qnrn{xoC3cYX3ZMSZIU1vpF>|oT5C<%OU>KyaJ5^N&Qe2h!2barA7Z#V
zfJTkkEPjR+gL@DdSArh{=+P5~H<?S>uC#~Lyv5Zcq+Fc|9y})rRoc9i|IUGB{}THN
z#y+J6W%X<i{=Ml*Uapm<RSG4Nv9{xpi}&D(S~u0jylMTuF93X2S(6G?2I7aC8Y|E|
z8!Nt;E&i!*8X%cVAymbC*bvuZH80i};v7BA+He8U4q)u?{)FO*1E|^lm(<>{<RV|c
z_m}8+1Y2ysj+(F<AGR}0iwj-o@HtCc*#IlB<p1=r<lIk|5(257%l|1#^NYrx&Ejy^
zjG<5b_)gwpE=gcJ|I$5wZqKEI&CRZPw#4=an(>~#@@wAMadZy`CKgi@6DoOuIz1MF
zA4<s2tuX*8E}-$Yp#7yMz<1P;lVnOn16ohrdrd-%*ki09%32XiOUppkqAS`}^MOb6
z56d~T9q-wAV)hH!C__#1w2B1Y!+&zV3i&}9nqt4G`?ZH1$8NF9?QG*LWM++3jTu&B
z50nc+aMKzZ&}>&-7&IM%Xh?U4-18P&<=9nV4jJ5)v8di(LrT=e!I?23It9YvFz`s8
z{fFhBj0H@;G#K&0t^e=n6Io?qc1zVQ0zICfL9DEHY|?^rc*`gdSYH1#+1lQI)-VCz
zvaCrf?0$|L9})By;qP+#&2s7WH2hiPU5f2mNNX`;+FU%_T2+=Wej6RvWtkfZ5bag&
zQdZ%`8b!5TT_Xx12_afR;344|U}0V#;Pd|-wmC=xcb2f?^oW?2=x=am=Bt^Qn?qXI
zB;1F#&w#^=$s&&l5%9WWSL8B79(YJZ%p)h!voV>dRCk1zs2pZn+&;TGczhFz<1smI
zG^Wc}TcaXd$@AcABJeevhmS9rW&!-(fH#)Q4_g0YeG*tp|GAV6ttOzSI<wFE;XowV
zL~PX?)VyF9f0r>+EuxBAw|!wA4;hs0x(yFZbp=~kK}iXxp93UIuPQ&CEA#tYvp>5u
z5Wjiz0k5TnqhbvFXrFd15O%T59eK3QUx0lN&Vvwmpg;q5)_&C%eR6W5&?|fS7OU~d
zhB!2q1Jyj!E8V$RD($fu?uU?ivwX>m+IEVRiDeJ{pH}|Of~6l8PTMOm^83-;n&b7A
zAKphTa*rxxNtG$VC!-UxVk5$Xy_J%Zav-?b9&92Do*BJzHP$3z5|W(C%4l%Vb<IM8
zYW}!1=_9MOQ8L1^0;C+v44z)A%o1YpyEn-+dslub@jFJG$@7vg6Awq(Uu6wv@TDRQ
z4boY?@yP&H0XRurBra^tCMf7Ta*zmo(*D;_Q*1;zJej}}W$dD-59J@V3f_dkSL|mk
zaHgbOFs<zJjVY6xiyL_S*B&nY7B?5P6ZVTd<Uaqz+izzpIr;g+ty7=#k-vTW_K&IK
zlqr(@{LT6vMvB<ff;5423I?Oh=0}?E;6vHe4S|Ol+)DZLcF$9_z-&OSc7B9FMi`S$
zGP9@VyB}#YQuzlAPJ&Owgkg9v1hX3qSF;p>YQq3kII*4g&2_YJjCafgk@L<ki*|-?
z5oAU`a=n;UD*R$X^xP3UPlJ{FCYTC|usUvbK&Dh1)F_?R5RdM|#%5C?ps)V7LB8AB
zs8OS6q~bd4P~2E#_tq}ha9D+abzY_@<%bd-y2Z<^A>UaRb<lOi!oVoHZVrxIj7R(G
z*P|ahCa-iodZ}Lp#ZdmMsgi41hIVlETnTcMD3*JO69Zclu($&eiA>I<Zx*=+Hc3x!
zOl6egZT%E`z|uV%g9B5zj~_$z%AZ3#IomhD34KBCd#?ICbp3cR{`l<+3f9Lx-qRbf
zcCX+O!%;5#5NO6|uEaTq%e5kpeUH6o_T8Q>K|s7A07}ORdj3L}ZSz?Zh3DYK8+?+6
zYKC`^oaQSXdWRr!(uT@^P@Ohhnj$;(JHb_p@vWP^$2px@>!rC~URMq_uMy{b93>8K
zy9)ip++2TWrx?u6g)|J56m@zAhzBl4=Z#tVZ>oD-cSV~%3g9brgf`=&Mc!HO68qkK
zsJx!4jE2ks3DIXeuWuSr(8@R*SZw1>mwrsn3teM3)>3AA(_ayFY}+)E5k8g2cQgCw
zBcr1Q<H0y0T7{X|g#vI*>GDQKAf7fR(EX}ak@Wp9%hkK&f^0PVsU~XCIlO@_7k;!5
ziTZ_Opi+LgyZW>-@Omsmcz9d%$<uG!-7n1l%<=J+_vOJaXHpQ!-Tn>P#Z3PP6|UM*
zY|MCXa}0_B&a1Vkc3_70?6=}7Kt}F&Z31I68Y@;W<YeFb?!6aKg5@jd`!%h!bYb{X
zpi_?45XA*vS~vrZ+2zm;p}j}eA}9O<OZ6mQl;%4<Qp=QEb__1oVtp<k48;y=JOXO+
z=hu&wv3grBU!q*=gR97?=VCo-kg=*zO#`+RiqMa(nKyfrVGf>Gv`Jo)+&FTt360P&
z&k++m_`Nu%-3&n00MtUjd+8vZWq3&6Pd6`*NV-!_2+6=*+|`gKkTHm(`EQ`g_=ab-
zJ<6QhlzB_a<00$qWVg0J*05XBl<Z<n)l_<{2imQK<KiVapPMpr1mo-&dlv%3No?EI
z{p9OdPyevMxII|EvwSw+aHHFNqcuzaOUqh(Ij!#holtYrd?>YCgCWf)K|Vg&I=xMx
zoO>Q>2g6IxD+VH`fg_Ou&!iVF#jX1;YsupSCoJ{4d9n0Mv4cfKNH%)>z>^8lM<@=z
z3_NGIiYY`5bI;Ro>-QKqj8M9jD=yoqGa+zkhGq{u#{D216rw7Lw5_x}*i7H_*KIx5
zDfD{<9!4*untkRub-%fHug+CujwSN@^Dc;rt;&X?gMH7}lOS68YJ&vW%WJR_Hcv$n
zy2@P>MBM@5@pYh7ocA%((J=;Zb0ish<JjmZa1R5YX8s16UO$Zcd0=}P&yhehtcwzx
z-LYYjQ1`+MKG?#LnP8=b@}WnZU|<PS><zTQpwbt){}1bI`PeTBtd?0St+LPw;)i;>
z|F+T`3+C-ut#6iyL?5Y`YIGc2D$O^4%fB`9_z&q>nmUxo)C8QbbnESOX`$N81eLP;
zZVdktpEkvRi|a&F3<XiHG7>a2rmaN{Z-6O>lv$d07ZPnLnVEFZ<{GcH-!F(&K&{4@
zh}NVZWmA{h)Czw5lu1e{pLxT=TUk4mG3kovcB`Fp26((CI?i9xU&O>T$~aKnb}HJ}
z`E-rAp{}T58e;|o>fwa@CJ6lGy3CLdY*eDY|A7~WA$Atm24NK%Xa2hga|2u=N-f_r
z9o~ksJuD2kk&%#?`uGS5ie@(tMmP60PiZCHOgt=i$ZnSL68z|0i+4aleh?;hiJHS0
z82S#!Ng!@yL_u*g@SYDml0THf;^~x6dvKNim3G{grsO-DwQ@<)RxZ({1b|ltXy4!r
zy>@AyjWd7(4NK&jGHRWjgCmv(0%HuDE!L^xW61kp<HfA`WT0F#5FJpaL(TbLZ~mdH
z07#M*sTH76Vz#+Kpa!~CsEG5Se7@S28VEiCs|0#WL1cbb=TB~!#mDYuAzsw772)LT
zGq{RgJnj3JteDX+R|nTjQ%dmTFsb9plRSztbmEYt=<en1JnZZg3@qoUwzsBw)EU;}
zhaO^kwUvXyBU$4@KtxxyY`Vr#G#p<Hi&R{7(mwN*)RSMeR&Prj70oZg>218oEcYFP
zCJS9DXN6Y8?jSzo#lF4l(!l|OJPP0DhwCsMNnroUoi=)~b=y7;B4D2_?w)rMaJ&Vb
z$nz!t`QVT93-jq}jT+11D~p|@t^CVLbO!+%sKmQa6P40gV0ro+2n-;O=O{bi6^PzB
zGNJ&(j-7o1`~QJ&LpVHS@M`ZwTR6&wNCp}2)2C0mc1oNVrue|7#3Iv?CyfDH=BM7M
z#!2ze^)(-;ZZI$~nB@kB)^a4!utRau_M2fpqQb0V8L>6v(%R6w*Z6AW8l_Yf;(8*N
zKI3a2>K)bBCvTh~<<Ng0q~#FD#>uZX$u~@zIQnTlv;T9EEKY+<UH_5tWwkw1?KQZ+
zK%16g0pf{a_UhBg=xXbgIMO+VB)GlRHXkUY!Fya9Y}BGyxcuu%IKLT2n}M*>kA)z?
z;x|uo6OY;}TUM_^ug09{M4CqL8-*y#^?<<gOVg2is)B6U0b<a$mv7ENHTie0tq9VF
zGVu7bDLX75mg;B<|EBNV6pnt-!m<C;9l!e#fPbP;$UP`aEuJRAM0z6G+6O@Fv96BJ
z>afux=W}bIW$Mk~<jEVIzm_Ub6Marp=wKq2#6}N?Y~cJ6^?o0f_Qt3z>$#3A`3K_O
zEHCzE!3a88zcXja4-=vkr>{Czr)_a6Q@AWHLdzmhbHm8SizyZjIS7p(U8`DgTcrkL
ziZ{cYERGzw&u46WHA?XnrUzWPHkLGHv%e56qxEPqZ1v9R!g2R;mn+yw?ee@q43tYS
zHyy8DGYx7?mboR4hiFMm)UU4<aL8k*rRKPlr+pXTn&i$X>>N4s6)5L%CY`(#@E|i9
z_CbL_8l&X1lM6d4qg|xe@>pT{Vx`FlX@`w}KBIYsi(@0}4i+DK2CD`fL&I&}_ew01
z30S)fp7{z@e%Ze9FicZ=uRG8y!I4;`QC@(yiF4x<D3L9jts`sTM>zfS>)Sfx0XNL<
zubtYFUU+>o({kf{s>{l__T+pEU9;%u$a1cRiWsvBofBdnuh$Chdbks>Ka-HldR_3V
zy+CY+m5LBnq83Z~%BCyRrpA=X=L3mV7vc5Nwn);Cp66+av&fF?$YVXX3d6o0wRr<!
zk>Y-qi}4+;1UN`cQ*G2bGj-bV1z~R~K$nDtfO2@<K<>w_JX>22uq4z4F*sMt?i9ed
zi;GJVPdc(OPk=^l$&(+m`ZJ9>8$kdB2Ds$BYe=;qybe?!KeD$>VTOB@`4cDwwQSk8
zt#k>R($T-(o2J93%+!|d6TfZSo#7aEqirdGSrjndqVXjzw8xH(J6K7LpE9W^_Rg=f
z+7ECiScNyvtW7nj4^N!6lxuPh&$+O(fTrNA38B|C&@@|&Cf_Igjbo~oRx|}2YAmyu
zvjkrMwMkZ);&;p~6e@uBl+NePYaIFZ+ZN6he;BeQkt<tvc3~KXWQO4NjA}>5?6DdX
zm3$J5sX@tN(oTmAN(=OI#z9mK&Ol-TLMp1wdl>|r*X(hu8AE-2i5qShvoyhwCRx2E
z!sHf;T`$(TU>YU><TH!0#2cW!de$8OyFVL$_P${rUOVZhuml5Iz<ZF&R`bMx==Mb&
z-mHwjqH@$g7vy*sUp;OWn@N){Vt)n?8YkN&wGswr3<%(<sfLaR`)2_$$g7wKHyKdE
ziHfe2yH4V*S#ZQ~Do$o#XU*{Ef@VlcHDNLkvip%p23BWOZ$~_9^Db8_JdG(`#^6r9
z<0FFJQ12CoV(iJ;^qG-@5e}15E9hv0#<R3r-2%m++YCv1m($<H>E?Yjs6wz;v`uM7
zKjKzS|6<orX2_=5MZ(6Zz#i3HtY?7gH)?d%OD~FzW*c4xz%^?qK!tds%zVak6JaHC
zHKohe>)s+JL?)@`b4L<9V{mYUKzJ>#A;ZC;A0bUQ{P*hWsuYPcg1fsa4I`o}hP|`^
zyb#M$MviuR6l;%k3<Jc%t|IoI%_;3)F6`;pS&7-YUU}1)72CJm8F*3XUjL_8W6s8F
zQ%3@3kx4u5S~}9|imq2tL<b5*E*JvbzgM|CUXl{n1`qMHWd>H{Lsk)%Q4Hu3hDAa=
z*rtMNUb*7`?R86Ht|-bC1}V_b0WrXIsoJDFRKXu0{^lluUTpy2)Wv%%41AlkmLZDA
z8{Ra|QvkEU@d7U|_=v-BAM)4}X%<FJ_i2*aav-M}k1ajxJ#~bXvrTz%u9J7~cdPjx
zJg19Inw=*;D6iP@fNsdd!6Ab$s)nePIT%W6Iqx-zKQZ{P>tjrhK52h4EdM&ydZ3@X
zMXyQ?j?x4V%1Hx_^F;G{58qVbrLRGl{~8Sjl0AoB=UNpv=8w$*q^Ppxv8+8!CJr)(
zH83>#cwi|yoYZl@dGPV+w(>~;SQQQ}4ek5tACbDwQJCi=&dQlNw>a*&+`2xfRLjs@
zzFaP05$0i{g3rE9E|@}k6%+t|T_-R$03OF*z(guJIe8VBTg>O-4_|?lbm9S?G=Q&}
zM(<mFJZEEwFVia3b&-Sv+W!$WLXwy<-&v*sS7UtknP19;CaRhH4sYia#*8Y$e3Do<
zsKsbm+nD7fuHqD$0!m3U;b2NWNoQ<%7Z(!ZjCg2-sO#sf<fm^<IZoShUNH5uWqdg*
zmyLtMY0QZy?&o{Iz5P`5rLbq{;!g*8SKRvVR{?*kwAi{gmN_e!Vie<o!N36UJ-azv
zd9+u`5Q38SFS*Sb+;2HP($?u68oc!_q6<6MIZ$J2gDdaB^%g}jc+i|Tqzyh-oARbb
z{Tlwe$cf&5@uQ1N-1D%&vl|*vzk|+>Q=&N|AdYhY0<Ec0p?n)6zucx%5%*(`>v)32
z2aX^xF=I9nwd_lvPL`L1Vx{n0ubo1?^x`kmO%8q@c=buz*+nJy1$&ZFT5+O++nnX!
zj4o027AA$73c&mabSxM}7ZLA=YifuxNps=yd>VjzFg`0Pinz9nN_1GHQ@ze6LY4qh
z38C!fl3S&$W$<~87!1v9SEEIq#ww}#=ot38|5&AAfnp96D_{k{r?(Kfn;%EmgNWP=
zDxaQ2`wK-H8I1Eng#%o1UqnhE;y6>gp-5tM57qp_d86ShP8XRAO&0|C=^%y5oVxx%
zNJz-Hex1rW&%48hl;q?A$eG>ZM;n_6)9Qf&#Wc=}vK}8`?@L5XJh<aQ9YYNzWI&r3
zJXxEHu!1@^O3)U<h3cb(zeR`?Q+F5NZ2KDmWro&$542`InuoxgTb9Qvz6bn(OY?wl
z)-){EpvQ~UDaNnp4<qYWJuf}y<C4=-wgyON*S_nH2YGwF73!fJU%OZDkA&1A&%x*(
z`}_%Ux*c?<{XG+T)xGm%8#b#;y^OX&ZQnP`k#Tcgwf}B~y?MX$wIk<Y`X^91j7wq(
z_kh%5kE5n-U{hb|duR)&4B_Y7cUa75ToMN+;3PXG(N?e{cH{GU_atMun1E<VE_RTa
zIVfOo5DHq{$ZbzBO2Q#1D32$tpr8PX=3fT~c3PHfBsjA+AYe3T+mlq(FCA3a<lYAy
z&(XG}vqMD40K0hMw453TWg;*Jh{{?<oKLL1#p&)*Yer8zwDe0QX0kxIp=oF*^=iy@
zUIKi-bKF!72{%a>+jq8w%76l$6)%hU#w$=W0(3WyFCQPZ%Bp&m9pgke8Vm_<5fWH6
z=y|kv(5D?2o-9_;ozS1?RDTXpq&jMM7<8AUig0I~Q#4&~qbxp)*-RZYoo?xL%bbjy
zXT7DKL+@%^yxJml4QS8!o|oU}W-&Mf1VabQElDePZ7aEkmAL&J&(Rl|K(<&D5oi0K
z%!LShv*3*FJ7&KCDyUTCbZ7nY$mk~nx=k@g8p_Q+FI_j)+Ie#?uh8ORXh8w3dT}c~
zE~|B&9$2{l?nJ=vpxadX6X;xqpEC^v1cq1|mcaP!GZLT!>jeZHSFr>?8v}RDb*|wW
z<B8a^1b(SJZB6@+#%lyL&fVVI+4bP&Z{)7=jLpA`45=BjsPtaod_qRTFx^D$lna9^
zZkc;0=ccV6l^y$;id{@K`)7!B7h0Sv4zK<nysQO%LUp)z<qo2(ZB&^(3Y(s<vBb1%
z<JRLgV1M5zwuTyt6fO}82bPE?$tQ|m1r;gr&tzH%XOw?vxwX8g)=)d~B9<S$f;9Ef
z>uU=D{^>)5!zRFfD2(pc2mu50JhuAmj0D`)*rpJC3q$<^FM{LmS&pFx3d~f(#MH3l
zHI6NHrQEcpvvvyAN;dQJ3_yi&@bXHw8CsgIN%RpDM3zk!efqBp5!CO`HWPO9oWCm!
zBCQz{3&H5I84)sA!7{x%Ml)hr{m<Yi0!s?AY3}E65hm>l^Ut4QgM)(@JFXXA{1ndC
zZVjp^7AZg5>`>wPp+3;5_iHfDU`du!x11O@F&3JfHJeB`ruoxfzkVsi19x?_5Fvn}
zYYw>+EGsia#GFl9Teg)2env|bXzX|XW=*7f5o4W7{K?qE!$Y-Zu$~!Xx(AN=aQ?N^
zObgx)<@^V`so|=akq%}x9GBSr@><pNPf3}7j}zut3CVX};h+CK?j2m*$JMadnS0-`
zQwur0umZ-@2Y><axt-43x;|O&aUKEgbl2Zku3v%F66=P=<7?+#p&7oTy~rV{q)=CJ
zY-Y7WWgHsvsa+4yedXJKH3Oy%07U_FNPm6K6c-M8w#PHK0raqO#_wa)J1duu1ID(2
zyb5@3h?i@bfg}Y$O<RyjDNY+ZIT3@kjAX2WIMX;oox`F*P7AmminL0fO|B%etBP1^
z9oo*D1KNK6_&ZoAn$Vn9T8m^(jb`;Vjg9d}Kp3ixJbhDxlZ40nfi3os6O%F`C;??j
zabkzlvl$_AX2G(9H_g>2)1_ES#K0V*yYsW%X%lx(%=mi2LXq5-s+1hTbUMtX!J9BA
zUxqE_0^xVQ;r{ab<4XZ-!(B_Ss}4Mm%Z!x^%qmWbV5GNk2{`r5tl|VSqoo>*x;P3-
zmlTiP{sW@dC?LQ%#)mEp`x2;%#0p&5QoMicu&H^1-#cBzSD=nh0u1PO-QOb|*7v7y
zft!zOcGi`iK(noRf9pBH1W@LH!0hW!T5oos-C5do?F^6*i8d)(Wcpnm0CSj^Ew%wT
zcSlDiu%>bX?Jw|rc%I-)l%tv6o-uF}wx$Bw=+9biG?n}Ry~qwm^+3(q3!-U`iEM1U
zt?qM953hZBDDTKYjjO$&G3>dYRbJLj^c59BbUk)YPQ^=<r8<E|h7kibmgy%mdVjq$
z86ofXTHdUpGbyf&K`QaU#a@t28N$DLPg5d7d@ci2Y=h$fH(|`>2ts`B;=FI_V`spk
z0~!ZrX{_q>?jMhz{9uT0$jP@F{Pr7aWPFcjBnyqKC?lIT&xY`Sq^7QICK+ulHGKk}
z6gOwvDe38XI?OJBvr>?pb0fRGMb@c1rIpL)OvDqrwRs0)qX2`>1yByn7W+bcP`{d^
zR%^-k!m%tuUJ3<uj(5uFL)-p{;q65BQqw7CY}~Cpi2#?F=Y$fu{4T)9J5{IAvz7!L
zsr`<FEAAP}w@idP1P=y*cG7ijz<2Dmi_c6FShy3j=r3K#ZQ~#*q42IuZF&D?)qE8u
zAlQ0|@I>99yIq5pyjSCylArXEVV$o}0mrU1jUI=gRb_bNO+k@;U__}q{46(yX*VUu
z%rT&#g;_TZWQ*8eB4}p#wFQ-Z1F$}L<@%4G9*-?YZ~V3_{X&&}_tfVh{&WFa?)&FM
zDS(j&P5I3lVaLF8gAPo~fLZev2=KA+@=8_qS;Mtk_!$nW)sgaYt&(rwn3X>ydtA2z
z!?7{bY&)pO*PwVMtt%m{xjGJoFO>g)AxJI4#Ta7T#{Y|_0LXcbX)hW;f<^2W4K;qz
zXr+&ZAJkz3{z;}UDLKDUWlB|C<F{)sjq^UzQt%u@<d^hP^LZpZ8XhJnEtEApAwwtM
zl>bE}V*2d69fam!whcpBq|}L7uXtHqQxxfn$Xq`4kRXl7xf%|ZczTw}cM9t{sEnIA
zs&UxyOK|i1#^+lmkd8Q-R><#1T#>PkGpmNhCEu&%XWu6_-(7j2mj%<e-JqfJ1a43O
zobc#hqK8g-WF%R8%f<EAACBn#WR3(eP@KHH@3U2m!6ovn;h=nJRhQbMDnZ&i0(2>M
z+zI%b&4952q<IYnuWPxq^Z3)#<=9q3_$T!B4);C^XB_{Yz&=b=cqEC1Jc$GZQ&q&F
z`o!jsbG~<?Oa3``6)p63DvQ1N_W9IOrBW}YO19Q%HL09Y`>KCb3ui>LejMAM3%oQe
z-Xu_o3YMa*ru#kOIqo_3DTA)$Wjy^9y?k~Vwk-Bx<W)NAMrh2Cx3zURP@H@MDc0as
zExa%S67I~=2#EWy_xX$oFg=m5zu0W~rJgB&hQ%o-y8ivEGW-_vMS@ZKQv_&E=I7@p
z(XN9=hc2KJNj4gBc{(Yw77HKx6^$1sZOR9UVh|aHW*;Qwr%!1>e2y$Fs#z>yJ|1ju
zdn=-XX-{{`|JeI0UL%|Z8RU;P)d>85k5rZGd|>AIJ@$gAZ?^xt9%0Q5Y+fE7Cxav~
z3l7>><!qG+%w#ssks%d5q)BFB*B$Il7vcb56%Y?7sn?-YjvWs?iE<$zr|KKXJpiAg
z|F2=Zj2YJWE7`9)QQNPByS|f6B+zl0><zj!$eX*7T4ylQyeJm?q`N5t!i)e=T+`Y*
zQrYo1v^!l0fO8B0lU`i783ac31#I6mIuv5jC0=@3S;=B$m@Cde_T^pTf5i{-u$SsX
zodD}+Q&&=Ld?Sq1@(zow);8uU;e}L%a)}ZDbq;)5H2p^8Wys6)Yw-Zb0TH>2_DoIq
zRc}K`8VaQB5nrQr?On0@zp@ITv2cnpHcGk94a{091qmC=%gfrLgA&{`DH$1CU$8_b
z(u}W;me)ao))sKZg~SiGhpkBm3$>aMaq{uKJRdlw#v%%(0&V?u`#4yb7oET$yoxyz
z6d@<qCuV<rub6XlrAw6eNG$R0@g@$xYS_UnvayHpLy{CYlZmNQYEFFSl9#T|`FlBB
zZEYh*M-?4b+D8EfEXM$Y!8~ry8CqIeQjuZ@%}ozxX@89E4XKo<sK<*rS?ki_drDjH
zGbKiRe386gTytVxA(J-40Nr^lBcQ;VG>Z~-@K;{bK@0y>H|3+()&!f)8OB))yHqc#
zfJK!g;ubr@M_R5<ErNQlcA_STH`n}8^v-JSOR0rpI988cGtn2_d5(iJ8|(eiM$r%^
zmfNl_1kw9{FB%+IWEgruxGNuk62T37-!VXyij^cZfIvo{|1)wIc!KQj@7p;#*4EZa
z7Hd#rNRkVAh&AlH{CAHul+Tf&Q3`-j785!iLZFQw-&Ub#UPPc-V_{V;Rd#M6yYDn@
zP|ck$+L!xjSXtZFR!(tRUd|#ko~y%r+V{rs-^L)WVl*!F7clq*=_OQ=kQDe>oNsZ>
z{N-5P*t`|1?w>POo5=*ocpX~aI`6{PCu|yaf93}2V~0ZQS}KQX?b3dYz|Gq!eTYg%
zQ<u{fKp9j#ybE+#7am8UjwEQ3aYkm(#;6Vo-C3pn7M$`x89>>ojV9QajU>Y!q5_ff
zVuKS#jK{Mr{_8Xx!C#flaj^FVtLtAANioXFX(%2XX9so>W74p7Y~CF8AY(pw{y=vi
za{o^fmXzd78umV#-1*_wP2^?+7noQ7UH5xUWuLDmr!6ui5?NR6A)7yKO-n}yc3y#6
zaaB!C7vO%u+jVjAq*DI7(dP#3eP92s7gf}Br`qdrEvHGPLPc!Ep9?H|7oh~0o;9_S
zZ?()yct1n`z#Inc7irT*O&57O9xmU=F+2ySfg=Wg4og&NlIqvwLhKs&Xzo}UzUaK$
z7>m$e?>ApQY29+&9=0yUig2j)X8fvpO-qm~*@RM9EIWoSF-qe)KAheY>lGG93^}ES
zDmr=Hf!|CQx<2-G>}EJc)@+I*IctpUA2FhCjOx1}i)?0e`Qoo4n|FvNyj{xn@>r>O
z#)pE;G^h*pWHgGyT@jC5a_!<`*hV1h*{&stsT+>%Ymq6eCRdW<fG`6yZ|~K*+tRj5
zBj(!Xt0wKdeY~hLEB{skD8YpB8BnZsgUtwX=H8|#oC3EtXP`F&zu~z=d|B|%T<TEj
zSxsQIo;hCI&`?;o1?ZKV8&B{7n!K-`g;DeK>UMT^PG?&k{J?HHK3<(~jJ$3^ec_Ox
zrR7z5|AG~F(cJ!wjq>hKL5x>ev7=jSAt=$=+2XWO3M$Mp6>vb%XI`s&^tWwzZ;ugd
za{X41Sjv~6Lu(fJL>g9JUhc6t7#-))BHgfGv;FhWqHW(L+lh;WUGbEQUNGQ|Q%A%?
zB}CpAXqd9s69NZmouP=h)FON6@F9waLzq_~ua%eKKAHc}A3dQDEAaGrINwTsn|C2o
z^Mzao{L3YbGJb{MA(IZtO$tZW{@B7w>&2*4<zj#PUrkv?&J!1+Hj~y$18QOyT_{4r
zUh(<<RYcsrc#!YAuAb?9F^+2Y6G3nLIOZ%Q*oyy?F99Lp{L)h1;-Smo!aE>hbB*&R
zr@hpc{Ce7cY)dRi?1Nfwg&ElM-Vby&SAV^+R<3}D6{eY)8F*A{+S|u~?a3HO76XP@
zGdAzYg}r2RC(T`56I`0`N{z@&KW-tWj8OiM-lD$o5nt3mKjH_fM50h1U^P}&UhaHz
zY5}02LAH+j9F}B@tXV7WpYJ}G&h|N94q!-W(wWSRU0v68|A9$+83zDw$hzMr-wCFS
zP*dZ*%V7i!J8ekt9m?b9^W((Vj>Ys2Es31%Y~1xRw}vRULeNJ-A#RNM%*&?(y7S|w
z?Mg4~N}XgogiqK^*s1G$lfL&QXXaO72ciBay@WouyM?#NPdmBMjb0af=og6b5USha
z!_OZaX<1lVUCy=?fuU}4YHE&JF|dOGr#N4qb)64$czC$1tPGeF055ijhT*L(TJRUp
z@;R;bpuUpNQ-j(G{u&r~&Xo{INwuxS7G4F}=FcuYM!vm$eaK)V0l-3~at?fg8OFPu
zH?|eoj25p$MI^rv`^paV_=(=EY>XhA5H(ypG{2bWaIrq>PFtEHbjBv{5x@Uog2`dw
zW_a!iKrw6U-HRY}NN{6&RaIxS=;Ht=jKCuV@(Z1|Mu>r13XtQmZTN=#ecP@PE``wV
zEDOPT21RCPHMO*~=o95`_d!_#u3JSQxd4%kARP_tZNM9dijK#=eXsN3L-(1`|1~~4
zI69KK9OA&6wBvaft;uLpTw<ZV3yK*Z07rd`j*gdwc>G(1my<Ts6`#m;M|}e~K|N0Y
z(kGgIr|G3EC%*XZgQVzLGy}<F>v4QXnqCeHQx3{WN#E)!<>KNZXnH_*cnM65?<@Up
za~_ZW2`Q(wfKRa2%nHC9u*RS$&UChV5R@o*4EU`L^5D7C6v6AD&#KOt2#z5551y@0
zq9{Zw_%p%A1J2#R=D$CR>{)_SUoX?74|>zkOuyUk<BlgF4d-{=QOSH)FT0iE;;(js
zrUBe1z`&xA&vi`h`)C`?6R@|5$;d3s&867n2Ko}yhn5}8&+H=f(z?cLc$i9b{bd_@
ze>;!*b8%>&ZDYnAh_{YZcVJ^DgEWUTU?-_wtN}FX>+a-iQT*r2aV>D*4^&!7szSmz
G=>Gs1&9~P8

literal 0
HcmV?d00001


From a9a6afdc6b9b389079e3136fd09393e2983dd9b2 Mon Sep 17 00:00:00 2001
From: Benjamin Howorth <v-behowo@microsoft.com>
Date: Mon, 29 Jan 2018 20:42:03 +0000
Subject: [PATCH 002/119] Deleted onenote_checkmark.PNG

---
 .../trial-in-a-box/images/onenote_checkmark.PNG  | Bin 7237 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 education/trial-in-a-box/images/onenote_checkmark.PNG

diff --git a/education/trial-in-a-box/images/onenote_checkmark.PNG b/education/trial-in-a-box/images/onenote_checkmark.PNG
deleted file mode 100644
index fc6cccebc4b8d8a1f12bf0492a4d84629fa4df59..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7237
zcmch6RZtvIkSz%W4eo9kT!K3Uhr!(?I0W|)B)AO_+#LoOhQXaca7b{1TW}rRb=i-t
z+THg)-q-uM(x>`%ox0Ukw@=?_byayxbTV`V1O!Y)1sP2Qgg1z<dq32-uQTs{A?@q(
z#zRwH3IR4ovHxly*-ENNA|TWzU_5?)_iCfLDj0YmAmDla=XkSfL+y)zK)$FbBdP6c
z3eQE+)|Mw8MB$T+o3sOo*(v`e!B<hXz{58Ju{%JcnaSE|V%UDNVPIge$>OMg`ougX
zne{dVQyoX<ldxt98lA$)QvlD27^M6xR)6S;a%_E7q(0!8$7gkHgzlAc%v-=KyOdW_
z>TeNnKA|CeLipc+uUP8D_36LB*5BT<-*nG6-<Djd)?*<|h}r^p^;SJRJZ|9sI=Z^@
zslVi3xh5#GS{yzp9c<uAk*Yv%pkan5vL_r?lrg||T#C%Jap7M<sk_jyj*lM8a@2!z
z28>OsT_v<=YfCFcufge#uxM-Z^&^Y=P6Je4LcQ`nefwgqLiq&|F+OlKK1&w&oYf|G
zci2NmDiG-D5Qugtn)ethhx+r6@UQR15~&l0A5m!^w)|!T;zjiUkJ4Fq6p2G+P{j9w
zrdfDW0Y|eO&)z#DnG(?X4KmN<IPo-o43&K~@jRiM!&0jCOah(Day(~bVHeXz*8vbI
zMjEVEf_O~sp(q`XEp@Ka5TzaqT&SS)cw;~vcsqI?M~il&P*UZ%EkHenll^_7;Lgnd
z><qMzAy7G?6CB+8N290duGdxTSu3P>v*Ki-gJ6leN}?z2N|I1<J5pJD{mdHMd2pxs
zke}{S*INJ(#hDecne9WVskf_mq@Mtvym+?xLsgiLhs8<SV7wUOWf!ON=pWw3@N#<1
zHy<Au6{;d9Y&<NXOLrOH^r?V}leOm3#sLvABE0}fzJD9_r{0)fSlSWJ@(%CM<C;J<
zkWb*$lO}dvpkq#4I4^gzG+MBq3>CJ10+<(FzOM>a@2uv>ENRn!%6C2s3NW}8AY0J+
zYiOiBJ+jEh<&7H9^Lojf0H)7)QZZPQ(CJ|FUX;B`ICMI6_6(I2X{&}xiNSd<*RrRh
zd7`P9_SIo{^_|_6;q3k}e#(!-;^>Kg9i28bH`44lS;PMsDx9^D<Bh-uhR>3Ib0}*W
z7X2mZp=TKv=3D~AMl5Z>isC4PF~xF;r!>t?c-T#=cUU>!BZZOa4Sn;mmVcyCe=Az6
zwPO@=%Ey|o>%j8(Zuk-K&7l{b18eMr@$9~806L6%=}<T@;fp+A{(9WeDo6GB&W?r`
z9DL<>Y6UPqh|vNxvGw{qEC@66BLPYFI&P1mc$e|h&-JTAlTkXQE?z8hsg?(?ayR`}
z6io#H>L;`%{!KR&y(ZR_S+_igms=IUy@G3#u;-5!oUFKjDF2c9U%xg1BlzAyTz03s
zKRc({f3asDrj7WCEzm^RIBnEo#hu=~L&ZGF;bN`I3>jdvrc68c!CCa^xY-I`r)CXK
zdOG{biCxE<avW(yd&zH!h?wxKE%irixzj0`YIue^3CVsdC-n_2E>|s=Y1w;O9I}^C
zUZZ=|RJY@nXEl)-iw%4!#1$~MG&S2ZZsBJGN<FXg#rJHjv|61PSXi;K(Put9)WKyx
zJ@{)%6L6eaqrs0u!UX*W9BshanA-HN(9R{cuXlb{j*bnb1LBV@yVES0bdVTj)j%Dw
zR1#v2iO+|x`SnVPT+z{3>%ovoFY)YVF}x+^qi0Uhq}D9`O5Ek6Zw`}IwhO+DhRQtf
zM4Zo#4R5U>3ikc0k=$)bDR|vm)6QK0043=(jIT2DeCWZx0Q1~%I~**3pMOx!p&gn2
z&TQDQl!5sMG5lHkEkcL*cRYme2tWjcw@hykPz#U{X#NK<4h^fTt6N@P7Dez?85$n0
zsDl60zSA&Q{%;35AV52Nmg+!1=NmeEXeH!}qcx@Zud|%gAO0)3^z>!mvANj|*57}q
zyxv=3<RvzZpxPs%%-#(eU)6BeoLL<`hGB3J<B>kJy7tQs!W~X9<<!8ujQi#B5gj2(
zgQX-4Nkr?_uz~IK2ItlNO=vBOK{ICK%r>ER2W)^V@$r^b6b8wPP<6*`cRG=jOZhbY
z!+@EJaF2<ewHgW?(b=>oH@InhxX(np;7?A}qPZE~+|L&BP7X}YFMgN)XB$H$cE9So
z(3xK2-2scS>907?wzo<pC(Kl8p=AU0-lY;xS#P~`whQKs+kU8LQ<p(Yh|K<eQ94!v
zn+=2&-O}(Rs1G<ps_pIQ+S81($svdH;eU0uv1653NyxP{3?B<h8dAm2nt!&!N}yS7
z#MOSwxg3tH?99wnG$)2eN&#N%?E~aD6PTkv6Hu?4W_6PE&{gTms%_-jD14$VHZb`J
z`vKUQRnw{4xn&Lw+S*gSs^7FUG&CsNmkJx(V9^dvY+r}8zp!vH40f2qzEWa<IP4+p
zoYlvRZW?iBs7A?<YJeJ^gwam8x%+hTAB7cU*=RA1a4&70tQ05}v)yodih7{u(4W?1
zW69M*;MZs|H(3>J>m6F5H_S|3^t2VA{Gbhhtri9=z<#?fkMpMxr&Ry1M6W!2>uBQJ
zH1T=6@(KrsQbY3JQ^!OW0(W(kbA6cPnTpX{1`Vmy_eLEL-E^G{hI1$QD}LD(`JEZS
znXRF6`|=Bw3{6mRbbPS-E|B42pp))07Vq5oT}GR!&CwrK;p4fXVS=x<c_GPGj8;*D
zXT?O<&P|LU_*2cd$^P@O+}Pw5(q-*MDjSxe;ibhq{t4}Aaao`mnVsQ6o)Dy8%!4Zv
zqOdYP*)Iu#LHlygS91&6!&S9Cw{Y98tkyhveCSbP`b}K7(B2=Z84NL>x$)G`3VOmh
z?86pt^Rmi9%6B6Dsn(Xp^^{cLSoUV&Nhl>M>};c#d<hGJ8KmU-AOB7@ibo#G=Qe9k
z;}|Y2x^0(o_9w^97n%~?hPNyl?B$;K!^!|=Ce!NW#mO2mKdJOj<HL4zHL7ImG-LDy
zu39yWrA3;coXRbc7BN}VQb(%yHId&l%BfqmmKUc$SBt+lnXWW@n4Mb57ZQ%5?tMs@
zDOC$aDwEHb#CoEUNu2$%v%kvKV1XGDdNocuQMPk3RRycU8qB|0j%RDDG!3|+P%BBw
zP>DfxY%ku!tMj<pQ_e2&1<gJ@!NNYOS>}^(eK`1rwhN-H)>64iC@1+SD^Iv}+^h*^
z;cga*2&_&f>sH*7iH4*oE#p%u<4kLMrx#1|4^r$ZGHwXeFsQ`43=?<_&VceYX9Ld~
znzZz<Ly@RG67-k5fRws6St?QmsjcI1ND79b?(@8uWkHUi;=3iZN0&sKr;mV)ZxjN1
zb@WqNo=?aX(wZYEP!=yFCB~__OHYJcXPpv7NY;iCMdDm>a-_GVY(<CnK~7wgygoA8
zWyzUoLrT&QMV{Z&z1Q%Cc6lk-gPYpV@>cS(4q1WmOhKd)Zb|Zh(y(tMOqx{;Rr4lj
zaW|U@<rJ2=yE4|gg7W6Q!j#4r!t9)k^xf-eQzuGV)?{j?rsoA=4>JU9Iolzrr{!^*
z1_CGs@0^*Bp}(h6K@^4;#o8caH~aE>4OgH+6nrxFMF`+a@*tZC_Lk^h>tik|-D-l?
zMYPA(_mW0x@niL~-(rsP;hxWUsr_r(FfUK)d*5*9rtIz6J+qO~8dqNhkUtdko`wk<
z<Rz$eS)BNWJJGGU@l8h!4;HZ`ub<)-J*oPw3{+j?<geHpB)MxWq2C-=)lu-}s53Fy
ztrx_`CskC1Zf5deT{i_5HZw!?RWnx;W{ro}9q>bo!W`rwOa~F;TrUduEt}Vo=k9)`
zfXpf20TpZv3(Hn@AqV1E)}iJgH(9KLodvYQq8{#U9`rFt>z<jYv;zZA<c5a6=w6BM
zM}P~zdt@Zbuc>(cLKAsG5(ef@?0g{RX7sw$4ask9)B9VmVxAWhs($SbTw`x!IcyV@
zuk_eu3p7BENuu31VcfXQKJ=68BVJ}Tk2tzc;{7T{$C3vXrMmhW<8bSRVzmFXn}Ty}
zx#5|4nIbT5L@pw)&MvEo?ucP&S19o}JC8wieV-WK7*I5%Q6e-a>YLUQIVLnB1dMTe
z_&1H&P^urw`FHmsc3-@yqO+-WDF=&{Hp|)bOwv0B7~{R`N^III6eWQm6_wnb`Nzt6
z_nYS2F(@vTT2YiE2hVppVQ9*brp!tP1O~>VC!))xE2ZFU+uH1?#v3_}ME~1cwD?Jx
zX3hH1*YK2{dyipF(W5jihD9}&1dmggq&<SGiA(K3Rgq_ARda2=N`p^)tI`!iI3CQb
z*j7~FqLyv#t_h^XAJO$9O@%3!*Pc$`&N%y=iIxK;hW774L)pu6jeI`Ff|cV7LF%Lu
zgAvHyv$m`$LP71U0X+*E`hkNxE}{v)fH+BGOglM*dL}Ca2_?{A#_$(3z;fIv(c-(0
z-b(gqbn=GscIM73yfs}R^pkI{V}3hGnNS9!Er|I~shboO7eip7yJ*@v@iFh^<;z{1
zoCXBkx=Uy8MG=!XcjTndblQS9-XDZzK|6UYmrk*e7(MyKjl}MT+CfW0$;+SJh-~Gx
zrOL}fielnFNt=VRISbj?JvZA%Nj?8KRC5wRDp5T>`S|X-Yi~E%1ZgT{g%1bL1LRW_
zFk?1=Clz*Ouy2{@aq))-2d-9ITIh;e9fWq(B}EJb2d9|BjBqO`PST<mDZ-{Rq(ezc
zuDo(oM@JkUgxDo2Ev~0!B(G#LI<hVb`{6rjXfDk_`(9Pf{o9A_aN)PGm^#Z(AEGIy
zH_qQdfWUO;<W^nxsK`&TLFOmoRA#Ka!63x$vc`mmYjO2cvkm8>Es`lOp}mrx>-t1M
zRk$LVgJ_|;o}}rzrl_KiQ{3HK%0h4i<k;<c)BN<W7TVZB7G^UcK=E{M-#y^@x+;iZ
z;{1$D_d*Ts7PzZaW|lHhZR{=XCmtar1dS+zTqy{j3$L3G#RB#zPS3x>Q`FfTPt@P#
zewI+cz*hU#c%N!p4BKN{IYX>|TfLTnfbjI@|5|YU9~IdDUtl5<FJ$xBBx*Ql+3Z(U
z$34T2K-nAff3Gk!bZT*F>5$CG?`fu4a}=)aZn{vVcO+2y0=VK+djKq5&$it&%pxN*
z1u%8<vBfs}O&R+qK$wO(U7`-J+ou!gIoKv9XAZq?Yqw^(P!r9b0!44Cmp~b9sU!wx
zU#)4PgB7WPu4r&0v<eZTQs>Ncvjwtro!=4n;PYaQy~@-j0xPTp%4cv8!=2EBE#2~{
z;DIUPp{U4UOIsE6F5wm-dew5Yleu;O1HX#^KY?yn^B_$ans;%g&)*Eb;JLIQNSG*M
zYhPnMM0$K%&k`VNuRLKW;gp!ddZ_O8ZibyNJhK%r8a?+^taUQoEobJlTX6bek)dQ2
z-Ob&5l#QXP3rrKR?U^_V1b6GvXH1Dq>gAaHq^30Gb}{pDcUNSGeh$cLP&ko9HSl{U
z2dEnrVVhX$eekE|$)0t`wr!S!TxliZ<^rS8Fg-6WD_=#JDj;QLoCQ`IM40O!c(_55
ztpTcHQq$ty!*nt0D(NW0PW{EIWCkp#FW!lP#dom{(SIHVNqLAjc_=~h%fogwPyyE?
zG(GIwIApbsa2I5(ZtXAEC5fAVui|cC4+oK5Ual2o%(n1+Jh_M-H|fcK3J9H$)pH50
zQeZl7?Rj4*Sx`W;U1dvR{O>4S{JOR{{NOTeJ;xPWs}g~)g6C1ymc;~wTjejvQu4lr
zrgLYNb~ysbPc15sr+MtRXv=U&xRE=HlwD-WGQ`E!JT&tLN+z-OM`uY8FK9!-s<}eF
z49~YqHL*r%knH|nRkOAiCcopO(9huWzY<}qBm-J=s46Vx2Z+`5uNlMMwzrNpQ=)QV
z$P!JG6@!64H#+uXaVTYnNWuWEv_*-*#9Dw3N?^mLXYQE%WCs1wGz?T5Remq8P;wD}
zY-Lsc#BH|x0cS~=yf0pMLKqq^Z#M$JJQB(DNu3*cHu)2a)Sj4^$MNVf$<Hn@Tb3Ci
z$L;i-v;f;Dzp_tu|MBb{4aKmugko`+3|?3tp<Uv0bkTguKe3|I0Jrz^yOEMlS0JsJ
zcvzX#pM8<BQ}8w2Wzq>|h^=KfU7VT&-N^+S=}K+fFW8HuH}K7_;hN>vIZ1wD&*m0Y
zK}#W#BKGr+pJTJqJ*u~IOijh#g{}Zt*#Tcq|KaAL#T)abQ;0mVeg$k3)~_auN~RPv
z`6YGF_-l$BQb-jOrVs!C*g&eZHiC4e5MEqw^y2=V4Wp`T5$pDvcDyWx;^xft5y{Wp
zJH>?!iYqngx4usr0|P_O1X^Ob-ShPmuA&HiWEA?Y8KTt6qt=L*E2aYjp3I+bC=6`f
zD;FQj&C&zJkDgpkHldY`I4U_(dPt_0R3d8SZEjrlo69K@o!y91PK!=p)C+BZ@0aHg
z@YBfr*)v$RnYGwyD-F(TNhjWx-E}*iQoBT^5cBdx&QuO+VPUm7<`GK3?A{sH<nU35
zVxfwWf!JYat^C^B3(Fs*X>RYESi9e@HXQQ=S(8a+HY6T!%2;+5t2m_2({!4lTUv7L
zJ5jeAqm%0li#vLI&b=$NhkNc9%AUZvJEgM2HkbyP^Ap#lY<C?E(%B#tQGuN)i%GTa
zSX@@hpIoNi{NvkE<k^Yr#6qhS_y6ZG*79CW=k0*hK6VatlVIZ^4)3bvrD@BP<qiGA
zA+~fR);HU~EfR$9YqR~f|3=Z;E&mlFPahSsBl=E%v*~{pSH`gz4Bt{>WQ-%@viLi+
z??Eg}%$vM4Z51w(fJaFB@C>bDl~{wV(2JZCB+0z|nxt_w`t3xohJ?9VxjvNQeLg4P
zdnxthrt*>Z>Pb|1gN1;Yu)9`L0**iNCJjX+UQ2?}GUR$pO~Lzb%6aYld|^?M8Ej#6
zWERt#b5LOVCaz5EUt<Y2z}L7;#3-xn-&o}*HregQ+DtW#R}JrdS%}13iOPn&JE8oz
zOQ!RWBCCJC5AzTAxuU|DbsZuCiQuaT!Y%gO|I+yZOp?RL;D<(7tK^NuT#fRyhvNP_
zLPs405~j<-u;aOSs%`OB@4sf1b>wx`@Zv7#Lzg0BP<(!zb?ysB?~_roaM!*s!$DpD
zP2E}xVl`F()4JOi4br^F0IADNdQ{rPZWoaMHza<X`<gk2CPpo<i_4lja{V$1w={zr
z*12r2XU;%Be3Qo);joy!#3CMja$jrTF`zkfEQRp8(QF_Q#FAow?J>^l9^a>wJ?Lz_
zR#i<`nT%?_5wcn9ND&9S_9b_ph*E^!S+Q6SCOm^0gY_Z;HKYRk3iiI4)nVzpjDpQZ
zwwq{p-y~oU>b#IWT}O2n6@$iQdHRp<QO@RRulpkmjrqphMtYnC_j-)leHrhN+wiF^
zv0(iB7pbzBJE0du=PuDSymm-8m$GdgcJSRU5+-<$R}=Z|j!8Xr^u&Xii{-T(lS_8M
z@l@$B{Y18<?J^4;hPB9Rqcp9}b=GQ<)&=&12HUps4y6-ivQT>Wr6PC*Wzuwdu<HW6
zw}ehaToWtwrG;8gzrn<!8`ZOFX^urnKFMV!G8#)FfUmihX5-M{1e=`WelkR5#PApE
z*rP^KD1(0;$Y046Um)<(m;%(0c<+j4aE5EeF7X)GZD9uWJ5_#Q`M&!bLtW|*QkXYo
z7jQ{M0Dsy(lnf-dq3bp$kEvoBx{_ox))u($Gz_zlP+D$C&g=N+0w$Bb|0>3t_MV#%
z?U~WICzca^vORV$DeVTgu05RGN60y9@a=F2J;mLT02Mz{HiPp7J-fa|?U4KztC~c3
zS$M?QU<8V82!p{UuMq*4+TMJVS|7X1XUoIo3fgebsNd3dbe2_lAsy$;EVE?MfiWv-
z%j%D=xMCa>1faX`4KB(Wy6@}JH=*Zh<TJJE<T!qzSlZj-j)jm-u!>2N+g0D`aO}Q0
z|1tg0%k{>x<~+{Ll<ym$ov-a>iQFvMz1W|4Jpb;vrM3mIj#hS7ZN@CJYW3&Tin}{t
zYkm?n&iV;!1Us<pL7U=GJ!J!|b~kq9E-XJbp6$yaxSR1os+lonu~EG*JnzD+Zn+oQ
zw_2~>$DA$Wx*9QI_jtml8$uIR#C<lM!EJp$e>1So5wNhn*|N8ri65}n>bh?oV0`~v
zg0?xJ))z6*e^5`B-BkX=1V5w7@|%r(YP5@5UjHINDSM;k?=Y?+RHr1bU&oW75-}YB
zoBsEqjnUH)|M0X`DMDt~Fpv|TCpegbuY%LNV>Nnwz30Y5$x$(FN4}!27r<A;moA?&
z6;u#)h<62@a;>7yV9}L|#H-O&Jw-YY6Z@yy+_mQl`PqZd4MDl=&P4HpVP|_LHkOOm
zE))AQNw!E?&Sng1M7wYkCX27xW1@?$)6}6a-z)%j>+3}|^>ZgyS0K0G%&j~!=d8lJ
zhfJDK&Y&e96gHBF!F8sv03F`cXlcfPkqpgP#$*1Du(<a=SA;04+>#^rq`m!BJr!vw
z*x+Z96HbczGl!<{Hv3k%vhw_vNT#AsMPZ8sW*>x;y~>3XC8ZZC*{(=iI7RpU)9N>E
z9e-5i$m-R03vjQU_p-&+lRBMUOYc+-u2*SIB5%X`gW%!%QVQ^l?Re^4CSe&(!pV6Z
zyexa*OZ<edAGi9)_dmP0h_WRliQKGaAl1)1)!4b+$hKEQlJsQ`RQ3Az&)I)Upl*E{
z4p$7@_47aUMenD*Hja;B%hF4#rnK#X?+zt0THPZn*oSj>u;jYjJXegzj@DXuvBurW
zlFv3FBv~g5ElA{rE2*D!up|{!rEzkNY-?YZNWWnD3hRT&Lv*R!3k>nPUaZs0(&sj?
zBMy<RG%=eaF|*=b3Of9M=QuHF-(974!Ot$QpB)~5;HU4KkpB8p@TwtnO?(GZ8$M*|
z$}`Tv9-A5TBCByTO{hr!^*G-{IC*hSIT?Sfh_PGym^@~(U$93E?3l#XaIs@w^4<|!
z2y+}Z=w(pP@HGOeGQq1?4H)(9G)Is7P@n|?*t8u-rLIV94cmLv(YtxV2g63daI4=G
zGuHM7zaOdfiygYZRNJifQr6!6s)FT_hb>zJ(mk%dEJ$f)4d3B(^H{)E_ABwVXl22=
zWE~hR8A!Mw<F>G}II-Lc{_p@KSXfA=#P6H?CtotHb+p4RU`uWB4|<Y88;H+Mhsevz
zYw7OiID~Ba@wJ28Q@8l4^RGq?CC(mfhuE-GSrPMOsDXQpJw<c*y{VU3_f)x8m1^br
sDt<yd<_MqG{?}{u|1N=wm=1#Y_S)^NU6`a_zy1&uWmRQhQsyE50e|`Jp#T5?


From 678927b9e101817c980af796477742bd329d1642 Mon Sep 17 00:00:00 2001
From: Benjamin Howorth <v-behowo@microsoft.com>
Date: Mon, 29 Jan 2018 20:42:14 +0000
Subject: [PATCH 003/119] Renamed onenote_checkmark.png.png to
 onenote_checkmark.png

---
 ...note_checkmark.png.png => onenote_checkmark.png} | Bin
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename education/trial-in-a-box/images/{onenote_checkmark.png.png => onenote_checkmark.png} (100%)

diff --git a/education/trial-in-a-box/images/onenote_checkmark.png.png b/education/trial-in-a-box/images/onenote_checkmark.png
similarity index 100%
rename from education/trial-in-a-box/images/onenote_checkmark.png.png
rename to education/trial-in-a-box/images/onenote_checkmark.png

From c3b81bed86be8fb97d6d99acfc736d87c7c1ab6e Mon Sep 17 00:00:00 2001
From: Benjamin Howorth <v-behowo@microsoft.com>
Date: Mon, 29 Jan 2018 20:53:32 +0000
Subject: [PATCH 004/119] Updated educator-tib-get-started.md Minor tweaks to
 text, adding period, adding addition sentence on where to store digital pen,
 etc.

---
 education/trial-in-a-box/educator-tib-get-started.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index f448a10be8..cb41ced535 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -107,6 +107,7 @@ Microsoft OneNote organizes curriculum and lesson plans for teachers and student
 
 **Try this!**
 See how a group project comes together with opportunities to interact with other students and collaborate with peers. This one works best with the digital pen, included with your Trial in a Box.
+When you're not using the pen, just use the magnet to stick it to the left side of the screen until you need it again. 
 
 1. On the **Start** menu, click the OneNote shortcut named **Imagine Giza** to open the **Reimagine the Great Pyramid of Giza project**.
 2. Take the digital pen out of the box and make notes or draw.
@@ -120,7 +121,7 @@ See how a group project comes together with opportunities to interact with other
 
     ![OneNote To Do Tag](images/onenote_checkmark.png)
 
-  - The Researcher tool from the Insert tab can help find answers. 
+  - To find information without leaving OneNote, use the Researcher tool found under the Insert tab. 
 
     ![OneNote Researcher](images/onenote_researcher.png)
 
@@ -153,8 +154,9 @@ Today, we'll explore a Minecraft world through the eyes of a student.
 9. Explore the world by using the keys on your keyboard.
   * **W** moves forward.
   * **A** moves left.
-  * **D** moves right.
-  * **S** moves backward
+  * **S** moves right.
+  * **D** moves backward.
+  
 
 10. Use your mouse as your "eyes". Just move it to look around.
 11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land.

From e395fd44f9d548ed2891c5e9ab7c45da9d588a20 Mon Sep 17 00:00:00 2001
From: shortpatti <pashort@microsoft.com>
Date: Thu, 15 Feb 2018 15:44:07 -0800
Subject: [PATCH 005/119] removed the inline comments and questions; ready to
 republish

---
 browsers/edge/available-policies.md | 136 ++++++++++++++--------------
 1 file changed, 68 insertions(+), 68 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 70a990a885..70d288c5d8 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -10,7 +10,7 @@ ms.localizationpriority: high
 ms.date: 09/13/2017 #Previsou release date
 ---
 
-<!-- pashort 2/9/2018: as per Brian Atman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
+<!-- pashort 2/9/2018: as per Brian Altman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
 
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
 
@@ -38,8 +38,8 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
 This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
 | If you... | Then... |
 | --- | --- |
-| Enable this setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
-| Disable this setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
+| Enable setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
+| Disable setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
 |
  
 ### Allow Adobe Flash
@@ -49,7 +49,7 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic
 | If you… | Then… |
 | --- | --- |
 | Enable or don’t configure this setting (default) | Employees can use Adobe Flash. | 
-| Disable this setting | Employees cannot use Adobe Flash. |
+| Disable setting | Employees cannot use Adobe Flash. |
 | 
 
 ### Allow clearing browsing data on exit
@@ -58,7 +58,7 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic
 This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
+| Enable setting | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
 | Disable or don’t configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
 |
 
@@ -68,8 +68,8 @@ This policy setting allows the automatic clearing of browsing data when Microsof
 This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
 | If you… | Then… | 
 | --- | --- |
-| Enable this setting (default) | F12 Developer Tools are available. |
-| Disable this setting | F12 Developer Tools are not available. |
+| Enable setting (default) | F12 Developer Tools are available. |
+| Disable setting | F12 Developer Tools are not available. |
 |
 
 ### Allow Extensions
@@ -78,8 +78,8 @@ This policy setting lets you decide whether F12 Developer Tools are available on
 This policy setting lets you decide whether employees can use Edge Extensions.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can use Edge Extensions. |
-| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Edge Extensions. |
+| Enable setting | Employees can use Edge Extensions. |
+| Disable setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Edge Extensions. |
 |
 
 ### Allow InPrivate browsing
@@ -88,8 +88,8 @@ This policy setting lets you decide whether employees can use Edge Extensions.
 This policy setting lets you decide whether employees can browse using InPrivate website browsing.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Employees can use InPrivate website browsing. |
-| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
+| Enable setting (default) | Employees can use InPrivate website browsing. |
+| Disable setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
 |
 
 ### Allow Microsoft Compatibility List
@@ -98,8 +98,8 @@ This policy setting lets you decide whether employees can browse using InPrivate
 This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. <!-- <span style="background: #ffff99;">[@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
-| Disable this setting | Browser navigation does not use the Microsoft Compatibility List. |
+| Enable setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
+| Disable setting | Browser navigation does not use the Microsoft Compatibility List. |
 |
 
 ### Allow search engine customization
@@ -112,7 +112,7 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 | If you… | Then… |
 | --- | --- |
 | Enable or don’t configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
-| Disable this setting | Employees cannot add search engines or change the default used in the Address bar. | 
+| Disable setting | Employees cannot add search engines or change the default used in the Address bar. | 
 |
 
 ### Allow web content on New Tab page
@@ -121,9 +121,9 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Microsoft Edge opens a new tab with the New Tab page. |
-| Disable this setting | Microsoft Edge opens a new tab with a blank page. | 
-| Do not configure this setting (default) | Employees can choose how new tabs appear. |
+| Enable setting | Microsoft Edge opens a new tab with the New Tab page. |
+| Disable setting | Microsoft Edge opens a new tab with a blank page. | 
+| Do not configure setting (default) | Employees can choose how new tabs appear. |
 |
 
 ### Configure additional search engines
@@ -132,8 +132,8 @@ This policy setting lets you configure what appears when Microsoft Edge opens a
 This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
-| Do not configure this setting | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?]</span> --> |
+| Enable setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
+| Do not configure setting | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
 |
 
 ### Configure Autofill
@@ -142,9 +142,9 @@ This policy setting lets you add up to 5 additional search engines, which cannot
 This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can use Autofill to populate form fields automatically. |
-| Disable this setting | Employees cannot use Autofill to populate form fields automatically. |
-| Do not configure this setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
+| Enable setting | Employees can use Autofill to populate form fields automatically. |
+| Disable setting | Employees cannot use Autofill to populate form fields automatically. |
+| Do not configure setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
 |
 
 ### Configure cookies
@@ -153,8 +153,8 @@ This policy setting lets you decide whether employees can use Autofill the form
 This setting lets you configure how to work with cookies.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
-| Disable or do not configure this setting | All cookies are allowed from all sites. | 
+| Enable setting (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
+| Disable or do not configure setting | All cookies are allowed from all sites. | 
 |
 
 ### Configure Do Not Track
@@ -163,9 +163,9 @@ This setting lets you configure how to work with cookies.
 This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Do Not Track requests are always sent to websites asking for tracking information. |
-| Disable this setting | Do Not Track requests are never sent to websites asking for tracking information. | 
-| Do not configure this setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
+| Enable setting | Do Not Track requests are always sent to websites asking for tracking information. |
+| Disable setting | Do Not Track requests are never sent to websites asking for tracking information. | 
+| Do not configure setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
 |
 
 ### Configure Favorites
@@ -174,8 +174,8 @@ This policy setting lets you decide whether employees can send Do Not Track requ
 This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
-| Disable or do not configure this setting | Employees will see the Favorites that they set in the Favorites hub. |
+| Enable setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
+| Disable or do not configure setting | Employees will see the Favorites that they set in the Favorites hub. |
 |
 
 ### Configure Password Manager
@@ -184,9 +184,9 @@ This policy setting lets you configure the default list of Favorites that appear
 This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Employees can use Password Manager to save their passwords locally. |
-| Disable this setting | Employees can’t use Password Manager to save their passwords locally. | 
-| Do not configure this setting | Employees can choose whether to use Password Manager to save their passwords locally. |
+| Enable setting (default) | Employees can use Password Manager to save their passwords locally. |
+| Disable setting | Employees can’t use Password Manager to save their passwords locally. | 
+| Do not configure setting | Employees can choose whether to use Password Manager to save their passwords locally. |
 |
 
 ### Configure Pop-up Blocker
@@ -195,9 +195,9 @@ This policy setting lets you decide whether employees can save their passwords l
 This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
-| Disable this setting | Pop-up Blocker is turned off, letting pop-up windows appear. |
-| Do not configure this setting | Employees can choose whether to use Pop-up Blocker. |
+| Enable setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
+| Disable setting | Pop-up Blocker is turned off, letting pop-up windows appear. |
+| Do not configure setting | Employees can choose whether to use Pop-up Blocker. |
 |
 
 ### Configure search suggestions in Address bar
@@ -206,9 +206,9 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul
 This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can see search suggestions in the Address bar. |
-| Disable this setting | Employees cannot see search suggestions in the Address bar. |
-| Do not configure this setting (default) | Employees can choose whether search suggestions appear in the Address bar. |
+| Enable setting | Employees can see search suggestions in the Address bar. |
+| Disable setting | Employees cannot see search suggestions in the Address bar. |
+| Do not configure setting (default) | Employees can choose whether search suggestions appear in the Address bar. |
 |
 
 ### Configure Start pages
@@ -217,8 +217,8 @@ This policy setting lets you decide whether search suggestions appear in the Add
 This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
-| Disable or do not configure this setting (default) | The default Start page is the webpage specified in App settings. |
+| Enable setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
+| Disable or do not configure setting (default) | The default Start page is the webpage specified in App settings. |
 |
 
 ### Configure the Adobe Flash Click-to-Run setting
@@ -228,7 +228,7 @@ This policy setting lets you decide whether employees must take action, such as
 | If you… | Then… |
 | --- | --- |
 | Enable or don’t configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
-| Disable this setting | Adobe Flash loads automatically and runs in Microsoft Edge. |
+| Disable setting | Adobe Flash loads automatically and runs in Microsoft Edge. |
 |
 
 ### Configure the Enterprise Mode Site List
@@ -237,8 +237,8 @@ This policy setting lets you decide whether employees must take action, such as
 This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
-Disable or do not configure this setting (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
+| Enable setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
+Disable or do not configure setting (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
 |
 
 >[!Note] 
@@ -251,9 +251,9 @@ Disable or do not configure this setting (default) | Microsoft Edge won’t use
 This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
-| Disable this setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
-| Do not configure this setting | Employees can choose whether to use Windows Defender SmartScreen. |
+| Enable setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
+| Disable setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
+| Do not configure setting | Employees can choose whether to use Windows Defender SmartScreen. |
 |
 
 ### Disable lockdown of Start pages
@@ -265,8 +265,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
-| Disable or do not configure this setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. | 
+| Enable setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
+| Disable or do not configure setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. | 
 |                                                                 
 
 ### Keep favorites in sync between Internet Explorer and Microsoft Edge
@@ -278,8 +278,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 <span style="background: #ffff99;">[@Reviewer: what is the default: enable or disable?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
-| Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
+| Enable setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
+| Disable or do not configure setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
 |
 
 ### Prevent access to the about:flags page
@@ -288,8 +288,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot access the about:flags page. |
-| Disable or do not configure this setting (default) | Employees can access the about:flags page. |
+| Enable setting | Employees cannot access the about:flags page. |
+| Disable or do not configure setting (default) | Employees can access the about:flags page. |
 |                                                                 
 
 ### Prevent bypassing Windows Defender SmartScreen prompts for files
@@ -298,8 +298,8 @@ This policy setting lets you decide whether employees can access the about:flags
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
-| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
+| Enable setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
+| Disable or do not configure setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
 |                                                                                                                                                  
 ### Prevent bypassing Windows Defender SmartScreen prompts for sites
 >*Supported versions: Windows 10, version 1511 or later*
@@ -307,8 +307,8 @@ This policy setting lets you decide whether employees can override the Windows D
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
-| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
+| Enable setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
+| Disable or do not configure setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
 |
 
 ### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
@@ -317,8 +317,8 @@ This policy setting lets you decide whether employees can override the Windows D
 This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
-| Disable or do not configure this setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
+| Enable setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
+| Disable or do not configure setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
 |
 
 
@@ -329,7 +329,7 @@ This policy setting lets you decide whether employees see Microsoft's First Run
 | If you… | Then… |
 | --- | --- |
 | Enable this settin | Employees do not see the First Run page. |
-| Disable or do not configure this setting (default) | Employees see the First Run page. |
+| Disable or do not configure setting (default) | Employees see the First Run page. |
 |
 
 ### Prevent using Localhost IP address for WebRTC
@@ -338,8 +338,8 @@ This policy setting lets you decide whether employees see Microsoft's First Run
 This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Localhost IP addresses are hidden. |
-| Disable or do not configure this setting (default) | Localhost IP addresses are visible. |
+| Enable setting | Localhost IP addresses are hidden. |
+| Disable or do not configure setting (default) | Localhost IP addresses are visible. |
 |
 
 ### Send all intranet sites to Internet Explorer 11
@@ -348,8 +348,8 @@ This policy setting lets you decide whether localhost IP addresses are visible o
 This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | All intranet sites are opened in Internet Explorer 11 automatically. |
-| Disable or do not configure this setting (default) | All websites, including intranet sites, open in Microsoft Edge. | 
+| Enable setting | All intranet sites are opened in Internet Explorer 11 automatically. |
+| Disable or do not configure setting (default) | All websites, including intranet sites, open in Microsoft Edge. | 
 |
 
 ### Set default search engine
@@ -361,9 +361,9 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
-| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
-| Do not configure this setting | The default search engine is set to the one specified in App settings. |
+| Enable setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
+| Disable setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
+| Do not configure setting | The default search engine is set to the one specified in App settings. |
 |
 >[!Important]
 >If you'd like your employees to use the default Microsoft Edge settings for each market <!-- <span style="background: #ffff99;">[@Reviewer: what does “each market” refer to in this context?]</span> -->, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
@@ -374,8 +374,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees see an additional page. |
-| Disable or do not configure this setting (default) | No additional pages display. |
+| Enable setting | Employees see an additional page. |
+| Disable or do not configure setting (default) | No additional pages display. |
 |
 
 ## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge

From 0943e65daeca3fd182ae64e02469b69c57559cd4 Mon Sep 17 00:00:00 2001
From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com>
Date: Tue, 20 Feb 2018 11:39:22 +0100
Subject: [PATCH 006/119] Update
 online-deployment-surface-hub-device-accounts.md

Updated documentation for:
new azure AD PowerShell module
update 2 commands for Skype
Improved prereq with download link.
---
 ...-deployment-surface-hub-device-accounts.md | 40 +++++++++++++------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index 6dc990e855..f8dd53e34e 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -25,7 +25,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     Be sure you have the right permissions set to run the associated cmdlets.
 
     ```PowerShell
-    Set-ExecutionPolicy Unrestricted
+    Set-ExecutionPolicy RemoteSigned
     $org='contoso.microsoft.com'
     $cred=Get-Credential admin@$org
     $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
@@ -70,37 +70,52 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     ```
 
 5.  Connect to Azure AD.
-
+    
+    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+    
+    ```PowerShell
+    Install-Module -Name AzureAD
+    ```
     You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
     ```PowerShell
-    Connect-MsolService -Credential $cred
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
     ```
 
 6.  If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
 
     ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
     ```
 
 7.  Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
    
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
     ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation "US"
-    Get-MsolAccountSku
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+	
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 8.  Enable the device account with Skype for Business.
+	If you do not have the Skype for Business Powershell module installed, you can download it [here](http://go.microsoft.com/fwlink/?LinkId=294688).
 
     -   Start by creating a remote PowerShell session from a PC.
 
         ```PowerShell
-        Import-Module LyncOnlineConnector  
+        Import-Module SkypeOnlineConnector  
         $cssess=New-CsOnlineSession -Credential $cred  
         Import-PSSession $cssess -AllowClobber
         ```
@@ -108,12 +123,13 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
    - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
 
         ```PowerShell
-        Get-CsOnlineUser -Identity ‘alice@contoso.com’| fl *registrarpool*
+        (Get-CsTenant).TenantPoolExtension
         ```
         OR by setting a variable
         
         ```PowerShell
-        $strRegistrarPool = (Get-CsOnlineUser -Identity ‘alice@contoso.com’).RegistrarPool
+		$strRegistrarPool = (Get-CsTenant).TenantPoolExtension
+		$strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
         ```
         
     - Enable the Surface Hub account with the following cmdlet:

From 5f40eb058946949aca8ad3e340242ce65b603214 Mon Sep 17 00:00:00 2001
From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com>
Date: Tue, 20 Feb 2018 18:14:39 +0100
Subject: [PATCH 007/119] Update
 hybrid-deployment-surface-hub-device-accounts.md

Updated for Azure AD plus optimized some commands
---
 ...-deployment-surface-hub-device-accounts.md | 117 +++++++++++-------
 1 file changed, 72 insertions(+), 45 deletions(-)

diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 1281d6ae51..7eb0a87af9 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -38,11 +38,11 @@ Use this procedure if you use Exchange on-premises.
 
 
 
-3.  Enable the remote mailbox.
+2.  Enable the remote mailbox.
 
     Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
 
-    ```ps1
+    ```PowerShell
     Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
     ```
     >[!NOTE]
@@ -54,7 +54,7 @@ Use this procedure if you use Exchange on-premises.
     >
     >msExchRecipientTypeDetails = 8589934592
     
-2.  After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
+3.  After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
     
 4.  Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
 
@@ -62,8 +62,8 @@ Use this procedure if you use Exchange on-premises.
 
     The next steps will be run on your Office 365 tenant.
 
-    ```ps1
-    Set-ExecutionPolicy Unrestricted
+    ```PowerShell
+    Set-ExecutionPolicy RemoteSigned
     $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
     $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
     Import-PSSession $sess
@@ -77,13 +77,13 @@ Use this procedure if you use Exchange on-premises.
 
     If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```ps1
+    ```PowerShell
     $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
     ```
 
     Once you have a compatible policy, then you will need to apply the policy to the device account. 
 
-    ```ps1
+    ```PowerShell
     Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
     ```
 
@@ -91,31 +91,44 @@ Use this procedure if you use Exchange on-premises.
 
     Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```ps1
+    ```PowerShell
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
     ```
 
 7.  Connect to Azure AD.
 
+	You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+    ```PowerShell
+    Install-Module -Name AzureAD
+    ```
+	
     You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
-    ```ps1
-    Connect-MsolService -Credential $cred
+    ```PowerShell
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
     ```
-
 8.  Assign an Office 365 license.
 
     The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+ 
+    You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
-
-    ```ps1
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US'
-    Get-MsolAccountSku
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+    ```PowerShell
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+	
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
@@ -144,25 +157,25 @@ The following table lists the Office 365 plans and Skype for Business options.
 
 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment.
 
-        ```ps1
-        Import-Module LyncOnlineConnector  
+        ```PowerShell
+        Import-Module SkypeOnlineConnector  
         $cssess=New-CsOnlineSession -Credential $cred  
         Import-PSSession $cssess -AllowClobber
         ```
         
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-        ```ps1
+        ```PowerShell
         Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
         ```
         
     If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-        ```ps1
+        ```PowerShell
         Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
         ```
 
-2. Assign Skype for Business license to your Surface Hub account.
+3. Assign Skype for Business license to your Surface Hub account.
 
     Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
     
@@ -215,10 +228,10 @@ Use this procedure if you use Exchange online.
 
     Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
 
-    ```ps1
-    Set-ExecutionPolicy Unrestricted
+    ```PowerShell
+    Set-ExecutionPolicy RemoteSigned
     $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
     Import-PSSession $sess
     ```
 
@@ -228,13 +241,13 @@ Use this procedure if you use Exchange online.
 
     If you're changing an existing resource mailbox:
 
-    ```ps1
+    ```PowerShell
     Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
     ```
 
     If you’re creating a new resource mailbox:
 
-    ```ps1
+    ```PowerShell
     New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
     ```
 
@@ -246,13 +259,13 @@ Use this procedure if you use Exchange online.
 
     If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```ps1
+    ```PowerShell
     $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
     ```
 
     Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
 
-    ```ps1
+    ```PowerShell
     Set-Mailbox 'HUB01@contoso.com' -Type Regular
     Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
     Set-Mailbox 'HUB01@contoso.com' -Type Room
@@ -264,7 +277,7 @@ Use this procedure if you use Exchange online.
 
     Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```ps1
+    ```PowerShell
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
     ```
@@ -294,24 +307,38 @@ Use this procedure if you use Exchange online.
 
 7.  Connect to Azure AD.
 
+    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+    
+    ```PowerShell
+    Install-Module -Name AzureAD
+    ```
     You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
-    ```ps1
-    Connect-MsolService -Credential $cred
+    ```PowerShell
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
     ```
 
 8.  Assign an Office 365 license.
 
     The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
 
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```ps1
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US'
-    Get-MsolAccountSku
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+    ```PowerShell
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+	
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
@@ -323,22 +350,22 @@ In order to enable Skype for Business, your environment will need to meet the [p
 
 1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
 
-   ```
-   Import-Module LyncOnlineConnector  
+   ```PowerShell
+   Import-Module SkypeOnlineConnector  
    $cssess=New-CsOnlineSession -Credential $cred  
    Import-PSSession $cssess -AllowClobber
    ```
 
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-   ```
+   ```PowerShell
    Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool  
    'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
    ```
 
    If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-   ```
+   ```PowerShell
    Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
    ```
 
@@ -368,7 +395,7 @@ For validation, you should be able to use any Skype for Business client (PC, And
 
 To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
 
-```
+```PowerShell
 Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName 
 ```
 
@@ -383,7 +410,7 @@ In a hybrid Skype environment, you have to create the user on-premises first, th
  
 In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server:
 
-``` 
+```PowerShell 
 Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
 ```
  

From 4922fc4dfe824d5f398c913e1806d94aa3e8d858 Mon Sep 17 00:00:00 2001
From: Zach Dvorak <zadvor@microsoft.com>
Date: Tue, 20 Feb 2018 14:19:35 -0800
Subject: [PATCH 008/119] Update upgrade-readiness-additional-insights.md

Removed a line due to policy change.
---
 .../deployment/upgrade/upgrade-readiness-additional-insights.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
index 5c45338c1d..858aed34fc 100644
--- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
+++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
@@ -18,7 +18,7 @@ This topic provides information on additional features that are available in Upg
 The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
 
 > [!NOTE] 
-> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer.  The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
 
 ### Install prerequisite security update for Internet Explorer
 

From ea8569bf2862cd826e5823c10727c70845336c66 Mon Sep 17 00:00:00 2001
From: Brian Lich <Brian.Lich@microsoft.com>
Date: Tue, 20 Feb 2018 22:26:50 +0000
Subject: [PATCH 009/119] Merge endpoints-typo to master

---
 windows/configuration/manage-windows-endpoints-version-1709.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/configuration/manage-windows-endpoints-version-1709.md b/windows/configuration/manage-windows-endpoints-version-1709.md
index 1c52da910b..1ce981a341 100644
--- a/windows/configuration/manage-windows-endpoints-version-1709.md
+++ b/windows/configuration/manage-windows-endpoints-version-1709.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
-ms.author: brianlic-msft
+ms.author: brianlic
 ms.date: 11/21/2017
 ---
 # Manage Windows 10 connection endpoints
@@ -318,7 +318,6 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 | system32\Auth.Host.exe | HTTPS | outlook.office365.com |
 
 The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
-ently used documents.
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|

From 5df2df1d76162ced61274a4d771d14e528bdbe3b Mon Sep 17 00:00:00 2001
From: Ryan Bijkerk <RyanBijkerk@users.noreply.github.com>
Date: Wed, 21 Feb 2018 12:43:03 +0100
Subject: [PATCH 010/119] Update mandatory-user-profile.md

The package also needs to be removed for all users otherwise the error will remain during the sysprep.
---
 windows/client-management/mandatory-user-profile.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index e77a3132db..675af55231 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -89,7 +89,7 @@ First, you create a default user profile with the customizations that you want,
     
     >![Microsoft Bing Translator package](images/sysprep-error.png)
     
-    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
   
 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
 

From a58bfa63afd8b14dbfb378490db586926957f40f Mon Sep 17 00:00:00 2001
From: Michael Gruben-Trejo <mgruben@users.noreply.github.com>
Date: Wed, 21 Feb 2018 06:53:25 -0800
Subject: [PATCH 011/119] Use Full Path for Security Options

Previously, the path to "Security Options" was defined as `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options`.

However, there is no such path.

There is a path `Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options`, at which interactive logon settings may be found.

Accordingly, add `Policies` to the path to complete the path.
---
 ...ve-logon-prompt-user-to-change-password-before-expiration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
index 86e3a1b15f..b32948c986 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -34,7 +34,7 @@ The **Interactive logon: Prompt user to change password before expiration** poli
 
 ### Location
 
-Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options
 
 ### Default values
 

From e8864b39a9690847886651ec8d97fab174112c61 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Wed, 21 Feb 2018 17:05:24 +0000
Subject: [PATCH 012/119] Merged PR 5953: Update link, ms.date, change history
 Surface Hub

---
 devices/surface-hub/change-history-surface-hub.md             | 2 ++
 .../hybrid-deployment-surface-hub-device-accounts.md          | 2 +-
 .../online-deployment-surface-hub-device-accounts.md          | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index efa2e4ddcf..b82d427482 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -21,6 +21,8 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac
 New or changed topic | Description
 --- | ---
 [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Updated instructions for custom settings using Microsoft Intune.
+[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts.
+| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts.
 
 ## January 2018
 
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 7eb0a87af9..de3ffd59ee 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 10/20/2017
+ms.date: 02/21/2018
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index f8dd53e34e..6a314c317a 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 08/29/2017
+ms.date: 02/21/2018
 ms.localizationpriority: medium
 ---
 
@@ -110,7 +110,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     ```
 
 8.  Enable the device account with Skype for Business.
-	If you do not have the Skype for Business Powershell module installed, you can download it [here](http://go.microsoft.com/fwlink/?LinkId=294688).
+	If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). 
 
     -   Start by creating a remote PowerShell session from a PC.
 

From aff295986489ef8325cedafb8b67054ce6fe7e15 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Wed, 21 Feb 2018 20:28:44 +0000
Subject: [PATCH 013/119] Merged PR 5958: New Display policies added to Policy
 CSP

---
 ...ew-in-windows-mdm-enrollment-management.md |   9 +
 .../policy-configuration-service-provider.md  |   9 +
 .../mdm/policy-csp-display.md                 | 187 +++++++++++++++++-
 3 files changed, 204 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 8fdf97effb..05aa518a5f 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1403,6 +1403,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 </thead>
 <tbody>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<ul>
+<li>Display/DisablePerProcessDpiForApps</li>
+<li>Display/EnablePerProcessDpi</li>
+<li>Display/EnablePerProcessDpiForApps</li>
+<ul>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
 <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 07dec60956..3791a903e5 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -943,6 +943,15 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Display policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-display.md#display-disableperprocessdpiforapps" id="display-disableperprocessdpiforapps">Display/DisablePerProcessDpiForApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-display.md#display-enableperprocessdpi" id="display-enableperprocessdpi">Display/EnablePerProcessDpi</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-display.md#display-enableperprocessdpiforapps" id="display-enableperprocessdpiforapps">Display/EnablePerProcessDpiForApps</a>
+  </dd>
   <dd>
     <a href="./policy-csp-display.md#display-turnoffgdidpiscalingforapps" id="display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index fbfc7878d5..481bc438d3 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,12 +6,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 02/05/2018
 ---
 
 # Policy CSP - Display
 
 
+> [!WARNING]  
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 <hr/>
 
@@ -19,6 +21,15 @@ ms.date: 01/30/2018
 ## Display policies  
 
 <dl>
+  <dd>
+    <a href="#display-disableperprocessdpiforapps">Display/DisablePerProcessDpiForApps</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpi">Display/EnablePerProcessDpi</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpiforapps">Display/EnablePerProcessDpiForApps</a>
+  </dd>
   <dd>
     <a href="#display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
   </dd>
@@ -28,6 +39,180 @@ ms.date: 01/30/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-disableperprocessdpiforapps"></a>**Display/DisablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpi"></a>**Display/EnablePerProcessDpi**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until you log out and back in to Windows. 
+
+When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. 
+
+Be aware of the following:
+
+Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display that has the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. 
+
+Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. 
+
+In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled.
+
+Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - Disable.
+-   1 - Enable.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpiforapps"></a>**Display/EnablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->

From 667bdfe3ed40c3655ede4cde1cae30f2d1d57a60 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 13:56:23 -0800
Subject: [PATCH 014/119] added Failure audit recommendation for security group
 management

---
 .../auditing/audit-security-group-management.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 6f5966a3e8..20caac1504 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -31,9 +31,9 @@ This subcategory allows you to audit events generated by changes to security gro
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                         |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
 
 **Events List:**
 

From 68c0ed8af8ebefc736d8a48eb7d9c5757afea3e5 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 14:04:05 -0800
Subject: [PATCH 015/119] added change history

---
 .../threat-protection/change-history-for-threat-protection.md    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 4fd99aa471..3355ac2827 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 New or changed topic | Description
 ---------------------|------------
 [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
+[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
 
 ## January 2018
 |New or changed topic |Description |

From 4d52270ef7bf28272a70dbc31d23344ff55500c1 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 14:25:00 -0800
Subject: [PATCH 016/119] added change history

---
 .../threat-protection/change-history-for-threat-protection.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 3355ac2827..4c10382574 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -17,7 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 New or changed topic | Description
 ---------------------|------------
 [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
-[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
+[Audit security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
 
 ## January 2018
 |New or changed topic |Description |

From b707e38276386b86d6d8d830c29609298df85bbd Mon Sep 17 00:00:00 2001
From: ashley-kim <35980531+ashley-kim@users.noreply.github.com>
Date: Wed, 21 Feb 2018 15:45:20 -0800
Subject: [PATCH 017/119] Add Reporting and Insights

added the third pillar of WUfB - reporting in Windows Analytics using telemetry
---
 windows/deployment/update/waas-manage-updates-wufb.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index e26cc352fc..231b414598 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -25,7 +25,7 @@ ms.date: 10/13/2017
 >
 >In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. 
 
-Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines.  
+Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. Windows Update for Business leverages Windows telemetry to provide reporting and insights into an organization's Windows 10 devices.  
 
 Specifically, Windows Update for Business allows for: 
 
@@ -33,6 +33,7 @@ Specifically, Windows Update for Business allows for:
 - Selectively including or excluding drivers as part of Microsoft-provided updates
 - Integration with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune.
 - Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution.
+- Control over telemetry level to provide reporting and insights in Windows Analytics.
 
 Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education.
 

From 718eb8f492976ee7607443f51b2634521e348437 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 17:03:32 -0800
Subject: [PATCH 018/119] added new bypass xml

---
 ...oy-windows-defender-application-control.md | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
index 1475541a41..be8ccb2590 100644
--- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@@ -147,6 +147,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_WSLHOST"           FriendlyName="wslhost.exe"                 FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />   
     <Deny  ID="ID_DENY_INFINSTALL"        FriendlyName="infdefaultinstall.exe"       FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_LXRUN"             FriendlyName="lxrun.exe"                   FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_PWRSHLCUSTOMHOST"  FriendlyName="powershellcustomhost.exe"    FileName="powershellcustomhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -437,7 +438,18 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <!--rs3 x86fre-->
     <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
     <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
-
+    <!--rs3 sxs amd64-->
+    <Deny ID="ID_DENY_D_275" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E" />
+    <Deny ID="ID_DENY_D_276" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576" />
+    <!--rs3 sxs arm64-->
+    <Deny ID="ID_DENY_D_277" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215" />
+    <Deny ID="ID_DENY_D_278" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9" />
+    <!--rs3 sxs woa-->
+    <Deny ID="ID_DENY_D_279" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747" />
+    <Deny ID="ID_DENY_D_280" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1" />
+    <!--rs3 sxs x86-->
+    <Deny ID="ID_DENY_D_281" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF" />
+    <Deny ID="ID_DENY_D_282" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512" />
   </FileRules>
   <!--Signers-->
   <Signers />
@@ -480,6 +492,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_WSLHOST"/>
           <FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
           <FileRuleRef RuleID="ID_DENY_LXRUN"/>
+          <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -754,6 +767,14 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_D_272"/>
           <FileRuleRef RuleID="ID_DENY_D_273"/>
           <FileRuleRef RuleID="ID_DENY_D_274"/>
+          <FileRuleRef RuleID="ID_DENY_D_275"/>
+          <FileRuleRef RuleID="ID_DENY_D_276"/>
+          <FileRuleRef RuleID="ID_DENY_D_277"/>
+          <FileRuleRef RuleID="ID_DENY_D_278"/>
+          <FileRuleRef RuleID="ID_DENY_D_279"/>
+          <FileRuleRef RuleID="ID_DENY_D_280"/>
+          <FileRuleRef RuleID="ID_DENY_D_281"/>
+          <FileRuleRef RuleID="ID_DENY_D_282"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>

From 494057030a7a36b49225852e27922765954e9e3a Mon Sep 17 00:00:00 2001
From: Zach Dvorak <zadvor@microsoft.com>
Date: Thu, 22 Feb 2018 11:40:26 -0800
Subject: [PATCH 019/119] Update upgrade-readiness-requirements.md

Updating to indicate that UR works in all OMS regions.
---
 windows/deployment/upgrade/upgrade-readiness-requirements.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index aaea599116..023c8405c5 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -82,7 +82,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips
 
 **Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
 
-**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
+**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. Upgrade Readiness is supported in all OMS regions; however, selecting an international OMS region does not prevent diagnostic data from being sent to and processed in Microsoft's secure data centers in the US.
 
 ### Tips
 

From 0eef4033d6ee995f3c0e49281696a891d729e51e Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Thu, 22 Feb 2018 19:59:00 +0000
Subject: [PATCH 020/119] Merged PR 5975: Added another three codes to known
 fixes

Added another three codes to known fixes, from a customer report.
---
 .../resolve-windows-10-upgrade-errors.md      | 37 ++++++++++++++++++-
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index 16de770ebb..d3d5edf9a2 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 01/26/2018
+ms.date: 02/22/2018
 ms.localizationpriority: high
 ---
 
@@ -657,7 +657,7 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
 
 <br>Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
 
-<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:<br>
 
 <br><table border="1" cellspacing="0" cellpadding="0">
 
@@ -694,6 +694,39 @@ This error has more than one possible cause. Attempt [quick fixes](#quick-fixes)
 
 <tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
 
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+0x80073BC3 - 0x20009<br>
+0x8007002 - 0x20009<br>
+0x80073B92 - 0x20009
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
 <table cellspacing="0" cellpadding="0">
 <tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
 <tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>

From 210971689632c35179eb65e24f6c5d9907da87fd Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Thu, 22 Feb 2018 23:57:57 +0000
Subject: [PATCH 021/119] Merged PR 5981: AssignedAccess CSP - added new
 settings and examples

---
 .../mdm/assignedaccess-csp.md                 | 607 +++++++++++++++++-
 .../mdm/assignedaccess-ddf.md                 |  87 ++-
 .../provisioning-csp-assignedaccess.png       | Bin 16260 -> 9869 bytes
 ...ew-in-windows-mdm-enrollment-management.md |  22 +-
 4 files changed, 687 insertions(+), 29 deletions(-)

diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index fb0f0a1d5b..99f4d3a1a1 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/03/2017
+ms.date: 02/22/2018
 ---
 
 # AssignedAccess CSP
@@ -70,6 +70,53 @@ Supported operations are Add, Get, Delete, and Replace.
 
 Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
 
+<a href="" id="assignedaccess-status"></a>**./Device/Vendor/MSFT/AssignedAccess/Status**  
+Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload.
+ 
+In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. 
+ 
+|Status  |Description  |
+|---------|---------|---------|
+| KioskModeAppRunning | This means the kiosk app is running normally. |
+| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
+| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
+
+Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. 
+
+
+|Status code  | KioskModeAppRuntimeStatus |
+|---------|---------|
+| 1     | KioskModeAppRunning         |
+| 2     | KioskModeAppNotFound          |
+| 3     | KioskModeAppActivationFailure         |
+
+
+Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error. 
+
+Supported operation is Get.
+
+<a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**  
+Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
+
+<a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
+Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
+ 
+By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.  
+ 
+Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. 
+ 
+This MDM alert header is defined as follows:  
+
+-  MDMAlertMark: Critical 
+-  MDMAlertType: "com.microsoft.mdm.assignedaccess.status" 
+-  MDMAlertDataType: String 
+-  Source: "./Vendor/MSFT/AssignedAccess" 
+-  Target: N/A 
+ 
+> [!Note]  
+> MDM alert will only be sent for errors.  
+
+
 ## KioskModeApp examples
 
 KioskModeApp Add
@@ -160,32 +207,29 @@ KioskModeApp Replace
     elementFormDefault="qualified"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
     >
 
     <xs:complexType name="profile_list_t">
         <xs:sequence minOccurs="1" >
-            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded">
-                <xs:unique name="duplicateRolesForbidden">
-                    <xs:selector xpath="Profile"/>
-                    <xs:field xpath="@Id"/>
-                </xs:unique>
-            </xs:element>
+            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"/>
         </xs:sequence>
     </xs:complexType>
+    
+    <xs:complexType name="kioskmodeapp_t">
+        <xs:attribute name="AppUserModelId" type="xs:string"/>
+    </xs:complexType>
 
     <xs:complexType name="profile_t">
-        <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1">
-                <xs:unique name="ForbidDupApps">
-                    <xs:selector xpath="App"/>
-                    <xs:field xpath="@AppUserModelId"/>
-                    <xs:field xpath="@DesktopAppPath"/>
-                </xs:unique>
-            </xs:element>
-            <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
-            <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
-        </xs:sequence>
+        <xs:choice>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+            <xs:element name="KioskModeApp" type="kioskmodeapp_t" minOccurs="1" maxOccurs="1"/>
+        </xs:choice>
         <xs:attribute name="Id" type="guid_t" use="required"/>
         <xs:attribute name="Name" type="xs:string" use="optional"/>
     </xs:complexType>
@@ -193,6 +237,10 @@ KioskModeApp Replace
     <xs:complexType name="allappslist_t">
         <xs:sequence minOccurs="1" >
             <xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
+                <xs:unique name="ForbidDupApps">
+                    <xs:selector xpath="default:App"/>
+                    <xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
+                </xs:unique>
             </xs:element>
         </xs:sequence>
     </xs:complexType>
@@ -235,22 +283,64 @@ KioskModeApp Replace
 
     <xs:complexType name="config_t">
         <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+            <xs:choice>
+                <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="UserGroup" type="group_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="SpecialGroup" type="specialGroup_t" minOccurs="1" maxOccurs="1" />
+            </xs:choice>
             <xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
         </xs:sequence>
     </xs:complexType>
 
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{74331115-F68A-4DF9-8D2C-52BA2CE2ADB1}"/>
+    </xs:complexType>
+
+    <xs:complexType name="group_t">
+        <xs:attribute name="Name" type="xs:string" use="required"/>
+        <xs:attribute name="Type" type="groupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="specialGroup_t">
+        <xs:attribute name="Name" type="specialGroupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="groupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="LocalGroup"/>
+            <xs:enumeration value="ActiveDirectoryGroup"/>
+            <xs:enumeration value="AzureActiveDirectoryGroup"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="specialGroupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Visitor"/>
+        </xs:restriction>
+    </xs:simpleType>
+
     <!--below is the definition of the config xml content-->
     <xs:element name="AssignedAccessConfiguration">
         <xs:complexType>
             <xs:all minOccurs="1">
                 <xs:element name="Profiles" type="profile_list_t">
+                    <xs:unique name="duplicateRolesForbidden">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t">
+                    <xs:unique name="duplicateAutoLogonAccountForbidden">
+                        <xs:selector xpath=".//default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
                 </xs:element>
-                <xs:element name="Configs" type="config_list_t"/>
             </xs:all>
         </xs:complexType>
     </xs:element>
 </xs:schema>
+
 ```
 
 ## Example AssignedAccessConfiguration XML
@@ -560,3 +650,480 @@ Example of the Delete command.
    </SyncBody>
 </SyncML>
 ```
+
+## StatusConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    >
+
+    <xs:simpleType name="status_enabled_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Off"/>
+            <xs:enumeration value="On"/>
+            <xs:enumeration value="OnWithAlerts"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="StatusConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="StatusEnabled" type="status_enabled_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## StatusConfiguration example
+
+StatusConfiguration Add OnWithAlerts 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Add> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>OnWithAlerts</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Add> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+ 
+ 
+StatusConfiguration Delete 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Delete> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Delete> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+StatusConfiguration Get 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML>
+```
+ 
+StatusConfiguration Replace On 
+ 
+```syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Replace> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>On</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Replace> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+
+## Status example
+
+Status Get 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/Status</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+## ShellLauncherConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    xmlns:default="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    targetNamespace="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    >
+
+    <xs:complexType name="profile_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="DefaultProfile" type="default_profile_t"/>
+                <xs:element name="Profile" type="profile_t"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_t" minOccurs="0" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="default_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_shell_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="custom_shell_t">
+        <xs:all minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeActions" type="return_code_action_list_t" minOccurs="0" maxOccurs="1">
+                <xs:unique name="ForbidDuplicatedReturnCodes">
+                    <xs:selector xpath="default:ReturnCodeAction"/>
+                    <xs:field xpath="@ReturnCode"/>
+                </xs:unique>
+            </xs:element>
+            <!--if "DefaultAction" is not supplied, pre-defined default action is "restart the shell"-->
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:all>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="default_action_t">
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="system_action_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="RestartShell" />
+            <xs:enumeration value="RestartDevice" />
+            <xs:enumeration value="ShutdownDevice" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="custom_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="return_code_action_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeAction" type="return_code_action_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="return_code_action_t">
+        <xs:attribute name="ReturnCode" type="xs:integer" use="required"/>
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="config_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="config_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="Account" type="account_t" minOccurs="1" maxOccurs="1">
+                    <xs:key name="mutexNameOrSID">
+                        <xs:selector xpath="."/>
+                        <xs:field xpath="@Name|@Sid"/>
+                    </xs:key>
+                </xs:element>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_id_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="account_t">
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+        <xs:attribute name="Sid" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{50021E57-1CE4-49DF-99A9-8DB659E2C2DD}"/>
+    </xs:complexType>
+
+    <xs:complexType name="profile_id_t">
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+    </xs:complexType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="ShellLauncherConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Profiles" type="profile_list_t" minOccurs="1" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedProfiles">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t" minOccurs="0" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedConfigs_Name">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Name"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedConfigs_Sid">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Sid"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedAutoLogonAccount">
+                        <xs:selector xpath="default:Config/default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## ShellLauncherConfiguration examples
+
+ShellLauncherConfiguration Add
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <!--default profile defines default shell and action for general purposes, should NOT be bound to any account-->
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe">
+                        <!--DefaultAction is optional; if not defined, the pre-defined default action is "restart shell"-->
+                        <DefaultAction Action="RestartShell"/>
+                    </Shell>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <!--ReturnCodeActions is optional, when none is provided, will always execute default action-->
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <!--restart device after shell exits, if its return code does not match any of the above-->
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+                <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}">
+                    <Shell Shell="%SystemRoot%\System32\cmd.exe"/>
+                    <!--DefaultAction is optional, if none is supplied, will use DefaultAction defined in DefaultProfile-->
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <!--AutoLogon account-->
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+                <Config>
+                    <!--BUILTIN\Administrators SID-->
+                    <Account Sid="S-1-5-32-544"/>
+                    <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}"/>
+                </Config>
+                <Config>
+                    <!--local account-->
+                    <Account Name="sluser1"/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Add AutoLogon
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe"/>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Get
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Get>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+## AssignedAccessAlert XSD
+
+```syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    >
+
+    <xs:simpleType name="status_t">
+        <xs:restriction base="xs:int">
+            <xs:enumeration value="0"/>
+            <xs:enumeration value="1"/>
+            <xs:enumeration value="2"/>
+            <xs:enumeration value="3"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="event_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="status" type="status_t" minOccurs="1" maxOccurs="1"/>
+            <xs:element name="profileId" type="guid_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Name" type="xs:string" fixed="KioskModeAppRuntimeStatus" use="required"/>
+    </xs:complexType>
+
+    <xs:element name="Events">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Event" type="event_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 564378ac63..4d6da38792 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -7,12 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 02/22/2018
 ---
 
 # AssignedAccess DDF
 
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below:
@@ -20,7 +23,7 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -48,7 +51,7 @@ The XML below is for Windows 10, version 1709.
                 <Permanent />
             </Scope>
             <DFType>
-                <MIME>com.microsoft/1.1/MDM/AssignedAccess</MIME>
+                <MIME>com.microsoft/2.0/MDM/AssignedAccess</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -111,6 +114,84 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
                 </DFType>
             </DFProperties>
         </Node>
+        <Node>
+            <NodeName>Status</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                </AccessType>
+                <Description>This read only node contains kiosk health event xml</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Permanent />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>ShellLauncher</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a ShellLauncherConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>StatusConfiguration</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a StatusConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
     </Node>
 </MgmtTree>
 ```
diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png
index c8db9ee05950a8433af51bb4d0fd7e7375900567..b1ebee57d9d6b1070bfd6fee0dcf84691277910e 100644
GIT binary patch
literal 9869
zcmb_?cU+Urwr&s=MWjiQt^uTj^bUfF^xmW+C`i}PJBmmLL+>a>YCxohs?tK2-UL1&
z^d<p94cr&>+k2niJ->U;Is5!Ucr%$<GqYx`XFY4p8>XqQaFdXh5Cj6<R8oX!gFu&(
zf#-v3mw?X>F}w}nAD)Z0f;_0SkA4OCa@j^sO%4PqkGXO3<O=Zp`U^!v7Z8ZJ<@^t?
z!@1xo2y_pu1d-GAG~3ANkD-5-nU7<8fkwfZ70|b89K#~=WQZnbf;<$8-e$BIsYW;r
zr#>;BwtF<gxV~vxBYbnn$&2OF7mLUVf$`flH%q%*pHPb=Um~K=T&S+6Lh542hmClb
z8fHajLOo|i{hwMt)o&t8>CcII(RwVY^1%}m#r?V36<FB&@;fjPDDdi#DZ0ja)-33{
zwV&U#39wO3SwiUPw8yMp<%<t)?pW93>G=u;RO=!R%i%`ji<#&cD>E0RCIEqk-_pZp
z8@ybcnsDttd@`cAeGP`m>iLl~$UUi5frE{KEcGm}g&)BcfP4{ZK=Lri9Iax|BtDRO
zx&Uw9b6R*)aB|ekl;xClu+}B)f&_scJg0{TU>CmGZ{b!t#~AmVX5X-AC3V2}NqkR7
z@)xu5K!NXb!DsG=Ye^coul4q~V(AuO*aZ;C?Mvv%D8e|viNT6b-8-^Qclb&UZ`$$^
zFhKJ*yg$PkHy5=r)9d}c(nca91!wkTJkml5UtOz($w<y$uyKAa@9=l$P?Ujz!EB~D
zdio<l|LKCdjaR<-ivsQ<w&>~mR{9YYxpV~XRKvvaUsWB-zMlLLP?<!2Vp-@sieXaB
zd};2G->bU+W&s~F)E#>$zMH9on0M&H1APO7&(IYy0Y1C=Gt%CFtv8GtO1PUuOUv1P
zO)ioVe2*GpwVn31*Q|=Z#$|m6Zp@{swjOnFt-;-jgX)uvsi(X_VV1_^_;L9ZN8u`$
z&+KWIIj=t%f*b^TeFyBEk#RV&CcC>ifd9xnYFnSL_$CL91@mJbY^=%I3ej2$7BpYW
z73uHvISM=GHUH%_H_xGCXO=SR0a`Wy=WOJ%x_1fm;C}TFq|1`(n)KFH=@(De(wEs3
z=%W31Wu`1BmeXXab0p(O_-nqC6;-fMI){IQ56R{JvNWE-d(Q3mk)$Rmnr9r$XB0W(
zRg+`Z*Z<Z0C#J7tT92++vy833Ym*D6tv%vwgh*_-1_E7cO*F1?%CKYD-|P!|)SBqc
zr9qd?grheu<}Fpju`KrSrwhjqX(c2@eVpUv;8pslIGUp^6v`V@k5XQT4ap4p3c;J@
zyBFLm#8N0zsqM=IW!%kDPf9Kys|AMdRbX_0sb-wB=DNr6K$ku*EcT{t^)c>k_Tjhh
zKr%%vUrLBXb>--kzvqt|xyR78RiGngv`JgSvA*;(PeoZ4qEY9$5eM^8RXT~qS;egr
z&d0iD%sEfDlOdzyudPH5PJhef-OAVE52Xj);Wi#NeLNk}SifVj&6AK51@VXdb!$(}
z<e3T=L)TcY`p@U$bGk~8^jkhoO?;Chglr;mvr#G|PH&Z|-%%nVWl~;uS*v*qS49!n
z_4f9+hx~Y;FQ|d$_0dd*MT4&gm%0bu#zPpDBb`Q4lQ|W#Ry2_e5s$jLJ6kIa$g8|5
zd2Izf&|X}X{!Vo`*yKHP^yrLfUh62Up5H>@!zm*hn;fp|7Z#Frw){i3@z7&Nx-KhJ
zc3sV-u0Be|!4YL^Co^3$E;^QILn!0qAyEX|Xge8rO7Efcvhr~7EP;!s$2c~ADb&Px
zG?Gu-Aa?;vh%oepFO`1xE<YNl?e#K&bL%C>H|2e*_c^!Aezh~4!VT)(E)eJr5g21X
zR@&&h>b1o<tx<UhR#|YgiF!j$Z(p>$$uZil+k<BB5Pm1}3}Tc_gLo0bLq=xpuU2BA
z1O;oHAdI_SV#rG<CCVl#y}lA=P_HRZ&cKaj&1~M08z<@RC5X=WY}ao!3C7`r9$bT<
z>FDSxZ2E~70$BMx(R2dBCb3CJW%os!J*|9>Pl%Y_;e*~lA*BGuR55Qc{n{MHbxc=`
zg8y`r9kMY)`s2J^aRB_VN1`aH`FhVb5g!7yxM=zte)Uyk`5`TM834mo;KW2lMPUz9
zOr3G9_0Mk2K^uQc?hhC;7U6@2U+JR5>piyo54Mp3J|3b0$?51vrnmXBj#}DOb{^A%
z-ro}g#~i@6F~=LSXV_(p0dXbF@CV1{fa4UwjiFiI07qU55U2o89BfchRu%xjEMOG7
zDF$X@SniZx4bm<J02U8*X8~T?VFCtFngj#Qe1SXK%j;aM3F&YCHG0KGps=L0H1!4$
zn(Q7?!&_o9n=9wPEG=FJz~1@}hW8xr3j{+OZUD9mS|tK+T>=w;0wsb_^?@in(EGms
zW*27C!;Pt$vC+{|(|YSBQp$UgBO`ilc)ti1K<{aRS<=`rk{+ABdwbLyB-R==v(hp?
z=mnjApMat_s){q2;<>zm`aW0yc-O|t($?@n??p+ys6~{}5wpHti|Z@Y(Xz)RApvOI
zS51NP!`|KK6~VIf`WIO2#?+!b9%%V0c<bADsQ>=vG>NRte*Ueq6F{9ae(9tM=FNxm
zLmRgOOp(^5w?Tp0fY`TO|9W&Dw=9={=pv0deYH@mvRH=)V!sOacv1^C@OjCt?%lIJ
z!EA4Dzc>iAgMju>@L9KcB1z_{!Irg}qLx4Qh@`(Kqse6{8W{)zVIH7OZzrNgHV%3w
zhJ1Nvq&HI3ZLFIO#0n2vw$05>Vad%v*qSE*miq~EIx=S7@Z!X9ON2pSuKPT=n9oRS
z(AR4rteiV3z4k^#BsH3_%PAshFc3RFF!y7ybHIJ$;<F)#GuYA`tg6u&1Sk14*}ep5
z(!9Ri`4j$wyMV4AlAWIgpyWNL?{{5Jz6is!*$*uxb?8J4;bUG^X<4(XTeY6HGbTzP
z5Y4$hz?hMdks2FfFVW?|3FIdV$HF-LxaI5atx@=rE-JgH<GbW-liUoFrL>UtX|Dl}
z$ZU_DtKFk3Vk#X}zHsW&QAQq~ekv-}$*G8&nE_%aIaq=UYrPBMG-a8_T3{xrW{HEJ
zui}my=v-?d*&`j6-yc_EU&cFxsdK}$_Ns!}a=+Wsgbk%DTQNgT8R-m4(sdYDW~scs
z+D#9jC+aIZ&!z7G(({QO?K7ZgkmfZo-@LiH>2|yc4;bTN&kW<&w^ZIvhnMqM$2o+x
zhDzm(93X4_9Hcq-)e5hU<(qj8$|w)m;Rakk2SekqCze6yr|wuqCJv%_jZ%<9Fe183
zhnf8%xdnz;Fx`o}mCSsk$QYrWo{dbZ($O_aR^!J)g~Qlg%b*a2HIODTnCXh!(KFGP
zdUl2h>%98V$Ym-c)@szP5`Lc_@Q&>+1{&%z5sylTCj+_e%H|HgPKMF~M9&7qcXY0T
zP=P1~h`rO|QrTIQM+`BkLY!8~(uk6B)N@GbTjd&zJ0YaBJ1(Xe5sE-$G=j~ZOxR@%
z>~{S8ILgDFI;<>=i{U)kvbk6Uned@}vZvq%#cIcx;Bi|j$6T93m}Kbw4@svxn?1LX
zg`Y#aqnh2q=+iKtN4m=Q6z@1D^7N!tE>Y7-ZPjQX%F5E7;enn$Kr_oXWmowfT@bCI
z-Y8aG28HpbVu!e?eqZmyTP`>8K<HN}g$`<Sztawn6WlWwW^fH7;@FH0KV-}1N}$;T
zbdHsk)%=e(Y}xEdxks~;17T)d+}(xcp5n8uddi)lE9VXr6A$2Gb$@Rpyu0%wWTVYI
zU~9JNXz_;2Gzdfygi?rtAt#g0wlgy3cfG`EEd96Jv9}N_d0ex}TvtKwDIko20P6BJ
z9i6Bi@1DsV?PN8cKHQQ~zbDcxg{djaI34<NINF;g+FNxA^!+A;G4dRAPTTSk6@vLj
z9r^tYm~Z7aY$B2*XKMkt`NL`F(;2R;cMYDfe!$IbjJA4vYYg-cH0eP{`0$V=fI|ZG
z);!fBGwt+5q2JuQaW6qU>wc+OV_kK1yK_GN17T9}H*81qLisYr!b>2~cfnBlZ$SWl
zat5L9N&(3FUf|zsct~;B)fIj?rxSRJge`Od!~mHLqP+wT`9-9KM(B4R$FaQG%^a%O
zDn%etBCfx`dk1!{{{?gt=cp;~eZHwsdRhXY_Z^sa+#T3+@WpbJ)Lx@LgaJKCz-+?T
z!6ElvpRYE3m?e}x_1bx7Oy*8&IbFsL$FdjWw*5cWde-*|*#J=&zebj$_W3+EdA1@o
zJj|9M`Eypq4g2T_6Kj5E$puO3#N3niR~b%TNxQr-Tf>duVWB_cRNtbi8lrSW70^w7
z3w|vlbSi0VFyXD>h4RTJ=HE*bybewZ@()gpvxM_8Y3dnJXDW6l#5mKBmx(N-v0&y2
zN|h^4ScU(V7}<#0V|G%A3j51#_o`|2@Mfum_X~!$$u2tkaD^!3kRi8CvAo_IfE~Hn
z3PTG3S~<X}-Qn;(6-8oK-Qzr~j=hj;1J66+cv<z_{?@~p@47K7=E*`c(*e`Ww73PN
z+-vYNq*RS2LbGP9i2?vNwkRk%u}!b%xqH&VIJwtXh`%1oWI@+Tte=KOW1eDSQGILv
zU|WF3J7c}1KRVx;@<^1TG3X08w!%S5nY`H~D!bgm&ghM$imnvO{;Xz7P^pxmZk@vp
zt$PX;M%A&@qlcS<Z#|n4V&Q3ot&nFaCs-|e7J3J-OqLjS6|Is(h}AB`A9}W*3Bm?4
ztri#|PSMjh8*A^^xAjLRa#paxee|MHIV*#?E#7*gO|yf7V1jX1z*ud-{`RKp$==1H
z@D8{L92s?^N<k+nKL<LEm}OyFjh0ffhTE!)jrLvp7nQ_qH)pNPKhDea&JbBy`u-9l
zWO(05H#74im@iGSs0SZEg^R}Uqe@-w_Ux?!MHT7So8)vx%|8{55_Lyd|33XtR8(iB
z%rp!!&K_n0O?>&J4wpc-KA%1?xKZCqj#Qq3Xhk;bS!27)ZDv`tH+g4Rs9Y+)Jq7#p
zn`-|<kAm&stcG!C;fDBsO1^{PCj=AR7QQg;4)#!bi{bx=Y5&s?1Wn+@KKyq_1g0|O
z(BH+*l@khXc3VrVBg5Bi2ZCcS9-!g3>@ZNE5<c)mDh_(^4CqAw#|P<N{Vz7Cf`@dB
zt5wy~ZY9MQnH)LFdapKryZ0L%+DWwx3L8XB(McZ88&=5<_B3v5o8615p-U^yPe05W
z2!R9=WRuK3J%M!J2Gj@u%aapLiIh~%Dub}8qY*RzV;MKDUPov9yVlCPo>i1ymDa(6
zN%8GvEi#OBzqfO?i<u)}@`or^`5tV4o38ihZ4<g?DX~DlqanlUv}WLgtM2a*M#@a3
zauhCq`C0Pm#-qU*lbO#1UX*TEE_RR6FWwuDpuS$1=+T!>*ENQS;I34T#ScnXaF}kC
zTub{=RGD3a<wzXJ4pw}%5^E#CEbm9}7J6EI!&S+IF2+QnM7MoGx&iFt>%lY1rSws|
zwjz%uin(E^=kRtQ06Q&|NZRmscH&1fhfhMK2906K*A#B_=t3STztPrxmNXTVK$Kv~
zp;8kgsp3_7Wr%oNca(JX{t5+k5|MGGe7#grsK%Ul@Jb;<hf`nB%|Vp?u9?Xj!L0A|
z>}r=T&Zto7EkF*Smc%M_nQ{)Z6nck)T9ikXPuXu2KbFYlA)GX(+=hs=%9|KTISdeP
zh{*dhx#fx;X{iZB2vuL@`H~?oAt~t1MMrRP^l_<A*}-FrFTxsriucIy6m`+47{n7j
zdqT;^J4{h&kW9O$u`c1V>>k!19^y8YpKpfrVI;{vO$gA<5LZc4^ieC1Xyj0~p(puU
z+HG*Zr@T}yB90z1elwz|0rMvI19yq#%DZaz=VhT+GpmhkR4BGVZ7o!Y?^%=5qVsAR
zP*c6UV{yOm-R|Q~_6ClI1kZdcybIX2o2VE^j%gXn`hG71j|g0bA7^W`tbRf>KMT)&
zrj;PmX;<P<Kw-}_$nFTQK;0Hh)yv>fB4DSfejcoyS^1e3x{Q}!VzY|TLJC7)3%PoK
z6zkSpUfG~=d225M7@(jnIOa-8MJ;*+n;OJrpdD;3(;)FhQ%~TCMgjg6nz<G>%yOg{
zH(^VqpGTQm+wipDwmrX7gg_c}elj{zIUTzV%4>OqyX+i1*!S*bxnzou^`6dSL7E@l
zPyz3WNGlMq3DsCs(xQnMSD|@Ib9y=!e#?Ge!rrH6g}st<OLmZhRQ!SI12k!7CmFK#
zh1<f4s#gL#oW#ChW-i=UD(H7q>u(J;sh)RXYxu_E9b?aklr-Kz-tuPR<L@7=AX#GQ
z?$YrnezhCk9@f6=zGL@muZ1m}ci><mVVu=V5L<B|K>&YvOAeSr5lzr%c8umbld*_S
zm$IKtTBBUjapW_4Q%+r#?-*oss_y=CGy2D1QRt9VsfJBtx*e?zB(uudb$xtNxW;et
zY;KMA4^E$sP0f1m4{fW4p%^NPLQSgFBCeRQV0!qzy3yqCihmv2S?lBu2A6$0r~{DY
zV)nD0&A|Y#pMx4^r*j6*{?Zni-rLz8_N6-E35H*TS3Nx?VK#b$DjT`;cVL0u=ZF%w
z*X@*eV@UVK2MJy(uk4?-&i&vqDh>4sIQ}pbg!pI5`!gK(<hqdrg-%ytwX+Ftw9wJI
zIoio9Hgd&>4C!PWA?49d7*S?VDlSBJ-v16<1>)QpExv8OZjdpYgo}{!c6mp%U}*Tc
zTEW5e4lMup=%<%`A{t(wiOMYBY8wME_<|y+CZj|}jam}<(%$zUJ&lEwHVg3_Z#>r<
zn9Z=hndFZ!RzAtIbI)je&3|@U)q4T1hon{kMULuZUj1_D1jWlHQt3U`Xl{g+hH;1c
z_Pg1qk<u3k7(%;0AWgN!CS_C>$p7g?XL+V_P@wKzy7#n-0zL__XgPH5y+Q;kin}+3
zuRXcdw@BisJ14w0%{8o3%VtwdTTD1(x6<I<SB5^h7{}EU>usb#<~2rd&>yT=t!Jk0
zXSGz}wxJtz&#K&9g{oxqiPgEdW_NGM;rO{reoC!(W~98S1xg?-9w|ihfBZPNJ!X`L
z?p}y~%A*NBiC$%4g-BcGW-l1;tz60pEk{E848jfj`jkD|+$TMwh)tCsfxid#Wx<!0
zjg1E$st6bqg|YECKZ-h8>_n=*(?>_AYHAjbJx`$SThNxFu05xA_n|XRzoXVrYVj6d
zJ<Tg)m@w<n_y^q}ZH~slNB%o#-xqL|!U~9U?-jlezMQ|#z2$EB36LqTJ|fbjabX=H
z&#OV`=p-6LgS@_R?OCj=7sKiAF`!#(-7Mh7R&8STeM|!R)bXzXlX^%Y{zZ)W?M_dA
zV>0>3vy<Cyk)8HWs}va~<51J(lu7{|6I4i-i583PQ(zuO2r)>L=Hd`Qpaj5${+$Mz
zY!siL_hAr;EI8L_QT7Pkmm#@mxf=H{gjo9YVE!1pVf^^<eJF_eca;7QajN*lZLPSt
z*axTwH2EC|k;r(?`t3VTRXdKAnkq6pI>#9z1GF8xe9^-4yVJ<R*t*I0TjS*qm2juW
zTL$h1`5%cb#{ZCr&QB00m%Y^yzhi9S&AQ2tTsi%HeW`?jchB{6PMXv1VlG#y89WL&
z_!%-H;<q)^I2&-*SO~gJ^v4`0bm45=+}u*Ys!61NeG%-J%2{_(#w&XLM?emlSL;Zz
zK>})I)5LK|jqCyIg>CF-02nKg;UnR~CQy}Y_lN^?EpG=%>}4@1=G8A0c)I{&1*p1A
zh0xfFNlJ4`3?Gx3=~PblKDYZO53gY_X2`0dvu7E~_!5Ke3}N(s?(aX7j=zh4G3pdN
zwY}FufP+C~JmteoKDeX179t`d7U|#H{GOa<0$wkme+=8nHI3DuSg@PVoKhtmTH0Y7
zb?rurIW^Q_Ty@1pud~D2267Yveg!cl-wFhH)PF!tvjC62CcYR)%eHosan=+>wbgQN
zb%P-%=C$9MCtC?hBU9=S#T@hZ$P8z{`DqO$J}+;7)3t{DepFuhjNU#cY$@(Q>2G%K
zqt09Gv-}TCJl$Tnf%Wq`$qDe29(0UGA<UhUcG+N*I3jZa4r7-;=z9?98yNa_2U^OL
zdAsh60ZGY`el6)w$`OP*4rdqVFVB0-Uy0+gjYjRwNRT0?d$fEiuk?rdTFUS#pua<Y
z>x53r8T-Klb4PmA_vCJ!lSs4mNrtVpw7mHgbCnSqLv@!kKGzsqPW+!_RR5%%L8$+4
z`t_f723+6YU41$NU}7nwKhAU9HX#_Pxb8W6zGcVk?YULuTq=0<AcE^3jj+H)Akm|}
z08TuLQ2L?^lcj&~>VMMcMs~P6oXDdywAh-L%bDaq6_a^X_USh(!e@WP0{gF#*$+p*
zkq;Qc49klvEY$W%s707>EYxi2)C~T>R#RDigv1ya!xilH#axtZPbAjo{m<>{Zn*E}
zNifv|;mM8dvv7U>3|QD9TNZiEUU8%U)Y5#aNtR=8ysqnCFZ9Q+FxxuwI#1v?5CR?u
z;K<1I<C{>$;D+746CjyJ#>(Hn1pi;7v0huhfx-=S`G1$civKP5Ai_iyp4>9{)`oOS
z6sp(csv9iBL(}z*Gm+Rf;x$$uDy5|!Mw&!La!!b&-pwj7tVH?i#`S=s5OOzO<iG3d
zi=62?`V-+Ewws|R>3QLzQXv!hP(5+0mGE=IIoBGT`Wj29lXDtoYC}BDyKT7r$?14^
zn9HMo{^xKrCZ<Tx#`czN8HanhD0C&#?+^Iho#(|wvb8>(l<1UuGySQci%Wz3pDPQ0
z{+DgBTQ!7?MDv_m;|ix;1ZQ@2hxPR8vWD^%n;WtszomUM4)d5KIcJw&!Ogy&Re~Ph
zxYlE(BQks<RIqZPx`tl8f{WmNXrAKmlTL*$3Z?FBPQTcZ#}k?yqei(}lVBS-zqL@Y
zgmEmfrT{QYo|Nq~;qdSH>W2Np3pp_R@XNN#yQ(h}KYSmW5~S*zxdPZk3I&|W1Ub0!
zV<?PLOb9M3-R$q|wqRScV0{%%lBGt8<ReqFBlpYgTo<}gJV>Z!VkV#)S#`Sxy2*KS
zptgE8n>^o7>cPq<E!nTeA1Vc(O0B9dW*XusMpduYn8716Wpm=eu;)~9cQJWL^`)+p
zXMQEzwbdQ;cQAENPXZ=xroO^>%F-&JH3{y?qdzm41ALuJ0WC}j4v}~-a*VU3hd*RU
zPG|6%n-+r;yCt*=HV!|EncH&9W@yM|g4-y(xZ-QsON)HUKPqP3K0})yRGhdLq5)yz
zeLDMn7^v~k0+N2Q!_SsvO}sb9Yk(Ro&Hdx(%$?0X;qb>gyHv6k24U$ot@kX|pOqA2
zq^2uS%wwrTwdFd=lwLEI=?Mj}>Bju_(IW6dzO#beZ3ywr^JLJyX)nq{g<(E)N;{9z
zek6dR%%d_)*oPb$S1Y$23Ds-#W!D@RGpr7kay0KAmP0S@XI}lQ>3GxFl;K+o&vR1X
zj4Ss0G0*+jB{8#&{LZtf_O#`um3(~ENK9i~!80cC{?)>Juza;xa=5YJ>aulcgXH>e
zs1oEjJ2s>(w;%!cZw9e8hMPzV(@1@fmbwn!0?^j(oEfo%nn=;A7})cDHl;><G%e93
zM|uj`S?mo4n?g5BA#P)i-gXXG;2r?GKd;)^$h)I0HFqk-Cn~5`?jzI~HQDrn!5YS?
zu;LfEUnfQmN2pm&dmjka6j~bVs$|V=n_lk#nPGqsk6h#*K9%aLw;^UKyB-D4nz?Us
zUqpyFiOcY@Snn{CCaEg_EzW<mJv0FF78!sn+zs`8ang*1d-EM}F_VQ|-%ASbW&-QA
zPUosb^14i?NJdkrtFcMDH2<v3Rhvm3yl;Dp=c|)79|urO1oD3+hS#W&z<F8zESUkq
z$X+1VAFPglKEev28VUIqmP!G2Oy}P?j1w8Xls<oSo@M`@`u1Z^RboeJ!mhUiw)zoa
z(mEG>(d3>Y*XJC<D~^O?R1D4&bt4$xf$<L)>`i@@6e2?b+vQP^nS6^hikFWfvztUY
zXQoptPJVc=_H*)0!QhT>-$n0plDST>l+cY=^b&XE=E53mq3S=Owx0jPCTu8v*(yYv
zM>%g-neMPR&c&V=dRlNXp`K$(sy5Hi)kCY0^O6csZ3$cyxCb7qo{|uL<|U|YIU0~>
z6iI0>9NUr`lzzK~3YfS+ZD4W`W)EJfmAQaO0?o)MRMn=Gq#fT!h#SqqBL*uBts#&0
z2VyV`+Bc~kbz^YSyZ>Ef5pdUaUY(_wXNKM8`Sbj5M#cYYxF7_0!JyfqNto_^!06~`
zPXfiIKPGcG++;dpMDvaAwE!H^g@*z~*$|*W2$Zb;ob87Xe=r}Y!oK}O5AXhQ=R24?
z|B~IO_WT(*bpIU6z^8FN8K_|=nC0;*H?LQfAH)or`>Q*|fPk(@`L*gKP(HetQAioB
z;*!yqaM*qHc;dNZ3@>#v_I(~>8YSdob$#)`T*7YFdBQy~r|@&Q=Y|3rh(QHc0W1+x
zLa#g;?Ysuz^)oQY?29*uBtIloSWA>MJ3s*x<9yi~^X_QzwC?ndX?Nu0@uEoFx7|bE
zI+f_?`F2Z_l$ryjCQ$<;F%NmZ$FWUkq=-~`!!RquwIKYA-EE&4iIKm~0n9XZyRmIN
ze+4p{i;NImK(5W^{@G^568dvpl#IvvltDj&C>el{GUqNPHjkyBZ2Bd*$C4HEu02V^
ziJ~f3Ql|H*rLKP;09RhIb-jIka5om_bE9-ITmzvOCfvIQv*vzmvs-<yqiM17AefC6
z8eza;dUg*eranAp8RloRWsSzG_dlob2AmE8X*rfyfQwUd@UaT}P>JfhzNJ}Ku!av5
z-sIhr{dIn*1a)J<w7RcSDsGONF^PiLEYB5}M*0UYo9YkGJQ$9#2_z>QZo!e33Ym~f
z8`m^um?_=HG%GI5gmrSg2x85nZ~fuMF*R~?YAgDOxt<0eJ$xzf0`}U&2TlXfmZ`pQ
z`xI94)c^%2C?T}KkUEv3?o&4E7D2wB54BerpA;{LNdr&<UA_(>wraDEFzJcErZjAc
zEy>Osk09@`nT!tWU$+(~@2%yWpiz)CRSDU)bnU49k(wO<Hx4!<9JTc^$lszitMp9h
zBtP7r4QK{Zr5uHrRF`u`e_ub+LV@=)SzIBDMy6G_kve(zz1~GDIqTFmGhIV~`A+JA
z5e1r-DcV00^%sZ+E3UafH@S^1)iP?-O`li6cMrZHlw7FG1mwWxCMLSTrRq6?0#dO9
zN3~GN@dVtx`U?H)tQgaJcj?{l4=XAvfGk9VR6LS0)c0K|3L#y-wfC}r8S20M{R07$
z?~9IThT`If2jo|hAOG(3sWxVlt#ghuhvHC$uQAvCCy?m<&JFd>mk)TEIB-3Ea&j^s
zBkO;L+n2?TTdj`AUm^l5yZjP7u4_UH&SeASfAg;h7&YsEHTvwEHF}Tef{5?|g<b)(
zB><&jK3?9<sTyY>?X){XoHW{x@#<Nwg5Cmw_Cf@W2^v_q@_39iHhI#QE50qEdm^C4
z8YtP8BufU!A?e@Kp5G!XuQKKR3Ssj11UA9fxJ#bqd|ufFuH?V|e*fzH?g&In1YE^~
jp5MRtq1;vC3~$`|Mq{b%^K{@%Eszpa9a1W9@%sM&Cvp@|

literal 16260
zcmbWeQ<No5*e1HGOI@~Y+qP|2b=kIU+qP}HyKLLGdFq>UF3zm=-^^U>d^2)q#)^o{
zjQ2rgxV)?w3?wEb004lI5EoVi0Dk@Y*-!rc-?n%iRN^N9IVy??0&1qPPk#y^rUEho
z06={#)Q3LkPZ`2aT*DCnfF1nr2Q+G1W&{B6VMquID7)!iZi4e8nPLHU#<vpTT~@G?
zctAi<HuBn9n=KYOEiPL$#kAJfPRptbf6AJzDwP3{HlW6Tx0o(K8eG4m9Pr6o3QlSd
zJw2?iJ#7!d9In0hujD<tasO-D8zu9d?@!E=I}@<xhftzm!HkwB5D@H>3J)XOwFkle
zpv&<S4U~oh^zpeDFykjnSXxw!2d%aTU`bXhgPX^L_DMm&=-ZhE;7pE3;+R;P+nSh!
zQ2*5EHq=`Llq{*Dn3${KOjF6CQJhGmu!G_+pucIB|4Ciol@(BiOo{l@_mhL%IX}hn
zuJ}Z+;BV8)4uk-Hxx31UpnT9Y7@U*%zC(3<0sz3zB~}L5A()%xUE1Liw^}zk$WKj!
zPjv$Q+ue#3oB|jCKzH8u{e2wL^g&hb?CXbplN-P6!Nc-Q7vBc+|Nfl|Mp-dddml^H
zv>E+dkRep$tA*JJxyMy3?~jDK(Utj2oA1r$-(qTPMK4@Cw;ZZb(AXr8-y#_3U59~x
zC5)gE-ENsZ9v4T5UXwLAvtc2C005_Ta^gg(>8(xQ?pwFkPatKFnS?TDjZ>s=8@nt-
zrfozBp~r!Xb9eBHMaZHJBH~)m{76j;IBdF}SLMJsc_qV``bv{))VJPQ--*Yp+WCz0
zI1;-8Aueg?T($W6vli%ZZk&?gIk;bwJ$#)l2oMi|_=}H`KD?JzrI;J*kdW?E5v%UR
z=Esma3=J#ck|4Q<OzB0{kM#O#iShs<WQ)J_z2V%{H8KhgOy7S5w4l6@fdjW7^BSZx
z`_3{G#%6(bW1~P7B^{rQFH+2y#oM!~XxvO*-kB-?8?u>WXGe)`Qj1B;?$<V6eJE9C
zC}*NVAl_2N>XjA?0a;xgO<l`y3?`@5GQH7N@IMNFGkEfr$&r8gYriC=mJi+9Je)Zi
z6Q&m_2t7YE-iYprB1eYzC_CRa9{QOM6~Q$QnQZMz?GD;Ey6h?jf<5PsUA%2}wokbj
za@?T9x<%;&<uH4hUxd1xrF3;r^Q^fyZ3{99>41-#uxr8J%2=a#?Jp2oTEs7;9UXc|
z;SNqTmB}s?UDhm@imJw`WdtMtJcb=Iz#`4h#u=k6_?>IP$cH$UVv=JY5s7G!&w771
zIzHFHJ*CdT-FlD2i}0axvkJ_nt65SlAUmeHzeffgBZ7Rpk#m&L^vWz84xiYDqfZE~
z;$>i-LBwyr2PX+iDqf^v6cb9-j_dyNT0!DK^o0S3tjN!wQN|Mr-`t`LBqD#tzdi;J
zZ1!$yK8|ndSYN6=$yAq*GWxvCvy&umQ&4PMXY^{O)+!ZcvrOfZa}zAPC^aTnl1w7@
z2;M3uvjPBLk+`zJn9-v6*2=s`s6gDFBY=<{4<Q=GE8#-x?%c*g<bBqFP-f&+^%!kr
zSF^#tfqKMOxw{+zF(dG11eJT=n1haHwe)plaGXsOlb{2hJt)2wS>0IJ14z{1Zq^@8
zL-CJ9a5XWnjDA)pjQH~2q(Qc?4hML-WZ3GscOgva`WqVnDTv$)aT==$<`ia<;ZYLk
zUVmXj2wlm?NTd9F%tn}dkjfLE+$vmmx6iUbD)3qurbbrgg~Bi)p%&U_9A;*_!MAu{
zE9_>=hHkR@Pp#byIZeik=f^_Ws^~BBwBgH_hP0|1joI}cbay-NkMd{m+I!=A8T*>Y
zb-a*isGE&C+OLfYAS4;Fa6?kq-LZMB@hB2t<IUYlNZG1nD8&#v+L%GJyMSK^co6(!
zqT#<oP1Tj6fIXcQ^NR%Toh0t`-v(ONs|g7de*yBQJ=tN({&21uY6gXUVh^e$6mS-!
zLvUB+HHjFFvbOw-3zdG9o9OPfQ99$wr2P(R)L>r=DNjl=3OkJ1kk6ukvm*sXd=;yx
zhz1SHeP2g%OEX;F-pYEL>fb{~L;%etE*0?^i_6(g>M&3m3&H+aVbC4q)XcG(d}qiH
znL9#MQlR6~BPAU50Kt$llUx5?LCaN}k0_`gxRDyQ*Mi#ycKzDz_}F%<Z;2y5(v1H%
zgDsYVyP3mzxMtvD=Bu(R?I?uYduN~yW3FO*_t6!($kP*)=yUL)KN7qP7(%X}Z|x|l
zbuL4L35?p2nI-@~<Ml*8t6@_u<;#I@cx5o=xd}?(-*{zlw&$;))#TL}8whSC2wRT7
zBh_7Rb$Ro3RT+0O>5?M{GjwPmy+?lMb4-&3@6iwGxqq?((8a+#91yJ|70ZQxGTnpw
zW)aZo&p6r%cm9bHF+aR*8P!X*aK@y@<Tcg*<T0H?c80Nl!4(@8h*p^-@sF`*@80py
zU>%)^4Gdl;fVIO}pzhi(IP;Pubk}q<-O|e@sIW=7ld_oBK`X0nC)grZRFOhJ6(h-0
z2{x8EGWiT6Cq`&<1QssdJ{*q&gYVYO(eMo2qYn-ZmM4$uY`4`~#cS659cc2R1&*4W
ztCatbn7Y0EwFY_gkO4<pt6UQ<m%0<w*Fa%$k`p>z%AkJ{#57VqqvzB_#-gz(WjpR+
z{gG)T1v#nGm|bN#PSdGIcgz+wb({RFL=_9$Dq5MJzGK5%%~hodWjQ=^$8cb0;$z~{
zlJbeIti#Fc<{Xa2GH}2x1QRS3!zQ%0S3_mR7)IuPw^B+@<w)^#R!a0b`;6Of=F15m
zI%P0_T@#%QtavoL+n`#$^fEi+ClP)F!Ic6rV@5M&jdu1M2dyTYGg?x{Ik=jEcvN-)
z@eVVIqf-*?Gy~~TM=(kYUGmHbGeLqhFJV^>z7A>1<0p7Rhbk{7Z9P7$<O-oAvA9AY
z*fYOm@eu=77Yq6Xgt6N{G1*s^Bismj9dk>2>KLG+@9dZx1q%bSCz8;ht_Bs5#{&F<
zH@enb5ji9M1rzJVo%zXZ1svifsTn8v(IIoHW?7_=;hJL+Xw0mdTZHFwx^^Z?mny6@
zbj3BaH@Cq5^yLL{%!#y)N5(sF1y?=g<c&?*GvWZdbIDj$eifd?Lpe299ExtSt=IIl
zc9s#YxC+3dV8AX=i*I=vPRi~(#c$7M-xSrs!wUK{|4iO{yUhIf@PE_5X|A(ZSA;33
z<c|5cL2iM58CS7sIaE^O^(3j7Kgh_G^6@bF9O{Lf1|}A6_1qXzbtTYVyNLMbS_UwU
z2f{))oHusn#Eq>TFjI-97S5e5czBQZME<Q&{Yt)hIz?$7(Wi$_J(b?=J`b5qhARtB
zXG=n-tHB$0htx{5pI@0PSRQZUJYBTJ;lg--x(#AlyvgT{(XC$0!`~x<J5h!>G@xF~
zSn!Gc1tv0LKrfSUB{!PVl~3;DuvDm*p_`?fEKv&HahEcb7MV~PCt5A`Pi3;bU955j
zT1(RtYpF4RpIv>Uaia(b(C0fgNXEg9E7vDKLq2al;JLPQ9ipL*Wg;=lpc({a{2X;_
zGec8wBqklIX|rXHGJw|kY~jcOEoaHS+LR=|*WR2vY>{D0j$s(W6)a)tdLSWF4;wwH
zDC0LuKCd+M*N6&^vZJM1y41AYzMJz6*o_))@cZU!o`=Wb+y>Jydoh>luYElR>%=BW
z;Zq1j(c<!AxRHMj5tnSS_Enf~*QT`Ans(5r1{cF6G>KrJQ7^e6jfB>Qwm328n<f{Q
zB>cf2j_}Z_Ue$F2N*4iWoGC+{a%rImop7wLHX0VZbDUDdVzsc&r&WWt!uQErQQQxH
zCp+1uxfT^k&*NDiRbn;F_IZ4gA6(iJIuC#hc4)FAGK?yPh-e0$&lU@mJ46?I*LM;T
z3BSlkAT_yF&{~RG=_S3L@bqs~NH_<#u|~9jo_vTntChWDsU61Ez-Tphf0%*;t8poT
zmtJ3JMO~zzr^UXCZnzK&W!@rxX@=!H8jSDUirISbnGj_|RGm+`Q<`FNeV*pSsCRdN
zXrV)d71mfAr0_Rf+D0LxGoKP_xe(U0uY){C42wr*Y1X?wPfCS)W<fHo!ESbSe>jp0
zxz6506nq`^^iY{Rj$Kk74e@UDnmLL!G%3%hfrv(dQrYj{6bbIv-L8$<YVtbyO21k{
zV{%P$Rgw@~UmZ%bJd+x}9JItMK-#SC3LF(eK{;N>?P*ja>gSA!{ding2<654TqlHU
ztlHyi6p{HmVCpBTkNvmDiBtRs1LJqJN47P~ysS@7QyFu>XH4YVvoQKpPFYzzEJwXr
zbKToGaoQ(NVx-_K&r3GTQ`@RIuVG=z7$nj}u?dwQQc6^Isl-C_4=7NuIz@GeXqPTv
z$@!8KhME+s-mF7!4x=OXM+p=SWSTD;_*ZFIZ$yYT6!(`(i&xH41SOa>>tdaC>O<~t
zg)YaE<9$K=Aty~18!^iiVX2Unx^<IcjgJyNb@ni>EYiqV>bIQxyM*j**}b96;Lo=%
zNm7Ya2_y4Jj{Gmm!e6X#;VcC;I7BEPYUuF>0xx)gQGCfrXg)%;*aC@iP1?IgJ*%BV
zK#h!H33{d~=qB1`E|AYi=WL-=c8|V|(mY$-(CpuU!74VS3UN&WMlTq3j-_lLtJL`d
zC(p+r(?4uPu*d)>O&QC^rp1>@LkwlhF4-R}=}m6i7X|{ws=JPF<HOwULQk|J`{cE}
z_)k6ihb{TZnZ=d>RjYckT_45I)h==tEhmiq_NB5oEnYBZ!(&r?`1WJ;zJV24iYlbp
zB=%1Qioa+k_fT1iHc!<p32hhAkd^+O9z7h;^TQnAH~GvosS$D|ziD*rP#JZ@4eOnl
z7)8h{&ezc1zk}Hd9gPbzQlC`V(V2&%#>|jz@i2fMd<_Mhvi9C<0&(Ulf9e2uUc7@@
zU{%1GT2~|;;2ZCtj1FlKchKHD!|^w7JN&OR+9KNmliMf7TbFrGfOnMre`pgb&N#+p
z!_4|3+`&&BxOXdSeiGh>o5cY{!`9~3XC+Utx;rX@L-N^XpM@8r9ULBoc<m5B{om1>
z14x%EC#j+x-p)e`vw>D<#zE_%5JPW9qn?f3U0<UL5-9QW{0x-Mrza+T{68ZZn&|4e
z6jk>^VdFNOmtKMVB^Id#V(gKqw_HqaLn&7hq!Vo>s2?tc_|uT@9f^6raM{wp<?C5e
zy7nrITR93ZK3r@4rdyNKZ^$NuA65-;>&hwi|IX=5F1Sv#2*5rWH?)q22LSl>e$k@;
z^!JT94(#Ww|BGOUcI((1sa~!uS%jD_SfEU`W<-NoeH%T}*C>!L?}QlXN2C<S42c1j
zlMN1#gDCPpP6K1clreX=FV4H^!EY8(ffC@X)&<6$U6YbWf5H1LBdnx-+Fuie4~J$;
znH)h40@w-nXTH&%^OG&DEU%TOlWV6FH&<c9SJ-Lq&;Okh_1iZS-PKbMF+NBb2;lZB
z&o=M5pChl1`TIGFu7(X4jALh5{ycfLIu#bhsw>A)fHDzZ0RYGWhy!;+PXWCeYluPi
zS}UraK5!C4cELkd9|%6y{?iyWa-cx`1=!j4W1bnOtQeO?wn8d<5yx<=-?8X#ej{2P
zKDA&ui2(N_`!&aJoAA$gnNpUuvLgO2GGI6%XCIGviX{w9*4uex*X*I9sG|FE5+4b;
z4++RTk1bghEhU^WUJwrSX}iJZz+b?sXa)GF)|>I7)9y^k>eVPr-|$Vwq!9N*rQYrn
zlXszfiO$vlzT*5US$FY=ZDIiYMuE-qmdlhY8bUr;otYG`5UOm;nt6f>U++S8;%1PP
zQnqV*bZZibhL2$k(a!gxh4zKGOA_N}q{M2MQ6lHh&n)8^0f1QWIsRI63v=q^jbJ$e
z@piJ6C41Ggfusz@7!7EoSdiQ#@<+R;>kqVKFmh>IKEgAXVRIhG1}Yeco}iaILV?P<
z*w|1oKQf>ztdr(<u!x9AmxHRAGtVt}e|@qb@5?IgmTLJ|*@q3T)@>=93WgC3gsc0)
z%fNb0j-U!2`^$4HP~_9E5q{k~f?q0loo~)D(jW>*%c3H-QW~q|p;?!rvA5VlB9#;%
zQrx0TD@jlL)z=r<e7GY2+QDDJ(pTeeS31T%!SBCN&0uo*O+=&a(~ku5E$qxRET>+x
zwi~ptc6#BluO9w=?ys03Yijw{%Hr&bZ@N5XQ)cU9`PRyrtg%!{b+fWPWu_#+ctX}-
zx`32|S9nIf-`UX$l`9FImE5;(cM}CuQ;!mN#I_QhF`HRc-aO&Cwl0(taIZS2Eo=M2
z%E6UCX1uMtchcTRGDQ7N2Xe%|MduJLwcu@foN~v2+@5xy`rWFYpjt5;QB&fbJ-5;*
zo0`vB3-^R2gbyG0b00Q=%=_ZNE>?!b(ZCQrBs~%u_G-^m#LLObntUR`dt5Kavd#^3
zjQ;lcpXp#R(hk})H6ln6mXefGcTmme%ab>2PBCIN6C3QkCb3-;Af$tR?OVzL6ILxp
zoUnjCZ*z{<w$^7c)6pN<-3>s84~!aqQpfrYbTxyI--l0xwGO6kjceLhHJ}f)(}sOY
z>U2L&53Fm3?Vk5K|312CZFMad_qPPEwJh7JCwnFouFFO2oK;i0^Y+9{<2Z;THhi-8
zPdIM0#6904Q}bp1f-h^^u_j8B(NbhvI(>u|&C7n1?C{x14dkVs_<WK-l;MFiv}94x
z{<iFf#M}Qqq&JyzRf7vBV4nWEe8r{ZqN8(#S)a7r03$=e2^!(INY|9Wf1``>raK<N
zQXAs@Jtc<OKIR6HqxIwQ(*ElOnI4b?1UQk^vqdJ{XSngL1dRxE#mq70OxTjAFk`xG
zEM2K$Z+LJhL9Y=#8M9O(Uozwg4{1{*Qnh4g(WZk$<pq^w@yHe=QnajZIm$7rT0=ig
z7?5zI1lm+wQZJDoe<=_QP7xZWlD5oSi@BhaOsy!U3D|>-&X8pd{obi&|HOeX@)x!m
zeRBA-9)@Kzmwv^}Je6@OIzoA^qMKA+%qX!{iw4Kjh7-v+38a)ps61d^TX7H<fPfsr
z-Q&M&X5z?op6HM)oS(wVtS4a`h&|C|U$&I#<;KU@E~%~kYT1oAU@*}|(?w}<<+!37
zV+9vgpzUA0I#Z2BT<w(62$h&WD_LYg;<cigtzNREW&fEDB3_g5zzp7ZfElm4zF!T<
ztL?AS=|oMxOgtgB%9P%>k$7q%?9|}?JQyQMM>-(cLpJK=K{)Ch%P87q1oo;X%2IE^
z?qCzjcCIZ}D6XJM<=5A>9d0LXOKj$lc~umVX-CGf35&8PDR;<#WVv}oyv8uRj#IT)
zh%pGg50TJJj2LF5wd7}?W-Z(i?gnevfxa75%c`cO_e#sTIO4=!_h71Q&lrY=sK2$Z
z!#=S^Gfb<>x``uiB!(FO4O@S-HO4n*WwA~8fOql7yY@veQ}=q^*V~sfLgd~LZZXwT
zsPGLezB1t@nOxaToA3Ccv-B)V3q3#ETGYJ}i}qOi)JusD%o^{Cbz;^aFZWca+B=-w
zTV*rYl4SHWMQOxCCZ++V%2M1yRfw~?PI6&s`@Va(=2pPU#AZ-O1nzpIk;v0y9dy^8
z=h6zuucx?{4f3&|U~eGzn(q2EaX-w2i8lsaN83}UfI+9#fQE)pW2{oE*4ms2bjA&;
zvMqe8Rw82SySiWlzJG^?CRFAjXHm7yz}DDVtS}CF-FCOn7^GUa5Fwr+XlxG8HFYCc
z?fFriFEji0DtbS}n&6y*hz)7HcRka0aL(hdA<jNDfy~s&`z4_IGO9IT|5+z3%en(4
zmGyr9q%YfayPPPrCQ6H@tW%yU)Djp>T9i*O#^?N0q?qzPn8<~-IGX3}PZsjnKl9r?
zpZ@jfY1*>|&*<ShRG3X=cdlDyD8y4}p%#pTN0%(n*W*ar6sjl!<cvui_9;_{9-H|V
z?jpQB2$+Tp2I@bACs+VKUocU~N6cRc(*!qh1BrxhYvAR>&r?R$JSokS?A9Eb3C5zg
zMhPcN7eVw=RN|!;Wjspdd5XW$wWiYKp=gU#7MH(Nii;GZX*6-#q5zK8kGqjjExPXC
zl~R$<DH}ql+@jfK+SNp!8sN?!BzAis2J-N|)zXE99vYzNS5SSPw76+z7TT?cFLMfy
z66t(RcxNqzpvU-sXTuHQ1SSR3ITu_j%EQA%T_1{1wTfWOlF~cdOBuj4G(^(&38HJ_
zw@D#yGiDf87S=4XFs7Uxh76dni;@>nTa<s`3N}~){C)wB7eTk|Oq?P)8PY9JPg!em
z$G#m8t}hh8Tjpn$ITHclR+yo#N;xDrB=hUnf_p|Mvt03Q^xvM{AwW@8?~r{~G&KsF
z4gBCmzvN|Ja1JRxyNmClLS%NW+ZHQ~La5o>+x@5{tS%{3C=)4sa>#-|L`LevLO4pJ
zAJPZNj@Kfxq&tGW#-GupVFu%8#Ge0FDvZ-r(IOuP=bXYgL_wQ~#M|YOrK6!lPC8GL
zY37t|8%+Xo5h}>)s-#R%Kwkg2gQBH%ygU$-OHOr)3RaZNym8t0zO7!iY{V+IPC+#k
z^B@7c4}m)nVZD_@Yf@eiTtc|o54{T!?U1_?Gd)-?iD1s)G*4`QZDQy_3Un7T+#J=&
zD<Y9`z1=|A_cjUQih|x{WP<u3w(_-NOaor2(a)F|d)&h~&ezIU>7>QbuRCOaWb5D>
zqKz9T{>yN&K$yWE^U)LIrj))3<|5*+digUT&=R$Yl}<Vt-S+B`qP5Cq&Fatyp&@ij
zkDAqUD`F8I#J@)EgsD}_6&{{nT~PP0#<awoJqEQjsI!)7>XNOx8UzZ4_hvQQM;@YZ
zm~q7doFq}Q_@e626YN9dbZb@2lQ@eMprS_;b~5~RYgNsdL8t|);|-z3NYu<au_?iX
z`tz9~qY-&wp+o$H2C)P<vqh_eT|on%g@(}agn{ttG)+&&>4j&7xku_saOcWdB&&77
zzmY+pajidui$#q!VGOllbfrp_`oT96d&|p!Opr!k(?BhN0XMb$m?tud<p(>LGVRqo
zmIGHbTUX~~w@$ujrC}(L)Khbt<|Wx5FR`b+&rPO}e185+xqJ8ip@ndYV1S+5|1Q2s
zP1j3k<hy1{f1&`7<%MF-S)6uVRELtI)U92hthnptQS~V;|E%bhlc>|<>|;yu1J51=
z++6=$YphxQWb+k0Z_F3TvI!Fml*0rKiS>uoO8EPfdc@Il2^a9u>K8BA4ISA3(iuv^
zPD@(Q?`i)HN7#-O`kV>o003}v$YZ(D?r;hyh+IvMH5TtheM<o==mm=EU;f1fN~!;v
z0yb0T{PCc6ApDqbu>T$2b?sFl>Z{tUC##i3ix<0$?o!IbJH)O?!G@A@CcL}P5%FYu
zwI8LFsU1JE18x!k<~y$ey}IerON3S_l*5wE()g8Ps9jZOLnpnF+1%_jz;1%X4-JHS
z<j{zrQH2Ak-_)d7hUl7*0RGq?F0j{ysP`B>*OIIF0<4W5Sy250Y@xN^f%_VPb%y9*
zy{0@s`9qMXKIjy^+S7Z~f51NIe<UB^jro5Y+|od1hNBZ&tSOoiXrn|JSjA7w7nhe&
z7L4&hcMe5I=DM>#D3Bo)!QK$#!2D=E7+{iAldQU1K_~!pY-$!W2Ys!R6Ma}8?}Rht
zAOOHj>HpH{{)f=jV7E|;u^ixtbHE!TL`*Pz406r0VhD{U#vcK=K?F7jxcx&Y4Cv9}
zv%*+c7R(11$$BStA`Cj5h*<fuxyY1O`uMk-MW`)S4*^#Uq^f>Xb3Kx+y@zst(`hB|
z0x^5sgXL<|l}&=^j_4LkzKmd^&aLRhP4#@en?3D%aXSqJ=msqU+FA4`4Sw}uO-lD>
zCxe)ixK75A9Ft4IAJ0L_1Sw~>ZmDq;>QH5vz%dDBT3gWkF;#TX*U>#a(*<{~IFtQ@
z06QZ8wNxc<f*N&*Ydu@Wn@?{I^7O!+#dmu*)hw<U9x}MUz+N31_sjN}$^#iPQe;2c
zeu7BtEktJKlCBZ?uVfHo03Y2=zlHjG{FJUtKqld1AhVxfKEoy6LVYy?Wb{ydiL1K{
z|KKQKlz|<(V%!!xc=t?ZV4IR7k2LnyfJfa(efuUsM*3Y9$5W^u;YBDOZeV9dhwnEa
z=a<RlTJv9O0Ka@Qf4VBcQGIwntP}A=Q&4pPm$Pa7!2IBv7Mwk)6lF2&ypUMYwpR8A
zF@4Z%RL~6`Vp{Yvmc<TYI07rnNg&AcZGX&dAP<@PKJ#LAFeHvw!DA-Qn|*+%LEZih
z!ILV-p{p@_s(;K@yNU#jreNCi+3M%M#S2@IMO5Xdd<`jExd5KQeu|c-N<}bR$jZdu
z{HYqXhOfG2TxzQiDm~(U#H!F|PhZ7v4*jkb@z~`qjU&NbocuLAVN})HZrmR3HFLM5
zdwB4OXcU-Km6U}l1qBWwli)6-YevoqXR9LXI$2dkB5NiqfB^0j6R-rvJEN`U%E;QE
zbw;d6m|RE!0p47>R;Jd5Ozv54gQoWfddGK7{Sx`&kl&xGQEP|d_`>hB*n4qlGrke+
zJtUp&8*Q^p41-$l>Y<7MjEbNiNb*<#PK6C3KNiI;M(KDlW_FKj2ImdPm0Rzs{BWyj
zMMS*3Df?BDpE0+=5?tz$m2^hq>yf>0tHvz0>u*Ak_DMV9n^qkUZ^Jn(OFC;?QC7cv
z94oXK`vy+m$4|v{<ZywEy@*Q53{Sw~n7XirCfwrEMJE|kN)-1dFZO`YwOsm_@m;_*
zt+%l0@X)&~;Xq}A_t8u2EL5zoum09?Dlbw!jr8U(@~-oVxYvvkp7X>b+ZWGMiTqFe
zXJN#VHfX_j_2=FUd;X#tb}a>y@vB%NBB(#w?-*uZSIz%ytJ?2)7QJr%goedztMEBy
z7XGvKO5ye#zLe&xH5bU^1#n~iyze#(zmv(BGIQ-EDV8OSZ~x-vMynFlCbGh#6PU0Q
z&tZVt8jBKa^>j8)t_Tuaad>6bKG!t_%AK=RH-r45+aU0pYi~rAIlcb6l9qd$O>(_<
z;vB~MJ4K>KCA1L$qc;4K$Bz51Xxw8Sjxabr$H3(%*1jPx{}<}3jGV2|Bk>j;b~q<$
z-Y7XoZ2)QkhRg;V2}9MtjoKEATcd>F{oWwZEuYw)Hu<P;pf4Oa;6zE=PNY>B(yb+b
zFD!0@E@IW(NMSq&X^|v^tXupl+gx>>epCKZMrc_wW+@{FNa@|se}Z%a<CGWNuM~I=
zFazVsv{!_G)hLY=*haKDqdZ1n6gw?iY0Z<-BV@u#Jp0-&Vh@fzk{wW6jzTDsrcHA=
zhrN4wHs1SPjlaC?J-N0UiiFJ_Z|#hU{Vxle0Tgrpw5u|qArPLe9uH;zlr^xJoDP)@
z9}0Sd+ALvBbufG#<O?4%CwvgT-i#5F1mz#z7$rQakf^{L|1=5GM^vKgZ;(@o5G2mE
zX_lO@Rve@z3!9aWcA&u-c*{1=i$E&R;*~gsD96KJyr@Da>P2%cbpD#bj0hNTq8LEa
zAVolVSS{3o0eHt6B@8}U^0=s=7+RB_!5?q7t-h^JI*eOuxZzDo=J!RCT%F*{L(Gnp
z)w;?Sl*lPIUmpWax!1WD$BjPl<H$-Srasx!q|?wD)1F4+rj<>30;1?MzO(d}nGtJ5
zzfcg_#%j@KFVsgY-GRF}k|`7*7d3-L$!1T@hr}qUFsp@YQ*qjvp9YmK=T}>$k{q~M
z{sgf!N91a6Wa+FKWMMWoq3(BewCDPtSeXF(2H|=<P{diWrqe1k{Yd|Al=v`!+9<HE
z^6`(e9lvR>G@XuG<BAZlaAIb&a1MXJL3rwR!_fKzwu(snFx=zs6u7{k`Eo4~4oV!1
zP!U%Dypc**KI{Hb=@UG;3&u6@Im&UmMdek^s3Qf*TI4OZ$JLg^g9VhA7drb;xfgWq
z>@$|7wVICG0`X$&1Z7EOa=uY^#1KC+589|KE6yP>`*z{z(_{LeAQo&aAgQ~$sDXTZ
zsuDQhc{>(YTgh96d8eKO+v1pWn_cq_*np~(NxO%B!{5|D2?<<F-dAZk2Q<WO!et<S
zr<-G?_b}!kuWE=BJ8<7T&`)9s{#$Em-9tJ;=0>6z9~R$ns{FJhsL<Dtw!Ia(+0#e&
zVzHG1EdT>T5djj=Ptfay-s&we#OU+7TrTq$l|H%4$@h&Q;k8PA-ABAk$KJRBFsF?6
zsS*N$OHT9oWL56tae#*hz1l-<p`o+clL)E?ql0+27pM_xr+U8~y<Tsyb8)x#Nm5cm
zwECHC&S#nKs0zFNx)qnpi}@A^JZq<7Yl~1~#jg35=MIqod98~$#$#=8V`ivn!9muT
zaeEb)t13Lzt=GZT%vo4S8@Eh}jn?|wo!?7)U(cP{+zAT-+^6*G8Vk??xW;nB0D1Rf
z2=+M4*77Afgbnh!j(K6czM5-X6i-yM1-iyM8RxhD!8UnvKN%OG%ZXVnSaaFN*MZcn
zTAotjtiweO*je@aaRuqJqduG~=Mv%sO)EBNOi4)>p9ZW40W&~9{u#iJ7v}#9QOLhK
zPB!BOxfr)aAp6EA!x8BT{xG0ZEU^7R7N^-rbAEDU=2jNMAJ`KjpkLj_N<8Q2LxFXp
z_{$t{Qh+x9)0A3}8MdGBKcJic`Cwn<Tt>aksu&w3h<Lrw`DU|iwPdBaNQ7J-x$$&@
zTrBU~08X%Yk%)<Bx-{Ww|BgpD?c?+H*2mM`pe>0v#eYzWzjg-Ka~vyJ(A%qg+>@&_
zP6hY#Qr<ohgu*2*1#k7<)LaT~D&5&#%>_@&^F?P)jhCQ4;3?V3qjP5ev%%o^nk~wA
z|GXv(9?6aTSFVfC^8@&;%fj$TE3dY?puXsL^~F_v?dJTk4p-;9wC<>7VJ=#A2j#nX
z7*FT+o2B?rTp)A%KTpwDL<(ifNG1<ci&MT*(f=g%6Bz5$-kh?BBfA)zRWd<Ax~%mT
z9nW4|i(&qVZ*p$Zn3Ud6!4`B1q31cpiu?)hRXE+_6xVOqrrm0R5RL28PM>cp0IXqD
zFE#UAiVR*aufxL`<ZIw^<-pn1M+&>S<4(Z7=~V8we*55>d131|0^xYa&m4WzW!9{j
zED2MhW~f-1d+Gn{ts+v)#?V`>2WvU4zC5qxUZqi$(5j}qqGFeAoF%(fa@Q@9VT*9t
z#Xazs7sL9}L@i?((mxfP(Beh%3`-cTg;vSV-mb&8SZw4el0E$Fj&!|wQY8tkOz6&X
zTLtb0e>HyMK*G*+1&g)bqm643D>2BLJtxT+27tN4_Y{%)$ZeFVI#ezKLq9Y#<Xkys
zMJ2IAvii)Q6~{pS)zcLg$#RA<TX-tYZ*k7%A8V|xsH3ApCZNkhnat9kjcsy}&rwRq
z+M23Cyb@kzd0}jkvs;%8bpgvoW7yW>{6hik*H?RI@)6n{t!SsK4^`#U4VrCSDXng=
zk+8Jz(8V)v`f1Fo`MJdH{<mBIAn^}Eztu-fR$=iy{+eg`eRD@ocE10CbMioY{dNr`
zGA_mxl4a!O<w|7hbra^JN9@hPG1FAEw-<t8d#O;cYQ~asRyEx=@cm^lcJW8|HQ1Rc
z1y6o|H4bvrZmC4i`i+9cSkl+hEpZ`xe0$4I*V;CJybNCi?%Vu*<PX)L|7X3;NhlT-
zwpaBS3%i*1qVsUuSri>jbZ$V|#yM{1`@`dWP0^VIufj~(a%QdWa=dbD<@!<A`=#r+
z7!sG>WaUd`p_h%Dx64r~Te#WlX|NApg{g<B6*YR(<qI2=9r<dxJMZ~W?Iw2}W~_if
zF(0S2IF0msAbt<lB#dj?y~%EJr*H&ev*_DyDpzkB66iG?ud#18@muGQz4Sp1bt{~?
zw4r^T{2>*YuKD;Rr~AIUET!z~>M*HN@4oTgo0WM68h+(_j*{t+ze`8=TTv>5RAhDg
zVO6KcmJuRAGN$Ucx)&M6eS^~N(+enHtA-tQkfy@T-Ga`(c}XDK+^N&eFske-v%Rp9
z{>IjY9AWhC$MOW2T`P%o7Pb-f80-Yrn?lBMawga1zmYy7eoR2e$uP6LqHg<B0rG#0
zN{?x>%b!*5Ge|*Ua#Me{w%3!zvWvy(D)GknQ0e}OCa|`^d7wd|Ucu`rG&M1$A-Q04
z9ubW+`MNEQabAMgNWLkkmGtz1u%y8GcqnLC?fe;Y-ml>Xt@rPBZ-)m(e;|~Av!0w?
zFS6IuH5_4bDlaMAx8vyMLVM2=JfF8>uYlME>istZOcn!HnwPyVd!)LfUC4e$NP$)<
z_Nq=!w%X@=(M<J8l~ix$J{6k!i&ASTO{x#_6I3<5IU9-+XX+weBZK>U0T8*{VvRYz
zVc*8YI3HKOLNZrqht>XHCfGi{s)HNlrHc%s)kU*5P5CTlc6tJu6D)QZGdSr6otcCr
zPlgEaQ|1ViT9^&z5?_;fS<m7>2JFiYfd|L4LoH)^L_DZ!ir^)vUzgL0S6)0m(N3zf
zxr4nBdnj_8E#IH<CBRoXLE9uS3)xSN?%p4IXlk){EVQaQUv@(q`*TvuHlCSSz_Ea6
z!5=xGGK9-hvugy7O?ynJ2g1=gwFQ@gbpk3w>V;*-Qm=a|1PbIWi$-b_M!&2)zsx^2
z`*YQbR2!f1_`7Rj5<Qe|HqrIc%tUZlZR*R!t|u5N?PEDuRowmSz&v#4WH$yiq`4{(
zwKn&mR!#_q>G@M06(OfSI`?9mv}Trjqu-Lvr9;JK7N@;|<o+lZa{M=+XXh<bI|s=s
zWpfq%vs^T1-}ZVOFmC<LB#9lYpXo*EgtIMzD!M^}Q0MpWbXM3YAo{BDo$`6YsKx{$
z&sfpvOt51BI;NDD>k)eLnVoJtbR^kJ+Y2^_oi;345t1)w7i(!R^QEXsu_hs>D<6-=
zggm8iYy?!t>+zRNC?vAD<7{Go-t9_E1YG~zkzNnwe-phMtLEyhj#iVq#C-{7SLbe-
zpz6osRivg{xN3<4Q&k(X(WHxJv~;DuW(MDycz%31i!}?2R?o-6ft?~stbnorX1Tf;
zY5K0`oJ1s1VjL27@{+gXZ|8}=n-4wNmL#;}@_^&fHh2OH1EXHg^(pbI?d}><>M*GD
zp4N1JVthyD4uWa)GT~}+(#^Q*j*4+<fpvABGA$$t<!Du{`GtUicu`mg#jJOd+WNP?
zYc?V=IV_}t-dw#J`0ZMY-|n8A+S3H0wH&P`L0<D*LMxwy-(9PDK4p%1TB=J^n9b@-
z47ySZ8q@^wzs#~b;W~b@J;2X&E~VxEJu@W{Z4y(T(Pgjb_w@*p*0?Y{>@+F-s|?NG
z44fM`)ExQskH4S5H;Algw)<SnER_%bOjPag{S&_`<(JBHy@rkw!^35`y>EuL&CUHG
zh@?wz`gYQa3QcQ@HeqynCsxtj8Ih&5y4CMaVu!HkCAD-_LXz;kt&LG&Bb}Q<Dp^ka
z@`-4S&6i`p+gsDncMv#zR)?e{%27&v7oagQO|-G3il)9E)a_M|wltogNJoyj?_^v?
z`<cX(^cHw;R7lxV737>DjCgw_0dqgNWtzXX&FuktgjWA6^WKy|_uFhZspW0L6SUdN
zkql04ss%=C><sfv>bjfvHj%MQpC~3dvl3~)w6;ZMfo%z`bW-}GXahZT+EZv`5<zAA
z^L(wkqobsR)JInHEWAmRo!4nEYh+-()Yh1Vg;`nqdpFt@ma@aT_LM*kPj4?-&lQ&r
zn{8;t0$4x*cwm^UXZu5KHAtOH>EItcDUHYV)vHpflx61GITUTxmqn~OKA-*o)^+ja
zMmt+^RZn?&599T`_pvo%t4If?&z}Ozi9Nf8AGv6J0?mVKpSs}KasEs9)6hY?Dt{Uy
z;EFC%$B8VKZszPnm?LOeNXHVGGh21#m#@^XV#(5Ys2z@ceRM?6vCPKlnzs*e(BAxV
z+WWPCNeM?JRL7q}*L>o@{JBSGed%b1_nP#X!9u%X=-7xp0%2|sm0wt82(8$ix+h$Q
zJvyZ(X!rfLw65i=E+3e}jcYHTXadH3!l1#!uzLHvzK6<6$ACeb`4qbDyWVhU$jHd=
zuJ1XPMD1w%v~4Vjbu?^EHg0-)LPCR!f><BIjFD%M39c@am9wE;1brbB9~$-BL#?Cl
zHI5q)ZD4SZgvcT3S_oS4^O#K6C~#gq3sla37!opazmXa(Mx`SOYQ7NqiBfP6s?<5x
zkjaL<eaz1L<hJc#qQlV9IR&nHzdz)Z*1<pOM(J`jvvl|B?E+Y`7{p~^r<#u|$`}Yr
zwsbm!&?f?h(!zigq+oa0t~d@1FECE=D>}J6jf90S(#AC&i+gGOdTUQ}v(*IS-iu(i
zeU0w@#r~)Z&!jEBAAfoI=mQ!gTKmKa@*-1xi+=PlgN%97P|cT2LkQ09CJ_hn>MM`#
zr`+qr3)GN*Z#LL!@&tQQkH;V#Fu>_za%x#-ZXYsr(_o>4b>e36>eck0Q>$8+k;NBl
zdMRthVXxn#Ofks6bj^SCnJ$Ag?y0w3)~Jva95hQ-y$T+U5@@JDm|$5CSwyiBmP#KE
zg*L~RZ)X`T)~V+<O;0ZCj$|#YRnufE?@ro-tgSYk%DLrW%ldua7~;TvRG>n-n5Md^
zdiRSs{hN}v-ITY%8zs@ETGBkG=+tXbA*}{GG#GA}xaJ%qdv!-f%wUnbb1;!<?8LH!
z`_*OY%wX2CqnS$dX2l&%8nbJ>$iR^TnM-1%kYIv^?9AMeGh6u4A+BLWm|`#k_eadw
zV1c`RnKN}EB_PZZqAb`Upg3})m`el+H`tJ1HDh&Aog{|%;x&|(su9lOnEZtb(v(vV
z_R@QSdeV#trn17jx9V=Ts!rI|;6%nhD@pz=)#yY{`~rZeKqZ-@7~p22U)(gYCAA<m
zwG<~+#tYKbJFsRN1@dHUDbskj5r9UH#>CcTqYOaQl>~V>g5QZpl(blI810+gy5Mha
zCG#vq<L*wz93oU!4#{BtT^)4@K}whGzoY)kok1!luFW=5(WbayVAen&jbp-9j7Q`*
zDh|CP+OA-Y{|G~HRyYfL6?dT;cpF;4&@0|lMTc~o%o#SK$u&2(6v4|eW6(rK+bNHW
zVa`D@!#$M3ITMOw9Y|N1FoV;^^rnCT(uERvaLiv*i^2lGq8ClysY$Gex!y<^XoV)C
z@q@TNy4vh%m9ylPjl2pD{rEeVvF&ktHvD0mR(vjiRNDq9&1?BY<^!sr>Pi#;#kNl(
zzsLc51M{P~j)`Q_Ey+Wmzc8Xg@X%z7YS3P6s@f`>g<W!^4X~9;LgKlL7hC!bifye$
zk5)nv!^6gEA)8)@rFywE<Xo6FlV&KSskXoNXv-0Fv5g^UDKvh?>>{7z{OMgmShFi>
z5Y=a|w#77j+CPmbP_2$my~MPgcw<swVI;T66C%`kUFGNj$bB$x>B`H0dZ*k9q&Y1e
z2|xAhCz}((2%FmG82Oi5>N=PFyLo_Sw9jE9p(rg@gpF5Um=;?<+^$|pCv$b$sluMv
z_!5)oIF-nNZmb?Gr;1ezSN14~yqu1I$(2*vuweBvGz4RhdY<#`=xk7j5(!<Kek9H5
zR`)4W6xn6;4QrL{P;@D46LUrS<eFidN%a>c$b-Vef`o`oA#X00xiig*;>hcUIBXvb
z;*7g%2>!ty<tk@}#f+HoR-z2Jes#{{-tCA1%8b_K%F%^?)@{E|aWeycEb9@|jMK=>
z1vl)cZCg!6N?&Odd^!093YX&M-?u~TbWixW!wWVKu`{!@$Ue>NLViY*REO1+IK$!V
zU*{UzZcTG`%n7I>@w#wi=ESgo?jHi52gQhcKPjC0Xo#KbtqCt3AXoU;$1}7?qF`8G
z;el4}H&eeB(_{1=xHXAnG;FL$;>`#P3+KU}My*<N>+m;lkGw>2f*Uq>sASj<0tsXA
zo}On63#Y#4FlOMeEat(BcYsb7nq?kVw8aJ1ix|2Vt7OrP6St`nFkTU^fx_BoZH2S=
zeunDz4bl_PPWlfa=Z+E>;7m`<@op%1{@Sj|@MuR4jjr={8fq)3!mu7cb35Z4%kWn!
zbGB;+`}sI$EFwZ-mp(Ccr50-tYUppwhK+fkYvE#~vj;cO{NcZ=&HAPyIETLMF6FP;
z**Q45r6k_BsQpm$2&_jdcHmZDeQHG5=nzbiY0DEzfD_mc|D{xb2nvm0=>b}@^-!#e
zA_}mwMz@V_IM{h)i&)Eg&xC6sNmH_4!X9%IQ&drLl#$!QT7k8;j7eOGaLuiL+p}6s
zIiEz4{5w-uxR5mFoTBPP1{O0;N{2o2I?C(REg5N|aI*yq{r<#?9j*whrf|{b#>APk
zR?J)2n?UwwWloGEzD+p`Bb$CAIls(O-1cI#0~v72jCqsI3;E-(pg4YdtUhs7w*ax`
z#yY-PMeSF}o2V#cDg(15EnG?~#Y8%2X71eV+C`33jNrHm%RNH!TkB?zWR0dF8S?Or
zy;ZA+vJ_s1XzuK|-9?Wu^4w;-jlzMYvu#=*5}or^^(Z)%sblbM*jon}1|ao_1~xtZ
z22D8d7%oE}WihPw!o^G&v|V#*rXifs*9jQRsONS}KB<%n_+IDg`l@vBk(1WWqC9EV
z!aTpu$)MLC$UXggKK8)*RSLDkZ<^SWJ;6*<-R@{G>?L$Cne6N0F<pGJ6i#!0B$Gz(
zes@+VA$}1IOcd;Qe5m5R4G4evXXa@x@z{z{0>o2>P+t>x`0-rB$H;!lS0opOEV;h$
z{rSK%+VWnX<E&k!N;=W`F?ue=CryV|&7;ypx^+Vi-QD9bzg~IW%%?3&HO^so@l_xr
zv7REDn)NooW3M!EaH>F?<k<U>cHBgLJz$|#aJAAQk=Sx5gM%^MShM*&kFgBVIrYI^
zo|#j74E;0y?(Qn{05CSTt$y&zE?rusG6K%X16!ev3{Crrr``=kIIyUvzt!2-JwEC;
zhnD_^rqmjah!Vg$r;Tu4==8@Mryp2Cmov5_tJ}A4pKB%gMp-=^`_Ex@BKLAe)R7CM
zAkePg9G95{N9^6Srq5#i*I6G_pSo4|kv*Qk%#c9*YMPI95{IQ{_<C9%ZBUybVI6My
z57*yLux=bU>Ii$cBU?}Ja4f5tWLhtysV!wrl;&q&wFMieR<NV1h8x%B#U=XM|1wR)
zx}HblVQ#fiEpA3jjT7Ev#z)hBmfow&_8>j84p=IGob7RR?R)nYw|-|};EwIsu`5qJ
z1nVV3#N~YOsYOSsr#gL97OSFaM^s-&7`o4ijfA_)d=Xy{)It!zioYUwR9~b5lhGim
z!P*s=v9!OsM-5Z$Vgu*|>^}w#>c%qJm=-IlG7uwo6^=&e*T@LrX(~Ij*Kfto(7=D>
zM7JPi$5)TVj6`ERJgWCMuf=u~Yr1V{7;gVQ1SR3pr!D5@`le*>k9(DEg?np_m#p5N
z>>KyDf$HPL#Kc~Yz(zv*q3y#FXZ*5@ozC?JU|4LvuT%Ea^IX{#kI3$0WyQN-Aw6pE
zgGYwv=b>2N*vz(#x>QH9resernC~7;4KS2XPFvT=?Ni6&*ecBT{R4llnq@+$wa;^@
z%*9hJ*sap*Ep7~5x$$15&7s{@!XI7yaHr7P8mWLGMOk%fw(*h&6g?_cbbam3*US^-
zKgN?9->udJe0b%*?|!4g*-OmSD$8r=@e8P$v&~s%<-#49$7*tNLQrh-_h9Q4N2ZCz
znoT0i_iL<kJ%b_9FL%iLB>obOG>*3y@L1fFrN<C~%l2$M1K^Nq9bT4+>1jH~ugqlI
z<}F`77OeIQG)~&>PJ5fY-tVweq`jNHkBz$=mTb!+&mQf6IP@Om%j!uI$x9dD8i2hv
zw=)z<&~VHIcI%tlRhut+`|#VI9^ll2Qv#jQNg_J<|BUahsIU~-`CnCZmtP&akSN+*
z3g_+Avq-RP%!@*5tdrr47_67t(fqpGLCVW}g6rGn(lOr;JLtOlUfLTcr;)TM5%Kf|
zw=NB93F~mnKEAloQv!zc?Z(OCtFy4~CN$AkL1(uT4NpfkaNh${nJk0KKYrcpYXGKF
zKfkhCp#JPCe9A+=D|muju5PQ-=?17CE>H7nWSDEy^<B&-8t{LwrGNl@W*PWA6@!8u
z-L^aewB^4u5t!oiVP}=&n4GlcKLPdn;IV^DM^-ZB{0n8u8BDn`7e_$qCb+rZE;+vY
zwdw}DcGq={I&01+vb^Z=Z8iHOD3rz8wey3IP(>foPH3^D;WQ&K(RPf<3dmHL<&0$8
z$^rNy5_2R~g@L!mrfwO&%F2R*11GaY49U;eNNKb!I@{Fuf<Nme`tAu)BSEcecf|8~
zA)@EB95~uy#`jZ$?L^|D-EOiXM;YNtbKsg7x>UTU8~kD^O^$OsB8{~RDV`fvJmQeX
zXGF5>h!kDSdKjozo)7EGg72}@<b~Gyzv`J-b?2uFKF=8UrWZ2FtkQ;#gywNlRkFo7
z_=e``sgIB4MrdCX;}d&E11(Mnb5yxx8a)H-`3}d+bR(iA*0-ZBj^go2OlNEg@h~Zh
z<~L%RGY;(Wy|uF1DGHX!Q-(ZsmA#TYUSXiba~*dE{a)9fx63kCz6HPo6%)QajHDZu
zLlU|j&A&ZzJ!%906Y%@SPv@SIZp_NQ%bX`AiRTpE+}+BWgM%N-6vBbQ9vq#X*;W69
zk$uufGMk6mqp0t<ARtU}FTcDD$*Va|m-99E)!*r5@q{e?J}hDBNjsd%D=b7rLi*Iu
zeh2D3h>*Dz!Xq=#<+93HJ|9m}47>O3st}3@3s?x;A0Z(f8R{#QpH52~8nOphyo;7v
zXjOex^deQmg2EX~?6t2yTziMbMY`VqGl}(ZY0X}i0%;<a@j3_|hb~g6<reE!yVUdq
z1^%-N2hi1ZFtC^D8u7O)4_+=ZhSZAPjjU6g(ErA*MlG)rW_>1MTRSItYYg)$wo3yy
z0gAD)!BVRTB*I%hhzu#z|6q~A^=tqP1i?Op$NV55>fIGHvk894>EZFFj){o}s-@<}
zCS<_F$d^h8DB&=tv)~^3w%HUbGHfZM3rj=iEgI)t%x!fbG@rKD-e1l>_T)N%n!gNF
z63PLx0)-rTe9_advYVh}`8M*}6dB6{hW#i;x5tKgF0%GF`hSMae+CMz!T;Zz`QM$I
f|I-q5z!&(F#SXXuoQBO$?Enc8S>YPNKLP&_24g)z

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 05aa518a5f..6c82e08937 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1416,6 +1416,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
 <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
+<ul>
+<li>Status</li>
+<li>ShellLauncher</li>
+<li>StatusConfiguration</li>
+</ul>
+<p>Updated the AssigneAccessConfiguration schema.</p>
+</td></tr>
 </tbody>
 </table>
 
@@ -1435,7 +1445,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <tbody>
 <tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
@@ -1548,11 +1558,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 <tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AADSendDeviceToken</li>
 <li>BlockInStatusPage</li>
@@ -1564,7 +1574,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AutomaticRedeployment</li>
 <li>doAutomaticRedeployment</li>
@@ -1574,11 +1584,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </td></tr>
 </tbody>
 </table>

From df65cd750baab0c07cf301f4b44ed63b89a7a823 Mon Sep 17 00:00:00 2001
From: Dallin Hitchcock <dallin.hitchcock@gmail.com>
Date: Thu, 22 Feb 2018 18:26:59 -0700
Subject: [PATCH 022/119] Typo in Bootstrap.ini code

Missing left bracket in Settings
---
 .../deploy-windows-mdt/create-a-windows-10-reference-image.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 53297d9119..40c3fdf557 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -442,7 +442,7 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
 3.  Click **Edit Bootstrap.ini** and modify using the following information:
 
     ``` syntax
-    Settings]
+    [Settings]
     Priority=Default
     [Default]
     DeployRoot=\\MDT01\MDTBuildLab$

From e22d5d6235b9ab2bdb4b89dfa64b0c705b77bcd8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 22 Feb 2018 20:29:07 -0800
Subject: [PATCH 023/119] update get client secret

---
 ...stom-ti-windows-defender-advanced-threat-protection.md | 4 ++--
 ...ot-siem-windows-defender-advanced-threat-protection.md | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index 1e32ef16a7..85245a50ee 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -39,9 +39,9 @@ If your client secret expires or if you've misplaced the copy provided when you
 
 3. Select your tenant.
 
-4. Click **Application**, then select your custom threat intelligence application. The application name is **WindowsDefenderATPThreatIntelAPI** (formerly known as **WindowsDefenderATPCustomerTiConnector**).
+4. Click **App registrations** > **All apps**. Then select the application name **WindowsDefenderATPThreatIntelAPI** (formerly known as **WindowsDefenderATPCustomerTiConnector**).
 
-5. Select **Keys** section, then provide a key description and specify the key validity duration.
+5. Under **Settings**, select **Keys**, then provide a key description and specify the key validity duration.
 
 6. Click **Save**. The key value is displayed.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index c384aeaa9e..f093a717e3 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -32,17 +32,17 @@ This page provides detailed steps to troubleshoot issues you might encounter.
 
 
 ## Learn how to get a new client secret
-If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application,  you'll need to get a new secret.
+If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application,  you'll need to get a new secret.
 
 1. Login to the [Azure management portal](https://ms.portal.azure.com).
 
-2. Select **Azure Active Directory**.
+2. Select **Active Directory**.
 
 3. Select your tenant.
 
-4. Click **Application**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`.
+4. Click **App registrations** > **All apps**. Then select the application name **WindowsDefenderATPThreatIntelAPI** (formerly known as **WindowsDefenderATPCustomerTiConnector**).
 
-5. Select **Keys** section, then provide a key description and specify the key validity duration.
+5. Under **Settings**, select **Keys**, then provide a key description and specify the key validity duration.
 
 6. Click **Save**. The key value is displayed.
 

From 5962c25a85417b59765e6e08fca345ec104d30ff Mon Sep 17 00:00:00 2001
From: modcaster <tmann@CorporateOnlineServices.com>
Date: Fri, 23 Feb 2018 10:32:44 -0500
Subject: [PATCH 024/119] Updates for 20180223

---
 devices/surface/change-history-for-surface.md |  1 +
 devices/surface/surface-dock-updater.md       | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index a12b0c33f7..a374627e4d 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -16,6 +16,7 @@ This topic lists new and updated topics in the Surface documentation library.
 
 |New or changed topic | Description |
 | --- | --- |
+|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.12.136.0 information  |
 |[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information  |
 
 ## January 2018
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index eff1dae917..55d7b233dc 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 11/03/2017
+ms.date: 02/23/2018
 ms.author: jdecker
 ---
 
@@ -116,6 +116,22 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
 
+### Version 2.12.136.0
+*Release Date: 29 January 2018*
+
+This version of Surface Dock Updater adds support for the following:
+* Update for Surface Dock Main Chipset Firmware
+* Update for Surface Dock DisplayPort Firmware
+* Improved display stability for external displays when used with Surface Book or Surface Book 2
+
+Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following:
+* Update for Surface Book Base Firmware
+* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices
+
+>[!Note]
+>Before the Surface Dock firmware update applied by Surface Dock Updater v2.12.136.0 will take effect on a Surface Book device, a firmware update for the Surface Book Base is required. If you install Surface Dock Updater v2.12.136.0 on a Surface Book and update an attached Surface Dock from that same device, the firmware of the Surface Book Base will automatically be updated when installing the Surface Dock Updater. However, if you update a Surface Dock using Surface Dock Updater v2.12.136.0 on different device, and then connect that Surface Dock to a Surface Book where Surface Dock Updater v2.12.136.0 has not been installed, the benefits of the updated Surface Dock will not be enabled. To enable the benefits of the updated Surface Dock on a Surface Book device, Surface Book Base firmware must also be updated by installing Surface Dock Updater v2.12.136.0 on the Surface Book device. Surface Book Base firmware update is not required on a Surface Book 2 device.
+
+
 ### Version 2.9.136.0
 *Release date: November 3, 2017*
 

From 59cc347566df8911e125d34dd8e5f3e43a773905 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 23 Feb 2018 10:28:04 -0800
Subject: [PATCH 025/119] revert siem. keep custom ti

---
 ...t-siem-windows-defender-advanced-threat-protection.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index f093a717e3..22c3aaa87e 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -32,22 +32,23 @@ This page provides detailed steps to troubleshoot issues you might encounter.
 
 
 ## Learn how to get a new client secret
-If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application,  you'll need to get a new secret.
+If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application,  you'll need to get a new secret.
 
 1. Login to the [Azure management portal](https://ms.portal.azure.com).
 
-2. Select **Active Directory**.
+2. Select **Azure Active Directory**.
 
 3. Select your tenant.
 
-4. Click **App registrations** > **All apps**. Then select the application name **WindowsDefenderATPThreatIntelAPI** (formerly known as **WindowsDefenderATPCustomerTiConnector**).
+4. Click **App registrations** > **All apps**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`.
 
-5. Under **Settings**, select **Keys**, then provide a key description and specify the key validity duration.
+5. Select **Keys** section, then provide a key description and specify the key validity duration.
 
 6. Click **Save**. The key value is displayed.
 
 7. Copy the value and save it in a safe place.
 
+
 ## Error when getting a refresh access token
 If you encounter an error when trying to get a refresh token when using the threat intelligence API or SIEM tools, you'll need to add reply URL for relevant application in Azure Active Directory.
 

From 91a73879399523bda835067ce4153e082e330f1e Mon Sep 17 00:00:00 2001
From: ashley-kim <35980531+ashley-kim@users.noreply.github.com>
Date: Fri, 23 Feb 2018 10:33:11 -0800
Subject: [PATCH 026/119] Update waas-manage-updates-wufb.md

---
 windows/deployment/update/waas-manage-updates-wufb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 231b414598..88a40b5473 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -25,7 +25,7 @@ ms.date: 10/13/2017
 >
 >In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. 
 
-Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. Windows Update for Business leverages Windows telemetry to provide reporting and insights into an organization's Windows 10 devices.  
+Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.  You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. Windows Update for Business leverages diagnostic data to provide reporting and insights into an organization's Windows 10 devices.  
 
 Specifically, Windows Update for Business allows for: 
 
@@ -33,7 +33,7 @@ Specifically, Windows Update for Business allows for:
 - Selectively including or excluding drivers as part of Microsoft-provided updates
 - Integration with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune.
 - Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution.
-- Control over telemetry level to provide reporting and insights in Windows Analytics.
+- Control over diagnostic data level to provide reporting and insights in Windows Analytics.
 
 Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education.
 

From 5f2bf4e7568d05699742507f62da20acf6979336 Mon Sep 17 00:00:00 2001
From: shortpatti <pashort@microsoft.com>
Date: Fri, 23 Feb 2018 14:09:39 -0800
Subject: [PATCH 027/119] fixed a typo and verified that Edge is preceeded with
 Microsoft

---
 browsers/edge/available-policies.md | 179 ++++++++++++----------------
 1 file changed, 74 insertions(+), 105 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 70d288c5d8..4a826a8f59 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -38,9 +38,8 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
 This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
 | If you... | Then... |
 | --- | --- |
-| Enable setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
-| Disable setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
-|
+| Enable (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
+| Disable | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
  
 ### Allow Adobe Flash
 >*Supporteded version: Windows 10*
@@ -48,9 +47,8 @@ This policy setting lets you decide whether the Address bar drop-down functional
 This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting (default) | Employees can use Adobe Flash. | 
-| Disable setting | Employees cannot use Adobe Flash. |
-| 
+| Enable or don’t configure (default) | Employees can use Adobe Flash. | 
+| Disable | Employees cannot use Adobe Flash. | 
 
 ### Allow clearing browsing data on exit
 >*Supporteded versions: Windows 10, version 1703*
@@ -58,9 +56,8 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic
 This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
-| Disable or don’t configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
-|
+| Enable | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
+| Disable or don’t configure (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
 
 ### Allow Developer Tools
 >*Supporteded versions: Windows 10, version 1511 or later*
@@ -68,19 +65,17 @@ This policy setting allows the automatic clearing of browsing data when Microsof
 This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
 | If you… | Then… | 
 | --- | --- |
-| Enable setting (default) | F12 Developer Tools are available. |
-| Disable setting | F12 Developer Tools are not available. |
-|
+| Enable (default) | F12 Developer Tools are available. |
+| Disable | F12 Developer Tools are not available. |
 
 ### Allow Extensions
 >*Supporteded versions: Windows 10, version 1607 or later*
 
-This policy setting lets you decide whether employees can use Edge Extensions.
+This policy setting lets you decide whether employees can use Microsft Edge Extensions.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees can use Edge Extensions. |
-| Disable setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Edge Extensions. |
-|
+| Enable | Employees can use Microsoft Edge Extensions. |
+| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Microsoft Edge Extensions. |
 
 ### Allow InPrivate browsing
 >*Supporteded versions: Windows 10, version 1511 or later*
@@ -88,9 +83,8 @@ This policy setting lets you decide whether employees can use Edge Extensions.
 This policy setting lets you decide whether employees can browse using InPrivate website browsing.
 | If you… | Then… |
 | --- | --- |
-| Enable setting (default) | Employees can use InPrivate website browsing. |
-| Disable setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
-|
+| Enable (default) | Employees can use InPrivate website browsing. |
+| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
 
 ### Allow Microsoft Compatibility List
 >*Supporteded versions: Windows 10, version 1607 or later*
@@ -98,9 +92,8 @@ This policy setting lets you decide whether employees can browse using InPrivate
 This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. <!-- <span style="background: #ffff99;">[@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
-| Disable setting | Browser navigation does not use the Microsoft Compatibility List. |
-|
+| Enable (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
+| Disable | Browser navigation does not use the Microsoft Compatibility List. |
 
 ### Allow search engine customization
 >*Supported versions: Windows 10, version 1703*
@@ -111,9 +104,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
-| Disable setting | Employees cannot add search engines or change the default used in the Address bar. | 
-|
+| Enable or don’t configure (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
+| Disable | Employees cannot add search engines or change the default used in the Address bar. |
 
 ### Allow web content on New Tab page
 >*Supported versions: Windows 10*
@@ -121,10 +113,9 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Microsoft Edge opens a new tab with the New Tab page. |
-| Disable setting | Microsoft Edge opens a new tab with a blank page. | 
-| Do not configure setting (default) | Employees can choose how new tabs appear. |
-|
+| Enable | Microsoft Edge opens a new tab with the New Tab page. |
+| Disable | Microsoft Edge opens a new tab with a blank page. | 
+| Do not configure (default) | Employees can choose how new tabs appear. |
 
 ### Configure additional search engines
 >*Supported versions: Windows 10, version 1703*
@@ -132,9 +123,8 @@ This policy setting lets you configure what appears when Microsoft Edge opens a
 This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
-| Do not configure setting | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
-|
+| Enable | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
+| Do not configure | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
 
 ### Configure Autofill
 >*Supported versions: Windows 10*
@@ -142,10 +132,9 @@ This policy setting lets you add up to 5 additional search engines, which cannot
 This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees can use Autofill to populate form fields automatically. |
-| Disable setting | Employees cannot use Autofill to populate form fields automatically. |
-| Do not configure setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
-|
+| Enable  | Employees can use Autofill to populate form fields automatically. |
+| Disable  | Employees cannot use Autofill to populate form fields automatically. |
+| Do not configure (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
 
 ### Configure cookies
 >*Supported versions: Windows 10*
@@ -153,9 +142,8 @@ This policy setting lets you decide whether employees can use Autofill the form
 This setting lets you configure how to work with cookies.
 | If you… | Then… |
 | --- | --- |
-| Enable setting (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
-| Disable or do not configure setting | All cookies are allowed from all sites. | 
-|
+| Enable (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
+| Disable or do not configure | All cookies are allowed from all sites. |
 
 ### Configure Do Not Track
 >*Supported versions: Windows 10*
@@ -163,10 +151,9 @@ This setting lets you configure how to work with cookies.
 This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Do Not Track requests are always sent to websites asking for tracking information. |
-| Disable setting | Do Not Track requests are never sent to websites asking for tracking information. | 
-| Do not configure setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
-|
+| Enable | Do Not Track requests are always sent to websites asking for tracking information. |
+| Disable | Do Not Track requests are never sent to websites asking for tracking information. | 
+| Do not configure (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
 
 ### Configure Favorites
 >*Supported versions: Windows 10, version 1511 or later*
@@ -174,9 +161,8 @@ This policy setting lets you decide whether employees can send Do Not Track requ
 This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
-| Disable or do not configure setting | Employees will see the Favorites that they set in the Favorites hub. |
-|
+| Enable | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
+| Disable or do not configure | Employees will see the Favorites that they set in the Favorites hub. |
 
 ### Configure Password Manager
 >*Supported versions: Windows 10*
@@ -184,10 +170,9 @@ This policy setting lets you configure the default list of Favorites that appear
 This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable setting (default) | Employees can use Password Manager to save their passwords locally. |
-| Disable setting | Employees can’t use Password Manager to save their passwords locally. | 
-| Do not configure setting | Employees can choose whether to use Password Manager to save their passwords locally. |
-|
+| Enable (default) | Employees can use Password Manager to save their passwords locally. |
+| Disable | Employees can’t use Password Manager to save their passwords locally. | 
+| Do not configure | Employees can choose whether to use Password Manager to save their passwords locally. |
 
 ### Configure Pop-up Blocker
 >*Supported versions: Windows 10*
@@ -195,10 +180,9 @@ This policy setting lets you decide whether employees can save their passwords l
 This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
-| Disable setting | Pop-up Blocker is turned off, letting pop-up windows appear. |
-| Do not configure setting | Employees can choose whether to use Pop-up Blocker. |
-|
+| Enable (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
+| Disable | Pop-up Blocker is turned off, letting pop-up windows appear. |
+| Do not configure | Employees can choose whether to use Pop-up Blocker. |
 
 ### Configure search suggestions in Address bar
 >*Supported versions: Windows 10*
@@ -206,10 +190,9 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul
 This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees can see search suggestions in the Address bar. |
-| Disable setting | Employees cannot see search suggestions in the Address bar. |
-| Do not configure setting (default) | Employees can choose whether search suggestions appear in the Address bar. |
-|
+| Enable | Employees can see search suggestions in the Address bar. |
+| Disable | Employees cannot see search suggestions in the Address bar. |
+| Do not configure (default) | Employees can choose whether search suggestions appear in the Address bar. |
 
 ### Configure Start pages
 >*Supported versions: Windows 10, version 1511 or later*
@@ -217,9 +200,8 @@ This policy setting lets you decide whether search suggestions appear in the Add
 This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
-| Disable or do not configure setting (default) | The default Start page is the webpage specified in App settings. |
-|
+| Enable | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
+| Disable or do not configure (default) | The default Start page is the webpage specified in App settings. |
 
 ### Configure the Adobe Flash Click-to-Run setting
 >*Supported versions: Windows 10, version 1703*
@@ -227,9 +209,8 @@ This policy setting lets you configure one or more Start pages, for domain-joine
 This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default, enabled or disabled?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
-| Disable setting | Adobe Flash loads automatically and runs in Microsoft Edge. |
-|
+| Enable or don’t configure | Employees must click the content, click the Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
+| Disable | Adobe Flash loads automatically and runs in Microsoft Edge. |
 
 ### Configure the Enterprise Mode Site List
 >*Supported versions: Windows 10*
@@ -237,9 +218,8 @@ This policy setting lets you decide whether employees must take action, such as
 This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
-Disable or do not configure setting (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
-|
+| Enable | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
+Disable or do not configure (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
 
 >[!Note] 
 >If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
@@ -251,10 +231,9 @@ Disable or do not configure setting (default) | Microsoft Edge won’t use the E
 This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
-| Disable setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
-| Do not configure setting | Employees can choose whether to use Windows Defender SmartScreen. |
-|
+| Enable | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
+| Disable | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
+| Do not configure | Employees can choose whether to use Windows Defender SmartScreen. |
 
 ### Disable lockdown of Start pages
 >*Supported versions: Windows 10, version 1703*
@@ -265,9 +244,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
-| Disable or do not configure setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. | 
-|                                                                 
+| Enable | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
+| Disable or do not configure (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. |                                                                 
 
 ### Keep favorites in sync between Internet Explorer and Microsoft Edge
 >*Supported versions: Windows 10, version 1703*
@@ -278,9 +256,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 <span style="background: #ffff99;">[@Reviewer: what is the default: enable or disable?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
-| Disable or do not configure setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
-|
+| Enable | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
+| Disable or do not configure | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
 
 ### Prevent access to the about:flags page
 >*Supported versions: Windows 10, version 1607 or later*
@@ -288,9 +265,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees cannot access the about:flags page. |
-| Disable or do not configure setting (default) | Employees can access the about:flags page. |
-|                                                                 
+| Enable | Employees cannot access the about:flags page. |
+| Disable or do not configure (default) | Employees can access the about:flags page. |                                                                 
 
 ### Prevent bypassing Windows Defender SmartScreen prompts for files
 >*Supported versions: Windows 10, version 1511 or later*
@@ -298,18 +274,16 @@ This policy setting lets you decide whether employees can access the about:flags
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
-| Disable or do not configure setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
-|                                                                                                                                                  
+| Enable | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
+| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |                                                                                                                                                  
 ### Prevent bypassing Windows Defender SmartScreen prompts for sites
 >*Supported versions: Windows 10, version 1511 or later*
 
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
-| Disable or do not configure setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
-|
+| Enable | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
+| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
 
 ### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
 >*Supported versions: Windows 10, version 1703*
@@ -317,9 +291,8 @@ This policy setting lets you decide whether employees can override the Windows D
 This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
-| Disable or do not configure setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
-|
+| Enable | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
+| Disable or do not configure (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
 
 
 ### Prevent the First Run webpage from opening on Microsoft Edge
@@ -328,9 +301,8 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata
 This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
 | If you… | Then… |
 | --- | --- |
-| Enable this settin | Employees do not see the First Run page. |
-| Disable or do not configure setting (default) | Employees see the First Run page. |
-|
+| Enable | Employees do not see the First Run page. |
+| Disable or do not configure (default) | Employees see the First Run page. |
 
 ### Prevent using Localhost IP address for WebRTC
 >*Supported versions: Windows 10, version 1511 or later*
@@ -338,9 +310,8 @@ This policy setting lets you decide whether employees see Microsoft's First Run
 This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Localhost IP addresses are hidden. |
-| Disable or do not configure setting (default) | Localhost IP addresses are visible. |
-|
+| Enable | Localhost IP addresses are hidden. |
+| Disable or do not configure (default) | Localhost IP addresses are visible. |
 
 ### Send all intranet sites to Internet Explorer 11
 >*Supported versions: Windows 10*
@@ -348,9 +319,8 @@ This policy setting lets you decide whether localhost IP addresses are visible o
 This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | All intranet sites are opened in Internet Explorer 11 automatically. |
-| Disable or do not configure setting (default) | All websites, including intranet sites, open in Microsoft Edge. | 
-|
+| Enable | All intranet sites are opened in Internet Explorer 11 automatically. |
+| Disable or do not configure (default) | All websites, including intranet sites, open in Microsoft Edge. |
 
 ### Set default search engine
 >*Supported versions: Windows 10, version 1703*
@@ -361,10 +331,10 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
-| Disable setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
-| Do not configure setting | The default search engine is set to the one specified in App settings. |
-|
+| Enable | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
+| Disable | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
+| Do not configure | The default search engine is set to the one specified in App settings. |
+
 >[!Important]
 >If you'd like your employees to use the default Microsoft Edge settings for each market <!-- <span style="background: #ffff99;">[@Reviewer: what does “each market” refer to in this context?]</span> -->, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
 
@@ -374,9 +344,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
 | If you… | Then… |
 | --- | --- |
-| Enable setting | Employees see an additional page. |
-| Disable or do not configure setting (default) | No additional pages display. |
-|
+| Enable | Employees see an additional page. |
+| Disable or do not configure (default) | No additional pages display. |
 
 ## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge
 If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.

From d2bbd9c583786a07366356b35bbc4e4b0528f289 Mon Sep 17 00:00:00 2001
From: shortpatti <pashort@microsoft.com>
Date: Fri, 23 Feb 2018 14:14:48 -0800
Subject: [PATCH 028/119] fixed a typo and verified that Edge is preceded with
 Microsoft

---
 browsers/edge/available-policies.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 4a826a8f59..b7a048689a 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -388,7 +388,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Autofill to complete form fields.
+        - **0.** Employees cannot use Autofill to complete form fields.
         
         - **1 (default).** Employees can use Autofill to complete form fields.
 
@@ -405,7 +405,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Microsoft Edge.
+        - **0.** Employees cannot use Microsoft Edge.
 
         - **1 (default).** Employees can use Microsoft Edge. 
 
@@ -475,7 +475,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Edge Extensions.
+        - **0.** Employees cannot use Edge Extensions.
         
         - **1 (default).** Employees can use Edge Extensions.    
 
@@ -492,7 +492,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Not allowed. Employees can’t use Adobe Flash.
+        - **0.** Not allowed. Employees cannot use Adobe Flash.
         
         - **1 (default).** Allowed. Employees can use Adobe Flash.    
 
@@ -526,7 +526,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use InPrivate browsing.
+        - **0.** Employees cannot use InPrivate browsing.
         
         - **1 (default).** Employees can use InPrivate browsing.
 
@@ -543,7 +543,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:** 
 
-        - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
         
         - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
 
@@ -594,7 +594,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
         
         - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
 
@@ -612,7 +612,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0 (default).** Employees can’t see search suggestions in the Address bar of Microsoft Edge.
+        - **0 (default).** Employees cannot see search suggestions in the Address bar of Microsoft Edge.
         
         - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
 

From 1c219d0b56d988b5e208fad3761869a84fa26a95 Mon Sep 17 00:00:00 2001
From: shortpatti <pashort@microsoft.com>
Date: Fri, 23 Feb 2018 14:18:35 -0800
Subject: [PATCH 029/119] fixed a typo and verified that Edge is preceded with
 Microsoft

---
 browsers/edge/available-policies.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index b7a048689a..8f9901dcb2 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -110,7 +110,7 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 ### Allow web content on New Tab page
 >*Supported versions: Windows 10*
 
-This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
+This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cannot change it.
 | If you… | Then… |
 | --- | --- |
 | Enable | Microsoft Edge opens a new tab with the New Tab page. |
@@ -171,7 +171,7 @@ This policy setting lets you decide whether employees can save their passwords l
 | If you… | Then… |
 | --- | --- |
 | Enable (default) | Employees can use Password Manager to save their passwords locally. |
-| Disable | Employees can’t use Password Manager to save their passwords locally. | 
+| Disable | Employees cannot use Password Manager to save their passwords locally. | 
 | Do not configure | Employees can choose whether to use Password Manager to save their passwords locally. |
 
 ### Configure Pop-up Blocker
@@ -987,7 +987,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Cortana on their devices.
+        - **0.** Employees cannot use Cortana on their devices.
         
         - **1 (default).** Employees can use Cortana on their devices.
 
@@ -1002,7 +1002,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 
     - **Allowed values:**
 
-        - **0.** Employees can’t sync settings between PCs.
+        - **0.** Employees cannot sync settings between PCs.
         
         - **1 (default).** Employees can sync between PCs.
 

From b018422a97ea8db9a8bdace85ea9aa5ea5fd9dcf Mon Sep 17 00:00:00 2001
From: mflemingwa <33759581+mflemingwa@users.noreply.github.com>
Date: Sat, 24 Feb 2018 13:30:59 -0800
Subject: [PATCH 030/119] Update waas-windows-insider-for-business.md

Updated section on how to install - there is an image that is new - so I've sent that in email to Jamie.
---
 .../waas-windows-insider-for-business.md      | 56 ++++++++++++-------
 1 file changed, 37 insertions(+), 19 deletions(-)

diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index b105a54d56..77f43264a8 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -50,32 +50,50 @@ Below are additional details to accomplish the steps described above.
 
 ## Register to the Windows Insider Program for Business
 
-Registration in the Windows Insider Program for Business can be done individually per user or for an entire organization: 
+The first step to installing a Windows 10 Insider Preview build is to register as a Windows Insider. You and your users have two registration options. 
 
-### Individual registration
-
->[!IMPORTANT]
->This step is a prerequisite to register your organization's Azure AD domain. 
-
-Navigate to the [**Getting Started**](https://insider.windows.com/en-us/getting-started/) page on [Windows Insider](https://insider.windows.com), go to **Register your organization account** and follow the instructions.
+### Register using your work account (recommended) 
+•	Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other PCs in your domain.   
 
 >[!NOTE]
->Make sure your device is [connected to your company's Azure AD subscription](waas-windows-insider-for-business-faq.md#connected-to-aad). 
+>Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant).
 
-### Organizational registration
+### Register your personal account
+Use the same account that you use for other Microsoft services. If you don’t have a Microsoft account, it is easy to get one. [Get a Microsoft account](https://account.microsoft.com/account).
 
-This method enables to your register your entire organization to the Windows Insider Program for Business, to avoid having to register each individual user.
+## Install Windows Insider Preview Builds
+You can install Windows 10 Insider Preview builds directly on individual PCs, manage installation across multiple PCs in an organization, or install on a virtual machine. 
 
->[!IMPORTANT] 
->The account performing these steps has to first be registered to the program individually. Additionally, Global Administrator privileges on the Azure AD domain are required.
+### Install on an individual PC
 
-1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/en-us/insidersigninaad/).
-2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 PC, go to Start > Settings > Update & security > Windows Insider Program). Note: To see this setting, you need to have administrator rights to your PC.
+2.	Link your Microsoft or work account that you used to register as a Windows Insider. 
+3.	Follow the prompts. 
 
->[!NOTE]
->At this point, the Windows Insider Program for Business only supports [Azure Active Directory (Azure AD)](/azure/active-directory/active-directory-whatis) (and not Active Directory on premises) as a corporate authentication method.
->
->If your company is currently not using Azure AD – but has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
+(images/WIP4Biz_Prompts.png)
+
+### Install across multiple PCs
+
+Administrators can install and manage Insider Preview builds centrally across multiple PCs within their domain. Here’s how: 
+
+1.	**Register your domain with the Windows Insider Program**
+To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later. 
+
+**Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+
+>[!Notes]
+>•	At this point, the Windows Insider Program for Business only supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis) (and not Active Directory on premises) as a corporate authentication method. 
+>•	If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
+>•	If you do not have an AAD account, install Insider Preview builds on individual PCs with a registered Microsoft account.    
+
+2. **Apply Policies**
+Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business).
+
+### Install on a virtual machine. 
+This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a PC.  
+•	For guidance on setting up virtual machines on your PC see: [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/). 
+•	To download the latest Insider Preview build to run on your virtual machine see: 
+[Windows Insider Preview downloads](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced) 
 
 ## Manage Windows Insider Preview builds
 
@@ -287,4 +305,4 @@ Your individual registration with the Insider program will not be impacted. If y
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
\ No newline at end of file
+- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)

From 797e7725c631ec1f5961cfb017f88b7ab3689cf7 Mon Sep 17 00:00:00 2001
From: mflemingwa <33759581+mflemingwa@users.noreply.github.com>
Date: Sat, 24 Feb 2018 13:51:07 -0800
Subject: [PATCH 031/119] Update waas-windows-insider-for-business.md

---
 .../waas-windows-insider-for-business.md      | 66 ++++++++++++++++++-
 1 file changed, 63 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index b105a54d56..bc07edbda8 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -19,7 +19,7 @@ ms.date: 10/27/2017
 
 > **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-For many IT pros, gaining visibility into feature updates early, before they’re available to the Semi-Annual Channel, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for Semi-Annual Channel devices. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test devices, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to the Semi-Annual Channel, organizations can test their deployment on test devices for compatibility validation.
+For many IT Pros, gaining visibility into feature updates early, before they’re available to the Semi-Annual Channel, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for Semi-Annual Channel devices. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test devices, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to the Semi-Annual Channel, organizations can test their deployment on test devices for compatibility validation.
 
 The Windows Insider Program for Business gives you the opportunity to: 
 * Get early access to Windows Insider Preview Builds. 
@@ -161,6 +161,58 @@ To switch flights prior to Windows 10, version 1709, follow these steps:
   * [Windows Insider Slow](#slow)
   * [Release Preview](#release-preview)
 
+## Explore new Insider Preview features
+Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration: 
+
+**Objective: Release Channel**
+Feature Exploration: Fast Ring
+Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration. 
+
+**Objective: Users**
+Feature Exploration: Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary machines.  
+
+**Objective: Tasks**
+Feature Exploration:
+•	Install and manage Insider Preview builds on PCs (per machine or centrally across multiple machines)  
+•	Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications 
+•	Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary current features. 
+
+**Objective: Feedback**
+Feature Exploration: 
+•	Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible.
+•	Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.) 
+•	[Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/en-us/how-to-feedback/)
+
+## Validate Insider Preview builds 
+Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits: 
+•	Get a head start on your Windows validation process 
+•	Identify issues sooner to accelerate your Windows deployment 
+•	Engage Microsoft earlier for help with potential compatibility issues 
+•	Deploy Windows 10 Semi-Annual releases faster and more confidently 
+•	Maximize the 18-month support Window that comes with each Semi-Annual release. 
+
+(images/WIP4Biz_deployment.png)
+Windows 10 Insider Preview builds enable organization to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
+
+**Objective: Release Channel**
+Application and infrastructure validation: SLOW RING
+Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production machines by skilled users.
+
+**Objective: Recommended Users**
+Application and infrastructure validation: In addition to Insiders who may have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample. 
+
+**Objective: Recommended Tasks**
+Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes. 
+
+**Objective: Feedback**
+Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues.  
+
+**Objective: Guidance**
+Application and infrastructure validation:
+•	[Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps) 
+•	[Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor)
+•	[Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)
+
 ## How to switch between your MSA and your Corporate AAD account
 
 If you were using your Microsoft Account (MSA) to enroll to the Windows Insider Program, switch to your organizational account by going to **Settings > Updates & Security >  Windows Insider Program**, and under **Windows Insider account** select **Change**.
@@ -271,6 +323,15 @@ Your individual registration with the Insider program will not be impacted. If y
 >[!IMPORTANT]
 >Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable users to control it from their devices.
 
+## Community 
+
+Windows Insiders are a part of a global community focused on innovation, creativity, and growth in their world.  
+
+The Windows Insider program enables you to deepen connections to learn from peers and to connect to subject matter experts (inside Microsoft, Insiders in your local community and in another country) who understand your unique challenges, and who can provide strategic advice on how to maximize your impact.
+ 
+Collaborate and learn from experts in the [WINDOWS INSIDER TECH COMMUNITY](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram)
+
+
 ## Additional help resources
 
 * [**Windows Blog**](https://blogs.windows.com/blog/tag/windows-insider-program/) - With each new build release we publish a Windows Blog post that outlines key feature changes as well as known issues that Insiders may encounter while using the build.
@@ -281,10 +342,9 @@ Your individual registration with the Insider program will not be impacted. If y
 - [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)
 - [Windows Insider Program for Business Frequently Asked Questions](waas-windows-insider-for-business-faq.md)
 
-
 ## Related Topics
 - [Overview of Windows as a service](waas-overview.md)
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
\ No newline at end of file
+- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)

From 0af08cc07007575a14f1112f6e008219b127adcf Mon Sep 17 00:00:00 2001
From: mflemingwa <33759581+mflemingwa@users.noreply.github.com>
Date: Sat, 24 Feb 2018 14:05:40 -0800
Subject: [PATCH 032/119] Update waas-windows-insider-for-business.md

---
 .../deployment/update/waas-windows-insider-for-business.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index b105a54d56..d21f608bb7 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -189,7 +189,7 @@ When providing feedback, please consider the following:
 
 ### User consent requirement
 
-With the current version of the Feedback Hub app, we need the user's consent to access their AAD account profile data (We read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
+Feedback Hub needs the user’s consent to access their AAD account profile data (we read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
 
 ![Feedback Hub consent to AAD pop-up](images/waas-wipfb-aad-consent.png)
 
@@ -287,4 +287,4 @@ Your individual registration with the Insider program will not be impacted. If y
 - [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
 - [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
 - [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
\ No newline at end of file
+- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)

From 072b247cd5880fd9c85aa817634e8d88ab7b7f3f Mon Sep 17 00:00:00 2001
From: jkulbe <32675112+jkulbe@users.noreply.github.com>
Date: Mon, 26 Feb 2018 12:39:51 +0100
Subject: [PATCH 033/119] typo correction

---
 .../hello-for-business/hello-deployment-cert-trust.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index 5fb663bb6a..be893d7fb9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -20,7 +20,7 @@ ms.date: 07/27/2017
 
 Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.  The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.  
 
-Below, you can find all the infromation you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
+Below, you can find all the information you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
 2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)

From a3acf76f961ebe0f369b68cf554ca971237028fa Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Mon, 26 Feb 2018 16:30:00 +0000
Subject: [PATCH 034/119] Merged PR 6017: Remove AD join restriction

---
 devices/surface-hub/surface-hub-authenticator-app.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md
index c00bb03bbb..b303d0354c 100644
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@@ -34,7 +34,7 @@ To let people in your organization sign in to Surface Hub with their phones and
 
 - Surface Hub is set up with either a local or domain-joined account.
 
-Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to an Active Directory domain or to Azure AD. 
+Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD. 
 
 ## Individual prerequisites
 

From 46cfabfdaeb30e9aef12de6fee7dfed5b9ebb87e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 26 Feb 2018 11:02:26 -0800
Subject: [PATCH 035/119] udpate urls

---
 ...t-custom-ti-windows-defender-advanced-threat-protection.md | 4 ++--
 ...eshoot-siem-windows-defender-advanced-threat-protection.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index 85245a50ee..d6dbef14e6 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 02/26/2018
 ---
 
 # Troubleshoot custom threat intelligence issues
@@ -33,7 +33,7 @@ This page provides detailed steps to troubleshoot issues you might encounter whi
 ## Learn how to get a new client secret
 If your client secret expires or if you've misplaced the copy provided when you were enabling the custom threat intelligence application,  you'll need to get a new secret.
 
-1. Login to the [Azure management portal](https://ms.portal.azure.com).
+1. Login to the [Azure management portal](https://portal.azure.com).
 
 2. Select **Active Directory**.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index 22c3aaa87e..4d77042ae0 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ This page provides detailed steps to troubleshoot issues you might encounter.
 ## Learn how to get a new client secret
 If your client secret expires or if you've misplaced the copy provided when you were enabling the SIEM tool application,  you'll need to get a new secret.
 
-1. Login to the [Azure management portal](https://ms.portal.azure.com).
+1. Login to the [Azure management portal](https://portal.azure.com).
 
 2. Select **Azure Active Directory**.
 

From 45bb57bb283383e9b8a091d1cdff8ecb6f2e2974 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 26 Feb 2018 20:26:20 +0000
Subject: [PATCH 036/119] Merged PR 6024: CSP files updated with version
 information

---
 .../client-management/mdm/bitlocker-csp.md    |   4 ++--
 .../mdm/cm-cellularentries-csp.md             |   3 ---
 ...onfiguration-service-provider-reference.md |   2 +-
 windows/client-management/mdm/defender-csp.md |   2 +-
 .../mdm/developersetup-csp.md                 |   2 +-
 windows/client-management/mdm/dmclient-csp.md |  12 ++++++------
 .../mdm/dmclient-ddf-file.md                  |   2 +-
 .../images/Provisioning_CSP_DMClient_TH2.png  | Bin 0 -> 97691 bytes
 .../mdm/images/Provisioning_CSP_Defender.png  | Bin 0 -> 1210 bytes
 .../Provisioning_CSP_RemoteWipe_DMandCP.png   | Bin 0 -> 1227 bytes
 .../provisioning-csp-assignedaccess.png       | Bin 9869 -> 9935 bytes
 .../mdm/images/provisioning-csp-defender.png  | Bin 29644 -> 29717 bytes
 .../images/provisioning-csp-dmclient-th2.png  | Bin 97563 -> 97691 bytes
 .../provisioning-csp-remotewipe-dmandcp.png   | Bin 14550 -> 14617 bytes
 ...ew-in-windows-mdm-enrollment-management.md |   2 +-
 .../mdm/policy-csp-controlpolicyconflict.md   |   4 ++--
 .../mdm/policy-csp-deliveryoptimization.md    |  16 ++++++++--------
 .../mdm/policy-csp-kioskbrowser.md            |  12 ++++++------
 .../mdm/policy-csp-search.md                  |   4 ++--
 .../mdm/policy-csp-security.md                |   2 +-
 .../mdm/policy-csp-system.md                  |   2 +-
 .../mdm/policy-csp-systemservices.md          |  12 ++++++------
 .../mdm/policy-csp-taskscheduler.md           |   2 +-
 .../mdm/policy-csp-textinput.md               |   2 +-
 .../mdm/policy-csp-update.md                  |   2 +-
 ...olicy-csp-windowsdefendersecuritycenter.md |   6 +++---
 .../client-management/mdm/remotewipe-csp.md   |   8 ++++----
 .../mdm/remotewipe-ddf-file.md                |   2 +-
 windows/client-management/mdm/uefi-csp.md     |   2 +-
 windows/client-management/mdm/update-csp.md   |   6 +++---
 30 files changed, 54 insertions(+), 57 deletions(-)
 create mode 100644 windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png
 create mode 100644 windows/client-management/mdm/images/Provisioning_CSP_Defender.png
 create mode 100644 windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index c432bac103..556cb49468 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -798,7 +798,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines.</p>
 
 > [!Important]  
-> Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0.
+> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0.
 
 > [!Warning]
 > When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows.
@@ -826,7 +826,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 
 <p style="margin-left: 20px">The following list shows the supported values:</p>
 
--   0 – Disables the warning prompt. Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable BitLocker for value 0.
+-   0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable BitLocker for value 0.
 -   1 (default) – Warning prompt allowed.
 
 ``` syntax
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index e81ff53e92..22bb311265 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -14,9 +14,6 @@ ms.date: 08/02/2017
 
 The CM\_CellularEntries configuration service provider is used to configure the General Packet Radio Service (GPRS) entries on the device. It defines each GSM data access point.
 
-> [!Note]
-> Starting in the next major update to Windows 10, the CM\_CellularEntries CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
-
 This configuration service provider requires the ID\_CAP\_NETWORKING\_ADMIN capability to be accessed from a network configuration application.
 
 The following diagram shows the CM\_CellularEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 5a601e0ca8..16f80bc1f1 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2453,7 +2453,7 @@ Footnotes:
  Footnotes: 
 - 1 - Added in Windows 10, version 1607
 - 2 - Added in Windows 10, version 1703  
-- 3 - Added in the next major update to Windows 10  
+- 3 - Added in Windows 10, version 1803  
 
 ## CSP DDF files download
 
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index bcab5ce598..b2c82ca8e5 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -314,7 +314,7 @@ Node that can be used to perform signature updates for Windows Defender.
 Supported operations are Get and Execute.
 
 <a href="" id="offlinescan"></a>**OfflineScan**  
-Added in Windows 10, next major update. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
+Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
 
 Supported operations are Get and Execute.
 
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 4057384f64..de3145a84f 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -1,6 +1,6 @@
 ---
 title: DeveloperSetup CSP
-description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the next major update of Windows 10.
+description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
 ms.assetid: 
 ms.author: maricia
 ms.topic: article
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index e69e71e093..4de7bc9cc1 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -261,7 +261,7 @@ Optional. Number of days after last sucessful sync to unenroll.
 Supported operations are Add, Delete, Get, and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken**  
-Device. Added in Windows 10 next major update. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
+Device. Added in Windows 10 version 1803. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is bool.
 
@@ -713,27 +713,27 @@ Required. Added in Windows 10, version 1709. Integer node determining if a devic
 Supported operations are Get and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-firstsyncstatus-blockinstatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage**  
-Required. Device Only. Added in Windows 10, next major update. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available.
+Required. Device Only. Added in Windows 10, version 1803. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available.
 
 Supported operations are Get and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-firstsyncstatus-allowcollectlogsbutton"></a>**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton**  
-Required. Added in Windows 10, next major update. This node decides whether or not the MDM progress page displays the Collect Logs button.  
+Required. Added in Windows 10, version 1803. This node decides whether or not the MDM progress page displays the Collect Logs button.  
 
 Supported operations are Get and Replace. Value type is bool.
 
 <a href="" id="provider-providerid-firstsyncstatus-customerrortext"></a>**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText**  
-Required. Added in Windows 10, next major update. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error.  
+Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error.  
 
 Supported operations are Add, Get, Delete, and Replace. Value type is string.
 
 <a href="" id="provider-providerid-firstsyncstatus-skipdevicestatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage**  
-Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
+Required. Device only. Added in Windows 10, version 1803. This node decides wheter or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
 
 Supported operations are Get and Replace. Value type is bool.
 
 <a href="" id="provider-providerid-firstsyncstatus-skipuserstatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage**  
-Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM user progress page skips after Azure AD joined or DJ++ after user login.
+Required. Device only. Added in Windows 10, version 1803. This node decides wheter or not the MDM user progress page skips after Azure AD joined or DJ++ after user login.
 
 Supported operations are Get and Replace. Value type is bool.
 
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 51a46a8897..fda5ae3f82 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -20,7 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DMClien
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, next major update.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png b/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png
new file mode 100644
index 0000000000000000000000000000000000000000..28ae086ef78a0791bfcad361bab42e87059afd84
GIT binary patch
literal 97691
zcmd43c|4T;|1Yk+w75%_2u1cSDZ-$I>}20ZA^VbqnX#o(*^@ntvS!~2gKWt<A!Hj_
z$2J&aU&ik}O1jTEpYORp-*djd@A>0?xSP4=y57rcdA^>{*ZcCht1NSpoQ|A~jO?VG
ztdtrV*#RXoGIGkJ`@tvX?tJ{<&pt;rnOkI8t>-7fKMtDTRJut<mK$_@^Zp_5?_&>T
zbsfpbPSue9+gES@!IX?_J4sIJrUnc;vo+wzP#=}zH>L7D!o4S=V)4PttaatUc>|7k
z_V|tGCd07mwonmF$2h)OwQr;&b9R8d!E5qdQ<=;Va`~kNf+yG3y)9nu_+?hVGdG`{
zJ$5tnsBS1--ac|h|Cd)e{63q#HeeUz=ALfJXx1xyQeCa5i>9o+tUXpAt$XOglmit9
zMi2~<?8*5m0_pF<LG%Ie=SxT;b^rx;G%*>eUJwcMuFF6E^~;*y@u^$omFt+UuJH1w
zq^mdNYYCx4yoRL@5%?r_BahAC5sD9PlRYX-h;fPb*Ogm%^G@&eaX(K%mt}8n0--z0
zFkhPz{P14fQSrI0PVUC}3g^w^UiGh+*QN-bh~eg-Q0~DB_dci=xadi)Ivf)#=7NDu
zSFac$cyg%o@;S66HrB2C`udjFNz3ma(MZ6!xlUG=uXf(h`eL`xiQQgoUemT4D1E>$
z0514Mn~PjYU!w3>ZInFp_Lg&;OrYe$`)dXc!TZ3spM925I2^8<+Eb#}s7NQKQY=#P
z%vI-TLq35Q3`I?CaoZ!E>C<&%hrzY9^u0Teno~JXK9eXS({;q9+k9~wb6u2j`VFsG
z^Q=^h?QKt5siLd-dC7faL~Nkl2kMY9={}2;vI)^6=Ju-r(pC}iUn1hRL-Mh${Uwem
zABVwx$wr2deZ}^1hA|Z1Om)n{k67nBdizFEK($%r${MpE+5Puft!{FbqXX!zZ?!5m
zHQprXM#V4;W@NUM^P!OvsFD&(ei3k=PdXoE)?Vhl{-p3WA?~@Z_!~RZ_MyIZ!_YHg
zJQ_0-GXcF4_UFZ!Uqroxd*x3(9)^2*4u6fd=kHNC1%7>*dbVWKueictf&T!%rN4*u
zWQ?3&Ak1jeHOQ@U(qBoKkKgL%Ra}LhroD2vnRX&pS|RGCvtQj=-ISu5rE``Z(g}1w
zgx~UZCT8}GzI8RM*xZcciHR<bI1g@qkEcKX@np5dwx(&O@vuPj3aw(g+FE;8r0(R6
z>JQ{5l>D099dFdhPxDYO$WL+>83vxlyI5!{&gO5P{}Km(`hgswLKMYA!o0l?xi;+V
zT(vk&I9mMCrq>O5IyFIh{Jdg?<<h1~9mKWcCBkj#xZ6o}gNXA9BQ|PQ55n%f9J^nr
zlIdc0V*<`rsydN?v>VNq%`tFAyV~NZh|vwC1yH`@j-*lLHdl~Gq_N-E>xJCrV&%la
zz0kO?gzC@obvCh92UO7=0@3`fNj;;zu9)g!U1B3I_^E%$X-`Rh4L-_^^UBA<VRSSS
zXvdxrEWD6`oJw${JAI!Vnv!B$6puO*SLQj?ulsunmBgiN&(+4_{rsofK988nS}HBo
zX8Gna&sC}#)0><MU51R@FRE}quk(1)SzA6m%#dRkzQiC;)e$GnISF6S@5{u5T~ih*
zM~*`yvKh9k+mntjzajarzqf0%<O{s~4_4-C!keH8|4WCqy{H%ji`^{s<@KLoMal)A
zEt#wAvyE+JvqsYNy-zW|^+V$+7T&erDNP_2hP+}q*0Fo5(?oIqMg3N}2GiMj1+>R{
z^YEm8u^pB6&dx$C&>O2GK}Ncf$7d3$w?+CdncZ?(eHO7j^vo!eI)a|G`!*J6_08d}
zF#GM9wi|c9%o4QgCGuhSk(HLm!Pg`82;^|}LP;C(S%aw#quVU8yLBsO+lCQ*H*-7;
zJ5b@ivDx0UEwSNwDDReYI4P=xjk<5*>-S>7S(n-VlFiv98f@G~x=Gxz4DSN;GxWeV
z7{`75Fhpg6Gz=y@B>Ttu(zIW8oMzDq1$*VX3%?uR>qvJrP28IHk+}6BBe!+pJNH2X
zDT-7gS1EvdK|E(WDLe`r=SG3qeIlO0qxL^=ovT=BT}!I-J~r}F(sfI45V27yQE3{)
z{*pk5&<Yn87PcR(u;ph45B)?8UPSqfg&7%WBUc8EO00rN)_dVF@(B3znjJ=(<PGEx
zIQT;be~Kl2IeP5B|I4dz%+hpscUKqR_HgF$CM+AfjEA!-9K(X<KZ4tcPEw%xR@mF$
zk8<BADt9A|eJ2y7qE`6l_+rF1hBqAtk?xE1?Ar?<BPc2pvzfL%E9Rf2Y)|#Pe7d~V
z(jDk|(=gp!g-N39`u2FAg0MZNU@tLvZkag}H`52VdYZu|dQL=bd^xqS!hR|i>Lyo`
zSDw7{KrbwOE*mN$vfWIIs5cD0oQgMC1IY?H0usX~4^=qw4T`B^LB%WM^}wigedR-s
z$r+GLW>|NEIZGFT*ljPQ(ke-5LEhs|?DI2n--s3V^E&}<ep$HyJ5cI0-MrS(v0A$P
zW&OwOy5iUCmLd-0G9ZO<^9h5CK7Id+bQ#-n*|waW+b=eGski3v6@tuE`8CyOUEL0x
zaA4~y4th;c0fwpSp{Ja3^K_aK^rIPvyOM0)WSnt~$(#mTxj2(@0Q|U$AjDz?0{_C@
zx{%7-=w=>@!}P*kZs?AHo2da|&kW(v9CT|9i#Yfxt>g;F_Fd{TFgfkijSxG|L#>O9
znjXpinRNNrvk#xw#Y0qD-%K{5OVdIcg_Vh8V@9Y4yZHe-u!3288Dex2m6$HIX*oM_
zXH7PHqSM~eJxRS6D?IfQ-sI=}#6N>yBHG+_`DC`M&IkGknij{K3@bXSr!d@o8z4)U
zKJ>sqAAylP$$f|h`D1I#=eAeG<FHrQW0v{l)tmk1Xu>F&qyU-#{oyO>jXqYlIF?t0
z4$RNVx%Yb@z~4b8{!3O)+h<L^h2ZZ+m2FoT9)%ZMK|RdT%eu~k#D?Mg2n#Fw>wmz_
zsiEag)8XY);Gtx$=<nhxFr7~8%yhNf*vjJ0r8-v~N<o)6ar^th+xM=3OZ>xJNp@==
zv)Ob*zEpl7?y&;r!}#vVe#98G0?R6{Sk#AZc<H$@38#>7*{&|h-;H#xU0ohaTM-qf
z!Qvj<lw%@4cAVGtF2iA@d0e}XS{*$m=P5D6T{)0Pu$eIW$PhaRUF}~>lKvgfff+-}
zSJi&78rJnj`^~AfxBJ61$!QVDz|+^Y8x{TGP}{_%5;k-?X8F#++-DpiS`xOumgMU;
z<7WV{JU2$rhpldj`jY~19Th1`&{FggmKP<%6p6snvQXQ04kbGo@WnEuj<o!Pk^||L
z0c}{fwKYi*N8;6OX)4mMB)bT907@-aTazr$D;anJ2;PX<ndAEU`gPJfUclZ(I19!c
z<GIyY={n>HTqSm_3OlR)rnn;4ESm&uKfzKVDh|_KnFIxM&-n#O4jB+z{X@4A!;&!~
zE^paMfh#8nhD`bBh;2PmsizsZFxnKPGLv8Kxm~lZ{q@R460louq1he}^Da@~ZrW7d
ziR=9Du~Zx~J>S1yuPpeOlQZ8t%<X7y6d7|KxzS@@v9#Qcl%y<}vxkbhsu`vO<T#gI
zv4XE>>YF}FdZ1^mxJq7mdHFTD&BXwUFzi-wocp~X_Gdv7>tCRxVLxfO_Ytc^m%TY$
zx`5gyHfp+({F+Q)9zyyO@^`FD384U=UQqe(_!5DG7uyXWM%wE@ls!7BLd1?|<4D69
zRn8W-x3-=h^QK`EA(CAbZ=iJCUR&VD<Vk{WUyHe~pi1)j&jXx&3-Jb6x&oNQJINn#
z7~`ZWn8*{T7j_7qC_|bl;t=vBHkk1cK=u<<Fbu{OGrT!awHf>_c#-Sm;DM2?<xfAa
z>K=vvgtc$=U!;`Lmq6YB>iN{%_|~q{;qhmCw4kGm@VADyJp5e<mp9Myh3{<VHBRt5
zm>eRl-|_*7Ju@Wxf$lW?eqq#D)xD9=dRa)U(Rs%_?jtScW9G56?RMfSxQFm^e7ZkK
zbe}w)V3ne=nM|5$YQBL!X`Uk!!C@XSq(@}2kQnylckBdjYIb&b-6%nN_x|<Bl-X(d
z>x(0-1pk(Zps9i3-Wgw1aI}m}QMyGaZ{A1ij7#ry3@ekU<WuOvmJbD_dWX|c(g$X7
zU|z4Q$M<!FNxOH>z9`h;t`HZ=`*_{#$+k3SNN;EFjIjf=HNDjnlzfuOnvsPnd#?^v
zcbhimgd>y9o52IAeD>)|5qkDzHjh&%Z8LTk(hj0BppM)6zWE}iEI67^EaR_;c!lCJ
z8HqettzhGA&WFyCMbFz0G@>i8(liS~8T2pxyTytrPL26C;2H#ZCHmej6&iPh^l`5w
zNKS{|8WI0yQ<!d?<-#m|I`_G@OkuRTELE}Layx7Go647_+Lw7~b+e{3)!2Gzj{}78
zl{>kUVCJ#j)Wk%zi+~f1h*&>!=P`I|fN%8U84n}zt6Va@vWD~2<a0e~dEz`TCzFof
zY?E%5GLk@r8WLYnmZ|xyJ&%m;M}FL2b*`cC4H!wfCzZw`TM|`aUl{7~Bl$upo%&0<
zsEJ1r0#JjLA#x4FDlPTtsrwZp)P_r+Wp~U>AQRaw$LO}uVj?L?-GB7K)QgLHZv4T*
zlQ-U1yQ1<!t^n+7qUhV$d09Wd_x1!l*!vB07%l&|o8&T&T!+aIntywEC~dL<*I7v}
zlpOl~enCbtH<io#QL1#q?^Y<~ypJ79!SQByWf<AYsxyV+LPbvS<X~tI@7Qw36nvZ5
z;KC$9tl}fA`ppqXJDH9M-#X{M!LRvA3X*dSB{lda>6njeCfJ|8qUbX#C&YL>(y43w
zDPL8NOv0gV?+dVX^<ws4ed1DSRMb&|<lVl?Oap|`h=hTx$1}3_C00HbvB7@b$yW`$
z(zp#<3J<n9S|5lHc(60~syXbn^5Sd4y;Dw+aM;M~JH500?<cwJN5@~_B+aiFjyu9x
zx=kQx$8ar;z^H($j9a>z926Z$EVaC^h8v3RuB{wfp}2}VL?pzTHHE#Hoj*`QDLZ3(
zjJ7D9Iqk>ibrfun%VoM#6=!A_|Ir01y(mja>Ylz+apbX@;ZkO@a+*I9s$Obga*pKu
z+CSg{$Q0wbTIo?G!@*}Ep6-QjuX##&7EuPA3LnvaE?a_c7n+f!5-Vp@>5NBW>u9)y
zY>pfZJTnk!@$EGEnE_-9XJO`xh%6!Ta`ElqiAHDRdxAAC4-))biKDnK#a!vM&$14l
z;Q=KUW|OrmPn1#IMV;%Vb>mIn@ok@Veg&PA1eB>8e*<4w_Ss{G0g68tiWH0R7U<(l
ze+|RcnSKox2IUGC4l5KeZ6x8|MRJIJJyPb&;xF%FM9Lt}?q2!7h-uQ<;&TZ>5~5|-
zvo(TVBS*33Sd9A|!v?APDe16At8;Yr?Vq45wjV4S-1-?XcVfT6|2wfCtk^$KM$al9
z4Sy0}Ie+~=g&SRIyuYZ&rXumwKC*ihp9mM!3wo}Wwjf<GVfC{N?-kt(vJi77+B3n)
z2Id8gZ&lG2G!seHh0QN`O?pAz=O85=`$3P9%&_jkk5b93+tZ##`9`Sw9DUaxzEicM
z`)01e?Hk0@_IdGPs?+BPE8b*GEdrWr?p+*i$BVx0ahU8$d2%<hxUg_3UyuekztR;d
z_@=j?ePu`MUj;`wJ3)fByc?&QY4Hv3;MOK6v(lyK{6ThL=Hbz<p{IpUZRf^$Ks_e4
zJ_~0zD*uococg6krLwJ^P@q8D@sNpU{o@ZzJ!AT`Y(e^zg>c2Kqbj+l2kxcRw$>ot
ztQjbB5WBBNhUXP)J{V9JD!R_1J2>d4gU(F&O9B3>#qw!QFCczq7+{P@;cJ#SxcB<U
zpjH|G!S8{$bYkoiOHIpoy6&dkq767_q}+v5l}lp_Rq#18l@R?c{*l$oyz&VSipFc#
z*iZGl-jF__9yj*naP9b64B~CLCK=hg1M?7wy;XY`p+NR}?q6D`kG}X8tf4(|DXr$b
zQ0SRgX5#PZf@%3h8@-u%=~OSMiWJ@!=(rG+E;1DYzoWDGk#+H&>Q%4G=g65%+8KaI
zmj8lKprhXwEJ9eQCA_r``m#`{8wTqoC%g~6aaBz7%B9cTHbLtN8W%U(;+O-^gl*v)
zoVPz_BoV)Pevok0IN3IG(o*wyxP`%Ka4+C3q<axiZ|_(r38)QAoc-dJn)Pm=?XLWV
zw@c5hq>NGV9B#M#vx+%hXe;9`8}v#R)hVCnNKRAUb~(tsi25F;dQjn@*fEk-@mCS%
zQK@p==;PvdhMI4E^s!U_7@W%Ic(*tvS&hn=A942@b6&$4eWl0U`g)qmxVyz=$BgfK
zr8?h0<#bjivrmaF-mo|G{vK1s!>_HF1sEoVXINYcR=h&=V_7M+?OJ2|@<3JB$j$Dh
zmh6MPW;w*mukmbwXG@Y!H95Z#Lehx7cz@<3q2aEpa@b6o=!plew^PsLp7WG?91$L$
z^(`*Gj(#xhk$?*2%w3ASZ&#a)nkCN=&UVJLdQ?_x24#QH#{&#heh?jf7roKk5v_fs
zuO8`aXpJqj^ybB?OrmcxjF>+fJsO-O%F`#;OB6p5c`9`LK0vds$C1LR$dyd)`Yehp
zKEqtYI~!SDdgRl--FPNqp+8UO{T}6~*s)sRX?1{ASf+#68;heuxVGqAoHADj<F!5c
zT&JBj>%H{OJ#)!^pBvlDRa$-WY8ZnH$=#m>M{1!rRL~XM&E74B;|*(t_M0%>x3!T8
z(v4FQuhi4q%hSwVHT{s&NSyTZ3`Dy1rR<r^nY$4SQaK-lY6-PX!}ud4hL+Zca|zYt
zwNKG<ig~Q~da4=|IeU8X#MNWEqbr-fxAD;Hcye0Og^^Y;Wbq)H@D`E{ffTYDwH>Bd
zPP;$$K2TkF>!O>f&a1bsMG=TY{Tf<Af!riI;*;$B20UbA1J32`C7wkrw#g{|P&<8g
zs_ULvk%HuR$Dj$*)a1O4(<D%K@6tTVXBo0`H4CAsXP?^A{xYl&UKvLt6@V%&b-ISP
z$jP0N*kP1uk3sD7#Itj*qO*L%8=E!!y?mYr_4{)28E1KH>xYO;!aFmz+}>#azF1N`
z$UpSFIC}FL<&vkaaZ048%dJpuqWJN+g-Sj4jWg=26#e_i6h(I2yox~QuwA568Ut-9
zjouWluQk6`-4J^o5CQ7P0QOZ<g4y>y3A?f-(@scJzUcP$M^0icEg6~OzMWt9xPZ*`
za1Em|+$`%fxbfX5J|!kOB{WiKFe%>Y@rW0tote}ZuFXe`$wj#1FYA&U@PHzS1yCFF
z&2&2sYsv8FZIbwx^RQc^dVXz4P9KSvmwB=SqYTbRI_qA|xcJxD{?TEKJYAb^hS@8c
z{bWxj_n~VD$!wJK7@_%#1l59bp;lBcov^;Lde=D4&jv2-*OVzwyVNu7L>m!OQ|)+p
zg7c&Tz{{f@F6d|@Qo2)=hKdr_8_T@>{G(qDoU<gq?0nXVk41$pU9<Du!;fNJ$2Az*
z(gLNjdlD>Evc@`4)L^cV@@0s(ns_8Li5stcwBfxZHUurIb6d73xHOPzuKBEbXco4D
zOwljrJ?yF+dyAk4W{F=MAduaWZa|kGIdycYJ^XCP`#TC;o$@EznFbEJ-|MvQMzULl
z!CbT0Qpc_CO`(8ESb<{Vj+C|Pg&TK#xO^+#I#N+87(c5$I#|4U5!$)GvZ%U6Wm4}k
zZ>6#+X;_s1Efg5^4Q~zIi4i~sPTd0hVjuK6NX3yS=23qo@c;&oh8o=(>wa^rFF)wb
zIO_U#OzB-f)<p0buC~~Fm}Ikni)Vyk(7NU2Wl({0K3L0UC)PwDw-(=<&$6(L0k&y=
zL^}>rS+LqB!_;F<l8!cxAkBMvdl9&P^fs~f{U^gOAJ)ofBwVb9YI{44dbvrg(8fVz
z%9>GS&t^|g9AveB%PSAm<0Qs)O}lcNztRm2H3C<Cr<g}owL}Z6@FRz%ZLxp>^FL$Z
z8U{Fldoy6W01=u$zaEt>v7O?T@Ol6X>Ul}W*~Lu#;+aB_{GZ_4UC?C+r>zO}w!mMZ
zldZpML5H}7LFndG-yF&^`x<zPe+1N(B)+urA$z8cn#A%XK8iimjgCEjWQGHX87F45
z(BFF5n+O`p{1uN0<4Ue|qyhLZ_7bv;Dv5vq1e6dX4xaS7B_qQr5urW;AM~80x3;d#
z+u@Br%L4qi)wxo!HavI`+73^|G9b*%;Foov8Hh6UbHFs#Gkwf)YlS+1vCy)VFQWkG
zxT6(CJVrjprczkv`^gBSB1*<NW8G`44V6?#HL7y<)mCmX?Qa4}TKmy{-xM<{*w+>a
zo_P=LFu!ipfrZyccqTxyLt-FXQ-j3Se9|~MP1p0oczNAUUrZ1BW{mau@wxG)*r!wB
zl+W^@N?TpuxlG)b#G9+DpKc9<S$?98l0b`X5WCDPoJ1}c#g5f=WD`4c(FfJq;r_WL
z*9+T|$I3sQ94s!~7uFYrb?#c@LQ@8a<|%(ovZj7n*tv3LC(c$}c1Lz!{H<b$2Epdp
zIxvJZ?89NN7!G>H6XGg*$$_aN66ld~pfY^&XtPGUu9UkFheovz@J~X@R!|GMF&;VC
z<e3RLvS}4EXYaY$L!g0^=;Is;(oPtbIRi;;Ke*Ud99{4+7!kfYO*8e-#NFfet9Kmf
z?7lQ*2ZsDGb66jLG@)W6Kgx(WbzpBNn?2d#9@*Ou`nr(j^tj_%Yc4jLi|V4;f!aj~
zNik4bgrg4yO!YtoZwLnhwof;bqy*qdq}3CFb^yUibg;*YxzjP0fl(lvAqY5D*G!U`
zpn#n&vXncTlT@OEPk}7QFTODu$KSkgnUqy3C(5v#MMXv9tra=l_V%uk=0@Tu=cR~c
zE|AbZeXk;1t<>B8;oTh=k6;)-!oOWJ=EC1Iz2iaqkmhS~(Urut>KR%h+<%5JhTR^m
zTf<_E%8j!D=p>t=1b$o3<mpBnuI@;we1^mEkod8eDq9gil{2XH7=WsioJ?{a^_oJ`
zK)cArY^amc++z{fBO@2Rx!TFD!e3Fay57@iRN;wjWpL#rO~|N<Fx(Fq<K9ARYs$~o
z_6BR8bN$ej&OMAOCo0!k?CmhXtr)<46%WHOSMiPfS)Swi_S-AkS-mFU(<fKKrw$%V
zFBVYQ=&eRZFio<=DnhaksO^>En40=EtTE{^*TH38B$42T>paSGKPkUIS^fd<IJl!2
z;7Grq@F2L3!M7)SR&W3YlidLL<n4Eqg904$K4EU}VgH-E1Z~IlH4=!Mu5;f<#A~+t
zD(oxDAKza)-!ttt-=yhONRl{6X@tZgmK{b%UkSyget(wLgTYh)5s{i2jl51sut!Uz
zk!X9M((TLZUYpCONKfCInXCbHu6ShuY-`<VgB8r>`ym)6G}i^WLYxW%N-QxT#B(jl
zT+*FH`+JO$C{{lL+E7QLJ|EEE-&si)(;!_omT|(E()q0j#+rFH_Mr2gKLA_L<h~fZ
z#SHH0e+nu5;PEUR$U?dxelNul>puy8slYa&w;L3WOAhq*<{5E;#XAj_%wKXFBi2Ze
zAbQ&MjTjPu8nL~ivVG<9i7OXX(^h)dB8rQPaoWJT?wy@SagKa#a|y%RVkX9gi%Ddi
z5e#SXgW5EHp>V`Vr}S}^M-^C-JNv+rh%TbUTxMg$UB<yv<t|Y7JlKhEC+Jc**;_X!
zfT=7uf%W?ecBpaUE5T!H+Gu+|%>IzPz>DULi~)udjTtSi-Upl`>(*d}B?<H_S@ABg
zkqQ3|1Dw_a;wwqmiJb)EVcF)<1D>h(46AgG0f7M;pph8S`v&Ld*DTY|%BBVD%uQ4W
zB11w2`FpqT=--;X>rwP_<2?fG!kA<}fJg~X!4F9W6NYu4j~)bTkdp&*mL%ThBE@+j
zty8@<ZLBumE^YCjE4l4iEV|B{Gk7JC<O!aH=)v#V=Yf@pkyd7Cgoy(!2A>p;klY-w
z%iC<4=5L8RWopcW_t4LJlLMw89LUHCeIv@-L9J79xsalB)2PUC&I)*5XHyrwjCprb
z_~c|(Q`Q+i-iY}K!DGnz0Cu1wJ+`%N@gQ{#6dVA{N*w0g!W4yU_RSfr`=x9<{h)N+
ziQk1B)@IdliVE(DD^D`j_*mVNiW_{Sb-AsKMReH>MEmd0e^gaDUy0qSX~?eFz#zBF
zJ_B0d955%mO18n)=87jC$bs|oc*8OKpz`hQjUjJ-2}1V%xbM?CsazwBVU{M26yF~|
zJz^Oa?o)5sNo%Neb)90K+>$W(i5z=8yeld33IcFykRkfpq^yRjTt{xPfl*r=L3XPH
z(B%XI$qly8uWJ=lc<&=2-j&5z?pO!@i}$OC`lI`e<I_!Q`H~}t+8@0P9(X}duU_FY
zRS7Lebb0`|N!IIyU5fB_G-m?x=qL8&>%`lIT(hbAQ8!W&%Tv+vbEAElYyK^9I^yXH
z>$*7w{rBCA5%0efS0J10i@<V^{D5zb0rGhLbA!OPpZTpXrc;%NQwo~{7IBTVm=~L@
zA|i&g@53R&ZG>CF4=qXij4)liKZ?YX;K$7HCP_Kd236cU1{l<{#2MG?BPdB8YHZJP
zNs(>Y`eAaeTfLs=2e$en9mmTB^UX%ZbalUO_|ZKAw;Fl7#5sZ<jJv)FTx-|lv%6y|
zKh76R5^e5LnYJ%9R`-LLY*T3lrkYtrKm_C+8T-pi^R-W-WXsk-*vep`(PiMSs-Fn!
zt=V0Yt3%w|XFnc_dL8N6v&>T&1u~A<0raz~q%h&T<;R)<cDVklOJw>WK(Wj)MhlNZ
zVpV?+4RPwb`Toue8*hLVzdfJ2{pkK$Kduk>H_#RCJ)Vc;*x1_gR(LG;biAx2b*4DK
z&XrDGF2*v70}M6AKUi!8>V_w=PqAM0<KyGN*8ncWwpLsY5Ft(l1(iRtah9-&^F<Y{
z`l{hP*M5`(p}Z#>4DS;kplPbXlZul=WRRX4RqTVCW1qK+>eUZb`hxEVo?>rmoflo7
zC5a#7Cy_5f5c>gtO+!KoPr%eNNEAKUc^ISVAyTaW0q(}V!yg?%9?{(i=GW&TU&u*C
z*(Wb>s~tu86oevgCrLa6x1#!wZUt15XkmM(fyWk5P;Y&yHCu|9>x<JNlYIj2^>_>(
z9UUzR$H{;&`{b`HQEQ;1CqV;EtlfWOKX^p^ZM5t1;?Qk$zs%97W{%Dp0@(}Fbbi2}
zFJ6K%-k{$Z86fFEac6O0XS}D|L%;}af6n3-;tYi1-N~J~2_K8n)h!dFebvmA8erKP
z>?GpOPStomrd;4-nS{DE(;MRh^xQ|v!`r4`mjf33>*1X#MnAVempMF6?n25NzJE$>
zVhE(v&L>?xVOY7!S^^vI??Kp~X)nR{gsWQ3UNJi$6UI_1gMeWY0p<8>TuQgjAXAt!
zdHGv;`m}TF2qFYjOOXaMRd5=JUcsEpaD59eKLRv@mz7Pcj-@kA7cZKsyZ){ASemmi
z4~+JlQK&zlVSdl$n1`f2JlBGM^fO)1RY9Zo!@Nn-QOpmtSwr={#3)P(6k;D@q&h8}
z!#+?)vlb=NH-)^xc@I%x%xtr1lj}9;-WvS<ewJ=XZALbxusZz=Z05%lL{={1i}^qn
zVj;yuVJ$%DenL8%&|NxH8wJr})0R^#L~N{0O}uI1@1;h`eL=#Y?`8a^JaHzsBI1+v
zuj&khzeyg8xBi^&bMkw=Jtq9A4~r`@(pt@sx?S{-b<3jxrJ+X4{QbyRxCL#8q<G4X
zPOI>uB2YupsX8jmtiu_5?$1M>2<?~}=8`Ep5*xH~DfN1RooQTF3E#PEHUM_kc-m=)
zFR-QE$qzBT=6S&E`#T$;SC<V~AiH7YiSB>=Udj~-<J9E}T#o*Lr5e}p(YPqrx%g?n
z!gStgtrY7Q<g9K@*L8!f6j5*I;A5wns2!eK=W`QS5J>s;v$E5_XAJq%xMXBi0M%Tu
zZ^xaEPRjj$9OFfC&~)+3m{=0o0Y}_RviyH(!EIq!fUR+b-W@=-yzpGn3<`ze0~Ba*
zDm-MDNLF3C0I8E<axXYUM%kRH&#;+zVDu!g{I>Tb^rk5Gf7g$twUI7_@fN?PY$F{B
z;Dg^Yhzsr;l*h@A0nhWzg4jDc64<l1CO|L7U$@u<2i@@Yp;JA--FpHK`dr)q+&X$O
z<XjR0#`x*(zu~ceThxUw&5gYSRX0qDvbKtjff-Gc&_jKN5+jFca{WN3oO;nj@L0}^
zr=~`G`>^mzi*HE(Hj6h;uQ89Ut#hk;mS1o4!o3`a8hveQOAgs(*578x9|SO6QQfzz
zhB7~)iPiyXtmfQlPea|r_wQ^jne2sxCYEDpu@9p*a8*f|AjPO}y=7@GBKB=p-ff^_
zHiyP@>)g7=g-aJM;+(kl#$hi4jGe~mD-RrQ#Q84Ynyj7fZf}@6L)~_TV5Sw8XV~7}
zh)#e*b-&tQG9mwEFvG_sSG^Zdl^z~T007OfQHZ;YwPB4;%yOIB?D#8RYuR9KpAR<5
zsxDo>Jm#D~RtYGyKOJRz*{7+IP}*n&*~)&VfBc-vaxGzVrKq${>qBGUI2=_x(7kKQ
zB-{hBCzcOFiSsUH4Vz<2bFIY7AG2TQKH!I_6i2>|Z-Ttm&z|xhg=hV_6i)}yO)O$~
zh^O1T2kUo<#&HG0_+sH+S0vBhSJq<ij3-6HVo4%4O8bME>4k@U$6N)axeV!t;XZ%c
zu>T{+@xuO#&`+{qTyNnavPc_@UWuuv@xBZDNDdQ5au`#x|0`MUe@>XdIY=s!o({x%
z+kurVQq}`c^xg6~^yDD$P%xz8l9Dx0u~bz?D<6%Dfq-^HAk)w6I{Ey6BDzegpK8U>
z^6(!HNCX`FZkXu^iwY|&d*=0JGq^YM@p20xFoOaxEE;hx9^|IjKdz&~!9i!yx8A-7
z#*pky8wygl=<@3s!(D@dVIH$eqVsvhBstrKe*2Am>6sN&9UL!fV+Q|Ws_Yl*E}qtz
zHV+a1boH=GTkVf2Ln}mMf7{7Ej<R^^7ceAe9ZR`5#qWq1oprD>4$IhDB4b<~@Bipn
znI4qqQZrpx^zdQVPSfBoXKg(|QeKK|Y)4Tgz43jD!Cq-sYJl!Jm6CS*oNWMX;4Za}
zgtQ;z62Y_;a>#$1;b^YBv9C7jJZ090qDu!)qx<G|tsOLr8F8RDrm@;2b=Pj;tD`of
zJF)IZ#Vt{lUcyX*#D>2TYrF#xJb5z_YS(KC@o2(Ra<;nui%1%B=APf^f{3Gx2*Wys
zRl?Sdjucb3+rB}XpSOk^!gV+mPs8P1p#tSIbVLXm2EE{Tvb1XkUdnngJF#YW82{4g
zT0`a`wkF<?W9Dgee#^rv1U(qi;iDN^or$jaG$`E{FH#Ub|AsY{al(e2&{kiI=_>(A
zxedZ;3#rjs=>=GL7-*%9`OKPfP>i#lwllpK_v0%eZ6Bn8-sty+GWOhb%RdnotZ4S<
zM+I0P?8EoV!9FK`?-Glc{N@%<)adTm|9$I>=SG91*1MlfQOG{iAWt%v>@^w4l@pC5
z?0JRszyGx;^tXQkuLrEG>q#=UXzT8*y-c+OL><jN762J@>|#h%3Us~xPlp60H>sy^
zvDy9k>jqL80LJ^DhoX3q>#im_DB7!2=XII-4daf{naF8fDBlhI`_c4{1u-WLy3DZE
z`w9#25OFq~8v_hkX&bi2QYe6HM|GMeeseC4^4N2P0FicWGp#PY513jQ@`Jr%dO%`V
zM=;hY|L+%7B!CXU7j!!GXlvyaq`AJ``PkFEu5=|{?t{&tp!eYyS`84XNVtwBXxcbH
zQGPt7pgSNi5Al#nn@PNwcJdp$?)wR@`ZB7{FNHmI3G~Jf4Kq)*r0$cpPn6|=4*N@S
z3gmJz4yX;A8m6_pHr+L@?O9J$0%R^b&d7ar^+;KR%eWSCZH)ct26-y`B31eoZ{M&Q
zD<syf2{n~@TzyR>OALBQTx~Tj{T+ATa`jQ}`n>%8g?Vq@a>T1t;iQ6kbVPLgIThfP
znhAt~@8PJEiNY-Uvb4W2avk<mHV3-TozY`GfL&z>UX#F3Cz0`nFKH_o4~O=!K4(jo
zDD6I{86}0kOWxT(e0f+=u24^os?D!AcJ+9VnkuW39Va5sE>hkUed*|KLiSUcTqz>V
zZ7nantn5?5z+7-q+Aw=Dh=7dhWFujQj3rn(k`97CmlAM}+9CN%(Q)?tY?o>2v=j%x
zr~2}a#hOHohO4o2vv*|#ukOZPAc~nN*Q!3&b43cg*P2T3J3H0!1FkA;H3l!0?$LjC
zuP5u1dXrk4&!klgyR|Tjo~-y@_-#%VlRw=Cg}f#}vT<|R9!|C}!K6#=8i6)uAF-3S
zRUukZGAH|V;s!so)(O4ElWGDjMXeC}*KxS})u;aOaeBx7GN&Ep^szw}(jiE8qadwY
zl&Va)hjo`@+dB&&br7_(52v(iH6iVORZYId=@4T{;+n5*nR>X%aA$Q$=HdBE*|xh|
z4g0rY@4wF8FOkA7<0P^s6x4_CsU*+ZU!DhwM^bM#VrhzwOz|>kJzQp|CObna5)9#>
zw!Lxqe^;9R4hsL-Di@^j6(Ga#@*oY#o*WyenalqE8~W}9ls)tt_49N{%q{{rg!~)2
z{b$Ihd{<HlHl^FE1v#U{N(E^9ujxX0=qLaJ0PzI>!ijzeF34?NH}&AoawW_3BZN-X
za+h*_mMft7=(PeZ`DE{as$sXt_1|d=CUw&#xp;r|A0Wv0Se=_R#n)8z&cr}6%HE3L
z={wu=WF2o_vHHEo7%3^q=01vNJqiF7AU`o^j_XZj`1F1XNRX-hpRP5PlI$Xnxl>2U
zfH&?=oWHfzY!7c!%%<~;toJH1gh;1PWwd0SSVC#I>-O8_Wj$y&^26Mt>ikfkBGky-
za;V|MuD5KKZQ}#~0L6n*`fJ#TxT63RKcA4X?u{B9;kzh0T$hCv^|n72kymZns~~rV
znYHh@D<u+(;$3B^lHFRk3)7KmYCa>)*~cwx<iS`)kose0abl==i2VwDby66RX;_?4
zl8x?4npDcTb9)WfoWtDx8Z1;ksQLa^iOq7`_zJln_gnO|mZzS2=S)$xz##UdCeWQC
z&kYX<Md#nZntm=zoIpNjTlPvz!1~s$#|49lNGvNP8*yD*ih>|*ixyY0DV!>lPHSX=
zL4Ty0hVJIu)h$$m!cwimtH5Ol`g`q<=h!+o4vRq(bO-NgFG2KZ*N8&X-xlcyJmfE4
zQDut)g*v2H-4@%}{ZjGQmqLD&yvzGM07piiv51m5tIX-Dr0w**o$&Oj>9^fS&7+R_
zXfnlqq_;emci^%7iq-t(1Vm?O-oR9>Wm}v#R`Z#Xz3!zkxF%=5oC7&q#Wh5G^0Y=u
z&nSHIZ+A(36@2-kj+g!Ec0iH+;%V%;nB!nQw;@6PyHWZOQkYc^^_(@)>9<w=+mQog
zbX&lzk$o~HbTzX6QJVt7>H_Gh`Oi~V|51E+JOKxiKpQoPJjHhS?Fq6MzxXWB#qVl6
zv<L`6Q1eDb&_LZr+NJ*(6{%td6d;ATBhy9GD}*ojBYZq@`MZGV6XBmlf`3VWIYpAF
z`Da(A1#iyD0>Ud@{^VhRpr7q?jRSqPX(u&G0GTz>J8-PGnPGr~n;&%C%BAeu>kl}?
z12f$Q-@8m>ZY&K^&Qbz~u1Fy+M+;L6NewjH_h`*erywdu1q&#RmNk~-@}l#TY`=Fm
zJH+CegI-YrIN;%tj)rDtZ8_OG^V!rBmO1vW@teS^O?C$^9J0WFkq<D6Hspcoa<$<H
zU(?lDE}{@O`#z#97`dlpJ$?OGrkk)<D-3!uG!LAnhBb@Mvd>a$=J)G)eUe_WVMBzC
z<&3M_l@wTMytLEFN&k(6@N>j^pt%s&*E(MYdFDjBncI!U8F?^&%wA;m!K$&{k&rjy
z#HD==WQ$0vEanxzqL*XCU;IA3VR;=^f~{K%aH0}pvvpdchBJ31`MUd_{E)b8a6Jjh
zIw;>A-q8_zXU=qTL2;>__+U<R*J%HTfYEuznUh8JWv{|htfyB$Elb<1G4r=e(7W#Q
zrXLV&-PbE}xC_JKm$fp6y9H8xBG~n>9T0rE@c!N-3Zb!vUi{LSsl1X+@ne`MCZl2(
z;Nk017G3++Ry<tSY6fv^_NcPuW^Pn*rZjh8$F=BTTa(KYucO<|zL^uG8pYrF(iGIB
zy+vZB>!Vp0eXZgdQ-$93Ey393gq-kP`n?TW2nx;S$ZE0aCU2^F6vOUAK-a0$n^$ko
zwmlsdFS~NCfsirw9gly?brMO#VDvauK(MLqmQ~}rBBv+j%X&{3FHW34_azr%+W{St
zQrU!sXF9*xg8)!r0X}A&6oi+MDa}3vSDx9ACP3Kqz7}a;<L;IV&=yedD#T3Qb|M!Z
zk0?(u5_%8Q<YoDy<xYWApTc*2da5wwiiA37phs2+zI)MWR*geCO5S?Y8F%h9IzL%Q
z`2<A8>Tbq6+YGBa2JE!iCaC%rt{2i*ExM5@X9k}kjrD6ygtpZ_oZTp>(HfUoLe(1G
zp53cy85=|^h|7R9+oh6C86eqvFq}pA2s(X_Q2Hmn2?7I&&z`z-3ozDhgt|)LTswsV
zfGglY1nT2vX{jIJ%7lQ>{OLE(%}o+qzmWZ7R{cK;O<=LWabOaA4vH@Kjb(t2g#M0>
zFhF4FkBW11T~-Bp&3I}A5x;-Cg7?#95~+7eeD3e@30V32pHS-G<ubjn!Kvt9T_Cx#
zx3#zTmePPkL!3Gc4!S;FjtaXr-~n*SAkuss9BmB&NG4-x_7cztrLv}uwq<qc>_c1A
z{02N&V{!g(Pk$c-NI{pXas1Cm0aUx^QO<jTjqfuokc*R3x?aks8UPfn^&$BBeGEW1
z!uR45iW8-jnv56Ln33IlzfA$1beVB0T#F;tN~4$NYOlG*@|M~A)84Npu=kS%a+20z
zb0<?JS%tnsEGd^X%jmm|Ggp^Kzf><bKUvK${+88cM&n1R+jsZCs3sRfle(PlpPm0{
z>BT~2!%YULramj&V%_6%T;4#ea)Cqd?gFj4NWx^`nA`PQKS_$%k}yw?HJ=|9R}6DS
znd2<O;@r_49zT%0VQ183pT&M49RRrVfa!cAm7i$R*H=!*r5zjNy%Rp@8gUDWmy|z}
zT+dhLyo$NqqE*H<j$l_ids+eJq){f~t>Mu3fZuR|Yt2>G`PvCeKSX+{kC5_jy8UmF
zEzBEx?f}O@=|N%u`Rc+@(#)AV@oEx{k7^8NR^JxZ+T4-uk#qQPt*&!rR52?o2H6h<
zXJQc{?Y_M@d8nvJk{)x0$r~Q%W4IZ$;K*n0yH0ERN_=TA*8-!hVk&lBykhkme`r!m
z<w_sv^noyZWT4O-+Avg}NwgVz_bA~jp@5a+B$wbf0`rKss4VvAowt#B$mFXC=;L(@
zWQvKr55t`%AeK7N$U}2`y)!>gU-A<hILm2u*lF~BUellzqRlwb@|aW(=K6zO>i`89
zUp4Gk=RQ*Pp!tah+P#F~kyzo0RpRMu$5hnm#Q8<tAEO1;htcRXSXp~6OZiwDYrNAP
zK4^6N!$WT&{G}gWA@%7gZDZc-PGlZJV+mQ$zml_X83(`9eP<r^2u1gU9MR@vJUnJ8
z-%cPMi|9ydjGgFMY!rQOS@^FS^AnH=!)@IJ`lu=LqPL<f!5@y_p-<UUztBmb=^ocl
zKn>qL{@izsKDGr(!^BVTbn8%RDf3&kzO=>n6N`(>87F$4mgdFMes7*P?3oxw-h!81
zQ@06D6Hx1qdtk!%R=3wypJ56;HhHORN<Sc0HFxcbvs-}!`Lo}$#xm>A&imK1e}2|W
zs6O%>#@N&Md)_E_`NeA-7hU&2-ajdIfYcW)MhF3&9r7S>LYCSkhv8(mt9AqrQn!Oa
zIl>9BHj$Z`ynmpn|5}VU4bSF})d!`W8GgwdoTMk|mLEtO=;LYl6yKvAU4t^Zo7xC;
zrxXDQclW29dUTS63;?MHpl8tQ9kTN9FJb5(e34x&0y^T#Btop(;*RhE5|)@#b<bq%
zUH5PVGbKHUg5XF7&|ar)U${co;ARh$(x5|dmm>rjW6Fl-po7=q=d%#e%Se}rC{mb&
ztDX`QbxlAdf__z!KJas7*~LAv*p~BpF)l%ipvQug^Z?@r6yGHwoVbc-ASy}xx@%2f
z>K{)X{;}fu9y0gdB%Ok3`(DJ_tThujbrD(`)7jse^af%d>5-V?X%BkE<AE`>kaEUO
z{KyV*TP};hqc|HMq7^<wPvrgWfp}@cUX9c|9-t4yoRx0s2}lss^b0Q%@+_>Lz7n)3
z)JXHubO9LN)n{P+fyZvO09F|vSLL@^uiguT;$`i@p)aMq*>ww~36Dn1TOBL&Wd@xX
zB!T$f*o1#~+kEZB=la*AlMrN=b9wmq`b#@o&|){jNlP$*AhkYgkcJIb<!5I8XVUpU
zO7eTR8bDw`?`ARCy{D>@iOcm=WX3-q58ftFy;F`*MuRpF`+?y#@f(0Y&Wkre>+4+K
zVKjYOto^cW?Dq_uBu{dIR4BM3C(6iXgT%D6^8djXlt@zP0SXV3GLovU0|os^+~;Dd
zYf13(=h}Y`FU>7<_*i6em}J<}8`m$T>L5tAop)Ox^9Xuc;`bwki@qKDkXaLO#mwwM
zrbam)jsfQiPxpX^qKCit*xn}f_}34oB77x5f9KtgZ66`_TOahkh__qk4|P=$N=Y)q
zPm>Pdb=tR}U(gXc2Tcg7|MsM?M<mmMxY6@Y`3F20&(=0ZmweUE-T`y1OC{}0p_NXq
zT=8qG$4fQRGCe_bB|>Ge$1LX+({_#eNagnNF*pT-{tl1X>|(U>7uxz2^@V9x=CB$~
zMB-pM5F|&;8U&ImB3JTH7hXv}i^ISMpj{`ztpy%TET`>z;5W<LtB%Ba7S%9s_{Ti5
zlFZ}r+4bGk{voO{c<gBYV7Wi`S}o0m$_KL(FIF}iAQ6x99+<DSn#LqQN~oq2Z;}%U
z-`1@UlUKCN7Z=wNUQdbYy<G^WviB`6uH|H383|);+a0sf)j3=2;0A7t!n3%^2J_MT
z=bfef{2pJ6t=6v1xPvBeM}xSQS(GBN5iN(SqP$`+uaEYdJ%XlZ{1tV8;76}NC8SmO
zoZ>^;L1s-k|46lLn>UX#V&RytII59up<4RRKyma$tc2p9zXN<W_!;$egRlCR&a1C0
zO|1~5)B=;@-M=Wcb=1ub)g>47Amwv!+b7cAqh=T&ydZiYk0OO3e_Der51*V+ms2gR
z_=WWdmFX}gU;Nm6tO{3_^6CoX8TA)-=vv4lg766STgiA=KOdYpdTUFUYV8DnDHFsV
zwr4YlVFlWYVtdg}2^`LCzxl`aPqD$L{(-gc`G+(XxdO`gqZcWo1&^oTAx{pIU^EB_
znPCc`2lq6<`VoBmgC&mjB)ET)<azo(&rkeUkrTh;40upqf4{*2kikq$YKR~A-#GE}
z@%lPCtIIP9&tLnrYz{}^aJHnJdW|&hR`I#7f-9s!XY*E&)?v3>;ol7h=di!tZt&e{
zSC=$>v>U*Gz}16yLcx0zAX?0x8V`C!Ek5?SE$UrT>K9pL%8|Kp#GB+@<Aq@~OoJeE
zU;EnvNQ9(ylrH0m*)Bc0Yj!V@-DcaS{CoSQ9$dZvVSxh51NXkIB0$gYYX#!Y0*VWU
z*<lDsVTc1VXU#4NTZJ82n`YwMj+5LJu5$ODk*I;7A?zJN!y0KTImZ5U?;dBu46x$4
z9VU%5h3nVAdm8YS(%D3V^3MTTYA|SGUhA-%2qw$8=&{DPa~{-*BmlIN^SrT6kw-k{
zi+66S7ZgKVqH#*Q=gn2YLBhAQ-1jlrW0q9h64L_fa?s9r?ojlyT6!XPJ@QZ~uTMFZ
z9P-d4NnIrcUg;sYLgnTJNo#P2!qyBPs$YyvG?R{JT@Z6#zT4bR&5Frt94vK=8>mGn
z)NtMA($0RO^adFralD;WhVP_#&?dxnrI}EBTOy>opcf7m0g8^q(G!d_N!pfa2It>a
zY4!Gp*J2dg&2N^H2;racQc3z2_Z!}!kQ^@KaC;MC=rHT#>7~lCGfUx%TuY4tk{yj7
zQiKuEO&-}|0HWWLP#QSXB^!c0*Flc(du}2hyx`%dT=ykvWitcw#vmy-Pa)L-iG^2s
zML_--9K@cheFB^YvMJH<^ou{AaOBdqR>quFJnQA639d8;Tjw^!du=Jn8pmguSG4rG
zG#^dqzP8&lp{-Y1AHGa$v{&w~JPa!N6npv)j3hG;G2Xj=&t*yM`~Nbfk$iba0i=vx
zs{?y*;{a(Nib-mH$zjlN^ZE0OEr&x-Xn%eR+T|{H{w$6E3w!DQTYGSXseYnS%Bz7Q
zVm&p#ig{JmPUU5A)?k;|ZBFe|qxZBD1j!mVd+$P?Yq02b*91M`yd#;`0rWKlHqJk;
z?a}|)QCH!20uSlTLt!jzV3<q09F!L}Ktz2E4y_gk1m)MPWW$H>T)Oc?=;+_QW)j<5
zE}>ZQ$2NOiG3k<Ste{^7@dA#7Ki6`_bAA4>4*(3oCTIV3oBB%-l^_G?<B`m$Lyk(!
z3QgsQ#JZcJZm(3`*)Y=elwLJRGn{*9>zq5mTXeSa=;u>S%fpJ(yq6e$F%Cba#OX`m
zZ88xRtBYGzncfH6iblWHCO!Jtn3Pz&hD=G;k?t^&r@RuE{&q~TsCwR4pljKe&oKWH
zi(!{|xMP!CaY$S_UhhZDl}7c~3MswQFCQg-Jc{9BTcU2?Et912doY;PgOdU!-h60u
zacQ+^wD|dO{J}4bzPiZQRBtrS%k!U2J^TTdo??V7ReOXI*0%2y%m?psc~Ex!P_a~+
zVSV5Ib>@lt&S7cX78jNNsB%pL%@uC?X`SCfDJB1PLBJXf;nyi|BRn;KY3HWX!I0eR
zgklgfcn%6=2WB1niw(f9el}8~1nLDd-?6%dYDzaRh^r`q_Q!K&k7{0sqX{jFb+#-&
zpPMoZ$NSxtR#~b4rZ4+PXJj*8k=q9EaZQQsyt-%rJj={GRSYdi(Eyav`~v3L&P*gX
zW+*L_nnfK~q@ZK6z^sv4c8^|c=8vYm$dM?m#H6p+X}E72`!il35^Y$83tdvf?wwqL
z*q5$t<XEB!!aOO_R$3#?hZnJrd^B7^V9E7+=c0dY3cnPdw%=#3MN~<j9DSVb*f|oc
z`PCb0TSfSC3Pg%u9el}P^ndgm{%16a|A(6R_WF877a_y}!6(PC%eX#Lh44!)#S~h1
zL-nsSY?e)e?uLe@<NOtC%Wrn2%DrZ#m&lSJk_bDxdH?{M-^~;MvX}8+in{-U`sp10
zvq!1vb7R%LPg#x+mp_x<i<Idu8<-Kz+sW2@au5LO;yDsM7)k>If<^z3ZuE?q9Vzku
z+A?SAOr_Q+|Ln(^h%y2S)C$?|X1cif7vBlQdYcC5Rj0hV7kHHTZd1!JVbJqWf(>*5
zRjk)&Ki!c34Bq9HliqOoM1Dv@BMdTU5TjitK0F7HOBjRMI%jn$FZ28gX1-_!s493z
z1+k@=-yJ`>@l0PK%W@GyxYtk-d=}lA)*VWaS;S5q(^~6lKdLJt{VhgUOTIuy(Z%kp
zQBtJlAhKPeQXp5Z+$(S3WZ>1$$$l$2Y%ThoXu{N^8N&wIs^LdbB}J^F!s0w74V$~h
z$${x>-6hAODpAC5O_D(SJeNYm2(8nb8AsaiZzfzuR?9Bli%rCq;HA~lL-QBI<)3j%
zvJ0{Fj`2juCKO{I#UVnLFUAYAmT0B~Ewq_D>?(Yktfy;0;oONTNxh${wESDO0|3Ij
zt-_e;XzI}e$8k4(yhTp*a>o&3QmY7Q0$iz@X}YC07q24Hla+h1{g2<@)Qk_%w9(B@
zzMi_M<rk`*=iG&V+R&7A1_m|Nu?pGRZKc?c?$hNmzfyWvT(g~RXcK*>>AC$SLm1SC
zN~9?~ZE6Ea69>(BptoOyK>v)qG~?^dRCOimFaZ<ak}BP9ayI@55|?0`$Fv*We!#{2
z<{{~vU0iC*e-*g=fIG+>GtbmM<c_9KzK&oo6p&6>Q@U9kmzM$MGk#>-b%o~Q6uj^$
zICGF`_D9R8Gc}rE^+MGnyzRwB<Rwn@s|^Egv_clMc@#SB9-L!2CI-qnWiFk7g`1(%
zG9Ga{+>{!&o^1JeXDGCjIC4mRe+o;hxB%EM=w7(N@pxh7)N{>DkhD>u%*IQt1+b^X
zj8_^eU-r$wx$v5a*tIh9<@3>5_1Xc>bvg-r5A?gtv@;++pRG(E@us{N?PMDxnjE6s
zPt&S&O2Pih_Fh=t^5N$=SGyW=J;5;U9`=yta{Tz&y+n#r$y<crp9o$}YwLjD3@iU2
zBE7d<8zCp+F4Y;e&N9c+X!Q8KRR`}X`V|fTAzio8U@fU8e1@bTMDr5?c)Sc6)JdYl
z#zaC8A75qGEHkOTARTSkl{f!?>-Peu4*n%)2ozYy*=Cgr@eK}=0{cy28+L!~cVmY1
zOXLdZ%lsqM{hxF#=b?j_ss@&#zzdNs??E8!?~V<ib4d6RN>{U}G8a)mpcOq`5!>A+
zMiOZ;ANvfQoUEcqv;gU71Ac9;60}eKBHx7J6D8b6TSMGc?yS?lyEn$p5oA!9Q}G8a
z;D)IfJMK9Q!HufVTf@@PFgi9QVExK$?;AWyYu5_gX6JnuP|6GT74DOMDuYb@dU*jJ
zku)3%DQ!z(Lzd5ak`CjDUb-~kIK8ZhP}_KSIdg~ws4R9m@$3GOBMA}Rafr1eq_J2$
zI5s1*@fyZ2lAou=NL^}{JRy7YDmvcRSyc&r?d9w<AG(b3uIa>Hr<f#Z#wMzfgaEBd
z)21BJu-wVd6KjVfK1g$FngTQilZJM2Vk~F`I-T>Ah`a6tBuX44$yS5n18U`s9#5^`
zKqK$->BwcZyBe-*6Irj%5PDo6PIR`BPxR=N8`g`we*J!;)L7L%XQfB-#I)2(LSJkj
zJS8Dh0h!0mdbZ>;cwK3{ikeGd5@z=aURd0fJ86)p96N1-V9MRjrpCy;i3w+OA@HuC
zl!Zi%vOvdo@-Nh;eUEm$p&ny;VQ)yefq&uC5sVuO*GL`yDi)Ea@UgIAw&+{Lo}-?M
zXQ+GovV&z(POd@r`<=-^<|2(otQt=AG+IG7P$alFegFY=dY}<2-~BX6N%7E}LF2?7
z!Ov+!e8t~>cbv|n_~IGjHNtQ4?8nQ?-q|eCYq3eY?-4tM6K(b4I_H~}PM^-~3R*-m
zvkv=-OBE-om(g7*%|m))3-`_-^ywBH7Fpu7O}PH8^*z%yxd2(Y7j`aA-=xIZ;x8Z~
z@v?#y22GG<N+;&syH3NAT`XuqBYOF3>$MuG*hi6Bap7E!qQavD<-Q4dAE3QhzAVG2
z{h5r<<NoT!a#iKEojT2-@XVB!pVK(`=z~<XG=0^2C5LH%G!1T6KKhvDtDBUObHxZA
zsd_{Bif+n6(M2^)p0k^Qv6|xAEy`_6;%II@`>1&975%B(yM_mYuE<q9?RR(6J%>@2
zrTQJVy5WnUJtx5QCBSm6yXo>1p)^n{tCzkZ3-CIzyT0_#fC)G{Io`TC3XbZZ0cRUj
z$`^xvg#uD<H$YI<WS4sk%A8yNYgODmg7^0^D-cG(v0u2u+7jv2Zh&_(%JjVVM_;?G
zogHzskco6U_E&TcP!s>Hn*2@RP0*k~AD{(v7$E-tMgRQ&0M=eL?S?edy_7*CRn~eT
zUJP`cm2Q1*J6Bn*Nm6o4*qZzbF$3lf5~WyG7RcO>nScSBe$CV6QN5kB)ly<2g{i;s
zm=_CoBSEww0vWSCEV#|}u~5-41AFrSBksH7n(VTzv3C@yihzPh2N3~<1QY@39YRMz
zM7nfBRZx*G(p!)Y2}Qbe3mqX+LI>%gw@{S&od-nUnLG2{x%bZfzTa>Dc?Xj`<(z%i
z-h1t}#seK^c^W-G)%X|CAW@N}*56#z-jb-yT{gisPD`!WYa!QAc;~J;KdHuPP#H37
zM_6|z01dc1K>XnmNZcI8k#Sqi(UAJ;V8;zR?i6d4^gG6nuQlAZxCGD5Wx%$bB^=b7
zyjfCl1D45EYJ2&6tNq)4#JM0hvxKH>XX!am9o!3dWkqL{B7EGW*+S%aS%;2aoDIIR
zA=2@~YwdUg+@+OnYBiDaJg#B*WmY7MfYP~Y>x3xO6XO13q`c})vN&%CNomr!#AzS#
zY2DoFfRG~w%4P<`E?=bE6Qa<0e5LATjQq(y{5@g~N{h;b)49foHmHiRmz+>mNj-Bp
zj&NIrXDb|V4^tqOmy+sDgU4DQjK@R{e1@5oVjlN4dZ5d-HO;>420y_y9BU8bnzma&
z78`{>7VYrTu0gE4X~O=B{q_ap>9<C+Xzy(4hmXf1o!T%VrBddS$yNyEzx<-8)SY<4
zx!aNRNZo_DZ<X~3Nl&T~I6pe<oOl9ttca>5D`|s%kHHa70bWTT`%pZmP-+KxP`H@d
z0&%~0*9S3DyeUJog#F7>C7jPaWYp^WvdgM7S#PzJj0bS}e^|yx($gjF8qdPzdtWUT
z-Y`TA+1QnT;|A)=Y|N}ory1feR%_}e*j>CTZYwD*U8fLPRor-T;Gudghd@<YU#Ma-
zTKZy!g}zT+8+(G**Jll<NK?ZqMALn*gKTbp{Ne74^a$$8AI=${Ycfo3k*AgT*u&Y@
zsbo&QQ26+nBT4n@>3iXslo`gdykE0NWaaH8rSrghnyNv2l(FY}IDAmXvhlyG@iiB9
zNLDVr%vqA_9#zkge!3TD`<L4|p<|>#lLD7#^O$UPQ}FAwX?g(1WL!2+e65qv`a0yH
zN~o`flT4NH^7WCR$1cTT1D=(l`D`$Ut=okbn|+NMbLWvqnyzc~5x1=v;HUMQnK!w5
z981qjI-?Z6SR>NG@AczU{_=YyCg)8efui!8lhRtzIxIV1*h0@e@n@#(pNz6ddIO^=
zf1wg~^viW!r7FL*Ld}%r!i0cm`c7H<dXHh74_Q)MeY1w#Cnv<$1<CBhxzYL@i|6uR
zqn=<U$?}%ZyA_!DnFhvbHZg!ow%gvY<wndXTb)h~KRMSKovZjir`ne6g5UenLFCo_
zT?|lt=aVsXdC&~#PoMY`gZ~xc%wMxeD8TXqbpz8=sbB>54rmCMl`RZYhjaG)g<tE#
z0VaAZ`lkk&Xf9hqrE6k1B=OL*TaAPS(EdFGtpBkK2d)n2XPO=WGXzCyoWIlHy<ygW
zGv)WML_f>i+*|Gr*FkTXv=DQ(1Tbi9oxwnWVJ8sMoas@&J@Hu9Y<V&S-}Thw(Xl^U
zfRx;juW`BoPcITY^;ZAU?qJV)-f9^bi}%R_!>4WUoR(}a%K6V+{)13G5>#c3`+&T#
z=U8>2&hyjV6p0Q%*H2vT!RR$=Ia$89VSm0qm^9N++_cY&Plv?0O(`wTnb!%WR#Ug}
zZFu%6i6B4sjW=@eoQYTsH4N8Ot=I5kG_(HNIWCa<%(a(^x9$^ee2xWVFk`2$>N#0&
z`(igSgB>E8_n#;~;W?wjeW5iaxz-t#$|S(S6QJ6RekI1<K%L%+j**#>swM!f%qcNQ
zjgx8$IhOv@Kj|;LyuL`h>#Cro+irG#%9wgq9VMb#Dc$*vx1BI^h)1tXB#uXZa5)||
zu|=$BXepNTm=_6@4((iJEQqkZzlU`I$N$P=?AIihD%`i^^Fi^g2~{>X2%BG<S`Te{
zgu;x2Zg7Z~0TuT55^YCcIqK?Mko+?zT2?R7<j)#!Jkgro_{M@;is`!-g^A&Gehwpt
z5g055Ij?K+^3f<bHa5!aD#xEabB%t5Nq26`>|Xfo(~l(R!cLAMQT(m20RlOzpDH(p
zIm)s6RMbNjEFoMu4>ab2NqEb#tJfcTB|%N_U4#y*s#niN(U05BZd#XM-Uu5A(|`VQ
z5Ste`k->DK4Sg-j#OV%By+m{9>9wJ}o1H+>(fMHm!7PzOU!JM(c?n+ikmK8;KfI3r
z#z@*f8F+;_W?*VmqF(~y$XZtX;QtG-0z-2pze#eKN|*2dKj0OZE3jFa!toMCJP_Lc
zVelI}?M=L<W>;+c8&E=XLQHbHj$8iHzef*%Oop<smQpfwW5?oLNdFnQdYj`k;C*PV
z&t~uie8G6a=f>2JMV_C6FMtjKG=2}1cRAtm(XxrXGsSov<jep`L;L+{^qP=;HLY=j
zoj4}r!it~$b6r;LMzgLPDdxw;E4BUG<-g^t{LssvIMR~T)4SidyGrAPD)FYh_0A$`
zawDyx>6#ODNkUa^U>c><hnt5J4-`-+1D(0-uDs7$(nVqTE5d=k#BeTGkHz)H#mUve
z-S&pALDr>Gp<C{(Puh_#c26DbIG$Xc{c_}zy8r>^YJ_l5*tj3F+*F*-){r(b@*}}0
zU@o&@Mj@!Ad+6LUy@}^1%}<36HWVAOn}^#FMaC`}<zRy4kysXLEi`!+noaB&Dd6U4
zeU6_D!toUb!fA-RG&XZt1#jQoVee?h2sjVvrWP&}Z#C!}y9PNFW|bc=C|<?5yAs&k
zoUv`8c;oQv{0eKI5&}=nxz2F!a7F`NzaIbWb8CzG3?-lByuAa;x1zDtFNWP^J&jqM
zwNyLch6cVoZ&$X;U$68DoXiRF>WaB`D}(0PgoQ@&McV$tsfx86QZf14vhpn4=G$*u
z1WK$XDC>s9mD?}6DD~e<;e}X0qccdFzHx_1Wc+RNZ4!=KCLU*~MlNX3-|Oz7=2pVQ
z=&7RdkxxD>FZf>YzCB$sGS%p|;>7fwNF$j6%Qn|Nmsn~PO<gw2JU21N89nuOHdp;#
z`bjG~{*lJ|5;*I5+zV?KMG;rqU`-XEf>=mNGj_K)WxVRS^Vzi552x}jeS6jw^I1!t
zC&TB~G43ul2B|t_o~j048l>IV(czEzjR_CWJZDBIn0;1?Q>V6+EGXI=v%8qbhHW!2
zaemD=cX{Q^%)4B+R$LZ6(usgxeZL^pu~z9BK_87?!X>k*ZlrVAaRxdN&b(1AS%kSZ
z+84=N^`1R_XTVTd=WglTb+0qYhZ8j9)5NdV_y$<VOZbYDNkG^7^=93ONx=FeS_^Wx
z#R<4Nnd~4}Jd-oqQ9%sD(GP(`R|~|gCb&|(&2lf25j)g6Jx3?%s<yUcrjx?gjCGTN
z0ATJg$Ok?(J*d6CEX;X?V<X}Pp1klOZQf+vu?OSnZ_ORBUT;TSWxbnmdGrBkdirPq
zv22W)EVFv`RZZBqWKWt;vAHj$*jMEmbgraJ%d%>&k&2!OCI5ykolo6XDR$j+6Fq6F
zn$c=Y;*nhd7@mlYqY^QSi*m&h+!X_FqcB__Oc5+{FmA_#tzf=dFjHRT#OOmbn^L3g
zO`yg(UU>1Lb30u!TUX#VnN>*IOrU(>My(;oO6vB#mF`57*R+<$wZ+e|w|vkiD}To_
zFBBnvB}F1%^FzIff;G>8WDQ2()!I5G6K_Sa9K-KSWoLf=1;+-}2<M#rv<v3LF)b1j
zwfNrH;M=puYoeo8n`r`ALX%rhF&qHQXFfG`Ma8CzO5Ex*Qj7)M^EQzp^D|x))lKnp
zD__}>;!U$Tn9<qFR)yFf#p)+GYbJ`v@9LQJTPI{_yM=vuOTNi5*{(Ip;@I0k*&%d4
z<1u5Az=_Gv1QUMjYhJ3+k1B|7b5EEV&ow!T@X~YZDw1_nTB@yfYLR_mOSPxsoTcm4
zXCfw3R!!Xz^dNWAooQh9VDyMR?4>wEm1AwK<|srvb`5iP=&1vHhtf?onqvO_I~BtY
z^g6AXEq<u;jhGJ17M1FozsI9s@HO5d+y<!qs<M!?z|(co>w=e3x;{ji`$lta4YaZ0
zY{hd{msM{l!|*m->SI||M%*<V;o6<D8ILEWA4ws<6V;z|!dOTfBEAhLvrgmKv+p=z
zg5MCsxUA=G1Kw?9uut&41O&<($AX-#z$VL~gr{93>3-y$d97rcBa=1NKCQR^Fn8KV
z6~W88T~m5(q$@N|@A&gX%$gsBg|l5lWGm=wH|Ubw{Sa}#Sdv@9-Ov2a+03b%YG<5r
z@xnYYQRt2`Dd<HWK^bv~evkL{(z=!i=4_tm*Qj`wcZrqjvcTi<)%@e~>EdeZttlU7
zZ%C_H2MZ*QMqbN)yUlu7S$`uuuAj1*pS4m#qcZ9V7SrRscIHi%!c0g0tt*&<!)@jo
zaQ2iW{Uq-XH#TDWopqNxG;VwRe3S-Hm9kf*d6iopuj1Y1C!8>ORIfdBT{+)zL`#)(
z+}ML=>TX!n<Db4i@9U!yH1n(G5g(=&$?Z(d4~6N!DiXI7dX*p_ND%)S{rb##1~jhx
zluEYdV5b@xq1?ZoRLW1ju;|z>cQJoCqBqZ!(q?N>U)_*uj#kf)Bxrq@cWQW6g}pdO
zVlg*&y)Wy-OzZ4eNc#mwY`$Bl&%*(}O-@V10P!r9B2RHv%#)7u?wF!+<l;%yW%7ku
zGLF>tzA1K5jdFcv8*_@DN?XF(^#=k9g*>_6??4m!&+#}Iwy$zl8$Qs#ZP%p4@Zw<v
zx191L8IA5_qiz%Ehq>K-5ZwWnbo=ISko#n{U*Ik51d`@q)Eclur@|==aYHy<=HN?9
zv;OsM%)K4z%Np@gIxRk+$X^wHCst>e+N@4wgA$f4tc{$}Ww!)|5O2tDJEKY%5$UIE
zPP`!_;da~TdRzJuv$!f}St@mQ0aw-6KTAc<!e4V*o0aDYM&H{%RC8qbcC8!?ixRUN
z&aH?(Z{F#@QW-i!S!6}Q?EEFjDfm<04>yxkHP`1ZSY>ZjW(wBCZ1r-+Eyi=RxWVP*
z-rx0n>lN6I8Zs2+&BwG%8HLr96ZL=cDuz-yJ-9rK>vVx7{U3~2m(_M38$G&~m;O5`
z`<GA}Kq>Niu3OZ#oV%5+n6hX11E-IG_Y75*zE_kVB?@i=J;C2{1VD2H5FAebo27yN
zVP-Wy-V{v<e7RQmIUy2KrFNys-&VGSc9yCEvI>UOg0NT)7ToXQDNwINt#`j=75gt}
z1>JNWXl-qUFlTPAe&B)i-<2@%2jEjvxjDw=K1>?-<BRa-mwR5s<(o^5g@@i5?V_Rq
z+tK!p{!fE*Q<_~_Zzr5w?B4Za%-{nFrd8Uv?cq6?hb_*`O!h@|ts!Ca<_H7=GG*FX
zqyzuk{6y!nO^DOe)Xb$J+S)sqQ|KFBG-tEM`5sq5OZ$YtFPYIfJ4tlDo@^$Rbe}bD
zNUMx1%E?&-I-!K%xXn=}p+#??1EWIIL;NgbkAcHd2lR*wYK+qb+|lNU%kqU|>*I)v
zrH@8X;&TtrueN#3{Fr~3k&)r@vr%u`Q}~A`)@?NpHsCq4_wjlxBCPP#8Ed*8TijT^
zM7*0^$2UXbCS`#gaua6Vb;F#wC24Q(7V*VzigK3<=~`v&XOIC*D92&wa-h2+^g6%c
z-i?C%izL`7kqrQB>)VPtn$Ir(c*Th^G|cX(6`9ZPLee|hP5P{}OM&5SXXS!;6k^uP
zHVg!{=Wk)jPF=L4&|9z?tdn}m(`7~MHlO+KrR_P6r*quujOzDFz^}%0p;w0$+9?gt
zO1v$8yd@@%142n`ShlByweCJgZa_5bAB6dG(!SI7F~Y)rcsshS(_br=*_DOPn@%Ws
z*C`w8oY5Kg)XQ7uSi8x&t)Ar)Y<h}95&;xR;xE4?Zp{Q1BE1`<Ou|1wE33!g*(4ML
z2g_$4rLL-D&cA!b8CwFIq!=+eqa*8KSi0;9FS1Z&72wv9or^aXPAZ*wiDz-!+4$}b
zJ?BK>bq3m*yR>^tMwDskO@@nm4|uSLkgZ<H*1WdlVh5+K6&bR#EWE?3b3^zQ3#ci<
zh_>_Ih<3e2?tK*E>FSI|vJ)1*76U&Tp}ET&w0ui?T!Dm80<Z!|?yeh1(+@AI-wXE+
z$}@TPUXml6mkC3>!XPe)G4VqLlX`(C91LH9Rf9!6U%BHpF!VWpkCF^349>I2BYN9Q
z;dD+DSDcBizudi4KzgWmgvrOl&f+{Lq1doHn^-fB^a1<86-Wve9V1c()PlXjv0ocu
z_l}o><3=q9Ki~YV(lxRS6I<keI(y*b^6!kq0Qk$m*PhnCnDm_2+$G8H33z=kfM&M`
zzygm(U{QiUr^KN0wUH4gyH1IjyMFCK)UmeXd;bWfe+raew2B0NNLm7(@817S1E|)|
z4r4uyU+jMES)$eBu(K&76{c4pMYAr31z3dmkF1xF*2IIrkAw#ohe|0R8M9~bga1n(
z0`U~6jZzRj$St=0NwYyJNU?tn;4ggq{Bis73ie|(I=j-Ue!D6Fn4auk^Dl`hmrfDD
z9sgAd+Pi^Y6}1JOQ-2EggS&UrC>WScJeQS)6Aq@`tr<cO43q*!*`#|NjvWfhtTi>T
z58EP?0Uh#29#$KWMGZ;ZfVh_CdtU%ap7l~6xR{3*3#ZD~d%G*(u=hi<A`7q^um1W^
z0k^7h9p-K_Tjn}h>^d`<pi^K*Cs=^QnTE_uVmd2MVB2`b40#7+9ge6b@G6(S^@Qh~
zg2~hQ1an|@WD&_zhN=m@ml<{&Gth;CD$rqmPa6E-+Q3OoiAJCf<FKvLqWi<2mp1<X
z%hQr0+ziRs(DK%tDkF_gXw{rF^=b@@%*_JKk^-|%*<!oe1205))?ve@BP@mCJx4D9
z74JLL&?EbscrbhYglmhBvVdOv{m@9&SzSbs$unE_#cs?XGJ<Vod0cfqJ}OG-Qi^?Y
zTLXc$C>Zm@u%9^iuh&^t6#GI3ji1E3+<4qD2hSGJvl<3tlKp@A#gBw*SK1a}*yKZ?
zhJ0E2r(yq8z4@CU==6TRyFM+?=W1bjI8fM7T#|t|mIH>(&?WHn()NZ1X!lfOxTsgY
z+~)6ON3h0LT)tO$SDYB|Gmq{r<}%6GEf+VGl)B`dv3dUXCD%D7)rW1UvC1rcjmb#F
zwK-nQ^}IBEq<3yP^K`R_&=+3|Prpl0M`3R%J#s%^@n&TuXa*ua^X<LcAXmv*RbEul
zt|rh&2M&N`@2@iSOwG7!iscU?op%)n{!1(ISM>+_uHQ-toSZ}-4--}e5i{~L>ib&|
za0U($9pC@2|J4n-yY(Y(U<IuPQO?9M?~e(c(NPqq5q7)g?gfOjp=fsCBQ3WEDzz!4
z#eB7okOi}!2i`M@b~tCc;GHDN;^rrzyosn5&TrB$O(V}})#UrH?!`-@8Imbl3t?HJ
z20r3TPeP)Pu3W(R43FH;=Z0&W#4aXl`lj>epb#?}Lz&51jf6LGOo#XQ5~aZ43Wq^-
zg2|1akjyc7G73cw8^+&T=#x~wY?Gwkbrmm2P^_(86vJNX*D~#nr?<=daz)+iRL9A}
z^60!SNCpuqN`ukze^i>XXO{_pY9uK`Lh8#_pUMN_YMnt(5V#f#mzU>I`z4Z<tAyeR
zh0Sc^>l}ubn1+&6Gczmk+=@!d9F*4mD`89LqT3F86^yt-N8w+Q78JQ$SIR_O`|jfz
zYAns}Utw?NSJKJVp)h4uz2aBn$Hg?gns!x{v>{pa#7c{-3FKYTt!o={Y%D5@^w=Ey
z9sR3xto5Bk`Zgym;j)daBl}ZSlIzn*&8so$$1%qb-<y&^v)P`<JtU@<Iw6{eQt+4X
z0~HaGAPRrxH)%0F@e#&vYH^oV>R}A*PJQQ{-ZMvi)Dw|kRXc582mm&uQF#R}X$i-^
zekmVM{(QLZiwYtsY;rfpl?y%Xy?C-WahqAS&TTpMb)u-DyGw4rFsEs{@CqFoORIWs
z+3}tx&V%tHBIfY!;R_@uld@5Ww&R&B;!=HH2X9};k>?9u{C#N%vX}C&TUIEl7aG!O
zUP*7%7It|bs#d{G?gTt|iJ~mM;q$=z0n?|U!@ti&_)6I~1F~lJ7t#Bvs$HWotLl~2
zgk!1<^wI1&I8lf4WYw{DV!P7l%SXv0OpaBZ(%Le0N~pMZcKNZ|>!u4|m#nKtr#61;
zU@o^2L~5_ABs>(lV1iA5tE1`_Z)VA?O3ybE_<F8Y>0e0`*+9tQa2&|TFXBG+;|iWM
z0)#kETu6JiB+Jr`@d>x*iq~^LeygN94m<U*nHyVM&Q#ZFn46-B8ov-O^8h93z!3EN
zvB@Tk=d6KzX;uNDC;xL8A$1x5E?|-8w)KlTC7LkCQjq2Ze+9M|vB&p6CVyGUtufS~
z^B4%`U7U%o2vd%icGc5A&hBW6hfTd_?*{Ha`+-Z=d6=G&7ZdWI8f7q!?27n75tR6n
z#tDm~g3X`i%gOWKaEtne;J8Rq)smf6v8!kbcqhEq_qfK2TBn3=w^nyN=a}~cMf2Bq
zfX^PqbW>uT(@ev{!p!WRl|zD$e|xgr`@gwnM8}K{Au$+Cp}@xh=*=$-*!KX#zlJZ$
zT1({S3lFj{s?ko}vTLLJeE-$Uv|=OYbi_wlLqmq{jfDY<{ovh(Dv>zC@qe?>cvJ>;
zXZB(^|E#xfh#5;<jcT^kG)IBP`g?1^`89$^S`Y$Jly!~v3||<d!LAg{-pOJN9(@jl
zfiX&loFg<co$3(j3A$o(W$h~Mt?i;~Ho)dW16JRQ1=8Tpeja0*+R3ew<KCGQ&D37Z
z)+AHeX%gt3+S#BKB3;re?iKulRmzOt-NV}K6h`QA=6C=fjki175vb_$@u6KMT4=Dm
zlPv=?DGW=;@KPOoF8xE>#lrqC=q8p_XblakgWb%##iP^@>fi|zEUA+$j44eH=}&0-
z9S2`TUm(dnS*g9%)%rN1Tl$fO{r;{8Uk%svig{e@^#FCQxI;hRNGbt)<#Z#);2Pzz
z6dj5)rpHBZ`)e$Id@e=nn?4{FRo6@}8~Gc+Iu6iY9<6mf{Zb-b&5G()I6b}bZ!3%y
z^xJm`d2+TXUDroZhCvILUU3A2NCO?6kRa&n5xLi_JU3d&9-L-DOO>=dC_wKQJQ*}`
zB+F6d-Xpn!#bJyw;k@8e5cRALp|=AB-XW1OQYNlJWWT|d+=p;;?l|~Ge;J1<4cxmV
zXYT?sf7L{>s_}-o2iPH&!+AG$V={o6MMdBc$ps?HQCr?Lr^**#40p#712J;O(mv^k
z32oYBP4BzwiP4u;O!-kv({=t%&csahx8c8~*bX`kBgH)rM&IaBQCt>_#nAIf_@#+r
zLh(Nf$So@RqGPCZq=#4@0P(Y3jo>bZkn3IYL~Vz5Ato(203B&%81^s%(fj*@$m{-l
zuMixm&+(sbe%?hD$B3MPs{9^e2b7lo;fH|U!Zh9X`d+!<Hl6!s&X#w-^KX>>jnK|9
zDlA;IJQ!^GtJd+pu<)_F{u*F^@4@Vn6__1^B5t=8b*c0<7<u}#hkhj70loP2%U>x9
zL_woExp${mwg92(I@w-gk<0bFC*lld1|Bf)JpfYL*?XQhlo`Yk0XlTKT9e2jBZmqB
ztw3LmN8w<5zS?^j{GT)g=SyR)-(jQ?eM5(hK$kUcssGbzPU`HH-5?kL3wfL64{Lwl
zl*)t$0#B#jxAS&XHXsD<|J7vqOBo^6L!6TEk=-RvLxvj|Fqcwaqw_Afl%k|3*3=_p
zZ$d!xtDp9r(6q%cI1U)0)EXBhvZDc(zXxSO2@7TW;vzS&l|Fd8@N31~<5#QG-o78q
z;}wIaI9=_qjwosX@n1GPhWbJZt4gwM;+$QfCST!}wm4Umn(hsd9PC{X5G!#b={sQ`
zEbKlEa`&0*XHX6%jr<&`cTs1NpGRel`PuuPMI{rPHiUK=$#llBzdEE8*Vs<MD7eca
zg&wO9{?CA=9<A%f4$N9|K&6iJZCLao66My;q+B+;Voz>Slfp{f-u)cU%gl8Flpa1R
zKp|&vjc|>RWQ6605Ej#`+C+$o!(XVk8F5$zYNjfd!4Ma0|GipTE5lBZwkE<Q=}fwp
zs_IM>Qc?JwVV%e*JnxPh7+HGU3zUC_Mjz@r{N<%}b5p36EiT7kZz%^&X&{PFsl(Y>
zrBkR>dOqbg-r1BwhmEdQH8!jbPQ~$Ur}6%CfhbmS`%nBJmLW;_&v)Mc7gw9eI$&Mx
zudx@)z~_1Io&h8a<J8&ijywg7&m=$vY|~|X6QD|fCI>u!?L81+9Dv~}#G3#OPJ_R0
z0x%gsL<AP~ziV59yZj#p03c{wzSSHG$+m(-`R{IHZJjzCa)(p(hsuB;U;;kIDwF;E
zr{78a-#^?Na=<`fX*5-6g$0y2;J*%st@<w5Jn-s?`%%Tj$HzCr{ijO7WI!m}0Hu;*
zJSy*Zr6Z`mDLu2)GqcvSh8}QXVi&<q65i+rMX=AbL^9M+5I+l_hrrTqS@7F-XtH^~
z+is&01+~}&G=d4KCgmgE_62p62@SxMber#Z<uTA*9r%EqtOv$8^X@wv!W((Q_m&=@
zp|Tvn!10V3v2>@ibhE#Y@OTSNH>iBA=hWej3$2>LdU6*e6EOZIe2l;lwb#2D<uoug
zHAT18LI+=IS6-!hAOL-b(-aaDJ=LrO%uttJO-BdbpIeNqvLV^JZn@FbHt@{q{`_6<
zD7CcFL)DUtWmi5C$e83&pui|xoS*+F@IVR$l%`~(iYWS;RTEn)df)@Fx}16bQyAtl
zQQ@;Z{?9pZwa%6jTP!)B#wDZEvU~d9Q<zp4G2N#S*FRc?yIO#mHAwX#?XEx{t;49W
zbS@Onku4|lQ9q?KLpK(<n$?FFJ0kMkY?-Rnz~~j335OyUBg1(~ud;BUO0rScaiFHA
zW^3*HPP)A76nIyKCm!rh96C)S2Y51<^4tSEi=M8frI)o)uGtAH@)KXk_HPin6~abg
zC&h7Y`r;wXY4P5Big^`kW=_`5V{Xevv8{+Quc%CW)vqgZRb<Beo#JN;J6Vw$9^UC$
zPFq!SWiMr>I0l+AT^LGgy_I$U;7BkP8~uHA9MoJ-Y@2Y5g7ZtGMGwovr=T8CQ4qah
zyG*N>G;`h~A;F*NIu*5G#Wim3VnxMVrAsEJ>GcV>Lv~F#DeXwgC0QhA?HRdrc#~(f
zN#R{OMd}3!n4u6%mgZJX><?WnOK<nHAqcJ;y30=BX8}*bn+dgBe8#$O6JRx-U!kMd
zX$IL$&dPssezAut<Y?%HDKNzT`E-)|VFp<l4fp`ga=C0`xdkR)8**OIFKop=d6-kh
zu38gY(B}C`ENIZF;madLrkgdB{d+LzMOApy3AL`B{f!H|u{H0mN42}6aX8i9lW)Lz
z{s`D%W-A<CL<p5Tm$e*WI`>N(g<?X5bY)PAO!RA5!$W@*Wh~%$MzWBQt_;sg)dr9?
z7Q{tosIj#^ZMX--QAkPP{dCHOrwL^@5=7)-mIekR@m{o_7cPT?y3Xg&{ecs6hXtD}
zcjzp4+*7|2z8V=m7<<@5$d~aOMvgi1zPonjT8W$tG0b%Fut*l9EQ8`yofC~qL3CV@
z$LNqN9s$MEBiVXdO)GLquTiGj%4b*UI7@=kv(^Wc1W8)RU9fCgJx-{!%h|IpjEqnY
zOQVuw_6-Xm_(l21ySwQ-d=2*98raGTwF|}TZ+oQ90UuTUGP8CPaedpQDIaxdbBt18
zLR(vJp2ee6Qw{bB*@7JQz`*p_YMY5gRpgB7jgfvKT>Q57oNzaJuNGL#uNo&<R>FEZ
zF(ukl_sq%y+|8M8Ga#XE173LNCn&xP|7Zu%sESm6b9=3_h=xc5s>d!bl+WH$o|GnG
z(S6|uH;2uS)(3kL)2u`N2YI)pV6X`Jk<X5~?&Zj<H}~aNih$1#*!gi=-EmuVJGDED
z&}IR)F9Ma%kCpFLZ&z=%AR=GP$Vb8F(^FBy!fy}mC!b7$8_rZj<)8?<TjYf}ultHm
zdq4*SfZxXz1dIXbvaGZ*gcxv5O|lR>h8ud3|IY|`U|)1(YH0!fHQ?#&j@9qZwco>P
zmDv6S_2L+p6?$m4gYc7p$kr_Y<0t2!2L{eaUH6ezPx*>;G-xjIe7|LH1sq@?f)Vuj
zzqv)I-nx6Z{>u0F;NP!u_wFIS+cbfRe2(cU5$tk;J^4yMLMQ_Tjbi-A6V8Ke-^dNy
z7e|bi9F8YK&v|qf3DsqR<Q1aRV>O%Ie0p^{T5qwJ0C`B_>Z4+WRj2#EfWA?G)^ze>
z?lf2A&I-C{2KmZyK(5(Tq%{(6oM&ts4PPr`3+xvZiCll8vocVd)x{wDA1hL4K23yU
zf));s)rW@Y6;*jRKHib;+m-yFL{SdpbvB<pipaLaPa!L)B7=2G^o7{&cE{DK%<7n5
zgk?7f&6qm?HQV;4A0MBK7w@{QG7GthmVf&)2LC=GnpxdWos+BI&eL<H8bv;!SyBKy
z`xB|{=T`i-O8(nD7aCHgEb$N0@4rm%a%ASg(Nmix*ut&oun3MGu9YtYfK@>?!1+*3
z+^UcYUGZ5?AV!fmUoa(Sw(~l1{=Iket1RZkfIx=B@vxGjjvFQCsURXzM&4o5BfSGn
z8Z-Qhq|507y|Io4Ie=ygPF$F!>>p?D?ZywowAotCajn=dG6oN%R~84TmE5Jw-XmMD
zO=0Z$GpaQgXX}GrdPE$sqLiF9+2~3i7A?$1A6Q~lJ$Tb43-&VNtQec9xDN%dSm+tK
zVwut5`)j0n2$}Cfg;(KR+yhBlNLdL1z=x6MU6b2q9p#h+h?b%Q>_^zDILf+STfA4+
zPe?3nMCpqxR;GN)4=K-Nokr#6R9~oH-`1^ivY>gX-f+)Mj`UJTz#-eB4DB<47FvJf
z5b0hI(%M_gryeafA|rYVxh_#eU#krS9T1I{V^{)ePXTQ0@mi_rSX1eThrQk<R&|cE
zbgQ4@wR6&xd!DHmErg03$tWe`oi?pbVJbq*-FNS3u}<-IKFg~$i;kF%ea+HpktOkg
zvC?CX!w4tdKrtV(Qi9WL@zwhtn5D4sxqEdfFD6t#IeHb(dj)Vqe4Gn6Cg!?_WYzl~
zD(eims*^zlK8u;hF1Iy`?u#WvDR44Mr3G3j`GT5P!)ihzjJdNt=GN2s1LWK?u3?8R
zo{Ls?oHl-?N`k+9)Y(w<1k&V{Ix>ghpBh?TJPO_IDJ+k}caek3nLT~4rq|5Ea~o|u
zUO6D`U7BWRw6k@@j71HvaN`#`rR3x-vaitzI0Y*?L4so?CQ`k{s-HPtQszaee=mEo
zD6heZH?Kb<J(nu60zVfM)T_HBW8M?j`6B5MwvAuWVePa<*6<w1d<U?$)p3aU@=EDo
zO9qn)!}$@h`^5@LVhks*0-^}><BOwKy!TyioGtR9EqX!A?sIJ+{9AB2xo0en<WOJj
z)3=(5x0Wf}MENw%ob)O+D8GYK%x0Bbb)qRr;Ae*&^F+12R{?H1xe0VAyv4^*<`<~c
z`3Wh{1|WW0=jf`O4Oc?@-%QtfZFJf?b98xhbqf7xPu1*|$uMV#rC8>8N&Z^=`nZ^M
z58*3*f>8EU_|v#A&&kyh;$S0_w(YWOS4-DmHts9ltj}RGc48)x0nnZFsWCu?zc&y5
zbHiU=1FOT*H?ye3xSlkWo*h?y&2m1I!Xo!#NS~j>+r_`SeyTy{Jj2+^HMyruT~-0*
zo9m-ax>mJ1nHFDA_{iSkQo3**W2|prr?jZqowKX72SXRHe&l)eG!wuQI9A3xA}u^B
zsw+spc-5vcf9(pq)m6u~3gxN1T1Zm<qs1m&)5V6|XtXdKwzv4Y3-CCLXcE)w|G;)Q
z!~J{4O!j|jJe=6Ytv@!JvETx0kX7>phNS8l$xkw(CUBVp6rS)@xp-veVGv8IA=+8&
zgIeSep7L5303wVBARyw$?KcPkk&mQglsZh;bWw*LYX&DpOaPu#3SBmKGK?+A?@=XD
zU6`8czzu0hnfN={3ydd(a#(+<F5swco&oN*$R{NY9MxQI=E93y`CBu>lkBXi&Fzn0
z5Tg8MItcU*vJRf)4*LBmPZ^YT#xGk_T7b><UoQTVqZ{?Q+31f`5}5f}j!p*VoSBGM
zjjcg1>MCNcS`DL%FGdJtUxAVzSEMCoSR-H_sdmvP_3n7K)>KxK1Y=F3IL$+<m+wB1
z*}+bwn-^%ZaRbYCQ`W+FS!PT}15;kjH;7Z7eUY-F9UOHwor;n5eBGPgN;yXwCHF%D
z_KOS~-fly-h=PfZk@Y++ey0?^#MsWmkHS%u<wp=}O8?As`R1#?F<n0V_&n!0oj20Q
zq~(02-VnML(VkgwM&0Maz(w3oDjy+uGxeC|ZfQzwjZ>lA<hh>K(0Ft?FZQ@xA4w!H
z=yT=LTVkn={O%k-aa_lLMyR64=jozWif5(Qfwt$lu_0rh&h4J+*_bD|b686e!eyGI
z7Q%-g93J?U7i>$jjDBED8FYf|!c!<+l6<ei1AV^(wTs{8HUAU~?B(XrnN);Yi;L4z
zLPNe)FsmgHw|AvgKvJ9O{=+oc>BSq#X2_Qe;<oIDx&IaWo<EcSzqvM$T(YI5o(o}i
zP_Oms3mKIT;mv}-8};98q@)AMHPn0urL&~J_2Zf{l17sOaP?oG9Q(@@$Ze+qsJf4r
zKjPoN+go_v07_n8vaBA96yB{N-5S%?!MIxlTRHzjl5_{OfH%gFFJrZJN`?#ktlOkg
zd9ZBctk;y}Ep^E`wk1L{Yy0c6tWBg5#GFBu{xo=~`JHX)mfTU%=op?H%{3R0SjmQN
z`fw9vx8<B$I^RkoZt<YK$#w?WV|KCsF%~}GV6YaTkRqgsC|}EATa{4G;?Xp0N;Aqo
zwX8Ix`S?p1xB0#6>tiNYVRw<%jANY~cEc&+&vzItp!Q2nC5p*4tyJ&{6ROBw*Ia()
ze)P9HA-ImvzOvh;0d()vqwt7wF}sUJEkdQh9ld1eh>Af{M-etaUW!qm$o12DUB6jM
zaNQZdl1K}<e80rmy?!E~)10RhPSBkgT0-fi-RaVw^5^6Py+~q~)r^IX*32<v9d<;2
zxiR#rn+NUibi^&I?y}%=P+}+Fm;^9Ps;;lR5?s_VR4TtRfi_$5L>QIAcbELn&53cn
zEOD6Fp7-YYGI&(y(B%A&B$Wi4UP`~XPC5QI$<d?Y{W9U;ph8WJ8$%$i@b5s{aDaGX
zG!5~mb?NtN?`QjCs@+J1@5Z5d?1n!r*O&m&!8#w%Bjo*gOR6v5C3=xoV=`3~FCS?n
zwrcgxnGTPNBX8@E7%YyW&Zcj)pc72iMpNl!45x&&2)5vs)y$8S;_GNSof9u|qH9l`
zS-L5mtwhX8y+Wk?-Bn?+C_Y)^k{Tk{OeWS$LpZ^(W%3hoQS<!{S?xQqqOxte8|eB^
zO-y4&(?Ko80zq7A36EWqz9$$lR<tD?Q66E?3*yuAiIq?W6)=G4ihd(H?w#$ZUp#V$
zh5aV!9H+C-iRzuGqiss7h3E|Dh8hZ^tJ53KB-6!qWcn;;b8gE%RTm`w)}L$53o9|l
zxy~Cf`Jk+$P)hnen~aIT^ZOgun`$onLzCW$r|QT{`5T?((3D@bkh88856>E_RU4~?
z*VtebKGbW~O~bFfEi;{rU*h5QZU2t`i!b}?a$hERpZOqRr(AkopR9CbDk|l*gMj^`
zbiWkEv+uFIBbAm+tcMRp6}HSh`l3r|S(2qK<2`#Fw)I0J?W##hmUY-1>zcA~`htGR
zWP&w!O`NH+smvT&sNYg@wwsMP%iP3ei>=i}di(LKRKZ^)b?;aF53NdN?dt6{GU8QU
zeu$4=9DCGHTb_sb*IK$w?^%a0RXxb|W4<EabdHV7eiX+Y?0cw<)Atqc;RNkx+I?D*
z%JxwK=*>6P^t(HI7WuMfQZVj=@nm#NX?Q1`%RV~%%jTrD)C3(Gb8ERF>S3;j8CNR*
z2{n?+$B|1}+58u51mSF(a6b4)odev8$q%V@HA1WEqeNlY(iv6@wMSk<lU~x{k{v3N
zZY>6#9VtEb`qdMC@43q{>$a7QIrz~~`PjrV;=72TA7Keboo||9^55_GZ>jbntMB`l
zX{DBU*!TbEt>-@0ziU0K-9P=5?u(>}|L`|G8Pe`Yf9JwJ;WKdEirDFa_l|YN?kb3L
zpN}1U{5}u1xlHZl?sVme+3OEtlhJYOm-4GDyjTZlT1v61(39|~IB>SX;UQlN+lQ8p
zxl*xFxpw?xY%u@E109~0+fq$A%Tte&VzZ8YC>HDc@ya|Ot`VyU!@BVunI$$&{XTqf
zs_tPumy<fop4&9koL(>7$-oJ*GU+C*kF95m6R7POGbu`*=;j5SI-WH|T-y1+w#&_V
zKd+_<H)vIEO~{kn_iot!@u<{YyF<x+N?0Whj(#<<_$oi@Uj>p--aY&=C=|MD;L0>0
z5A3VXELte8XBD~@I4R=N@sZJ4@b<VdPm1sbaq4o<sTw|yF-@NX)`w7v<i6{rq1@q&
zON|~&>=z4L)*q>gFPGi0_wsJb*7;Zy1#WRR3H=aPNXkUrFWwa~5K23#Ls2fd$j-C(
z$_-|F_$<@=T$X1pwg&w#V@xK1G1Gw*{-f&c$|79Ln($T^gY}^{hg()y!rW`!ps5aZ
zl{|h;!u7AR{5nBe2D9R(E+PT#ruET9nw*U4pB~7|ew_><ZMu%McRQ)0e$wJ6>pFXe
zd3%u}O`%XXurk!*NZkl+3=tun%+$G4UNxmwk}_akz;;Do;QeUzvYeVMOO0qzCUtq^
zTOsAV7*at(`PCzw1^D(*dH-y8vA0@pqqAe{-q?;HgL+d+KlupeSSWu8O6RmWSA2#)
z1bxoA#S={uBpcRcl2AI(inccKD(RO!=Xp}5;Lz~P%xzw{;`jJtPCRT?<EI}Zi}kHn
zPU6P0XUIuj_##81$vl^9yN)h@L(3W99JA9@-@+Ds>N19)-5xxIwBxwGb~`q+)-Ifs
zW<Fqod~q&!&XNmVM{U!hl}{<z|HRyY_r|xEB@dF1Q42Gd_!SlFmK*H|kZ~Bchb62n
zN$GBxcQvZx%$#%ey{_4pd^q?C)z~F4R3f&Cqc#ci#OO?_HgJ{b!I0dBhDH8eHTvN<
z3)mFzruMy+b;2&P#a*QP>627=m7i{F;E4ni0IShzYg+#RtZt(86xu`Aw*LmLwqN?9
z_f_~jfee?x=vMhzH849(OZlzx*M*L>=30g2Nvi>7cha1@`l1CT4$r4lPi^*`<o`aC
zi4-pgV-FVCxdxq$TT8HnL>l^U3L>klv0L!d5yT;LGga1myx>*t^%j+d<=1cEr$Cb&
z@R7K}ig<SMtL09@_u(Tu&(Djj?vGJIio<(k%3TEePe%HoPV-c^&3>n7=Icw}M$5kr
zvI1kB?t{<jA3Hnu{y!hT`|Sh<uCl10pa3GHudWtC7<E^74_rIw{-AClhko(bu`vSK
zdl+@M3aEv3Ua03+<puCnJe~Fz@c!L;`&G63jntu5{cfLkpW^zb`l&l_Z8AOgV0!VL
zm5KFO*UG1#%6A!zqg@yNVU>?#w<%s0kjP;I4ak`xByHgp0^ep;U%Y^qBMZ#tWh`Fc
zc{$*k`EJ$N5|+ndMF)aG1@OfEl0jst)Y?BJoR#Va-W(H1RPFF{5-+{OMV@8IXLg~D
z?{K1CmbgCClOFb5Hml*>?w#}edtBar@yNEHxF3h|RKmkJ9!k`dgJHT%p=_vo1Ug2u
z4VL!o58V!8eYxN!_TxxZkJuzn{48rMn0Q#Ez4eWm|I8F9TQcq!`zjT@-h*PFj<z^F
zkw)ncZ>_d^BAiWf`EdDqdN6q$&e7q7cquIiY)4R?hRY-T$qL+*k`6fX`$eE(?SsnY
znKqH>A(%<GjpPG|Gkz4n*z3(0i?Y?gTkFKp6K1=^kGGtPa2($ucAIhLVWIw+r^h=q
zJPJI_=f~Msqko(@O4&(MAh`HmeQ(I7^I=79zD}Lb#<vu<gj*d8%Y?G`jWsagJT8HL
zn~KlRzp~Q|y~b^PpEZz{MIktKE{Ut15PP35UKtWWWuCEWMoK7qWpgvGNzxl1oBk>1
zRBI<tzFiNSvM2x!vcIMXkM2(q7X7=?pV6tF3*$B|7l=;<^6EQ6<h_%y?9#(0=`$1J
z+0eH%WtV>pBi31?S@dI4ViKxbd=Ntdg&)q{xLxsv_KJCWvNC3Z14*wwBO3y)b~VMs
z&_wWrZ-{fpY{>(iCHiVv=TVPk{#a0u!P?XH!?gxfd<9ENzoe9uZM<jhP(X|Hbv6C4
z&b0{i5#^27mI_gz>rbKxRTd1H6}yjA$V$I$H8^mHRX<{#{n*XRe5nf^ZKpBx&38|)
zHoQK+)P6c=N&mhs4Nvi{>$AB})bCwx2qkOdwLlfU6`#qtNK0X|r}Qk~%XfBOQi%~z
z<VmU(t#XqStHp#;PRc5t;Utzm#@f@r(fz<>#JSgGvPN}gyE+1`a;xR4M$@%E@2({8
z(#zwQ!c};!Qv9|2wcpUDO8>9d=h8tqM9*>)yk>dKt<@cgkLq9^rbBid!@e~@m4qj?
zd99luMNP^QN6TxQF8T<QB~>EU6RIaGprB)Vu+n%HR%B}(I`ur#(fXQ{m>sK5CQz|8
zO7WfMnL09Q1<V77QPU)<2ayp|KJ7PXcE=_u(O_(n?SER6d)GPB6ldBYn>E%}76yp$
zP}PEriQX{gI<MViyP<T^3rnhk-1fMHpOQ~xuUE7X(8<A=51f|8Xcb%id%VF<nSjxy
z5S1P0scXI?$cH6_vL16D{WC}Z0ikhaK00*kKczH2Boh?Rh>0Ob1>P?P(~h_LXnY~M
z(w701rU%$`<tMt0d$Sbg{NA@jjUR(CjOz-QT%Tl!Vf;)x#bO#JCZER@uSRq{kz9&9
z(zBHm#^;r;YTI6i!DtN|=ChB<s?0WHm2fH^v1HC+Vp5Bl&5HazXOesno^}gmU~t*G
z)0SVo-)KI+M0Q9#rR3|~QO-WF=4ZstqQyZ?Rv+U%=Om2*73wK_{=27Huj7bcQx>jw
zE{nQ)(M~jFoQvj(7#s7c$FZq|SLPx_&vA|`S}2`vr8A)Zb`K)}ZbaAJbUclD%1$L%
z#m25<d-Nd$VjOju(v5urkmLDwLj9`sVU9!0aiiW@gUC>BYJRZ^Ic?L7fykhB!a}la
z0w!W&cmVkm@ljn9*e~dCxE&A+GBH@XBzt$ry<ph-Iw}>6G>ch&!<DzY+-OHBGnS%>
z?{yC-pheAU=vtCU#B|by#eDfIRLAsD*Sg|q9|cWQZB}nGaLX%lXb!KjX|Me7DJdvC
zAkF<nD^Y;%UQ22%GI3M3>ZmsfZff8N8o{w(%GU5x*9(?Bp}D<KCji{4cZV>xlNx_l
z$nHW_v|kOe^&0Y@tLJ;5cFw=t75ja@LY1(p`cr#;I53+j*q=(6>*iwZ6vaWJ;IF{F
z9`d)Yf{xH#CdxBoXqEg%0{@_n_22dEs|J#eVBBkcCEMM6r=O9E5?JE^w3DL;40xVE
zQ-?XJsG{<6*PoP@95K=ElQZ>n6-$|rEk#XaaUK^tJIa+X%gE@mDt(ZM$RB$5&Uobf
zR%2;4$Mz;Q)6P;OcBekxXpUhcv{Kkg;>7otV>ZAc%$}C$!Ep%u13Ck^TdoS^cBydm
z&(^#+;uy~v1nuqZkCB9I7w|+@eGe1uwNnA<pgC61mlD6TT}62adwBzuEwq!GO6hJ-
z7?<5hK1lTJBKSr~vbaWzvSPb!hl=WG<Qrz3pv^Y9?%+Y9B<OLLtds$2dEoXY-Jzn(
zq|h}@G!=!<P@X0ta)F>HXr%%vD*|3`_RIH@Tf5E^48k%9-5B>dz_nOyJW50a75jlb
zhnCg`ZcT4p{2f^^-K@!>@Ph8*r+46Ob4WeG?U%{Ylr!OHh=`yfIz%&aGhUq6{h<y0
z+es533uUfi*#n=K#=1GVEfzpl8rheKh=9QzH1LCZ`zp_u@LXO-%mon*q`ku^F#}Ih
z`Uxs>F+W?NF+@tB>mmhR>}SIGFAe)>?e(!8q4FO}mr0d_^6@k=<wFDbW;&Ky%%ef1
zu*;YhG;24@4;-F%f8>{s&CdqqM(oyR<eh6N^sTsMBaE&168-Ez$mB{Hc*7-t7+86N
zi0B;{A<A$ZtP^Z#-QKqmgKZC&*2?ePdgGn`+Ui!g(l`Zv%gAwHLmPIM=rRJjwk)8O
z>Fm5wP>nbk8R1i<!{LB+UR@r7`s3Ayh@S1XUx6VL;QDu0|1{n_W)5m{z~a5Drzckr
zaIcslU@EXVj|Q_&3k4&3$6fT7f}iqo*k|bkLUMpJvGxGh7H?oVQHmxOmDWT=3cot>
z(b3UBbmkIs^(fP<iTH}o@p|P*d+bI{eP!9EZ_!`hO6o0lt07DG&F+t^b)sY7Wvnj`
zr$_T!_GDimB03J;gasU8Lvb|=Q@%bDndY))!~-qu)l*;<0B;7UtexuUzS6L!=fwW>
z)Qu~<O0Wakqx`_eR|$HV07~jlwjNQjJeYXZa%lL%wg#|I+10}bWYp>n%<j6vV0Vn)
zU3{dsG-$I%C$ypm4DjwP5$(x{uhtRBI<xikZVB&vK~$^&UHyZzmkk>AXg0nU;c4ME
zbIXvPq#hL!kpu*JXJYZ>o9msG74Kc<W`;L`%|!}#t=`sRpx$jhe!4<=F<mVe!^M@n
zouyCCMHaKTPD&y`O9wYvzFOu1mZ7CAQy^?-6)*yRHu~?F2d4T!TKGr6u&X_EJ0pu_
zlP{+a5q$&mV<1GPT*x|0bSHZk=tn&MAVl<wGhq-lv`$2{40ZJm1{%Nmw|$_bM5wp7
zS2~<iTV3e>@e3?d$GqG>ovi^hJ#ftPw&7N~`}#J43a1kg<bClbD8cP%dtl(!-Gf~a
ztp;F9h(Gk(%PT334#f2R4}0QCa)CA3gRjtSI_d(c^D7%b0IUX3@uBbjPyg(H<$lL8
z$i1sZS4{8u^M;-o?Jlte7!{;j5Apz+8WjI+dqxMPi}H~q4iOP<K+=~}&VFt}Tm#7W
zcJy*?*SN&BtzdxgFE6+C`yA`{7mI^u=K7d`29e*M!HsDOs6;>hI>&(M9`o^@Oe_x2
zd-S;YEr+Vnw#04r&>mXbBi%|7+R1*t1czg)8vVf8RL1HFS)RtqD;;h?k-WM03@*Sd
zPy1Ykz9ZJGi)~og%ryAH+4XNot$al!ifRz4>&tUd;6V?dNJi|YhGma^rg?S-EV<l&
zl=hGMJ9L6J;4(wpm>8i;GWFX<!lg79XJ#3Z!qQX)lewN5{Y5t$^LuCBJRX5(`^bc+
zynP=wk-$1oV$#bp$<q5}u>@h6&F*I4b{jUmU>qaiidgYYNxeU?IwjV4#(9Jqmfd8H
z&iNU2H7m)1q^i^6pvRx<5OQ!7(~0ZH52b#0oJwZ$pzhjExpuC@+144Ex<(#<Nu%&M
z1NV*5viJ}xezCH(jHFufa7??J$|42s5bNE=PJj9E*`Xg3BPH)8Chu%-w6!NMq()O_
zlVF3V(d#0aQ}gCc%l3_vH?@OBgIeM=0>G==fAr(e8RpZb37yz%A(u_h{!u|2ww=u-
zQJ^}|SuNsq{N+cOK&w{|$BU*3j}D(!;vv|*tOQ}|bk+n@pRI_x0uMWbHl0#k`b&EG
zhbxIFQ3c)unOPchSCK56lc8xpgW9H1h}h4s8@sc5cv+5K^%dp(JPKki_g)g)WNYVo
zZDWlfz649X%=cJ-f}(i{?IqrFQV~nYFto*<N^zbYawP44vKo9N^~PhuXT56g2(r+v
z$rkdhV6-y|elzg957s<fSyC_9HfUWeA_frAcg+xB*%x3~o8ufO70;%1`_W7y_)tT{
zvES-cO*(EI#j+(*wi<=Awl3W^ybjlt<rgTDc0zs7&kQ#$xi(3!+TeSxa2}Ya?=SJw
zC?@hMp@(P<>GrtxKL3@UXVRab@RKZ=uxu)pV=7uwg8p&2@LViw^3i(6e7j-~)S+Zf
zvG@0!JFJsvFY5quCpxxBH)}HLs;`Rih{p(^J{#=iPEnJ^c#ZpuH>*F0w4^Ef`TY#e
zBGr5uMkNRw5vteyyS&#ls?v0W3gt$U&9Z0nx*lEV9g8bKnI1cQkgS}n#rN83_HgXy
zb66fh_73x6Z33@1xwq~MZxA;2f1tjLa6A&YD*kyafp50{asi(R$GgA(xBol|XjWRc
z;0~)tMCv3Ig>Qj%1vtw9O`4`)ros6a%R$sdGF4l<efhu)Bm@NF#p%vtMDGy0u}FqT
zn~vz2?k?KoZhGoUMC7zPWn6pn%gO<wiQVxE+O~h+2f%6ra}(j5Iv?J<1f08})P6Q#
zeKAK^g2;I<o%;VAXW_sG5g;PZnmL<Cu1_7_<?;zq+6Q@q3Hkk(`H7Iga@Ba(MM-Fc
z*deGHmVL800^3B>e~x3jZdi1g&)!BHK(O4DGBv>_i=vy!e~tUPH<PKF=z=&%N0B^@
zYMo}%4|P-lKzSHVr-AmMcdCX|;_hVvUn9#dUf{f4vnR{}4hS&=ztOZ-Vmv457}ANS
zIVZutfl&2Kj*pHE2&ng;k2Pbc{Ih~0hu6REtCmBSelsvjaUpWjfMMS#U=}F+SWEZj
z+1{CvI|M%|cY8}k-$@IZg$)~vG9UI*zS6X~$jHTNRtu>M<)k{YmN>Qd&H*RGo}8Yd
zOl~--IX;>-1Kf)+abo2n<}E#9t85W3sM&f`!Q}7naAxC$XkY2xHG@ypb)x_9T-H)*
z=z8J9uM7%rz{Wr8i?vTeS(GPTr!wUmcf~~Oau}7)kZE*OT=jQEZN|b1Fi9_P)YB`C
z0`zx-)}4E;rPK3{v;OdPI&_}=Jasf+knZoK$YTLdu+9@*Q(tO@yJRbPik7fkcsz3Z
z-VIaQdoZjWQd9X1A+?buzBVmu_#4}_bm;3C-8C3Pte8)+zO$RFjrxwE;Jj@{d`Xl@
z=UXEZmE#n+oI@A0?@_uB8RY)ubO6}k_O_cY@W!?IrgTE87KQ&>Ut@bjitJKYkYKvA
zE~ENNjnmzJeLjVsY6_yTG@kG}j&PXoJCRZLnP;{yCu&l_*4uwTN3p&&Jm+WSO{sCw
zRdR6bEr0mwID_IBQe?~s+{7c(A{3$~#yKbXoy1bP`4YRw$tD!P%t+OL_zwQ_gfbI_
zg2S)!4`FQr^atEZCQ~q)oyjSpHJDL}@~~x87EGQwoR-VP358dcjulh5GK-u%soL{l
z5ID5`J^%)hEyqo{Pn4s-2^u(-n5tlH+_CN9JiVY9z>*>g|2q3glsUZF0w!-+fYvUc
zq`X`G^&|}Y)f#^u4&7i<RhT}x5_R;_pVx8$l*Rvj0q*a@BLuSwUbX=+fBA(U*@`E?
z61RR~3GkNoO6fH5ZZ0!t&wm877*H1d{~)gYv&bof=rnS6cAji~xho#bAhtD_Mn|{d
zdHDU>FD$5|6W7$#6j!#I2u$nm?BdS*TR*z!u0AW@%gUobgh#<$f9x7XiTkX70s#da
zvi~h0`FAi>7qRa*BWFs1p9jWJhy9%?TqlpR0za3B2)e)Q0FWVGtIZmfld@vrnIgsm
zYY3ZgO4D)!2~bZT2z0*-0A}^y0!+x3ZgSiI55!s@M2=W}`bMy?82)NK#xJE@v!<O1
zMvoF_Q|;%RO3YYfvX;cYv)Ii8H^S=p#m2`tYWsAci+b+YarQxoFu%1588pcbI69oc
z+F)i(#CCpmY>Sq3zTP;|tV1VY>C1;Ms3O7=G_~t>bf)S7vuHnX|1A2hqu6P*XEg6L
z={<Oq@73$xGB@kIvL`6oNiq|CT6_rCftTm%?0*iLK$7V9iwonAO59zf6%<R69+IfL
zZ>vad+238fa3Deg?eT;X!N8kqA1Z?m&jZSmLxeK>R0b^{7AK2Q)$EE0Cu7(6vc)q1
zRNux?X@4CwRpio7SW_-+<XTt%%VVXzwG>bywC`?L?=Y^m{c~(<4aUS-QeO6O!(rX}
zQ8#^6!uz<TRlSne(ewj4YIDOrjjASWXh+|v1J5O@^S`(oM)ugNBat}|IoimJrL3i*
zx03iq;!3S*U*qeIUZ5RsBdS59a4H?M{oLexz?+^y==}_^d)tpk04MMqsEkXUA8z@+
zep2;vS#~tjopl8^k2mLazD3Du9*N<sQ(ZP<5ErwR&7mVLR(qf2pT!=^STMUj5Y-{2
z4FZ+=-P&IHrHktbt+T!{QT#fYAj`3vd==}w<*QX1fqV9d1fKk}h-mHRUw$<kh5tXi
zeRo__+qQ1(b&HCKihzKE6hSE>62L;QN|hF*OBX^5E!%=L6{XjpNDmO{0s&M&>5&>~
zK@bSNg&rVphNA3!&-uN#-@W(z2du?fbImfwH@?vnKYvj?O!rA7hI|xrbPlQ_9@WjQ
zSKzNL`yuIGizF^hRJ&Qn4}C&070=T*AB=tWsgOfisZA?x7cR%g4LuL<98mvEhu$&F
zTFKMQD)mrto2rH4XjA3<sHn5($C21@fI4UH3Ud@{-g@RZ+jJYn+144oIrLA7T`HCW
zdGJ6z|M<qjSRL*OM4u|aie6W!Pu7_AqhV-v`i(>t4WKF!l2@{MneX<f!iC$2!U?n2
zmcIG8$%B$O(lt9;!>~?yLmvuJ&I$SBdFYyXjCKWHUjKqvCGz0|6_KpC7PH3#HI_zH
zSSsIo;wLD&zIU`RBOL8{toGmtJX<#OD)0C0?_-8yPS7I)g$q{V?<PAirtZI9q<nE-
zht!xPNlWd8xo@m%oYZqKy3=XwnWe<DjW%fC8t3j7olBWPpr@(+bc@&VXg@uhtkZOM
z5<n-8-H9;O;K<V(Gtw0GqvI^CF#T-zX9)mbTjvC@8EhuoEi_Oca~_lo-P$dC!DZw&
z1MZ()PP&bAx9Ob))WLohsxSmfLwVDD&dkKcin`=O?#uj5LjGqF>UK#EjQ&CdX|Qqt
z&&LzTwytj8{Z+F7JPY#WkTV^DfK-IAm{9Hhxu3?!SCDy-^16<~!50H&>Nc)xgH!-Q
z-F_q88T7AvI%fBKXB|e#RILG{WXm%9FP97UiCl9xevdsR=p4rex_|Bp1+3tEE9Uh=
z#mMsy&V!K3UxqbE*z!JalYVwqr_H>pmlvcogtF6<3PB0tY$@iB*T#41WS<i2)6@NI
z-02a?jp4cPFb$x2=&!fWc9HtoQVx)?k*0ZKS#h^eY1sslfY^r?&b(zWsMaCqBxoQQ
z-@Sk64iMARKukAmxMa=T#u1}3p<>teL|()-N86{Juu+E%6t;Mkl_()##fLh(E8{@_
z>0c1e%boB%m-g+M(v((I%q6}k9~%&*hG<EU5N+m4D!%gQQQ<UK_88UnpU`;0r)jTN
zGZZ^y>4wg~m1UlzSrHs>wKU$EKJ?=YJQa2lQ=geTi(Tf*u8e(&J#+K*ka$3VT0Z^+
zB52!={Tt<w)I>UHad~GWfmCzbN}^I$3=}wKVb#1-N7fWB(P?mQ=gdx@O9rBp=xnLg
zWF}vG%uZI#3NdckY4-Mg7Kqm7?K}H~lduNbb2VJZyMUP1SV8yxA*&wolp~6oV!L&)
z{)GanPOZ2lem-aCThsVYB)xERj@HY_qL||&z9U>mO0q?#p|s;-4X;$Kq(ZAiW#|gx
zW)t_1_+~mVNJ+N0gc+geV@ercrN2pboTe9_XZd|ZHwlGrS*<>S$oJ76=C%WI1}J45
zH}kO<wWJtGdqn0(>&NB%4jd!!dXi(^@eWs2D@3vyyR{>OtbzZ1|7#~`M(XmM$cm^n
zSrk3yP96Ux)!oV4*&?7aGRoq#&RWW7cc#GhJC7iwmB!w#oy~jo&Dvw~*o%h97Kghy
z0W=6k*5&S)h<zu22zO}2mv`w_e)sS`BB)1AtxKr<>_sH#G`F=E0AEl6bv~nhDZao}
zUND;|(t4TiO1ERPM#iYB0K+>OhXfe+R9aKw>~X?Xf5X%~tg}X2x|On;U|8kc4@=`)
zgZ`ZJ8WvfdDMW-8XWoUvc=>Tlb*Uh_v|Rg7a(}VmtZ!lX32Gk#CeE~yx(w*&2I}Td
zj!XG-9?LoAe)-s70vl9CYO>;GNUaoJ^;jrdG7r9q?l_7#t6W(u|A=^CPF>ErI<$%G
zr}u|_sxjT{aSh{fd1c4nM_JKMEb!HVZ5+VgK<wWU@)D(BLE@(KS)W+mk;L$v{^JU~
zStbv?V^3en`KUU5cBb;Xp|3|11Irh_Qx%>ryr}ZS@W*yWvR@b?7G7FBW><R5^yslp
zeEW${C(l2=wafYq%?;HDs+S5mnR9hOIU>zNtlt7}zA-S<)YLT7)R<3&kE~RuPX-wH
zCTGtW3=GrGagGX}0dhSbD9{=JEl;?@P5}(x4ulaWfY5+!20iL;nE}c&2~d`DkBHvj
zdm=&G%LovteSQy$K1mAaPHA!{h9Ph4w>U9Pg{V;*&xy!yBN9s7MIo1u_x*ea4E<mr
z0D-UM^Ls$(#)2fcgpbDm(Vuhks78WziPyl$9L;`~7p&sf{yH#l!;?=x;s}%mgR-SR
zZpps$rFpryI0Vdzeqd*CPGK)!awE9(xDS74KuZ4YYyaV_)uI+=>PyJNaq|b|f}!&b
zlk=Gd^9Owz1_BlqcuU9V!kQLs&SZ8jfsLdF)`B{1ian&kubE?!Rd{#JGYwP2d8OSR
zR^wMNx6rSh^Lh^Zq^iZiF?Iv^<1HT$3)ll#zMq$@L5cRQg)$Qtv%Aha<W4xnCLg!h
zJ*r~vBOk<`3L2DQlQHxp`qka)JbQ6gi=|`2XHokaw-z5eGkUCVu_AX+B2|`oqzs;^
z4tt#fwfm5nL?QGdE`$0ovIn7jb&6tqIlBwp6PVDZwr}SZ>T>e?URs4Sh#a*cPwF)=
z@y{1X?io#*u#}X7lV8H%E||0G6{ocnMTcme1PU<vA<>p7V{da_Tv*$~@7L!^+M^+9
zr(rKV-7}-|6|WdkVudJwaD_CwO+LF<*I~<0%I7Snsiqf2lBQ{tySjw^w)QA}+f12^
z!l&uWN~TA90)wq2CIbf%4dVi3oJ9pqSTmSWH&&qh{Uk<O$b@#Z*SPm+65Ktc$(Oa^
zP4+F8lM^2_aQjHT&ms%w6Vm<8ro4LMX`Z><WB$kJNR|EEafG{TVd^~<k=52aIccNq
zsn+^=`V$#%p{AL+Ur1+MI#)cid}ycHhc!}0Ds-z^fKm?G+&PrBN}(+ApTuebyfS4d
z#AO%yxl44{WLsumk7#ALuxLm@Z~VSi!@Ljot_VB1pIFj~R65z7EW}Lb&SR(7YTnpo
zDb!ULJ39CElBy8Nu<d=)O9A16m-1eB2Wr^MXL*7Q^0X%OhL6%WVLJyW1IVxsc4}d(
zgKW`b<V!b1LAek>_6P069U{F5mpC>GH!}QLEiA#nfpoDQXU3_tkm|a1WQ1nz%D+6V
z3m9SI62mdwt;jlh%ssusJ|}?d8I$c`!w}&Exy~a(C>?El+7H8nXc@|WS$0O-(k-*t
z5<^RT=zGY5U_)A{B+E_pJb1lIe5aFIo_66902W)4q(dj}N@-kpTpBjd{IzgPjjq}7
z)pV;OF*G?#L~y~&{RC3-7>+3>YsH>1BiDz4`p)?eWZcF(9V_<Bi)4fLT_cB5hYKgt
zN*v6+eLlPz?7oULz{WjoqWONAbmg_c0nIzVMOnns92D*z_F5>T7$Y}l<2pK6nQ`k}
z7lQ}8aJef?vpMsQVl^{<`ap8QTeFGhww<^&0p?qQBO|`_4XmS8R`%?{k^XR&czCN}
z_t0B(zVlIUgOhf_LWWL>Li9~3)QL`0qezb)Bs<0DVD^K?<-g8@ha1eRAm1*21QkVh
zQh3I{^Zm%zGI9;M#5To?xw+s1F)vi{n)=xbGhgRCJ~y$wUNr~r$CR%LVD!rkNAAVe
zUL#$3ax%&&<BOLVUN3L1!T<PD(FavDk{Cj66CBN7BKNJ1E!pK(iIZO6K5+ro3555r
zm(Pj?*2#tRYex;-I}-`}Eduu9My;_Wyawc|+-*D473QNx`VpiEkp9*#0d6UN(2!v3
zfmC>E4PeyPUItFA8~|^&1QS53b)c8>);~AL6HAc8CGc8_b58~R7pXuWv`U~#2}Rve
z_#~l(5pwFl^mHTOIjT3M%ss$FD+4B4^~V*%|K!hLLxT2o>98_~x#fLNUr8ThKKs{!
zfg3*EpHi7b5-~k1ds!0hR_v4U@R;3q;65O|sLC?pq}XKfWQpV03klZ0eeFM+wct#m
z*p?dT#MKHfOicRC_J|PU<av$xhJUFA*6`WEW|*PPvr#x|+lu7OVHJb&+nC_;&&s~~
zG(`~y*tG`WL|9L@JPJ0dD-=5#b)$dJM1f{`%W3gruCPwKo5hFjfhsy%S{<~%%b9G3
z4<b|y=$mr}gDoT*ZM6Bl7M7da->QG~OJhPM^AmL6_uK<oA5be)AP`wX?Do*_lCQ6K
z1#F}87unmUZ(kioKV~~^1FMZWe-+0Nk4Cr#{@#9ON1&4yWKElH7k%_YTcShs__AqU
zds4x!*3tkE8&temy%OUj8J<+?+igRMt#zQ4ZN*7nQJSfWtRnQQJJGl`+^kMvu<tpP
zYNZQ9`v)*4Dd$gyF4)Coe+i9kS@@xm&u-yFK$_QM{j{|ZjQCcp2u*jg;;QbQi5lK3
ztre~961&Q=e(ftH2di0@ZL<gOMYNBrbt@^rg0y%MFt3z6HZ*7SD1(i&LK`ou9Yu;{
zbj?#<IIFmo|86fL8>)5o3ioK~gzU3skBDQp>5Y;Mt$YeJ2aPiF%UfRm99dN-H+6{w
zEaUm`FIAC`oC`g(va$C%Epb*I$y)VZhenFB@f-m?Z#CW~(V90(Z&O?zx*51igO&L&
z7^H-9<|>x*We64CJv>m~RGiV4@+bDRR$8D&y^XE#v|U}Fy7Q3ZsDBh)F`}Imf=)e=
zdAZ+Lh`ul3%Uw&nCFOcUSNip}nC=|b`NN~U-?;grT3k#AyFREyjugDf<hHAy<Fqnz
z_U=$N3AQiw_4|FeWnfsAHuDuIVz9$XAsNf?y>yyK5=-b&Fo}uIf}=A94ix)g4H@XZ
z-A%^2V_hP?qWoOP5h!u>aAV~^gpKOGL!t^s5tc{j$cXvfjw3y<iw@0R=R7i6%n!Hi
zN>-fHy;Hn45mmcr=XUpPX>fWdSC-Vn@4sbD-8+m2Ya6lR^Os;dudB*y6I~q=DCV!E
zYzAi}+Ewu6okxbVRW_NnP0M#mGqKG0o}U?2x7Z#UT_bgLTQe9|j2y}$M^<>jdN1aG
zP;V$)V@xf+fx$jF?g}S~2v4XbEni9*t<i-?F2_AuR`#!|9@9z&?KFQKgTP6msm~07
z&xVaJtHF%d$d-6}==FqBkK@32*@H}Fx}Q;t3yX>;#-bc}RQN}rxXAB!*fb4%Ux#A7
zYEeYkV><JO__#4LBJ|x;zHc2oJOoKAqmg+3%(~Psp8hS^Jx=<m2O9=NCw(*DFtj<V
znw+BN*`^=|t4TGm(9?ewy{=Uobe`yX9;<wC>8Oh-DIl1Y(5=;-GspQl-47Y4bp?KB
zI;1M}yb6DdN!<r>;5|4?WP({n3nqN<w(CJvi~Hp*S<B&Bnjedt+vRL%xI*b4s4Iqs
z5Gv9fkPS-9hp~IePKh$J$h|SbiP^Lwl6M~zFakioCBg-CaclyCLD<j1^7GQ{)Cyj|
z!2fk7yIpm7asH*>OLiEAUuuDVJKqcpt$(8v{+U7nI6MxywnPpmh!(8u`j<F76L$pi
z{OQ{M9g3igFBRC7gUAp^5E&A*Gw{HF^5^EZWl$T#d~P`ujo(ywzJY<j<*Ep#jXE%J
z!{NP8kZu%F<m#aCzcf3B5IvrgiN<y-$JR9rFq13*PxODcy{LrTUko?CFsuiBa;-jj
zoc=tBnftB3g@a|aIt7Ny;0>5N${$J6L*v7FYpXpaYmTW{IVN|a%PI3izhToUs2zKj
zz7iMysDtKDsz$IiuMQirnOrvYyhjhU1KrAgLji)Ks&k%aeR>nAe>5ml<D{EKIZ0OZ
zug^+dfab|1#eIZ%h+z0s2M|J!U6+hXZ(ejS_R=0-DhzbAf?~{Of$=i@nWreugFWxv
zE5mK?=+WGU=L3XoQR0*|mtAa5Sz;=sZK?y%19>&E>{7ak26QNn+Cw;aE{{tw7Y@y!
zf3T~q!#Eo|B!XcZ#lO7uY@4J#i<o|PFHUo2j$V9uKC+x3_FP?BJ4B8b?!es8Aq6iO
zbx7rc9UewV?Lkuxf@gKxizeUhByq{GlmiFa7NBMF9H7k-=Qw#4<w44^cjy~i_7jkp
zvAv(b>y2)=7(u)x=4(sXxT4&$CcT(Y!VbT6;j>9%{rO7>n3F{I9Z@|il({o=0Kva;
z8k@E4!(GAT4x4wRSo`Ft*9qEpq{$RGYt2~K8@G8vF}9A4HJH?3+-@8L_wSSY1U&X7
zS|sZ#POq3>N!})Q^=g5}H`179QTa$?NlnsiC?<6K#*q1ZH^>~pa0c)Edu(7^^}4FK
zdXBRhgRQvrty9o!gMMS}(ZWkX_-!BZU-sZXA`dd=mR3l(p0Zg&;Q;f|TW6#^9#(vn
z0URnj;H9Y`!@}Ov8FK&ptjzxVT$}Vn8wg=gTmM<{)PL}2DxCqsMA3MRUdh^ye+32e
z+srSYT4^TtER716-CXAfjxjTXII#%ea@pic$P?~-jP5@JH{<|VHxRKwl@k9<K>k2D
zA(jRStI;aq1~^2WI$IR{>oz>&imIamMi1^Z5;j{xsUgJ#XJmAJ)umyHuI5T`DvG$j
zgia~@2s1eM#`=@ZR;%PP_tjxlMDTM_pTfTgan{dfnLQ`cT&7J6zC}oOj}`^x8!hn6
zJ=iZIpwy);=Bck6m6_z$3C=NdTjEI58PPEO0TgkYMw`MK0~8wcjHC6_JX5Fg2n-*Z
zOIKh%Y*`*1DM1X<0RqFG<FXM}xnl~Ouzl;JT8@~q3`(8s2~LA)g_s2Xne!m}ZnR3#
zH|x^}Ek?`W+82{9*0~JJ+jM7H<IrPjUj(x{+V;nv<z=`I*UKYvsEwTo<7>OrwZO#-
z;~PxXZFPm!)5#qY9$<9~@i>wv5C~EPx6~cUCQqCmIo-)nwzhh$(DmowFbU%({Qgvs
z-($B+q47HQBQWv>TN*BTgPG;9J`>Bn11~U~YafbAo0Byr1ntc=1`w6Lk;cP~rsZAb
z{>th1ykB5$CDf2cGG*t>^5!FWT-+PT>9GjO-(oR>jgN42v{}A%?XygeIQ)CDPrZAB
z*eRvgO>Z(j=LHwx6OY#_WG@ofxJ-PqlSW~Q`Pw+Q<eC(fd_%L;(9Y0E#Vgz*KC5Dw
zl>2j&$~W-SnJy{l_nPUS!Aq;O#ms{caew>99%S|s#dVwrLNMDSMC_ecD<YW@!ta*?
z9gox+o22DukHEA-Wo7Q_bKboBa$puynPM$lbf>k^L5)cvDV3-ZXu3c<i*4FHKZ=M$
zKlp(dsVoIBXZt)xAF=n6z$9>nDSmhED{~f<N_$rD<N{kP8+k&<kVBK}4^EY~`4~Id
zwsvWhR(GHi%eWg16@`8<g2-eZ?f2|MKwfN+CBsJ(i5d@Xve@LuUQ3G4AA0^hmGKi-
zaC6N?(cDWMD&Jl?bk82<49sSBw+*`*$vz;`sb8H_nalALF|Tn?Abkp3#C=>~+G?a9
z4kFvnY}lC1EFg9z<kWyo6Wv&jSG{7iBTv>Vlwr*a<i%F*nw;eex6>?jMQ+nwkk;0t
zrAp2Wb}#fi6yva`&LLIP(mUX~vsO_>RJ2z6^HAIl&?|fc5h?jxTp(3>e7#n{>!<c}
z{<l?}v<oGp6S(jck1tjKy|0J=B)&e7F!S2Q^4C@%ID&=`r!W25jnPMddHwG95o+E6
zv^*#bzp2dat^;%XIVcsl3CWava1xZ2RfWk|-G3#O2rb`t{Q3GDGs~Z;pgI<S6rf+{
z-gS`!;_xr8OHn2eg$wE{1Bww`JG?Hb_JRJMz^B8xUd;j&S^$z5M0lTCx8gyJ_{V?q
zC^Ztb8~jk2;qK;Jd}82XU^?WkSl}2A?`6)=FLOjJmDEbitU*O09eMSOa+`{=d3kfK
zS_Z=lU@(uVg9#>KL9{R?9kvYQ<SM>ktxv*hp@#_w%&J+Emc$~csTGG^{N!C<AHDoy
z2jovTFeLv22trxc%9u=T0CH)S4dwhQvVS_q$AB_Tu^<15UYO`^o;(VHs8jg`#m^*h
zo#J^3ubCdP)^h?l0XvEW9|qQcnip~dq#*^xJK@OT(QzyYcr<0Etw2jcuhEVU#I{o>
zqhk&m8ygE~jj683bs8{_g<%7ryXF``%r?jhJug*^D#&(A73isUAB*i7*Do8RlYT{6
z>_(ECYbQOIOly0pc0*)$QC}j3D|Q-f)0J3#X--Fq47Z!;?%BX*mnDtnpsy)j6PPw+
zbr=)m#vbZ}15gXSI5)~bhA~RD&O8BF-Phe$XLXS0TLZq6m?Yd6oA%W%+kh!NM1A-r
zT(Qd}VP+s8Yef{1PXx+lc+{Qklx_uz!@+iG-^!=MkUy#1y_7DhptzX4HW25^f29CK
zTWEFj8eq$SsMqHZtz({Bo0v;>GHrK$?o%dE3rKH^%cq8f!QunmFY7O3uq5e9@biAb
z(X(P56SLBbqYQsu5Q~iH{EkX4MTalxl@MdyJ!^$UwA+Vb$0Tdw^bIpfpG8&X$eydW
z!9D{~W9KX5N^;qub}P`e4xd93+EXS*w(q(cDy%#9%#->{y8(7v4pDqavYP;{93bEj
z-BdNf+3>CP6$pE+lI>@vL6*jJA{?byXVXQ@XE$^rF*SY}M_^(l3iI+3k^3Q#b5w`J
zgHbZVz-wthg-@UQ27w@A`@pTazIkkc*K(|Gf$i|Gk2*=w4-F*@lr4XXLx^9A15;8A
z?JPm73a{#y_=-(ZcOneCB90t733)?3{f+U&)e!@6_v!9~h^X=w1ZwW#d|z!7(ZMPB
zOn7MR#S*YQYs>X^053f9>IBDz>hpNeNa}yrSvy%dqcY?q0?pk6NdYDEsDIua9W6}V
zw7uGUBGD_YG;7w0F4|>=5XcYer{|6$9s>(w5kQOH!ab3}P_OwZGV_Y7i;Gs7?$$jZ
zN5pfkbtZIyGDDVumY)*{e1&xhr}#;@?1dZ!S<VR$x=Fi>i;Kgx_}1!aR9sOv%_69u
zTSEC1_!<iN^D=c+K&z35fTdGuvs>wJDx`oyh+@6x)EbaFi$5m~Tx}9vBERNAAY|&G
z6st)5rHg$51R1SxK7$o-W=p0T)F?fb6g<^~!tcEjUhvXy4|05^dV!ZRG!r@igq2>|
z1qkFQK+y>iDMV8bAON0xdebvWS)q>uGj&sMX)Tb?V?l<V7XzEGAwrqg(m76gSXqq%
z@U?6MWEBhbFoHfRcmKD|JYczvjg9F&PC0dW?{fXFKY7;~N`zsD4l~Oiz+$^F$%hLn
ztUojfZJk`0i{1y(Uw3MeK7(@NV1Inm-e5g}c?|shkXRtnscxKqa8dEA*yKR8`@(|a
z@?;E}r>7W6vM2^VpRBPv;r-@p0IB_chdB>0=}PaGTz9Wso$RZ12DT1ldP7bF4_<8(
zs<gDgW!0e&>&t~)jqRb+bptiQD?r5WhEFfbozVQ1*Ff+ue@2Wkiys>$l_BjmyagN$
znG$m)%x?TwC|Q@3N(nf^%*<E9Qfww@Yj#6#U75flkjRnWmK6h~f#fF==pahFpz9)4
zNa$}Kh-|ICB(`KK4ib9$Hs{NOoU0cXP_{V!!hqrxqldL8g(fzGbB!F~vGH{%N%Z;s
z_*12E!k`_@rIL)59kzO)tn+oyYhdFOq!+N(3U)N0%}~U;?!sPnC7ePn$b4-mDfI?V
zP~RNjOLv$#kSLBohi)KmClHZ;!+g_E;|c>g-v0v^sk}gu)97)@%C@#JFB0U9!p7_W
zlP1gdcLDRo+}vD-B67+1>8JZ|dZ3V@<KVPYJ-8Wj$C{?P7hp4M_rxPRvET%+dKr`<
zAm1+hw>Pj3YT>(R8L$u9xnrbZrG+jOz+U%4K^vkWo{hJ&!*IctdEqjmZF;V-_NB3)
zWc+ev?!r7Ev(f2ShqoP^ieW%S@O3Fmp9(sjBnzE%!AQi$USC)aOQddP#T^^VN&Ai{
z$IPGB5BTR!Om9D^K)$umv~P*k_1H6!wNRDu`D!Y+9#az+2J=9~Eh~}1PC9pH<8u`~
zP#kei9et)8!IwQXErYM7)pa@wDJ0*Tv#Lcuuh$eLI~69Zbmdzb(E=lN>jc&rV?4Ni
z^Onjn`p6M?iCGgP)^;4pKclpke*BU!ZEfzz2tI^-Tf(#3`BSf$irqf{Yt7}LP1eE9
z&B?}>={IL_!2sF&&aP~F5*inAW8Tv?nz;j&?A&nh)0u8ky0Ut<Wjz!}U=(zBr+)Y*
z0Y(~cc959t<MVR=i7#X3pttMtFdfe2prw^Bq48d+3n?gw)2dj2))KM_b$qQeT_+)C
zn@7iQl8j(&FO5o+R7Lgog1lI-Vk1GE+CV7R;Kisj4aY=lk1*o64;g6?g8}uw^}&iE
zD2{g_wNQyxH+7<Uq_t@%c`{x9Y%6It)u;>GrIlMJ*?nCbic^c#@~F0J+ICd^+DKLR
zw*CHzR0O<}Z*n#d2ow|jKXTE+%G0*H$mu}5k(HIg_U%l~8w1c5c%;}5{|A2t-mjdT
zoOhI%lainBU;bvt1aUmDv1fs-*l)22v?l_|6IW*gb0wyFm0`9WQQ)`(i8X&VY_Wn^
zThMWA>jeFii`V-Rz#Q-BEXFvjIt*KX-F7^hPvhK|mk9&_yGG`WCs!u=YSUJz+Q&}Z
zMg!gOs+Dz{zERYIs@M+Bfio2T69@{S&6ATnPtwz(!r$SqANVUdi&y$;TU$*Gr>7QX
zq%@kb4crs}Dsw(BQTxMeYDYzLDCY9}mEjCUi+2sjuEDSBWlUkC^vgxIX;4KUsLBA)
zZlL*UX&eVPTCC7e47YUhhu$_hGT5jEbk#4%Hc(Y@*GOzC?1O?M^mYOa=qczZ-oZ2q
zf%0{`!6SfY07vJS%ty{QMQtMkQ7Uz&35go+s30iY!}<kMde!G84YA)lG=gspxuAK~
z*>+`l!FaImMRYQ*Y^1tkMe<DaF`?Rz2_M_bF7>*iIwA#7=34MNzRr)_2!aPv3#g{e
zH4|nWq>vF!bu}vL^=chmJ4t*~sg_psd4$k3ZJaq@DG!bd7rZx;uI2=T7m5DYn+cA-
z0}GdBf#TXcEL7XE@AtA$ZA1G#+ukyT{qTE*fnf>TrZJWFLHR)9{1z?&_9{Kduie^X
z&Ap)TbND$f&{c2tH?sNf8i+t#{g2t2Q&elrV2xz1mFaojVR&Xh0YZC@yaO}|7^ON7
zO57J_X_z55ZiB7q@8?FifB9Z1Hrv&3jsnkLShQmHU#ULC9MHSpLad$Ud$4(?Cs9Uh
zT5SOrw_2-Z;F*X#x&!iz8h8`&is-pC5YC(qlUTK##Hp}2n{*tbxb)c(u=C9{nsz;<
z8Aw)eFBQat?%CsGV_3?~Nj})>x6--e`~$v}!084RcVXlz!z%m$<TA+HJ})(jasgB#
zGan}Vh0Guea^~|_yO_z<(I3c>IAzG6tDD9qrgV8EnHyg^HzPA&687q}bPA!VvX!rN
z@fPLzPRMR5UI8X)9L3>h8LwW>WOjFT^@|cR!|KeaI&Gs66WJ$_*PtX5DZOLEw7%p9
zo3CgiztFMR<&GG<ap>iObHGy7SPW0==}RQgW=L=RB&IQPo-pzGblK;{rLT!rx@AjR
ztHIZggWOmK1_t0?X`(_{V5xW&PNRvXJvp|St91CQ72_T`1-3_g<VHWA7qfGJh*cN&
z8cWR=x8c)REqLGYg1=7aNZ}D@p$mQEXo3NDxpyDh*k(9Z0=f3_(XK$~OjW8{@&us-
zt+3;q2z9YeirFnaK?kmSPS-;bB&N=kXD7USgVTt4*;~)D72-_iR;X;xpCQbIc6aNq
zmS5)z2ndjQc^2{G(LN^6*+v*989a`K`nY`PWG!Er2NF?Pl(BcBZS+uQTWVr#UvH{M
ztVCHSLA(7bZpNDCRXxdp)FQ;7JZ>@UpjO|0Hf<VfEuU0q!7A@eAGSAI*>GU@S?y{A
z8c}qVIJdbeUXaafmuUu89p^k$=ywYw```Q$nlp1Tl$4HAEFo&(DL)0;MU7Npr^)h8
zrKEQRVjMCP3HxdcQrDM=aT2amKc3KtUxfMI_S^~SquQy9G|3Wl1s}D-kfblIpROTR
zn+8V}+U)LEiDqRSa_(RK@R^hr^<nS1_=y389~3<~6zTgNGj}xm<ppQL0!c6K+dEyQ
zG24tNI@*UxQDsaHn#yruer@$NrxlW%^Q_D}t!)uR%efl7t}xOLbz38copUrgju!ng
zCd2EzzMiWMksY}(pO=wwX%*gc9JKiWwHt;W?b@dtbM4Xijs%d7CTHJYDMW^S*O8ur
zlGkFt((Q2}sYqYFs~<_vugqN_m$>6;vU-SUa`p*25AD|&pXkss&3KJoUX2{COA6hV
zc%1Y1LIgYoOXyfC?tX^mY*f$U&`WUr8RIoG-0EUG)AiZ1tOqZ#kimLb#T91e?%_mp
z4tOPG{q0JZ{XXn@30hRTEe+=M6i}q-WZ1e|MikoQyT>l=dhea2sTb2bl3{8qhP(Ij
zrKM0VF_ajY=#^jIU~><Ljw$OLf7LqXsx-^MLHsdEq`qq<x};v|u9d1uzRT2)PnDHY
z`nw^=*3Im>Rcv>6_d*!vdqHbQv`ZCf>=uGDFPcgh&XRG#e-#?sD~5@eO!CUVjfoK5
zXO$)uO#PfA+VzsD(Wg7ye)iXSMxrOX`e%zv0L(_hIKFgrbg%_N9r~+|G5y>r38b}L
z<KSc`47SuvpCO7aQt4c<L!dQ%+C0UI%{zJHgL?8!m1JtwSFtLiW3Sry^NFp>A5RM+
z#ro6xhbmK9Z{kRq@osr8BW7Sp3vX46kBbbkJCPQo4{LIVi=vXl#75;6amCJ&9Sure
zf|X_d_9HE+PxjI9^6`xtLwxs9IU*?>RZOa&rq@nMn;k%a=%gZ>+Oe3B0(jyPRX+ck
z<-Kvk0kTq^$I>qdgklR7o#h*HYEoisL8*xKp^T-kcz2j<hSsvG7Iw7eFuK{cpH<|j
zL`60yxUCH!G_~NxTt+3@#fM66O=5+wl=(-Aq(J8vm@gq8YETlCy<fa|0h-$$=xzQA
zIeLI95d%;K02{d)wsvXD9j}JsxMNJm#H3F5M4(B+b}%v#w<ZPtF90xGOd<~b6@IkK
zryxe_ga+VE@ZvDC3dOa%v@EDfARJ|Gqqy9m6)GVyH(gn)HQ8O9j8sexn1ZU)oMWYK
zC+GEYAH;C?hJsnyu1HbbA&Iz*ItHRU<@#dWvbp2Qv!c#pk>;qzeUQr_Irr6xaW~Wt
zq}LkKlOi^$>-Myc2j@vy<``vIPKG-J@x`{{&JDRsHMMgm5RVPK+6=JoYciQ45ioI=
z)#Vp)qj9y7*?{N-2Yx0n15zgeKA1|fywAyj_s&=j<LwSasxl$R%UuX%%joFnWe$fU
zu7i>0FBwIXXdw4tR6)<)k9f>iwlZTLmrikA8bOk8PJWm0FzI=6Ao30qnH-36dshH-
zTTNadXe*w9JV|^evAApE9E5ZvPF2>w8UgzP5-hyt_<(Z582AU5xz3eKAbNkst*A49
zj>%d1)T)9<76NdJTpI+n-R`gTsvV>fw*ic8`*c7*t_b8}$gPdwtOv)ou0Q(v)X?({
zC`Rz-l8*}K`8`au&*mPT1kinuSv(QMMp3<U|Ns9?b+>_nDdD^ZZIlSUijNt(1+&q3
zQ2y-WN_p~$-;VX>$$3ew^ZrnvX{aR3U+#E9+%WB_U$Y*$ykTcdae8kjV%9$mggI}5
zY7co9YNW3#>|IRP_u{g~g@eZHP;~RQq7ej8A%K&SZ)ZA-Q*Ny~i=qc$d~=2nhTn1A
zsk*%gQ*=3%>Vc4Gzyg5Kx5Fs<JHk*5=eF@bA+}a^eMG#E)_Tv?sp93LtW*DP-M-p<
z(^~nkO64*(dnH;p^T?O#z8XFQ(eNN*b<na}gUcdN->vjye@hZG6%B5F(piLked%go
z3<plneRv!VGdyv+lGJec>Vh+UL&VIQKm629D#ZJ|F@dCdEf5RZT;oNMz~)#Avc^9j
zK@7glXsA)WYqPdaf~>D2Y=d)=%6|kLdjP?1O%OpGMf95Hm7rS|o{!%?@F~#do(^YD
zI;d$%Ua*m3C5P&68{-!L_3x&AgMQh3^Oh~RHHjNcnm2X3QKx;wD%$*<zpeJ)%)fEq
z!l;wj9D6!VE*S7-%KEfXgV4XR{#qDn_{fcb-%Cfe5kYp%);~vF{-6HmoM~*q%e7C;
zXFU~|KkQc4Xv$rijij9Z+_mnwq6S1hc<twk5{!P+sn|toi}U<&Q+S{w8}AdRkCzGZ
zh%pmWh=Mhqs(QPU)$&wGEoyHrXkaV{PA8ZFXJ_ZxI3;h{bq3Rl#-4=7blm>_rSaX(
z!UHKPYTRj=J>R~VIO&dt@P*2&BjKZn_Lw~l_p$}cj*x}6*g^1|r-CtF1sp}Jcl!&y
zTdB4wcK#^rjX|FG36{5KmL*zuw<M?131t|(06nmVdR41^{aYFiFWeN35e^d`x6j;Z
zMpb(oM=<gpRHf)C{~x4VY=HtyUi0nQFV#_8%7?YeJ|0I|vu58APCd>zE;r)Tc8+YI
z@kV|o=k^>AuHXB%-s|o%QF<$=z{`(kYCc89REY90-sbsD8u(R^_~)+hy$HNm*2uwc
zc%}5NOAT*<=pjdq`=?)|#R-QEga)Y#R{3NX9pzJc$KsY5{Z=0pTSYT-<$@if=VFSl
zh7vZPd-r>Gj)z}@54RtxW87e<sN1Y>3d(t0nuiBHwY$9Sb&*<WurKY%<!_<h8axaq
zge*sNIc6Sl$)DHUCnSci|7Mx`J}}^FUuXwgT|)$mi7C4IOc#rZvALw3*-=n`cx&&*
zPeCu7<c-vH^*3g2i%lC+h~4jKYDmYRq1w_yKP1p6QFw4T+?IAUCCR+N%cjshX5qpb
zH-)WX_+7kzIwnO+$j<kN?@`b@YU6?2*|~6}9Wg;G;(^f=Hb`1l>8`2~%;Y=Ws4`;U
z*$u6enpxI&T2fN^s;+z0rs?w@8|#60A6|XiZQR|iE0dGdmq2Fxw6i_a(sVcBC_xc>
zdmSr)*o5F9BID#Zp{J8OyK#YQEZ7rj=V{nE(q-cQunTkgCQzz9#=F1p@Cd&)-Kmx{
z5pw;au5t=`rxkCu>fLunK_W%MqmG3pDX3Aii?vF-(5lZy##81#YI-T*MtVRkrb~y?
zt2tYy=6&<tmFsN=1gny;pNp2c-QA;0oQgk-pLUa&?3af7)d?tfo)n;<h@#KpkNz<y
zf43t!O-v)^PXEB8Oo#O94?<k#snyGQa~$0EBQ&k>Hs!whJDN=)g0+lwV%Z%B{BOd$
zNIRR|=X|qI-~y;fi28MzL?K}=sGW61w?WzCBP@b6wE+h<#7~5Y*ks*(xSgG8bxdAd
zkq&=yTI%O+Z&)v)=?jnP+0W<D%i(<=iXXD0&n?iC4sr?P0hXY{XtmuZ3;W^6hSFJT
zvx@VdLzpfJ+vzbr53UR~D0Q=KD2>yKhzxq)g-%Gcpv$Qhph2q(YS(-1)&sRzkh%w7
z@I|p}yu9{=YMyTjyTPgetNC$cKQ%5>!OmdrU~-JVenDO5%D!yX;eO4yt~vpJqDD?v
z16tErsO<4jPy3h7u9G{{+`j;JF@IA(c#v98E|4@|NY|Z55$OVLM*-4up;5B)DriN8
z+p!K_34Cq}9~Hh8w16cU!xtv>yBQ&hRKF;7p2ikPlJj#=JLb%ysIKn<O<|^Gt5ELt
zvsWc?MYm>9E)T5R+S(jlAeVOlltqp9{*2;yA<rytEZ{s4s!L<OpodcvQt&S7vKJzP
z$bkW~J65yW&xrZIK9OArSIZn-bM1PfIz}&ZPT7Q*-~p<pcJ-o<eh4D^T}*7&PbJKH
zDEbttMIGbDK6G2B2{%-OqC5)kl@Qztef0ta+uSh!rSf-9mraG=nZoAZMLvvQ3BMpM
zwc33ET|73a{h^;?8S9yubb#`a@!l^nBHkvE5u^w1w`e5Q^_)acD!)wXu3w8bZnL^u
zUKOjq2cXW}EjNyE!2`}<O6nZ8FX4j6@yW{^-%mRp`K`K!KM<D~^fHA9P6-@OX7-xT
z7*ixDUah`snyH{M&vq!V)Ko`vzxJcf*e4^paU`^cP|oNsFpyK!94t)q@Uj=Gh2@=g
z)037*Y?4WW=<$dkr-u8d!<qvvV;EB$iq*<!4xvS9+#i~s_jBTBP`cZF%#m(mv8cK*
z7HK=W^vca5l=G>jsgEf!?Nx4kkU{s^+8zG1127v)+;xtS+V<8Jt2<TfkKVqq+L!_=
z?%GEE;F+dfVWHie7BhF8)ra-uQRj8g{_<W<aGre^mDT4hQ$)~%4?^)T2aYoxx(*s_
zP=!1d6+WFC(jo=Ui`JGn`nioC%{`A$&FA7;YOSAML~$s@a=O7Yi=R&2`v&@%ZSt^}
zjt3Jtmk^6XcNIz!E@%wj`4;4mm(5ijp7aR%ZA2)asO>p$4bFSUuP@%H+v%pvy1!;!
z8_VjUl5?wQ&m~IkX)g?doBjb$<I)z=>v2F|D>3`vc}S6bT_1h6c04(r&JmDl8xf*6
z0`|ZAh5_(;eW(1dLfOCLV31T08_T$AuEuhF?~_Mfq>f$N@Z-93F}Y{lFH`me!qzaa
zXL3{+BlZhq|KCv07MK3-Fs_5L?O1oukh}Msw!wFTuJ+8q&gU^WR25)-C@odn4pd!?
zJ50OqjQsbDS<hY_Dd>6Fio$o);SOKb6~Y47&9)O(6Um3u?I<iOfH!fU1*t~cFIilx
z=%;c*U4OmehbQ$PQuvdKVc)*b?DiH|rCajOpK<AES&I=jy;?0f(CwZ0$qd%RB#4Zy
z)-x>#1LX|TsmcKTHq|VAkuB}Be_=IyQN^SUD6IBNfDGzlJb@1;bf5=o?{r!Dq?Xsx
zNMW@r>KJ2ioooLtC7Ga*`=<E`wTUZq;>pSb`62FaU1QsIr>$Ewb64`3GkADTsG)*T
z=5nY^W1L99L>qIKm+csE9oGIEeBHa46^d48?Ur@dn65oo=rp|Cl#*V5^{01x>e#om
zcSbZ(WzNM;r2@&ya|!*ePO4nfGU;&)z%zSk(}n>MT(=9SD|Dt&^KriVn7cN^eM21F
z1wWg55~?z17NFxg7>d%W;|f@Jv7$GJQ9)jXhAKu_AAoz;5jaQ-b&5JuP<weXHr{2L
z25b|Fi}-BYpd}{|BX=ge5XDv<ks<Dd$z25Xj%ldA2;aisa99Ww<7^9P+1$gMa&!!p
z98$|$ovz>?G9zIZtT-GZej!Li+X|IT*3vl{19A-{|N8j4LgF|x#V?uLB!PX~;`?=z
zVvvs|_u?41w*R$@l+YT9%x(bHBFXDMj7>zIHA#HkxXxAo7N6U8<CYKoUnBp&`C9*S
zo&b9O4_T~#Kj#1F&0Fr-cJ&SSEOs7*V{IDJFmO>uwtU#dJ)Zlx6iWBr_yT#k-iqdz
zAx=%oEsB(L1@8En+caVcTdcvl87nMs04M4Sdfwxk0il8UrRbt9x=G3xXLmsAKtJa#
zND2t$%F0R^CWIt2<fF$X7@NZWSE)f11AH<DFX}k-4b+Sm-}~p%W|k`04xypww@+Uj
zx7t7ako<?%Jhask6Egm3I=<m~a~SawFE1+sV!s(m0UrHj9?NRn;Os!(=}#0R)d~2}
zFiX$;3Jn15zy#062cS5*lur?|jK5Ne;sD6G<C_ozi{dc2r*bQBn;==uRmbvn6sf4Y
zD39E_i*PZtcpr%`*jI00&ac%DTKAZna735Pt*BS7po#BujpsOJw6(L*p`xdSf4UL?
z70u)^^(n_3Hv+h_^>hM|Gns)GryC{J%-9h=TtCGTz+L7s*JT35eRwIyF7}c^j$8F{
z=<sXa@ENVenCqd3)F!<9oXqT!bTWvMwx)(}BW6Nou|fUAQ7_|L>)#ILSk9)~M4zrF
zxs?#WVmbC#y#}N!;2*O#=VWa)Rfs$<;edj|#}f-MZr(qWd9G{vIkJyyG-dH0sLfEo
z<L1A#jK;qd31!rAQcqK?9oOVadKbto#))v|&|X=>H?X*u6cpM7SX2%ageIXl4o^<?
zmhYos(u2X;q##E@zfJ0b53X=@;z~Lft`envJ8-&rO7Wo~QeSzmkPX|u-1|<NVf+Lg
zQ9p!AcFWnL{51|ae%7RA;%8}~XJ_>k%4Kb3scy>k&Y@R(*B>U#Xg2G9Dl)$P_~60F
z66D}yVkC%J><a;wBoeun2mf~PL$;yB^UMz``Pmqvjg1YpZ}Pq)XRkR99euX%)kY`+
zc*q<%f9B4FKM+<rp;TeTm7B_lYYq*V!B(8kvOOYIXsx>3gwn`~-3^_b9d4$&4|dT&
zr$BdCYisKvRfz0{H$3`?0NF(&!J+*^q?4SJ+8WUY#Tna_EXmJd1<D>!KsijJfyh3*
z%z#JwBx9PT7st<}F$C~)P)YByC1J{-l>xb<uP>f=&!7Dp!6d_%S#X^aYr%K4s$`XF
zQ25a~6mku*)@c0aW^VZKWo}%K*Dkh0C}H(y6tTk)S-_+L;0%T`1GR9PkkIxa{sG|G
zFV|f}J6xAvb(_m=2QC0a@^5)1L8xfu_S^sF>HAl~CI55Ywf|p79cVxRyjEzCGuew1
zFL4-urvM4=pJ^RMGp|_#p8^P0qpa+J2(AZz#SpszpBpDZ4v&NBhydprUm1LS8ZUlg
z*D?OWv%r1zGOl#Z#m>OpZpnYK?4*HLHLnmvaLXq*T}e-`rAZmAx1##b=3^sX4NI;V
z1RM&_Tv>Od$wL0@rLG)%FQRX-$kBc-tBg`rI=ShR`?5qxE?Ws*E8Gn^1<Ec{<35W$
z$@8KT<5|EZcb+e<c#X=$CeuRhO8`+r<&3FLB+3&)T->dhs<WokpGO)RUap<q1KGbB
zorf1+>j%l*<GMU70ytwNrLi)!)qP=Nm|1NzOci8`1_19}W2FXp?Tpqs4$H}Ir2H(?
zH~8KFTMYH7kNjjt=&ey59=jH)hvOVfWQG+NE?KPxAB5bYrbB>uL(ihM+GN5|yD<I(
zs~AqJ=nIPI++@(+**TVh#>b;$gAsXIYTfYG3+g6SmYf5+d`QP(c@;{+PDl$?nCA{5
zYMJ$3EW23iW-%wz77pYWKm3yVP1(}z3u!09Zs{P!iytyZ4GU=uBl?M^d<g6)XdP0u
zkkB+lN~N@_&gTlcq$kFXRj1a?H`F+<=}6`W72CFY+S0rv`h0aS1~`K;lP8s(KmSXr
zO=Z09UDb*9w4X8AwJyq<TD8v_M$G9$?ZmFr->Vb(0thAHQ-^19+>jeoPNcE`Mpp0I
zX`sDU&!DyMXaDR>J%tp<>h*w||0(f6cNVHd(<W^xwjUKDVJzgG^wyEb>8ikGecQq}
zTsZQH0iCKeH(ve6Y!3&mKj`!#f;$6aq)^D5g2HNv_dApJv3o-xo=7>#o9YlUm8oAD
zRuIN^8k)0>b98=Ct;T*;WgSL%A0D{y@}tJZkmp@l!JcPi1Z~ZWTP|h~%;|{~$(7n)
z%Oz^)-^Xr(@;G-;7M!Yu=1GcN7dVFyMRy{@@@TXybX4&N&G~CgVJ$V9hWbKTZkea_
zW9#cQk|K$Ii}a`LzJmZYL+Z|4^g>n3qQYg0UJJg}!R0JWnPd~JKc&6S_~C_;Z_JS>
z3W7G9lYoi6wCB3_UGGWaj*sgB+bg9R)%Q^0oe}An1!9O+<Pinbd8-;veq(i~><hI@
z67iuaYWN(nqUS#mmgWtvDE$n_NIFzOnQepnqNgt86gB+&F;W6o;SgK%Ify9tsYXvp
zI!@K{f`U4CyPnoXIn_4osVnbO!wR(;Gi04`6GN;``<3ztFWZV$g{*vIgJ;su6wU1X
zd6?qG1UU@i45=Hla&6&qQtYBj73)DH%`V6@>ItXDw61t|_8PD5-5Y7WNX~~`rY6FG
zK<R~naD!6dCda9GTKAaBY4{tU&ILF0dACySB7uV&(V-9Uq}>H}Jzm7*5(&hPRyO$S
zaGXA+wO(np`2gfSGxbTMD2_$^CyHLthck1NgrME5Yq&4KkrTHzqqR&t4l2P@&#s&+
z>IXP@A3kI+17DJ{abVqf<Wj5^J+J;TO89Mx<W9)pec&Umu;6IB{vwc6x*VC2<G0CI
z&)!|LqjdAJkRpvKQ;pNjc*?}M)#N3Er780`uO(BmL@VSK^~);zp?p8ln9?(c_x2^Z
z4|K?cv-a!q)h6R4+$h=N&qM})Nx}dm&1s1Ax-82jRv!89MIl|*RgS&x)K_u96LJ}`
z4veUr^=0@|BBO`{0CI|_wv1j#-L7PCugBsP5WRC(K31&jwus9%891sm`|7dddN~M9
zV*c~$HTU_kx3_&j#a3{e$@*<ra9iMq-q>{_IDu{R9MIfQ;Njyt)Y|#|`?s$UTB=WO
zogI1lJPb_y8~o^jR$2-=a7V``KBQ(ZgdISj?i(B5P62>5TYT?>U!=t`ejRoq;xVWV
z{?-jR^p{V)0haHE`$VSdL1YT?0Kk9bZ?|ctA@n*_r}_G;hD|JpYlH?l%)_BAmyO)H
z;CbjL5P5k=%<Iywj$fg-<^8U93u^>aXrq(mV|y_bH{C0}!2Hy#PrHXID1FcPuym^Z
zi0MHT$30zL+O)3{`8xsizmbWFHDuk4ZYX@7U935e#qJwOC8sc<@Pf_L&`(PwA~T}@
z*xCWp2h=e9^^~qZg1?JR22%3NvI`2b6I3+JLXH*3rXo;3p59`HJg08DbxQo1Tpm#l
z!yj!TozO;~FZCA6BX(Is)Uc?_YsM;6p*b6UdLhli-RynpAs2eL+iox?EoaYy4B?XH
zocW6WzW#w`js8^AC=`e5&|9CyaLqS#8*^4y09#d0$8pz|A%2eBkKxH&nQ4Wi2Tw-a
z!%h+-UtF<(${X>_RbypFV=W`v1G#W>RmWwL^=5;eV7;p3-1@p~LT6f%VQBcsD4wnv
zEvl=i*g+Hz^rNi`5wkNk{`qMibN}$A=bMRoO9n8kVNa2C1Bj)G)xnO?vC}GKU}cLt
zx~}qbu(p2ny`S}Z5FL0?%STAwL>K?w=60FS>+oVH|KU~ytaWw-H%P12Z9Csanh_K*
z#nHxGcN(dB&9)4=ufDkh$cXX;0;z@btHn-~c|iDco`p(<<bK5M+)M7L;ZF%5LrDoY
zhfVXVw#+uy=(957k1Qn~IKp_{acu<w4#sA%E6BV2BUlHg7N3*NVp8?}`6$BdYb~~_
zM#-{90VOQiDd!4n{nne~)$dDg^%D@7#=<ZlLg41_2LOYXT?nP+A*z%XnEB=)Jm+q)
zXQUQgX!o^&__)tS{>Mf;bOL1(9sKMUNLcIW`ZEpBjqn99Ek(?PwbL{EPuB!!akS9o
zp?4q>9xD!cu<om&8gS3#<{!5Cw{X_>N<Mdxo72`#^RP@!uNtq&ZT0>VnOjgOZJHLD
zpA>cRHD+NBdd%vY0?Z1E%fKA$&e5O^c6XIB%qou5G#fyGMjJHZi{~f~{LiUb3hP^}
zLwOJZW0AX@GXwo3fP=!vzF+Z#d;{e*H#TY>BNW3O`IguXqNYGl4tN4MdQ`{!x|hvL
z)D@=1e;Y?TMbCfVWcz{4pdxw3YY+cKUOg?n{phy?m-+WBV;q$9TpV)h%+`Cr`8Jza
zA0Tw<&;NR1=NfeHbI8V+H=I|zI~)&BBkgAQ-Is<^R!9Jzr+|Muvhh3+|6fr%KR*u)
zfRA>@H`vxkMiqTWg{XD`fbZa5D!SW9374z~*4@jqBJnhkXX|5KuRe7*Co9YT$HyID
zg{iSw>t5^~zKp$y&-1f8K6<U2%T!PHIp@WF!Ee`{EmTMM4&PW{Br=J6fN~{c>nE8?
zAwrCNFhe)D4Fu3(g1;+WWdRKKuP=g(_Z3gwp>qNha{lS9{~>(_f9`wcvfPat@_+Sm
z)Ac3+5dh*$ddrRvd<AHeo1m21R_U&P@T=Wb?M>b;=3P3U^<)MQ!h5{G{|jMN>@|>z
zi8C)s_4$c_Xa!cvI-~D~a={j$1wWhcI@N%RBc4~?N0UCMCnk509HeUd0y^%92z=)`
zQ**b@v=71d>tp#8qfiB6*I-<6deX;2xNsze`B8X~k@_TJ$+sps8jXVYy23<%AinM2
z+9xmK?(R+;Lon=O5i?V;ixB7FlqS0qm?<_$Q_ND1zJ0IIWW#wrbJlG`0|BXSq3s_0
zk6EpyPt=q*J(108O{hJ@0<TF7`QG|GsU<fwkSB-gy=f;c=dTntsZD%i#+O(kq$<^Z
z%$$sB*3d+{7;;9#^7m&)IbRbRPcJxw;})h*Jtcb;f1!xE`1YvN!1<g*)wRj!nb6-a
z{&!OLT6qf5@5^!jKR8m4$sdsyf7>c4l*_}lK%?+B#-UNAt?&|ec^;6lmm{z~@h>H+
z{f~6pk586d8n?Ff9a3}BuXYgIhZNUVLO6x>53}DE#-t5T5|<cj@Iv@ek1RXh--{kW
z8K`8K&#+o|4W(A1VZDk*(XSX%*`hn82PGY%v$*;ljJdt3k~ht;w&uM}tk_lbK5bq!
z-32E`x1VWN)lU`EKh^}Lgw5IMzY~36Us8F9wl$68nRCs6Z{ZDH{m>}<5y7X#Rv2b1
z;d??1@Jby8aST-1z+S(KwZy3<pViv$in=7opWTJ0XZ%|5%zBhbN34p|4=*LB??d>|
z-dcUT@yVEWOg-iTbBbme4^8vk=2yn;H3NYW$t_stb552>9CxOm0-<nBCiGfP6ewHf
z3#xKZg;R6rByjyay4Qa6pb^ifIjHu{Sbn~2hu|oOuU^lrb%Db=wOffamYrFi?Nl8V
zk6V*>UIG<3+})LNe?V12E(-8UFUYh2t}6{w;HwkwIid&}tgJ_20l_%@oH*>sKdrO;
zH1pNCj)n0Z<=}R?yX`O3c$cfYDo4IyjHQZR668a;*uG>;L&dn&RPk?xGkw!JrLLlR
zq}vJFoHqBOGSdh1P|4^4H7BBlsx3_T+fkGjvP25V`f31CWY_%^*vl4fsN9RR!xzKK
z{Z0+kSWC<KJ<m8&bG1uZQCI(go}_y;XR3u&n&0uIj#=%Q<aD#U*#<s{`mql9K#dOF
zyOet*J`aVHZ3xtaj0RH&$<ff_jUiM8n^^=a^wByI_AD9%c5F>qFp4PTXCv@b5Eyc=
zx8MsD8c59=W&H((T$!jzr@v+*AC!Co*_2z)pys0kQu+Vw*Udz!okOPzY`dG7|BM7L
z-H>y9RB8PGDg;4Yz<)0x|CcTT2}>O_a)$Pez~Q~SR(C{zt-T?#|M$gj+LriLyiAQL
z;#Pneg1q2g(w3hpZQYS}xEj5YkWmDOaErR|veX_r&r6+8eri_(w!lk2A6h*K(``pe
z`6#{PNXh}`Jm$T@6gKtu3Mi_g%qt#nrG88IR2xQ=2F+{D&tEO5A4n-D6kWftQf)J#
zd?O^?I`_Tl1JK(fCv~J3p|)MY*!AcB1d{lzWZ{<qr~G{!^#fJ)Sj+kuj&oN24Z06`
z3d}j9{t&GoC4mr+7n_DckH?%^mN<roGWY`h#6J7OOsy6!BTDzjtlBuD3H|*1X@g@Y
zSq}~v4i_ez2w6cSmT;SeD(nD2_d=S5F4U=8e<)N8Gg+^9;^27B!B!~xX%h+BF3A{0
z&*em~tHrA}i4ej+2(NuMb4U1YxSgN122I-&3p)3pq;F?<-J!9jMGkh`j-CumFUL-w
zjaqsS=0;A_x>he+cxA!MiXz7qpt_@0pWpo(|JyTWN8Z-J%d!+}Iq6qTVvG3&6+0Ev
zJaBO5u^GH3jd$C%PA?7G_boMQiBSO=7sIpM!!Q}_4WCD@&kNPegeGFmLi<DAUe(5r
zhM1#Vba{N$%)@@KCD0O9_7ZmDah+T*zUPa5$$DW_Rztu4ZsrlIiqBzh4LdcV1$1In
zOD6Gbm|Jt&rDqe3G@>FHYaYcMsvA!mG_tBSHNh2L>0|>z4B;bKj+$|nl_92>!M5~~
zFm<I?H9{mXxVJ=&{-PJmOxCGb-n&mW>;0;<bXc*2nQBuyONXXAij$9B(^JIq1e|4l
zcea&dd^CPZPrvXv+`<`KTlXyG9&>wP+Rr5eQ<|`X>KsIH(S^{}D)zL57Rm{r&o^O4
z#H^Ug@Z;r6>OXg9_MIwtf1zAi2~kaY_CS}2h&0nK<I;tTI1Fl_i1(rtuh`aCwuRNI
zyQ9+81Ub!y^xr+7&}&b2N-NsOW|Lp7;jHVghg%&{1U|(rStQp@N_c2e!`dySb;rAq
z`67MwSX#>17wWq38aWN&v-)f_{p`8LR7y^olWxOBX1s^nTBG6-^)I8&2)ky{4e-xb
z_+JbAKg@l3Ae8&R|2cI!omQ172`6RWiX;rmR`x7o$d-Ml>_a#$5?Qhg*+yg?%UD7f
zoP_LyEZIhuF?N};WdD6;5S{P6-{s!#{oVWLc*e{#&+~cS@6Y@Fek~~@jruB+lK!)V
z@yU9R?5UfI<yx|$%0(S?H3!)Cgu+XBxRn%pu+tHkL4boPtx;i!jcV=G$12N=BY|)W
zdjS?fTO~nNW`h`Uy*LL3<z`3`Q?k7F`P3^-abCocE`8VBM>1(McdG81ER=rmiHA>y
zIV0oL8bZ4=r`~gh*U^vKzEHOsACaW-(ZrMO_I7Slotu8xXWGz*6TB|^v=^3IF-b=D
z4$8Y%`7DHQq3R2~(^1D@brhJp>|CDrBsDC?L;o7}q^iyNP_{iA0cCf_3p{%k!nTmW
z&KLgumy{krGs_=A4<<W#evE_vL$UYY^|54GLGn4XN$j*Q_9P&1@S>d?WuX4s`0efC
z+5XGwUm+I1>{Le-`Gwuf`!Bt`Tie#WUKSUoZ>SSxLCD9hR4(G`Lt$rc?IuqF!fqfx
z7o1`AV<5L%7LR&Ls1xTh`+Rjp-Web@ztKGV4cWDCHxEgFfh$#8U~aowa^6572@Trb
zruO!ZrOSB5KS@<bVb|`Cb?S4O=3XQ>Bli3oFx~2z!vsERiEP4^sGED-cX-+WHbMXo
zYU<1LTSTd*nn{f7b3y^AxOM`!sykAHDc{*-Uh?b{_Hf_ikI&Uui637S3TWfoU{h8#
z_pEy4b?Og;K7=WD(nH{kkK}4!Wr_9y5ws06FPOD)ScmErWESRW6rZ+|>qw3|!<i^|
zZvmy!;i2E3tc~v^PH0Y`9EG#T6SShZyG^V(8{)$-5BF`_0|APiW%{2ak9#^HK#r}W
z(<S8UQD;J-#>LWZ>m#bi@^#8NvCdWeJe1DGOi9CKTY;ZB=OveZ54;3RTywtXl;K;_
zJjpt&a-*y9RwNKYTnWcRmyh<dc24*xcUzn4Jr;bberv(F1LjPuXQ|7WxT&9>t*(e0
zFVvzXOt1n!!JR!51zqbL_#IsfrvElIFG}$Ct0G1tzh}HW^3=2941OY~X1|RqU7>BY
zqfYCSSQS<lBBw@tHU685F{#_X%Q>z~sm3m2nAb-vVya3zSH8euHB*cQeHC_p$-#e$
zO&>)<UN@y0OiJ;6sQKQs4sExm%GpjMr~zzPYAiiGFz7Z_j<d9E#A-^iIuUcBr^Hu=
zss!`u^Bp9t3*K)sRVXr}ro~|PVpN*XzG>osim<im#~7;x7W0s}46E#Ynv1WWEiRF)
zB4xT@EOrF4RO`-7Q1y~fk?!yB;0uh_d6#i9=%7abs5PZUqSJLRlQI01c15>HIHAK?
zUx=<WOF52!u%h+s%tS&m#h}yhJW17xcOw(alg)@fM$ISP*)dI_#S?b@wKSj6%7AS2
zy?#)}hB>^Xd!}(r?<UP?kt6<CRNv{XR!Sp%=J9nA&7}KU^a@6Ol07!7A?WJvwH6p{
z>D?<9dW3|!vs`K+f-g=D!^?I3Yoo2WJK)t5<06REDK4HNt>_ZP)nj?Q+8rDzs80C>
z-L5CEymRGQx1xW{o+y0M4SAY@di>{XpR-)`0XHol1$Y`@6{{)HpWUK>e^2yZec&3(
zjit_&U7AlWB-Pi|dL7Pa098~m4r--c{%SQ-AD?c8b;JoStX3i-ZFua(q0Y`I2R$my
z;($*%?63xAbP2mtS8Cku1u$zCL(AD1|E@%>RR-7otSd(f^`EXw2ffmr8{x*N3V^Md
zfhq>8DL_$fXDxn#OSA05HkcWS1;!<h`0aio>jfYe15D3$c9CQiQj34~<rYQN@z85y
zFkV#f{)r6R-3bkuR5zw}YIKUkUKMCvZ5<?|u>Q9XZec(aHtSUWXub^QN(b)&iHMz!
z0yy}b9!CLCNQ#6KXf;>Y%Qt>%1SRIV9UuZkQuc>(>0fz?d7i%wy}g|RdfB`82qBE?
zEvqOpH>LDT!sr*Dx}Is)h?oTktc+(eJ`x+f3qH0`{cZ$Q8C=_)r{Y&^M!-A<ASTq7
zN0>WM>8c1ZzS)~_)U{$167f0eh||hA`kftHwEbdd)8J(~{9R_y=lfphVd|@9;8EFG
z+=vEJES=57;k=Y9!rJhuBOgg*$)KIv>85Xr62rp#ETyeH4RubVY%fQ(k?!c(Nh}xC
zCsTEI1YGEN3-wANhk9c-B#zXpeLwrH1r$-w;m2BfM4>ygssN_<LbnKGQnCnX{qf`-
zURS~bR$fi>Dj@muTiqk;!W@2wB9BC{1SuDfrPkLxvy1`O5`?<0WsV|q(H^BExnZX)
zJy3Ba9Lt|hJdi!QK<B!fJ)aPuHN>-gYS!0^0vr8q|D3n@r^x~M*lHlTp@E}zdJ|oU
zClnUH>Wo}fcb4C$tSQ9eSeBAvACV{d$^M%R0RQZ{A3%xFx&CD29|YmYEX)mh!U7y{
z+zHzTB<wRZ<bH9<`A>2_Z^zq}EWNSRA;5Y1oL>OYhS=E|ERSaFh4R99A1)e{yY~0(
zGgiqWaP(_;pLlE<UcCUxpEcDt!LthDS%3uY^mQa#ubG}OmC2+?dR*HbWMt~ut3JEe
zi-POTvW|VY?h{-V>ZU#n_c<kpXr<9G%;xJ{d^N11`4C-ysgBZ%kVk-C#1KmjLldcQ
z!*;#Cq+p_fE7UiE1L~%q#WD<^-fg*&Gli|hY(*Ko37lVWTfvm7F>Sg!rTY-N?`@vO
zvV~f4NUtAxlPhewyU7h6g3tIoPs@cgT$MUw%ay7z2yZU9?Z<t0S<o0f?>npPn-}hL
z$YNM%`AeXqOM`Kqr`q^3rnB-V%Y9U6%0eo34SSzFH>VI^gj~L2f>NZAY)!0V*Ql2;
z3+7CAElS0OQwxLUT?-+Xm{PT|p((JdzdEpca|;?aJ^!>_MY`cWzbA=A&$uCT0^i(v
z;y`^TK1EYQuOcC^ZlbW0!+;Z!wlUgC$`d{kn`>g}#jrTJw=3F4gAHT8q#?DL8vV!0
z)q=#7g^UL>Dhy(}oOCiFzf3pYXL|bqZVdm#xWKt{rXW&|KPSjV-bpdkw-|X)^8qWa
z(-~5)UhOwHaYm~$Oi7w{j1`*rMog}(`JBmS#$gRPFPAhVJ_>XHIal7QE5Rtxyym2q
zl(1G<n453%@C6WeDO@5T=#@;5j7$%PTRxOt4ipbL^kOcsMBSyhU;A~&z6J|G_RHl)
zhbJZ86c6w4akD&ktQA1>r-@V2UN3_=;FDt?Zpma?4Hf8J_(M?mkpR-9Rv(y3Q(Ce>
z9IA|z5nQo&;Q~V)=>Cm+AWt8<NE-oldu%v)yPsn~uIiBU*|GXc&WL0F=L8qBsF!ch
zu$;<x5)JV976lrgKg!V0$xoj&GjBYRm)Bu=Z01B>u0WztzTx)CgSr41X`}U5zX5jH
zZ{x~9Qz04jpiLc+sa2IMpAM@$nEFtnPUD$Q{V1C|)98)7fAq>ePuVp#*oE~rTO)>!
z`KeAck83cgyviHzT_x<Pp%Jn`vw#{scJllKx9v+$?h;Xx{tcvs4+)gh-pWXd^`wWv
zC(q{R^hrk?Qfw+wpLlH}oREDuv$$4XCeUAQbPSjI2_Kq3rh;$_9m|xbLlwR0+^@4N
zD3;;<By;R7cMfanoe#YiJA)Yabnyi)U`Y&8s?VRfC$mqhcL4GVJCS$;CfsS#cMg%?
zZnEC95{9_G;5#8~%{FJo&SfbdjXyrhs6G8l^=si7_@nVMcWG^Z!cC#~lnF%cMaV4G
z=2t4Jz>k0@%DmDlCTa3p6MYX6T$`g5iHZ}Vl~_i%FORk{`4^?DSMsTZav%_@Q~S44
zadT36{6RlTua8U^`U5;TulLL<fYA3=qWcF2@9M?_`L$UfOtJn(!g{wv0>c=xl!oE*
zlj<WGPn|AFl)nRvM)ES)?G%v_jF-=D(S&xV!+!#2uB|g6BbO;cc8<?hJ{aLEe!s>!
zG5bQh-_*OPk!7>XZ`yJ3C~8x-yK&D$a{wD7aCaUuY`)N6*ZQ`!+gqp8-S$k;)N5nP
zPo;R1fV3USdADW6+o~h;y5*txs`KtmPs)_G{SLPJn3xAGyve~2?dz`?T~d}<o6_ly
z!bI7GsvBy8?ndPs`>2S;qw??ih11Fxge&fPO(EzvWA^Vvg)`a_E;F;!vGa%PxE~V&
zecFE?7L$E!^C++5b|(%N!=3N2q8gaLA8O}1v1DlIOfaOH3Aj|Jf})mLT0MFVw6eFt
zpt-|tGmii_|21a$DJ&w>%6m0GjDA#damIdLMy~&Wh#;A(cYXaEjRs5_NV`%gL^LX7
zC|($07v&a(`3TV<)+R=^j^Bx8U$Rp7=oC(HYR)#(dy@Hz^!39`aucXlwkCQ}w~zHO
zp65fT@V3QATZIk7*AZo9pbT^`E6<q@?-hITNV=fp$lKHe-4@NViR{L~aytCEi-(Xx
ztTZmENp(`f8p)1yfq8E^Ge%%SA07S}k~T#@i_W(S(u7ZI@ebyukU>I}(W2rI2~r#d
z%U{=Yz5q-WSY6DlbFwoApAeKDX?asgt;XT?OQg$Oe!CkA;n1O+zS~1=SaS2}GT|;=
zNw>6Jec3RpW1;${y7kvvRw@hGH9YkA3vK+=M>$d#{^;P1#2Lc`ST#Nsx?L|VZ6Pg@
z<Z1EGqvJ-AuwH1B1|W6#B-<1kDWS4ev(5GSkvE$mZn$s1t$ybdEZ?~k_8;&GvS;!V
zJGgh29MaF-MB7acuF^nEXuS6pm;NkjGL6_5#f^5TmyysWWZygXNz*Sb>yP4VG+3}B
zS(cVOW6_i~R#BKyk{*#l&@*1|GXhxUeQJL|uBi2Byo}=-SMR)>iVB6kxs#ay!A|Sk
z>k*YVR~3%vZ#plB{5~>ejX=AFtmGBjnkY;A2Nkp;W<8b}-z*kY83qpg!jP7d1#m!d
zx?eQlWeOd7uYsIa2B{=_BE_onefxa2D%4_rp&Y&^J%5FSxnn;un;w$?lVoEa8iI#9
zu&R*@#7-xKAWR_hWfu1ZESE;3vJ%W$y?=ltZNkuzbXS(FD7KT~%a<qEj69XOZ6M2|
z=EEaZ-3yy*{ZvgnmuuSHk!{h4V;8h!m2|OTH0>NDW-g(04nFcuY7(NN#39fsVsAYI
z7fhW<0VN_n<cwOk+*NRix2K4WA!oX#bh@rDuN-0WV0n-%`^0}XQO=aI<>9a@;&VhN
z=FyX@`MQ@K2?ihi!`aFZ><1JAGQ?DZtS5SV!lC&k^;SV&;DUO`_NfE47}U*4(<{Jq
zXlMUCDiON@fDhk=^m%dbmWy6=HG*?z*K1(pFbfe$KHRhsrOG>Q!li%+{$1bz5Lcd%
zG``)_t0<?WqplQQ+m)hXs=5+RP_%=gHtUbH$7$S-k&}T5g71S6&Ls!XX01i%?x~j_
zO4ujeZt&AnuYI-qOOGOjz;6bjDsyK%YY#f8ph2g#v*5OrK6h(9ity)u@)CFtEj6RX
zfmkAlz^Sz8A^3@lTVpt&;8hIJiyhWX2E~gfFZ9=u$<jX*K;%*R|E+RuXr-^*)8pW4
zg)yde?cIIrRxdB>NCOkMz7|W;#pStb1X+{fuX7pT(==Zy)=C35J&s2*fL_^;#p>U0
zb^e2+`bNUVxvt)CW@(z`M&WiB_jFY2;5c%FZ@o;d@ZiUMFwJ=OHp1vRn3a3^7^-Q;
zhnS?jyPCQTCNtt65G<t|?;fDVAcN7x)qteEQ-xf@#KZD{$O*b)sJ>|qH*=X6N*iY=
zUw=q9+F4%NAs=`Ee-_qmXA=6L$WMh7da#>?$3qDPwB7lAzxP$ND8S`Egojh7smF%K
zz%S15&%_wAYByVCjRGT<oqA;)JbWw;Z>&w_rt9jaVjCA@N32x>6ycgYT#eB&BJc<o
z;%FXJ^=3q`RN4r2MtqW6+=B6_wiDynN2}~}5u!yV8g^2nDsL6`M`>M*c;;w~&H5~!
z8Le|IG5aN7h#SvnPH9fKnBBEcX)`XPyQ^N&Tnu~a2*-&i$J)a_zjBn-dekCrdyi*T
zlKj{6Mf?sarsrKE(PxP+_U+4xRd=v}J1>9I(UFxg*__arzJX(Yu3jx!O#L;xC;Ohh
zj*qfw7pYMvtUBt(9B<>EA?K&TbqvZXA`F4_KxMH$xUL7>HB^>07W?00vZmCn2ToA)
z@;nYYFGFV%LA3fTsVP`gax$(+Hf2WdGL0Evf$iLmFK}f+g9qnh>U>g0n6>>2Nq9K_
z#9jU}fnUwiwaN(H=&WC4IU+IyvH2?+4>%iv((BIUC6|NG7ld<j=0;-T1H-7zyEaL#
z5?71<gx~I#A%+5-5ckQnzI@(3l^9fN`07i48|(E@n=mg8x#e*Gep{Di7ec}Q4j##B
zcKKRGHtJq%%$q$ij7<0ZUKVzzOfkdj?juumt0r%<^_t`<*C}%|<gSDp3ww=f#m#UE
z<xJ6KjHhZ=)UUrf*>t2E5tU#wsf>+=){^>UP8`d(G7D!8BBW;=ha=Z}^b<n~2XH>x
zd%9qogY&6Ip1eESst$8CO%-|=GrLEmmw7KnSft#M&qI$|UO=ApGjR$1m|rwB)hx$x
z1O7qrgv^v*RApv42h|uXoyn1A5ntO?qT{Nd=wgb!@CDA?iHLZX|K^e)Q+5&cA|{%}
z0T&H<<Z8HQG^SWNfW24{qA!?ACABvJeZ?HF*&v>$14^+wR~)ch&Mcp8e|Yg_!1=v*
zkfMjYdqe-;OMrkL5Up4N0#K*gLSpY?z&1Q!D>##hk3et&hW302keg4P*#7U&vK3!U
zI<78GGyK7u;5}~+#FlrOJD_F*DS(&TJIBos0gyu<&%nq+UO%J+&=Ui`6cqUkkWa8Y
znTtT0_lGdMEj0blUD&^Q^8+(aLl3~5<~lE;AiA{VqU`RIWVqYb5$Hm?n&lK1xf+-{
zrP2wq36XceA6Py}7uKUCWfy<vv8~9ibncmlxIQaAVxAfO#(Z-*IOi3-#s&v$V|Q=~
z0w0lGJMj0Ra`EZ))N5i`d%=K|saZK&cYX1eIh>sWs%Ud<N$1gxzx-<jl1+%z)1z~a
zC2SruC%}Pin0H?(O}(<G`RWLG+NQUy_-;v<T+L(VoaN;<#ln*r<XwUGhfvnxd^%Jy
zdmomBS_yeG;<G%4K$_E-)uixhrrgm<O&D;r&4@nomg(^<@BFhl3^7_`i8}_y<9vSu
z_ZlH~FuV0CRYz|8DlC=(03>#nc$6`gYvgxtcdo>zzc1}yeyK_?>yldZR<=-Z$+=tJ
zncs=jc<C*ZR;#T*S&o%IG5XkTm_@yhl{{QZ8!4);nwm%`(R4mz5xIKC8hfX_GZkZ{
zjMXeCNj{DpV0@cx4%IK<U%7MbP<sfeOF~%CzG=^HrBT-d>AzB=<u$ux|9MCs$xt6t
zvidgnL{K91$!Ov8_6U<Y=lWAexbmQ*&pEr<HDM0O>Xv1*S30SEj!GH8<)=PNRl1KZ
z+QC(+j}_qllX2!7o!vc1YnbdMdwqkC#U@2}6?W4^<C+ID0AtRjdWVmjBSdw{9wx8R
zXs4N*)sa-3%mHQ5hq=?sExwUIoX)v4Oxqdl-`g@-oC57X;LZ!3R$SI*a8<%E_T|$k
zlwsGh@(aX*32;<=o@XHdJMXMmKzCQET8Y*A>_%+D*3|jsPi`)kGDYj$>kTO)^^rL3
zKWB%Vv?6$DEZQ(O5;A^m9O?rR^b8#5SrT%MXgZ_iO+R1=(cpTHAw<PB1YQ=g+EH)X
zz|)taDx3=o2|b9DbukAgYQ4^Pci^-3YzDUg2g4(id=IA(0n{8SHK!beYiA}`733HV
z_s7tS##EP8+$80toMs6kaKwLwV2LOP2|L5Abd777S2;7FWBan2coM`-&G`}eZq|vs
z0%+ElcahxkedPNnuG8f>T|Z`(C+Ep9*W;nyvuESKr5U5UR&8$&#0iH-fH<LdsT*hk
z>iA(IGn&rk3#BA#$VR>}S#nm9C)UzenA3l_#%JxX$1JF^^xDf4$}V$Flkt;IF;h`a
zr-r`>jo88SX~cbjxO4zaYDXgtJEGYyG^lB&wW%E>%pSYj?fB)K66p@Zq!?$7E#MLE
zEMvdnRru4Z0l-0M8FIjeW%s~)((TZ>@~h+42K2j20n8{)DK(KM7k6jbWIN5)fA%HW
zgw2BhBZKupdtdzpY!31q^nEGtF(AWR?zuWq5RBGceg1OB1Zd#?xK;e$A6@)qbIt?2
zjc$BwkyyzGk!ZW4Nls2AtVBi5+WR3NDEN^~2D;rnJwIZtz}{Kl>`~>4UTVFQZ6Vu=
zNI%5<e+kv~kKU}rz7@2~Dw#ny!^2|<su>|~{_**Fp;>KHf=T*u%OCDLYxrxz0vUVc
zF*&iYQt1-I3BW;b?Og{IRUf_mVQNAxUrQP>!zJ})K(e_(q%D%a&9!&22qj!EFL<jC
zxs9l2St8ZbjveZr!)1%;QV8v8N+vcp!&9A#;Py0L;}*#sNp4B>XC>o#1c6O*)pr>h
z*6_+APS;rnQbRm0TJlzHd$(e~Q!)NAs;{kd%EOBWC<>^>EyRrAG=-iHT!LYzG`jX8
zGwdaEA2w`ULsF+JHM2&AbL!>iNNH=WWj}Me39T3%w67&8>Yy=pzn%0x-I`?70_0kE
z2YR@tLn{$iIg_1O<U*ODTCck==esmpU22TH7IzpckbNzYU@E|;);<Na?{?B0=`$CY
zJp8cLoCpNP_)CrH4AaB-bYy`qTUc=<kG|lkYx7=6?z->?(pcmDXp!9qPnb9q?Kydl
z4JZp6qmvra7a_??T=b>Y>7mPY&m4Lif76b8TIcX7*aFcpR|74J+UO`u>@bPv`2d)*
zJ^(152;v)=ZUMBq`>>_oUJT&AEzEwbtELy)w3~}AJ`h@2lyq&J4LO>S+J@#%?$68g
zO3?iIkU;PgJr4mN<_)xxmXg2vqYLxhiBbfO)IApyD0;gNs#;$9;TGEu4)FT@uzp6l
zi5D#K5|xspdti&ejCe1K@$bI`iXP=a1PxFOFC|?RE^wp4J~<1%l-!~JYm=L-oAkqz
zLw-h^fs!8(ZA_#3X_2h<x#eD*>j>oaF5U_n+rK5;`E{%H{97G0D)ldK{PO3cz`$dk
zTim5>p!qqkL;IsC%}h#bHVwY9OknbySN#!=9_`EMZUKjDGyQawEW}7rUi)dt$G7k@
zfP3s<)+1Aq?h}4&$d-dYeV|M=DWB*D|N8!5S7#>xv)`v|bQNFGc9|c1Z4Byey4J~s
z<BSmSgD6s`;O+uAWIPa0^}$oo@@0Y@^4hnddcdLqv(m>Oe5vBaJT$>6fQ=@(^#_{5
zzdm{Y*P*H+L&7US$OY(ri+wvSLU50OL8bA>ATqyu<)>X{0q6%ewvfQq6cB;$1GyQ`
zqb<MebTG+Wfibwv==<wC%@dFj__?rvoB-(TzsJBYlU*z*1O)|gawMAdo8pa~Q|S)r
zxVEzRqS<tt6qF+lNDp33v^AiNCof=NqYQK>%1YBuznFgi0G*UzHFC|k?aQ-i@_tpL
z6(HCf*>dtUL`1`CIi`)>w4W_OT+@9g9=>}D^9ooptp$**%CAoe<NN;z*`8Age8!TR
z-c$@tKIXQZkVD3?pP^H_DZ6+`c$(aB<q@INzN*vIGSk*bA|9^q=~WX08amrNrUiE~
z&!aos6tiEEsdk@>sVt{^xe-^PzIk!Ar(9$1=h0dAPzT?S9Hce8iltYoCtP)$g{wg3
zs?=4)lBs@@-F`3|D@o_~htW&YuTOdB=M$Y1Sgp?7l3;#2^PU(H8<|m0<1+LdCL^(U
z)r8oK=|yzp<mJ3V^t_rMeQia1Zsb*!m)NX;ZZ)$T%aI|;#)K)J%TYt9xHFwAua>Iy
zn1<m))iaf$T8>xx*c-A{OvNJkn&^tmZq6S-2}#y;&P1~keJ`Q=9BEAk6uU{y@e<x+
zEf>HV-Xe#e8O?<O2K`=f=FJXzuo3$r&S5uAoZ)gM_5n`*eE!$ap=$;Oj%IRy_^F<7
z4#r|>895F*2VA1>TJpmruv0CthW5(k3XSVOb{!l<F41LUenZgv8&yf7CRi^TXP3NN
zTkpD6)){Bw0(H_VKkr$XqN8`K9gTTu)E8}M+MbTdf+VB+Ese@dUEuJIRTIEVC@b>>
z3ZUfY^62-o{h{_=IlG^lFR#?0xGLD$BLcw_8Cu8knw?{1zU=)`L%C<r)G?IWbt{ig
zAtdgAo5xiXG^G}FwJn};@ktf~jesMW!EM@;{4yhBG6ZJ3O--K(I~ig^25(ht*0iQc
zZ3nGVdjf1`38RuS4hNL;F6DUfEUKSsDDmY#54JNgL&!Lt=j<UxF0=YvvsDq$)Ah`=
zGpLqODqA*qqh8;nG)w-^!$A?!clDsSZ<8LR33m1LE5Y?hdMW~+q>SH~qZ78*-ZS=d
zdGe5fvT8z}&dCe{F&S?@S$fP}zf<R=cGG12EIeMZiG+lYMuA5ctoPjQU@5Tdg}m+Z
zM1o_Z3wpTpQmI%>Zz16q5h9Ko`kI?5?@|WeDu>g1KXLrGo2^jO4>#;(Onfh3>B|X*
z&l=7oBuZo0X|r+(cv@(_xbitSeJ|CShnyaTyh`!MoO&$^8t`7&RTB~9M~S3;Ss+c2
zZ4d#gX@WM!KI0b!q7+;d{S~vOInD7H!fiK5Tr@~#<xd<Pt!Xwx%()$tDUMcjwpWu<
zGVE41DK7a%tYt&Y*Vl1q8EkRQPW4>QcxRQNtgo;BDR5dx#xI>ir&wSvLa%Giy^xnj
zf__Xh8+ygJvUj5Mj*F?-O&4Cr0WiPX5^AW5FaN`3=L(Q8Q=OBa<ur%-ERrF0rD#-l
z140H@kuMoFRn9xRq-j|9TYj@rrfMFJ`_O&ci=+#P#GDc#>*I^gQH(Ci@==$ifG)=T
zeY{NCU0UriZkc`){|pyC?}3FYA!4P-)FTVw7}uostmiYuM9J6(lO>2F(8imK#=JSB
z2X9QqaXvT$p0gg(wQJX&jsOPMxbYtm+p#F01UV&_wEix}N7^(ISyWi)0v<%K_q42(
zyg}xf-M-#o@Zu6EdGUBWNGre9JvsCp19K|iVW0K}oAUG8rx5!G59V4Dq<|;_;DXui
zOtHu`%%=oEH=PK%#W;9|?_T1b=-gI9h`at^Xp6UJwD$loHwKiqN)pII<UCJKxqoeE
z7Y@OJZ;=?_rh<(wI{0VSZSop<_Bc@PxzO_w2z^W6cFhAar4m0G=e&F8wm78?V$2rh
zmCQ8wUy=3yXTBFSYV!BDT$vBvaO;DDox+aqHBf>gyLVL*5572~d1(B$*TV;<z^uUg
zr<!}<>H{Vo2=mfhWj|9W`TuFk4e-5;A?JP|ef_PctGp0{$yE56b<4I3+;EV6dEAkM
zKrMqxY`*3FlY=U8BGn&sU!B-VpCAh>R+9L^G7q_U3uNN2jRM$v9xY(=xRqYX$D2v~
zAWZ{F+C?B^iv;_CGe5umzNEl6ge_tMfT}OpBuLD+NCByblHcw@b{0+7_e$YHUU^Pg
zQQinm=sN)hY=f4*zBo|ACMUAspKHEP!|>;~<OYrW^h$x6hCO*$s+eNq@8E8Ba*+a%
z6+r?%&6k<}QgR;L;wd|y{PXtCl0%;#hXanpN)DNM+pU9DR_Z5BwaT!GvXRuKnoZgd
zHGH;3tR}iE1Jw^Y0ydsN#~VN<vQq|{^$*0bt#PUamKxZw7<h+^;E1AZTuwl*<~g=t
z<aA>d=@&`j(+NuE-epiChTV|vHdbpjYE0>N%K}YCF-;Pt(9XED<M})y=pqEmxY~@A
z8g%GIw3yR9alBRMRp|&9|EPv8c+*<Xq!=0!;lJ=)o2Ar0x_-`F6Up`&hZ6_VD5!&P
zwja*FwHh@jn@cD@Aj<%p1ZX@w>h&BBhWhxt|CSm~kAG|`hqOzxHseoPP>zVX>9}7Y
zD^JT-hPa`Sx~~J+nRW}#ueNq+2}LYCFCM$22gCUlsh;xy+pT>XR1{V^*e8)4Qok1r
zm)bNSMNNXr)`4Zztj5#MP|+}lH^^{|Wd3<M)Ri1au{*7grjEqoTECU^8!dk`8NGLY
z0!(2>+=NQfqqU9``=P&?CPift4n3Wi(-S+p?bY%(zKaSH<eszY#{rknyu<|yKnmlC
z_V4KoEgaEm{tE0yQdA4hXvOlp%>-HswF+O&#;6R{#3EQ;$j)M-IjetR#x{znv`j95
zFA);hK^*|bFG3)KKv&Jt>~Ha2t=9p;Ecld=F4BQCZ@QBNQW=eQnz`0Ayug@F{jEv1
zyCBe?28sdc;E5XYV*>%}#O|uXl9Fb=^(4izy8d1&IjXkEVG8lNS65%Ghc6SRF>%-*
zCU7Oil<w7YfwW<LE4#&~W!9|>W_LA-kcP(0dVL>MZq<C|BjWXp5UtTF5_t;<9ws}W
zTVuRkJCJ3Eg{``>K1UyR4>fo%k<8V5F17s@5Ru4Ogv{OTY%MFMH?A*gJkc2oaCs39
z#T}W&)3M>H?d%TkGVjzVzUd)Nd?a=@72^^yCK0V>%D~ENajF|Um6JQ=3HS;|OBQ(|
zH}I4d>}U)o*xJ~D&G(HR8Y?A5aD^bvr>$3dB8_%y&?khDh|nogcggOMVjIx0Gk5*_
zFH?Z%IBvP)qrvJ+(2;H*f<mZ_wzuS<>TsRuD|VkA=IRn>P7>|z?r#0R%_7?l=pX>4
zdas!8LCJzb5-9z9{eYAyE>8ciA!Yu#3;UPLp3;DHbugaYkgZsAkB;&c-rGidmF<QD
zbOo`2MAi|lJgzI65$h|lRp&uHG;2>46j}c<V5(EM>qKM(K$q?G9zLDKQXekJyPyH2
zWpzFm8ZW?fe?CQK>Ngn*4`UPhtR5p_PF(1#4=tH-eX^y07K8F|2Sgw;NCvvJeFd@x
zOPUe>#5snB7gI?I_W~t+9Wv70aCh<-CIVa@InwX;Y@Obdl3ufyUFOUC+%w4e{A%Ue
z&&jxbN2kr|d@B>9x!;PlDaph$2abM;v_G0DBGY>gn=yVzK8NE>x8C(P_4#c5+8XxC
zMJPmxR=4eg4tEYGc&k*ChP4@DA^qAdQzAzb@SWNDX{0f(zfSOqHs?Z$4>YTDpA2zP
zyDb%H%t6X&5ZKJ=<s}ny-`Vyz_qWdr_nqf{Ph36OWxDh-8Q8qC-aC{bwu!P1>9?9w
z%T3V$BSc)Eyn0p)f)mU3d&7D|6ws62xtRd)DYOfJa6FmLT?0wF@yheMj;McEcDf0x
z$+hgf!b-PxJM{}Jd6IvUtX4Clo(v$;(8n{L<#^Pp4Z@wN?~63@T|$5HTyLJ#4B}dS
zt0Op%`J&dfAS?lPS35Y1qK=gxI>CJFUqPd$S!GQx&FEr%YtWE$Sy)}R34`H<yvG*I
z4M&2xtya=!^WBf<skk<4uX7IPdepZ4Nos%LzmCBKox6Kxr5`1i%{>Uu2b05{#$<a%
zJnSqY$W)*s2+GAIJHEmdHS;{0eqDE?PZ`s`q%C&PpqQwEh&*UJ0S}U=btcvpI@|$u
z(e5HSwS+k=^YVDe^gXDkW{S8A{DM%u#I+<`ozw-9UQw>X5cY*!C~MK5J>u4*zaPw7
zts4%1v0`N5`i!3j2^0D`SKO;f&7pX{L@-Y4Q*&l3(12j=HeAp90&n{BJM@gz7Mp)M
z>G?bj{@9{+k=ZC0XHcYxZQx_}NfhyRzotor_$1-WqI!VQLKw7pr0x7@7<Xbr2HO{C
zXC!M!J>PsOkH{6V+1T)~T-vG_9ZQs8ekCayWae#_tK!fq{L<Msm=Y8HKr8V*y)6j3
zAp}X7ogRdL*xLfsFH&D}dNs8N74SFXv;X=K6Zj<V4lzYVMOS`cJCQ{SzTdtrVS^on
z!Ipx-|L=nohi{P@vR{wNCaAV{@-_gqkiEhA_6{+x2?;Iy(3bn39%BCGE=Y}%#SzLN
z^q#X*^NyGzoyJ>cpwr!a7Ko`9iemG{uFrH$+3g0HCxl}m8~%5I_Uu!VEd{L~68#y)
zAdijlcMcRFb)wy~_s%%%2X1TA^`?Er%>VG$3P89;u%Iu$c=%2`_HGXcBeK40RGZN3
zzkc-XSH{)uH26gHu~e56&c*3K&x<wVA^?#m4$f4z-Ba&cI-W1$JRD(NuTgwA{UE$7
z1?qChCGM&%)ow#NxSZ&x6;FMHp6m>Lo$L(ly~@NCrE^b2_+tCVIYuruQ%(pPC07>_
z{wtn^n5miF_;sqw{WtB8r$m8s-160_QM^=$VU6=CWO1vKfLN(lx~*Ci7uExK@iYeq
z&Ky?*ON!ii`*BC<1Lp4aQ5e3j%QeRK8+CwW%0-f_vBY0XAHe3Pj4&M+&1Uc(-FW=`
zS$D#ep`*@c^HvF@5W`c#`XJNBU_$Q6^)bc^mRlu8<9{6LSi|rBj9P-6?3SN?3-&w>
zq&x+#P{GE+v$pT6Nh$lWwp)50$TMJ%I344zeF%tUu|xTIuo*pHG&YLz63{|ifY=Nw
zshz>P8*Zb{C5PJ}Bq;efPjCnlz~hT)>Y{@p(pTW|o!TFZ&Z}5elb+Fc1qmFa11i^e
z$yNF3uJJvyK{woeRmL|+)%w#BZ{Et85t1}S@P=x&{`Gf}{Mx6}Evy?}4(qJCAuV~s
z;)qUJZMa3IF6BCsbYI8kUhS7*R~*Ci##4)EU~zk<;Qwe+L#Fa$9{)!s12f-6h(Ha;
z0CWnk-7JcFN63;`z5m3nzQ7bsB~h9kd};Z5lY7L~vcxMdrIwA;4_V8`Zc9B=s>}X4
zh#~#0;9v2quf>(J(n`Ff=)*c}v((EqI91o1vIwS*wAYR6+SWv-y1rjWG9sP}$tH6<
z?b(Kk;Li(|Rx(PHuwj3si2FMYet+geJyC<=7QUn!Vv5)VbZZCxH)FoiFYq>&aLZR`
z&cS2nzUE^ioRf$e4~*We9EkX8LLG9TL=G`#p`wP)|FwG)wGSE^&ww(Av+|uE@}Ju1
zFV-54dhko<o#UM&mvDyTZnw9V5*dI7%(*hU#LFF~FG`k#ktN9hECMu46g?XihA-CJ
z&-*EA1=zR8<uyz<@6)5vl6^Bl2sDK!U!pliOvvP|Qut)?oD8myG-o3|d8k;YbBjrw
z(+En9o<96@X5FFKxl2-uL))D#GFCh4H9;=qvXP;-58K(op!PUooOJ9RUkaMO`*oVC
z`hZ9Xm4+&FcLkw@?k*3_;)7OMjGD*OZaRUdnKsUMpNKxSnF<(dveBaa0*U~RXc+0=
z;4Scha*|t^@u*h>#8pWv|Ikw;<`3CguJv3(zm(+V_?tdSlvVP)**T}9Iql$gZxj6R
zF{)|C$!45Lv>**z|LkwHwJuPui(j98H5+0$PMIBSB^q-zB*7!#&sRQp);z^~R-JKb
z2TdCeIYaL?$!Ky~X(;mFS~82{jXc@`s1T;bmiM6bcgh$F7(dse$F<k#O=MC{9|;Qk
zoWn8Zy3A908QZ!%KwND0tiR;db}kvqc+{fC1IducgC+I3tizpYvB|8HU7hinRp}BM
zSZz^1At`M+^)_zT%S*LZZ0x@_J-{AOob9++uLhwiIkfY68;rkJJ!-)u@PMFMwLSF#
z0_(A4BFjBE=#u=p_0E3*WzPU;)}Yz7{z*c8C;L(cD&j!o=m+d$6Og<60h9x3rT+@{
zF-D-BDVBZH)K68_+qH7Cd4r2)F@4Hj&qNFF^5Bj47dv29vqwRwi4L@k=88ib@dp+M
z=rZ6u6ZFOT8I6E|xCJk#L==ryHP%gI52S}pP|}9>VFJVGx45Ql*_J1S^c_W^r%wTD
z{)r2Rr-{eQo@<}}krw{UouWJF{4g)UO)Vp6{K4&~^30YK!)&?yjEggptzp)FUIDMH
zY&V7@QY`FvrH;Wu{JElK`;H9gT_1+s7InjE-DcpAW)Zv1a9z?wKEEf3Lz{3k!ccfU
zt)}}CXOZZ_YEDi`LtV6jq9_p17tBvA8ECcHZcg@-FdOwaoSD5|8Ld7-xcf8GyhC+S
zAbLJv6pnz6U{SnMni&E8i*EKs)+k>>pf5pcA{m-;0)=3Rh|7>{`!10m?oq%I--MYS
z%b$=~iRH}CSnhiL((}Nx=<VTEiX)P(sJvc8jR2QQ&Xmt1dunh--9w=*dXSOhqgP$2
z%^4x~iUB8R%)<S`U*x@!zo<^U)Or`HLClCT7QXQyF%R~{RkNwdHlrqsp@9X`2?{7m
zf3?34%M}#}8s~Ht<zi+UvKl9NlY1hNs+wt`pg9q#EEFDNn^$i8NI`T|72Sd8K#ldy
z%F{%kYqM!B^tF{}X-mwSl**d9GL{dDp{-DzBvV8WOTB2+<QMpG;(D_KpI)NA=r24R
zuxyH}KrkpvJhxT-Kkdwlhw*>K-%Lt)S=c>tjO&91G}1T>%OjuT;XaXR=HWg;8gBX*
z#88G_n%7Q0yTtZ|T^XTCn<Z^%3!8B6ph1|k#L!a-n13L*uX+UE_SSb*M{5MJbV*}#
zrryIPnw^_mzhdT25=mcM-$b~}DWKXCUbEn>OrfECO8eojJFJgl9aB?+@|5GKWiG1f
zena-Ub#A8>@6D~zxcAD?NBug;t>S1^YCH=NQ}!838wncf2`+Vos<DJ%9;0t1>YlI1
zp#s=uQSvCO5`JGC4YV2cyfs}-a7jLp&>azRs}SmC8LSh;m@(qw9=@J!ZTEyw@CWe<
z?2qtMG$sUj*$BbLbd*WQeb0uhq50^+MV{JTQ8s^N>l%j)Sb%`Q_Hr*2KjS^uOJA|E
ze!bXjcod9y7H3hnKh*ZgSowz13|w|NW;F({(Q7{uakTFFGuiyc7nun&s2naXK|REz
z$u&&@t_-*U;4s3ndM2Q#vz19k+zqGk-4D}!i?fSCV|}MU2My@!o9mGAt2LyzUd5=$
zi~wti!W511Anv-UrYvpgNRO3QuF!5&HW%BdzkGgZ(~I2bS%P+mj{__INLM;zgGHjX
zgOpwuWKVUYM}mx>msN5w$i>T+yfD31Twi-w_GiTLh)FG9pLc1`p!}CmwsuoCCA9dX
zkwvF`tn51UI&?!OI31g~gFHC!{J=GpYxE_I%R}GJOtZ<sr%lVqZsrEuD$=5Px3qe7
ze1;$=+FB|f6o}VPe0xzSRM#}`u-UEptBsRm4m1O18on|<x-m&%%U<dZ+=xVFXBZTg
zWU4?r+Jr!kcDNTi1FuynP|}%quy@;#PAg9}4<tEoXXK1YC!6_=?t$cuza|8RH<B=t
zZNKAK(@uT7{xEwF3K$6Y0mWy#B!aeRT=}BR9`xB4_=f{ndI?qW*kgMT<o^JB{v#pa
zuQQS#A^%{XvJ3e?WAHHHhb|LEvu-E3{O^=@Kh~OL3=^)*L-Z#GskP6ORC}3Wpw^>1
z`s<kp2`x;H{Ow!B;TK#nKz{j$!WE!5{^y`g9p>9$)l1T#Sou!CKsHCcAI0H35q;AW
z5S565fw9Q?xY)k0li>=oiq#saCxtg3_N{sVfa=;|y@s_t0{mMD5wZmw=MM9V=c*kc
z$?J+Q5+>YXD9U7h+@*K8Oi#n!3qn?BH^(A74*s<IeH2GmETvf(Ap-0Z!iboObmd+W
ze}C+#-Ozc^)J1nqGC<t!?4Uu&EnAJGg79BziI9b~s{=9uH5WO5!>idU1oJn@;={S8
zPh)Qs9sFpT(8Jp9;~uH3WCN5sJnqCS7$8yoEwP+Sn%S%hhhbsr{KJ}!IXDuh`3%HB
z^U9>Ux<p~)6N)M%m;^R7G_0JZNa_MwZ=;a@hIA&@&nJ*=V9h2r_Il|?#m2DjDD7DT
zhpa37FpHO5aOMaC%}OGpDQ)K|BF0}#xC5$h;F65z3%d<_#+fp4EE0=x;=I!|he7E{
zRWRul+i?p!ib<swm2d^}0g;H0K@1+i2Jt&^MgP?;gXQ*e=fE%t&pBiCr4n|S<FOPr
z7WB&th(0r26^FuikT*nm?t}G19*DG;3?iOA4^r=5iS?USvnz1Na$zr9XRNg`b}3xZ
ztec*{Q2;w<0K_QCdbkcF&%cXN_D13=)@EwZ-V$bH-cY@$+*&E8nlyj4s;Ekv<-?P8
zww5L!up(YGcf5{}sY}bY5>rWeWo3CC{h<cQHq@Lm;qQd{7}~_ONU}m-EpO~3y@Z_I
zA|u8eKeP^9pS=PIhYqNUng>nbYlhuJZ3VO$2!2W9o#AP>OY6%Y5srqijlnhJgPw9k
z@@L8RU_sRVsu)P<2r|9eDk$uVNNheTHVZstZxOe}IPFEGfvlEt!26NA#?~)2&Nn=A
z7!IKc*vHB679w}(<;l`K?g@)oRXqd`Y6LE*4pryBJN_<`$kR*WUVYon^C^!L+tAdA
znu^Ohr_k7Ru2#MuQ4^^R$GtfWG(rK;9&Gtyjst@ZIltBzm71EVX<k#dLLNEwI?h*t
z8KE^C2kT1<PRp-Eak%=j*XOU46a0WA)j0)@@V0u4GFFYZ=x(+vvnU%r{b49nAafD3
zlAB3Pq(;<(+x%$>la-YPyg<dk#uu!vOO*U)FLG(V&*j@^=G(FCb)@!dn(-M8;bODx
z>FPk(^b1hh1)9WZl;lk|z<$m!z9o_rTH8*3G{k@<C$IwU23F=WKN*wNzJa^(&)AE0
zr{LG=YfnS$t*s|pZ!w91!6RAWf8SZqeWv`xxOqt1xMDkbtPTd9E<hBtJn-N)1cCek
zdJS7saqzTOekH>qfLio~+8@BFgS_Dadi^2U$$D67`6bY{lKA%J30Z`+JKx-y<Ii8V
z-|{=;N1Uq89A<iYnhcEk`saSK_driiH1B~|XDO3cAqFrLar{2_CRU#@7^C|0Y^;R$
z25=`GbhR|JqFjUjN!9=AcE~K~CyD|Uf544cNj;|aNW$XCCvrpQ)my@`U!PEUFODZS
zM0#T$I?q*dUI=Rtoi!+P8gD~bGXY?N=RyZ;<<<!!ik$*56Q)=ul=CPa16SP00qF|J
z3&4;x-m7RSa-evTjqf41>;;p<@U;Revck5+`aS1Kp-q%G?FBP%Pk^tps-ee_ceS<N
z;mc&-DE~un9NNyVoV3vabh$%3_p_Q<EtAxlHiz2^teLzW$OV?vp)2`iW$WOM0D--c
zkXy88&g|R|;0(}ZzqW>V?3#|@y&zBrgp2tMikk)c!cT;<Y0Q3k|Ku~HB3Y6Ym;<Z=
z+3`!kjVc>NQKm)lq0+T<0G)d}4b+8iV_IZ>;vt9ax07(tZ3Tn;=~A)<z~*vifq~7M
z{APfpB>A3!&m#}3f$%n%RDUMlxoLMCKBLQgE)KKcGhGHceD_Os1OYFRLdgECz|G*{
zvT1{Xq>u0*7)YKfECREAFexX)gMhj^;AAh9#m`TzPS$P<jj&|iAx*&Z?t}5q0EZ1@
z@i{OBPbMxpn&m{Hm!Ed2mzxfw8^122k92u$D0o2yw1H(Cqx)EbIT9|*v_F76(FbDg
zdaG{J66?mI1C7=e*BmE+^5CN8wY#4QF%jPpyaifqes(G%NH$ulw&tZ&z73n@ym#Wa
z$w(m}I{wuB-DO|~bV)`BNyc<MV6vSYr~}yl5!@?wOG7(#B1D)hyPZs|1G6(W;L7d{
zVA-1($wad3GkCnx7z4=g1z<ujJu_2Y^su@-D=6$-eqF4booKrG3t9Pz`WN}#`L(*$
z&$7|@H+@g!=fWLb69^ti%r6~%m^&x+{02Gs67qCebIvVhCh=%@WNIQvXN;!-fg|$e
zu~b>~*R1G<qJ}IV&ZNTo14ONw>8WN@xpinj3?Re+Q?3oTkCV2puJppa^W=pF5|4D>
zK9wCZ?B;rz!P@NRn}UHqU%I+F&hnLWMF>A)IUMvcykUXEm@!+Yy;CUrqH-3uFiSaP
zoY;tcc(83)WYwg(Wr9Cn(;2^<Fe?JQD@u}J!u!*Gb5I2T<w!!TcS4SvJC|Bl9|!D6
z@{y)YT`cKi{lJk;=O(C$uQ7hhdDDC5g5@2tvt;waA*}vglAZ6x)M^PkP19@4&gWEN
zGi<Yk<zCC($p(pqDOCVkc8n7nEv2K`mw@;w{X>aERCEWskwGM5ts>fPW9Ed5iM?#Y
zMD!|NdxEymDDy5h19RBZ3eZ*KhCs9hQ52XUE0Kd&9-;7iMKW%?X0SQ0FIr*4)s{k#
zgT3_75HZA(di>qMiRz$JJYHpl(s&BbwD|ngfoRY`%T_zn2)+Ow)#xP%U59*q=gUa6
zdQnaw1U<poQ#(-RX$vqfn|)FTPaxTBRJH-8t({Ax@-<?^QY37ucj9__@%t`I>9QgY
zr7NjKyAKQf$C4c6OpAxbSh6@cOQmKFc-3>y<w-7=R887gWC+<KWga6_N5eeyp`;07
ziI43loCek^TfP*ABXeW1Tuy(0;LQkeyKfs<@oXQM6#dR|cg+<lu2r^i2JK}rpna>^
z1ftUOK^&Q?+`TdADS`E$YI4WCgE<X3y^?WB<jlZ1NQFjP>PbGCB|r@#A>qv?Dm7)y
zT;(2hs)~Z}L)|75(V}>(g!vbkJ5BN`AD9}l()CNvXqEUsAb~))_DO+jEulC2!T0ez
z#jWJ-JjP&MVY6cWUgD;5p3@6Xi43mD+!D14n$lo`pULCIL>Xz}K#r@30x~1xZe;JT
z#-SNH*WS`q+W2)KVhXj3{U<OJB^sV^VcajA1cPDyk|421(G6%V_R<#pu;^SxuKduH
zq#@3l`eC%E8z8!^u+fxM0Z`B~{X2?U64@J^*ucl9ThcaUZ=Ce1k${m5DIt!AG>=#q
zg<Gz2;vS*_Xfn%NEkWTckC+7+Q4d1KAv?Q`6<}DBKZ~wvsuEL~A;GEO7ZpokbMYH<
zD+R&Jp_;(4?=@LB82CT1y#v-T9}TPtI_?~1ZAiA&)`4>Y*KPHy<KtJpty8%hcy;%v
zT(3HSJg7wOX53xEpn<JSDp#5DW=l^+lwxfyFi-b(nMut61`(YSaV@|mVCzgu2!~u;
zT_e%D-YeWx_v^SxfazE6n*MR%?eujZs7G#0yaIkAU~um`OsH6Et?n33MfVozOQyWE
zFI#I}@@gvuZQnU>;dzxyWHUtyHe0cl#9#hx=tT#Wx652xJ%Bs|x}5le>@0wi2XGCn
ztp*2`&*#E!k6tDlOAMJ$&Em=zaYTdy>>FFiO;EFfCf{v;KX?5an1QF@*`q7#8>y2O
z7;p{V5xu>&Hw3OIL`p2y*J1D<;ypRNY5>ye^N0OlTe9`-?@5Vd!EvCXz85LJeKmJ*
z<o}L?pc?=jYo>n!n(M}BiJ$U8nn~I2kx;}vbhS3_k+VEQT`*s^jh)>D)t^&f#=0#A
z4FDdZ>vk$mGN6F#tF)>Z=wkY#8ze^ZkEaL${R={5f2&&dtZ7GQ(Ra5Aa28_U2Q;o`
zru$*q+MIE=0u*a*p_OD}Pi)^EYA!*L77=)m1A)lmds5%-5FV)b^L?+&AU28TM%<82
z@77~gJdk|mR?WSoZn!<nIKboA1ca2C$|#`7C6Gz5J^GYkloiG7Wb1K14|M<bz!yMs
zOlBq!x*P$BSyYaCLV5MhT-s`ouROZ)^B6K+`gA8}RB2p)F?R?);%(i>yot*h_Q&({
z6Yp5W!?Z*PhtlU~B(Wq+iS?BH?i`U67)h2)sD%?73nIPWP0+Y7w>2hBYI&H+|KYHl
zA5hP6raXCGnYPmnIjd4kSVlv+^0U}Q8(H5>evS!Rw(cUW`Qe9q@VJMutSr`3(tAGH
zoUdRM&R6Ey!8N6vG<NnFk!chaC;UKb{iV<d9LMJZ)E@9Ii|imFWX7gi;a_QAv50tR
zVPEM|P-5Ng8wYH(cX~-~cD;9#R@mdz_=pFiMbu&*#?`m^6KHT|M|4$hx#|Q6h7;iU
zMZ<o<=z4}d|MnHL7-}E0?4buoHT2G5Fy)_Opts`s*`>3l*D<_%`buuN>mh|ECJI(}
zQpD8?bq_TRg&#T8@U$^M_gAF3bW`~0Ceo?W^6N27BFM-<oz{HrBF2Ngab0@GzCTP;
z8%JDNjArdQj<w;LWrO*{)HyEIot}ve7XjyoA2LPUZguKwNH?%Z1KtqKomEo~0{#L;
z+|FH}5qp=90$baMk_~R>=v}<UQDmf|ypEGe-VcA0A5qs>*AwCY;lC+5I6Hulzu<TN
z@)A5%9;=l!4+s~5sE)BE2w;0SD>F0M?+8CT`2$-iNx*6Y!#qm71n648YHJ7jca&~C
zMIuNVOkTDQQV1&l-wy&{6d3W72lxh0_Kp2&;JJVRtP<eluoctbh9LL=+pt9+E*z6P
z+oeHF?ptOJl^=f;XoqdnO-?1a12z{}MO%<fFudGlI{keT(BB+AhyQMPu#tY;WV;V!
z6WuC0M>`-Mjuu*R!E@|s;DOErK4$)U(e&CPnt!ouAPNX^r<l3{_p9m~6u)Xc+r<!G
z!O;R3&v2C(maaX_(si!v!<wztV5KiGOWAo`+K8A9`3o%kiSa2b_+!)Od8hjZdWECn
zL&;tVNCx@oSIHB_pBU9$Cn6psA_-K{mQJdl^d8P$u6PKHAHBDNDzH6f)1jL?Cx~ll
zPPl(0!}}viHqKGU^1=LyY3yqP^!UW-k{7cK%_ehz61hE^p?*ZDi;G#))_-6P6BR0f
z^mc{NOD@o=W%DsdPw{fsWnEtgZ^?eccF&C2;9cs37}|&%-uWrq=p4e)v7yOIL*uwo
zX^J1OuC`jK1^+0W#XY*o=rQ%=3w;jO51cluSuL7gJ0M2baYK;<M;yyKeS$Cdn(aOk
zpmC)CU5$HV5U6pR=yE(zz}TCPr>#2Sq*pbao4BD1_({cmv7%){bcB|EDF=uO#|wT$
zbgqM`Dn3tn<7HPmpKtzj6Q@udJyRY*Q)2qw=5n|R{2JCXGPkdaq4F-Rw*}$U;ktYn
zHc*TXTz)CXvQZgQ_qDxL*{S4C$SlQRQL3gyC{iKGe|f-zq$k~8SBSUzB{{Dg5+3K_
zKB!b9%<X~1QJ<<a&2`~UKNHb8;+(YEofxH3H=D{__@-UCG~0VvN4q$k_MB@i>oN<>
zHCbfbPhAt1m*Q+;wDg6y+|?qx>#py!{0`q^yP@dSZ^&LwK~-MFKrn(<D~KgbEFt6m
zfsl!nAq^R7d;aExN!pDX=wgXWW@351ugRJeTYRVi^5dk$Y^qC-^Lm%%osQ^{L$AUF
zSr97<cdS_^-SVJ<Y5h;!Y-zKcw!g3mB?w^6J1cIqnlz>Ju0(3p!;P7!nKg0)hvHhi
z2kGKaQ?C%iep>v!6vfaGi=xitUJmD6z49jQgWnY4K*SXjWoV?XUbbjRSW&a)an2)6
zhfBeliXPRJIA-1pAq~TUWvBQRMu4O4>c4q#tJQHCJSI`)XLCtMU*CS<8&UN2@EO(h
z&-gqpxR!cFGYR#JWQ{XWr1Xz=Hm-XvLZ(Es%<(T|wZ?f#7ssZS{Q0mFWhnl0hM`wl
z@3R$j%kLpy_%#L7OGi)&IU*rp=}a1N1ztz{s+W#8EkvJbGVi_40cR9_97j=UBULu~
zfX#9doI&Bq$aHtOPSNy~on9=zQXg^1MPIuD2$4j6!+k0BA;7Ir5zkhPqeM*W?r=s_
z&$RGjW7rQhlSMB(AMX2<J!7DpC;!AhfB8mA#*MHN1zv;4{eD(Z#X1!C5VudoH=H3g
z_EV}qP-(Y6f$Wt8;y&aV>MQshMAB#v!tLvSM_iQhzidDQkZJ9GYtj58g)bT`N|P$_
z%khI-gg$*TE@Ju!tST-T0BZx25kQ?iTB*gBbp}3(74Lf;<6zr8`2m|fc~MSWIUmWQ
zgtj<3a%V%!sxmq^WxL-Df^UDn-UICZvC{?*=X^k94)SyVr)3vUZr^iq(ot+7CH;1&
zqh&LF3k_nqZl&9*ev2wnUREQ?#q1qb4+!lT%V0;E-NAWu9USR&$n@N(k1V4(WNj+n
zlp!4gjXj&~^@s)N{+m3qQ)3b732UFsyt!C`x`7xm_npv2)*bPE$6V^|%G>E?cK(rI
z_!B{4KUXagJBq9~W#Ex$X7ukBT_o%3a%?d?+kv=X((SXkIhmEzM|EyZC@(8BE2n+9
z0i)H-wYk%tmTn(cdl1DQqQ%fYuPY>#kz6Ux+w&Y|6?|FL_}NQDma_GI-<N@LC(EJ)
zcgduxKw41UXfV{$C-pkmDW&_DxBF2(QI$nT$@7u;#f`9xmtN!7a)YegT_(FCN<YF4
zhAM~>L$TtVsM-~OcW4Iv-C-u7U9mz{0Xi&~<<s`lEG(lk&-8L<!eMs5Ihh*LH2f+P
z7`^g1bGRt82Y>4QhFDiq3sa9+XIz={RclV=l7W-lFQ-wOvR{r3HdTq*P*UyoMP>f?
z;WpOyUeHR?!;g1PCno4~$ggS?r213)V<0WiAVIn!Sv<F(c17Wa35)W2f_rn19EPr5
zK04H__(}0CP0^cIEP_1r@42HHRU?MrEv7p+XkzK|@5i5x3ciJW7fJ-Xpf1zSc+Ypa
z_(Ax~vu+dsq}6uuxJ9c?1Y6Fns^_l<0TT(-jYY-9-3P}`{hbXAC=LO2_P@J<!9fx>
zMx~d76$1QMK2dABcE`WHU$;3ZvKlM)WJ1E=3e{Gy*%nG@q9y}2@>ga?EPDE<Bt*^1
z3Sa2Bw9HYiFB$VsRu)q@#bZH~D6rCuefw0!=y=)adtA!4ecRTy2v=(n*><a32!Hm<
zsZ=Jf#jGhsoZ_{*^vfCbUM7RBMT!a@zq0hroYxpwi8bH>C2Qbj(?LqJ8i+f_U@7i<
zk>+n^<7{66VdGD|&2pREbXVMPW4Dj-<BTuW(z5FWnoN5Z)bVqrGId-Ry@Pj2^<tvc
zbY)!p(tJB~ElEVx>Hjr%twBv4QTSR06|6>#h=Pj96czCWMg$T?6j2fJK}8gTRwD`q
zMnRI0DipN%XhjK+0um5GAt+)fBITtbilE6DjJ!iok`yrI5kP?$dTwq&{ozb!+8_Os
zOlEKPp51fr&hGiX^PMvO{u*$BI@kQIgfRS?pss{0G0q7&dnmon-LnACgPb1g$l;B)
zX^l$NfSBG+m}Ny5&D_I1MBYo$HF2sxP+w?XoRv8$U0CRz)R4#1$p{Q4bQ&J2xEg63
zyo~xpvskZXW)b+zc6m10WR}U>?BCv^lywx+>&+9H%rb>jhg)58v>8saJ(fpVSta1y
ziuP`vT|MpsKDNZrm&dW$E6G1tc;;!MCSU4j*}cFSg$ZbqQ({cYg9}5Tmi$Px;r!Iq
zMd93%j5+T;sP{t!^MIamq%5z=IX<&?$~x!h1(a-zM$yIKzDh{5mL)n*#1T%79-Xbd
zb>sz$BCD-CfU7UOml9Ihc^W8Ie3tNP9+$Pz^{35V-Nh^P2FBPAz1LFBK4(811O2M1
z<5JINievUHHLVN8Gm8g7A5gi=cR|<I3e{}3H3*Zxov&SqH_dR-t}l#ULzx`NG4~+o
zRv1<(no6~Alw1#*5qq${`FVVs&X{FBS)n=RBz}llHkbQ*l&q&I_{68(9-N#5j$6Fg
z*1x;uG+UOh`_3Tx=Pz1m&j#ccLKdGaxu*D7OoYmM$|pHBoZa&`e<l+T&sOz98!Nug
zB&)z`iB>&FmMhh{<G--;PctQ`9)HfRR6pmR0NnrXC!9SR4RX%e8AJ5L$QkN1kDfkY
zRe*?71qqkB>qjU`44}2$=z1bM3kdkv*OUKwqXw@BApTU?(jK9^cl(#&9yMkk;C&y0
zJ!nV>CdHv2L=%EXkDXAvD@`_9EmRL!Qlm;+|3KTtasm5&rD>GK(xn|*VJ4dGg_F1H
zF~Gm-`U``R@V=Vp06FRt7_Q;64qhC&>kpMEFLf7}g&Ofq=Tw0dXlr>SpH0dJr2{Or
z8fE`BzIgU)$uN_#YDiSCmuA~!<6*wQ)JMvujVU@{V!|l2mmjaX&>8ITausv(J+BOb
zjc=xH%tJ-P^JAm{Dpd~H4&WTZr^tHj)dIB8Z?QlC8iCG|@}~-7bE{wqyVf5P?2L?z
zBB#umhE_yP9D^qP7M<v#f>PE>ppo;8rM^e;{WOEP@k!i6wANp|9ySZh6%D*wMBKB8
z71(-?8pN`CRCgvPwu%x{F6jt{vV8YGa(%d$9>lU6IbsIY#|*7e4%jnZgKpBvcEE2A
z-6C&G&Z-+JSKMH=GerPTULnqeJOniWN+&yKh59enyv%20FDz;xXhrK<)AJY)dwh`^
zQN0dF7z|PMTP%z-+gT!vgbQ~m(0t;E3Ai;-*ByXdEcY|OR?N8lU1LGs2A9+Nu5)c$
z_|?Eom$cMXz<>aWWip4MN+g<=iUOaXkXSl7J8L-Kqrfv{pD>WDIO9%;X>ebumo-en
z2`upaYMZe7@pNDa1nJp3s~2+=4c=6135D84BHp)MpoJlBq%X&oD%6y8KPZ0!h!+%r
z?0ukxn^@im5;_?Ob<Am|Ud|WUw4uIs6p{WQjsSAN8`p$~>0`4F2(Lb$2^t+ZNR!RK
zb4sopR6wRHMxMlOFNl-%bj>Y?r(+BirZ|*Ej$4j#)dOrNekGvOo?BG3_%8;M?10i^
z5PPC}O#c?$O<TeT4~nGH8!Gp_dE-A6yg-mDv}Y<qw14^P_cfs*t;shxO&?Ubk_|XF
zTZjl!iJA^bL|5s1!Ch<Bxea<~v<0!pSPY$qyNO5`1ScV=dnf6k0zu5Np@PVb7Ltjj
z^!)+XBB_`fagqbMw2(F;t&!AP0rd>oj%M0IR!pp;uhjRfY#j0!6AEzwfgZ%(0`uhb
z@X>~sEBMTJ$t`lPGG$+XNy)I~M;cFG$j#$;w!Nv|ec*fi4ne4_w{zdN0~8$E!Ai6P
zCvP&IUAv`pu&Sz{<pYiFx^?Yv2>Yd_hpMPH<+Tu$AX;nuJ}TY3SkINZ35t-*1V!FJ
z%)8GFJpRLh@|yfBfqfamg~YBQiSm`?;@Qk(=BezuIQ)*rlfAh)=lhD&nrvb-GQ%{s
zZeQodrz&=p%H)zL&y#L0=p3vUGZ6jf@iKkagO2H$)Z3)P<XR@XB*h0EU=YB|so{e?
z#m9V>8rb!_6gh}HNUq5o%iL=u*Vxr-;ycY?!lq85&$ZVMY-7ylt>43pS|Vl)-C`U`
zN--2Eg0A`d%NM<2Ajn-X!fm-X+i3s}p6WT?K8|hRuJKivZg=s0^p0-u;T9&V0BA$)
zpVV)N%W}X(1mcs3zL;@b8*`#orafI$n4)6kPMGFcI>M^$0jC3J)m|Ij_;!y!cMgp?
zmcbt{M?kj-k`7*lugd`Y!k2v_+9!e>MehlXl_JrI@v6S*W;?akYM~9A9k*@Bao8XJ
EH(<EJDF6Tf

literal 0
HcmV?d00001

diff --git a/windows/client-management/mdm/images/Provisioning_CSP_Defender.png b/windows/client-management/mdm/images/Provisioning_CSP_Defender.png
new file mode 100644
index 0000000000000000000000000000000000000000..6ee31a8f163c93a1ea6ae1cdf2b150801a862289
GIT binary patch
literal 1210
zcmeAS@N?(olHy`uVBq!ia0vp^^MKfxg9%8!OjVNsQjEnx?oJHr&dIz4a#+$GeH|GX
zHuiJ>Nn{1`ISV`@iy0XB4ude`@%$AjKsElJE{-7;ac^gJ7D^lPxW-QB3bI{w?CcH+
zc6P_QhU2HKr(Jvaz*jBmk=nnAGLiZk_1Tjy<#~JU*42EwZON9~2+p5LTjqc7@Bf`{
z$zc4uNm%p!lm32o8+G0L>6MGGd;R{p<L?3=`Ln9|{p*X8)|@=AWvrf8!u3vA`s9|@
z$CC3VO}lmH{b}v9dNoOc%~RyL4m@13BxmJjkG=af*Yf%7aLd{1{or$t`jV%wgZn=j
zrIkGt?zWgH^zqiIm)9cs#Ec({AG2O?LQJZ4=KLLpHg1V=iMrCxG=J*t$Be~i-uQej
zE!M8(V!nPw^G3iU_v_lXC#L&e*nd<(>~qx9)X1_~cYCkP<n5c*+q@(D#O8;)MGa<f
z9DjGGSYz$Iop#qWpM)J<nEWa+P5naaQ87){9qla9YPb2nCDkrqvAw2Ztbgj<G3VV@
zPZD^qR_(ql-;ud;?ZFvhXLqEXDeP3v-08HI<EhhAtK(<<jwGH?KknMaXx5kaE^tGD
z?6uT{#4}d<*3$gRGph19zo@)tk!sVmkm&0B@YV9>R_<h8iwR*`Ra@eAMA)8tb7aA^
zA7YwpHwqjdCoHXaaa1fouC{CLv((xeYc}gSYsL0{;<h}svRhn@srA?AGUIEP%6{6+
z?+KEhB4x2z_+V({5{ZPzFP_P<YDaw)UR2GU$oecb{qfOj1$swcyp8yD;_?2Q))x6&
zrUlsd2=*yYyL9YjXOxgylJvrf#=GaTUyoiQk|5BR@$O)Yn<neKdzZL$fWA(y?rl<V
zT6NK0{HnM5ziHfG1^aSm@|rU%?%jBIM@+KnTZ8?j6Vw;}XDmrcpXFbn*4pT~r@GWt
zw<|ihyL&s+=}ohaw|ul%_u%Tsxx4mFaBpb-=(lLvylv7&Uy?&U-AAM>lw=0vY--=~
zsnGvNz;m5X6VE?lRw~)rzjBW3S^t`xFG@jCOT2EpOlRve*s6A3B>wA>3FVXXPxLNg
z-oIeWzZm~D7AwU1+;qOV=}p*{vtiDMZ=b#fuK2C6{a?6@Vx~-fgzSw68#oSrJA8jn
z;(}=ktlm3pRvWh+HD-SJ{(0B>s5qy)I``xF@_4VVy6DWF1oVr_X1%bOh>`%e4N(ox
zj7(3KCM9eVljGhy+56sv!(vYabC`4^`V%iF2YLmBu%5rO;AfJ`h20^memlo?`R7Q8
z=_?ehjhr7|eD?dTU2WU=W9Pe<UCNL8c65vHv;`8~>3J7wYOi_~oJ_C_{I#x%vD;1m
z*&_MHT}w8+OPZK|yvDrrw5i6iM?cqW**q)p!OcG)d8N#!r~YmCsxV)ydZwKD_7;V@
zwHIqLZrf?Eo$u`zb;UADXlCtYkd-sHtZLf7O=r<UyZxDGjaJDvDIBU5Ei8;*K361u
z_J*402Npe!)3Y(Fl)vsdd(Vt1Wzj*may>J*t1i7e4JT*H`}g%r*Dx!p&04PyEN>V*
MUHx3vIVCg!0JCyKs{jB1

literal 0
HcmV?d00001

diff --git a/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png b/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png
new file mode 100644
index 0000000000000000000000000000000000000000..f7d21f0a9483b634e2b502b548829f669fc20b79
GIT binary patch
literal 1227
zcmeAS@N?(olHy`uVBq!ia0vp^%YfLJg9%7Za(r?DNHG=%xjQkeJ16rJ$YDu$^mSxl
z*x1kgCy^D%=PdAuEM{QfI}E~%$MaXD0M#UTx;TbZ#J!!xT_$YE<GOpDj>hYgS-T{~
zg1>D3t5R<y>9s83?qS8`ziZtu3;p=vWu~lpzi&#7b<n4`9w)aWI6u@*+P{~V|L$+i
zVEnsDSo8gp_WtsQ<Vl}xr<?!XJ?Vedoj8rl?!_l>Kb}5!#-%4)Po3$Mp4%FIG|p&4
zVNs9sq~Q0zYb&qbRPxiwnDA+lflMFQ=~q_WSAK7t^!iN8>!a6-_-pDqnJ0aYTCs6&
z&rID%N1FVWxa@gWw5xQQ@olAjiF=;Un6ofk;`bZfdEV!yF3qns__5}W9KS?fTKcT@
zyL&DzHz+8d+r%qoziabapLwQ^_2SJDUEc#zzlkiCUT;~Dw&s0$W8GGM#<emAGQxd#
ze=7K^UU$86+-mNfYcf{*<kHHRVk2@UCLMUHvLj_v?T+=+0)9DgR;}@5*E)a9dAHT6
zg<n$a-fy@5+hkC6tbx@)=HV|x_SG))JkO<OOTQ4jb@gFdnUbG}ouyt7SHj~L&*WIS
zuLkbo(cux95i+lreJ0bqXg=GM*6meU+<a||glo9{%483xxK}Fe-10GFa>2u@IX62U
zbwBC?b+3*Vc01Tr`C@6#QMp>KIcigD|6F-@eyP~rPuxG>Tye69o3UCfO2=9*UAHoP
zO8Ydy*Udr9>19egw7RD--LTlT)BRvq*x!~H_nd6j+eqtg`<AZlmj8N^m*4--F3q3a
zvK5`W4LmL6(ljgghz9;Xup~#>q$o}Q`M-0kMVQ$hc07~wiP#YI;GJ$e(BsL~z6}bl
zt1jNpF>UbsqbvI=+~Pv2S%QV*t>ojG-$k`gCc7`(I#qq)|Hg`x^jZEElMWqFxo0bL
z@xr1VoLhJNaGq+~&-u7;!o}P>=AYG1C`Vmx`Yycn*AC_A{jQ&$$Ty1E>r{CClXu8h
z(C3&pDc{3upRDH3vL#P$Pn?wR4&nUqpLAM1=C6BX`b7R+PL_Wncw&D&oW)dTvj0o@
z^ZlM)c1yf&zl`GfA^H5t%tx!wNfa6WJZ5*`%R})gcjmwD{IAk5>tRI4(RGiFPUfyH
zJ2dr#_~gLpE_r|3{TD4M^m5GEa4k`=>8<~N`KgRgSypCBep+)*LhL+GOZ>Ug_@{ej
z?kbGyl)00)Ds=JPO9#R=PnWr>Y*y>y?mi~vpvj(L75q8Im`yGF;l>NCF+YyUg(>$Z
z2xq*mdUM_W!s(_Yoq0PQKYtCKcyG1PJ^4>bb{i8T_B0>ZDz^6C$*K2Gzs|cgsbsla
z<dp!Ko65=3+ZIT4r{`U$IlOA>gQ+)b)_sZH%6x6_y%S6A_szVb&>Z>X=Ej(aoBLRg
zM%esse6o2{;<KBgVEIX><^I$QJZkMV+YD4t#QEsD)Y*2mgYq8l+$T@IR@yhsCGCFs
z#aDA<bat+KT&{RKbH#dLcVX^WfgN|J%ZTTf?poEg-gk=7xyI7tZ)1KeIBy!GTluLB
kJ@=y&1#ph>zI}Dfxu18~n3*3`1{OdJp00i_>zopr0ILO11poj5

literal 0
HcmV?d00001

diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png
index b1ebee57d9d6b1070bfd6fee0dcf84691277910e..663f4499100e5318c476716d9b1f2838c6e8859a 100644
GIT binary patch
literal 9935
zcmb_?XH-*Nw{EbZsE8mSN;3#Zm)?6qFB*D{NbeAulmM@YfHXsuF1-mzCsajB=+Zm9
zNT^aI^b)um^gZ8q$GvBqamG16Aj!^Jd(F)C%x6Axt{w7BP5w5~10oOzbX!pY0t10A
zeE{AcT)zbTZx<q12VMwVVDd7c;$G?%;KLP5X;o<us5J8CiOE&q^9?5jJr@v&_}lp(
zLAzs~83@E=rU;SNd}X|zGV4gK^?Gxg`4@&EQVbW2Ynh}8iC5VEY_%kT-B3z(+MknK
z3#Q_mSctIT`&3r`xVs_2iqM^>Q|W~?{TnA51qGfPEgKPvDwn=WUAnfW!ee}|tApu4
z-`T5A*ll%4IM>(J!ws#jwZD{E@}pq8t_X(oDM;CiBL)oPqksS}-(S>*o@`9l6+UhI
zR8+L0OaKC{$`@mrjyLKem$<5Wdy=iw#3WqagxO12rBTFx%}w(|Y%i)Jok1Wedko3p
z`ee1`(u8Bf8E#v{?`$XCUKD=jXx7cZ89*6v>bkmSyTp}R=e=Lt_zVR4c<lfTuixtl
z85!b=JSp;EV}@Wy9nTI_j$7byj>}zuyJY5rPqw+1W?!8}syA%acpNjeKn!W+B|e<|
zDD2yTUIu}r6(OhV1EVFWrwtyXOpke+7uLE6K&$=~hbf{Sr$Zub#>qSPo%4fl${7mu
z?*bFjzk|~nz8|$3Og1F#ezaEi5E&$_Z~jcx9Ca-@<Lzuk@`;7bQg)Zi@4@fEa6LUw
zkE8b<Nwi{waUv<%Mn_-LEAmps+?6BsID4ZUR5v>FX`Tcmj2Q=<HfG0F*!n(?OWLJN
z<Lj&8s*JX%tuwKP`R)&7HQs4ha{VckgaG+}RzUe39WrxK<MTZtX@%-I-6$ey;@eZ{
zV_&#xrBOY@c0|QEH1G%O%fDgdeUB+3XJXoui~d>fY|BmYStP{|rWLZOJ}`D%HOZ2<
z%62@1pM`T8hHKvdyzw6Fn38llo+P=m(SKQP<H3B9vHrs{Gym`x=rLskJ{LC3yH3#N
ztaBeZixrrFFBNrM&dHvNusqY`yMj79>1nd*c{h3!1o}Ew*4XG<wcF?sKr4j!X}1%d
zep_DBCatKSXh)T9vY)1N^@HB>^<llJU_s~xrh~rh7tG-F%E!+;31U;mVgin#VvgK4
zOVbfv!n1^afy#9Q?v(bQWGYkH+3HF#iqcw5)|L7=D1aLJswuP!;F%f^4_ZE$T}X9V
z#iQNKR8zL$*2<8yEHv*e%i9aC_ZFa;AvMbHl)LX)h=V-?@^Cewh9O49lk$m?OgJ4Y
z^ppbybEORa<+@v2d#`fzEL#X()<1Z+0jKe7*b%_$;<qsZ(5144z4b|E%Lp%zC4zZR
zu=2xFA(|w)h5r1Cj{?!dOjMnlc~PSJiw{1rtS!w2Dl5%E1dZzVa;9iCn0z}<OVzvr
zofXT}Rvd@h?xNqZqaO2iZcyyG>dl5nNn=4ElX37y^AF>-=@i0H$NXFN_YXTRr{$G6
z$8r>zJ%LBFqBG5dHCn>h->O!XqXV$PQwEBPD9Qq(JF)Ea90;mP#I_8Poe^NK{(3@q
z_-(xXC6Ir5rtf%>xW<C~*Mm!4-`}!_h?#{s46iP;%BOWaOQ6}7Q|3^Vucjoe^jhGw
z=Jmkpu~jrW7T{q6Oa|DI8KbN(BUiPM3oEjd`b!oWYyd=F(?ccpw+{WhjyLPQT_sVc
zp9On5HUv0JD<7$oZRa;0Hlj=UQnuae2A{{Uaalw%wL8b(lTY9}EHP9x8HqCUe2a-S
z-#vh>zRsF5PUjEh!gZ7Db7|8UWC};Jb;A~-qUc!GHjIf1jylgNVCw{0$pZpi54d+2
z{!q|Z9G~G4xxw7&gUT+eD%Y2})}9D1@P1v%9czJznSY>=zyoGc36HD$7KZ|>;1hLw
zqi_(1lOp|2({0jE<RT>#<et4mDU?5zCT36uv&NS1FBwp3?#5Qn_#M`5HV#H#21#Ad
z!UzfoSoEe8VVk0s#BjG09&mOj<8?kH!0Rg;kS2+O7y?i;7|MCjg$rk(Q}OaxJ)Pgs
zvqk+GmXcpyGF|V<Tk8t~(cja@zE+N3@;z2tpc_(><K=4DpIU<V{!}IeftpdlKBlIb
zNE5GpQOPZb@i(vTO8!bYJD|QZ3^0%s81c2idtc%Rd(xCP^^J~+IpHp4TVbxB-wKYJ
zf)JE<BLc(FXjp@jK2`^qfJKCvNu6$Dug)V)d{SZ?ptK_y0+9cM_m2=?CnhEUo*l61
zQ%OOtXPfq+xclk`gMbZ{sKc!s9o05M05YXD3!QS>UhHYzS`7R~Y3#L>Awi|1t*yOt
z72t6G%uvjnJeTo|@L`|?@Hvkvxc+7^H9+pSz?+xAgdl&B08E`f;FyoS^f*p>1Tcj6
zzc-|r1me5DF+Dsy{7}$g`3@wI+tl0~Y6v=!76v^b1aCGkhWH?n_`;HsD#>KwK?zTv
zMNDBXeCJg2232&uC{n=?RJ7L(5U-%)%+M$yNXii~#4ZX$*?5RsL-TUc_-)V;pJ9#z
z(#`C)lk!tEEa9SlTT|0@9=m~;K;LgeW&%5*zMC@*krKjZ?PO;-Ao<K7lSxqUCj30_
zI+>qdV|vMbkiQIxCuIToVOyKrar4fGhwqQ+x*Mh2Lk}bA4qqTvjxrh@Kp>nn)+kRK
z`;sf7RWVXn!o|$ZO$#mp0to{qX+FV8o_VhPo#40aF!BbwVCi`JYi%uIch?O`KmaoP
z3sd(j7Sp<Z0N7m5H6y;hqGoyIuOn1^h~I)6AC`5(`$7Kwmr)++tSG<T-QoBM$))KW
zS-GRKLA{BEc#pp5c8A!XV+K4>W8cc2UJXYv->RM*YS23=z$7K?`W;J~UCAC|b~jFr
z*vaE-B!{3vdmkXIeuO_fxh4w2z6RD0!2oXX&Or{;Ne6Xrbv%T<gLTAD<WGE746W}i
zoId%J;f|CpffUZ|4Z#3FnMskrPJg^?F?#Z{B3pn^q@Qdp*dV%&M|tQ}cR%V~rJk6(
zAzyG<-OnhE`_T18{<xxOXNt(4V{o5Qk+?oAm9smcqMGud*qPITJYeNc0SE-6$AOI{
zo7f=|uYBEpWp-#BH#~H$fn;d44}2`OTAzQiLK>@!g$)ZXro{xRbtxntX$p+MG#5&p
zvtxNX8Ss<fKD{E*M4vs*$*h|$OzVfO*ZKy7sw#UQAwZa`D9Wvp+!9YEPD&PBbmd(%
zUmSP#PI6o+hee8ONEn5uQsI`1<MEi6=0+0iR<T+GVo*Y9#s=T7IS}X>y?635U@2da
z*0J)g@VV21q>E^ax{UJWargB)RZOt)oGaGysSF6Z@owH~@5DO&5}g=VlbNits$AeV
zis=*jza%+)nm5Q*r>MgiN3OW}5}I{)TBfjt0{!(tc{`0Kb;%UU`P7D2UYT-H)h72B
zV7g=j-ou41ZFJTg<bN;NN1?(Z*Y9)@?zz7Va^|CI^)j}HSwT1u+?r*v)zJ(HEr*%n
zDzLr%`r6ekqEPLhVL3Czqm>ST5!#(Ae!6o_X#`T-z-@-GmrZ{3RA}VU!qw^CkEpyi
zR*A0(c-7Z1e{CQ|4?L<x;f&s^W<|Bv)>~EL#=IWC=ToM%P@UKgy`6ezB6oCTWT)(6
zuO2;;%&0^z0$$m780-mW)FhW5%Sr^)prvFTF2C_D2vjD8{Wia<13#G)_wyT{Qa~9*
zjvz~-|N6F6eo2ap9yeE7TIzfXI|fwTSRGtYK)A0%5h^T#Kl1ab{?t@=5kTn(0GxY=
zD|ZpX<1xVv2T7Y}$2zly!=txBQWC*FW7p$Dk%x3Mll)4X@zF%vq19DsR;nDv$8vCP
z5Gary2ePxXGsLfkmap@kEiL!??JeGEI2NLsJi%dR8=V&;%PIA%9cM>Ii9k|<B%V)4
zMn{`!j`V&`?W~M!0nFaux`r<8DgJi0Cwb~*(l^<(-P!(_D{aCXpri4T<8qhv1@oDE
zg#M>e*f~I#^!6kPQnr6s%56O84~?I-LuU82hy5HaDJd?-O|F2R5krXQLQaKxR{C^y
zgh8O4Ti~Ey0DJlm&?Bzj0eJPv?f=;Y^*}J(*m#7_hv>WHXtB}c*w}YUGAUUpEJ-R6
zbjGH#UQ$s;VN;mb1#wPMDxlj0DA`v9<mmls=^HEJ?UoVr2rKGf>gE89qUvi*ddP)Y
z%=|aNK}@ePkHmtLhaLx0CtklW5*7^%244*J?gePbjkBtuxnMB0aW+BXZ}JFv5@Ei(
zz|W;JLDA{1PQfS0(>7|yLe#P&i*Pg190=i1+Hsay{-!5gj;b4ouDUD_R9D=Bv4U#A
z?{)iL1sir4h`PBzHYRmWr=0L3KNdp_yS<&Qv#K`#7!ekLS&(j$=}~CJ#4|yMcMqAP
z5p(kf(S$8IKG6_gA6%_nTtn8|YbaSVX}|?2O0-wYdS3r^W2pW2g}8}nE%`genYsp^
z_Npt-?KjLQy2dk}4b=t;lZE8<Yaae6^)$eujj)(i#t)at`+c{@oOhXI_$HhOvp*Ja
zN@Kr6NQB=k!6T4t5M!;=CF~h)qnChzJc*G*8QU3CdR@zVLD_nwV%5x)1<~~b?8R57
z>|+-qW(jU$CAHUFa8*20d4X3ji7TjW$t?>#<CV71GWz56zMGpIUOb#BO^330NHML~
zLmK^sf)>9B4)KC3`7?7>bg^AekiE*Glj`O3{bu$<t!q(a$BSw)N9kWHb~?@D4>Yxf
z-$uk2Xn*+BlbD_NAJ$s#%reAJxO|!l!0eXRrN?usIBscVGIp*hVvS=Na8|XCJ3br7
zR&G}BgkcB-XwJ7UbXGs!U8R0F2{VroK%pyd#>$h$GiO4li)J5}xXL?3>6;A<R95oJ
zNdL?FS10?tZq$WC8YP2Fo^&E=aZE09p`Fo#5G<6egBAZps@GgDZZLsU@g(gA#7vq0
z^(yH@ef$>_eG1KC#((xU1XI}&BQcH09(y8J42yF%DZ|GyjI~o`GERC>DPzHUWYGRo
ziUbMzNb%!D48mher1V23d1A<#xW~Vlay``N<mFl3+`nxZAu942iSU=t03>K35;A}k
z{{|rB6^U@Z;vdXPW3!n4>@OiII`PUM{MbM_H(KAsbg6hhK*`Sk4l3WJUK(eHYfr)(
zqd<w5fxysw0>rcP<%=7Fq^tpm5TY)FVt%jiUtb7g&>%CYQc+nUi+^39a%3;*v)a_m
z6mTAV)N&;G#WJ4uwV0B%@rm}QD<g=ZBJbj5UPUo=KL+I^B=j<UE^Y~SbL5sa)i=Os
z;3tLA$}p3W1@5sr88l6FIn3rdn7d3)Dh210@*CSjX^Zs!?q*b;A2p$iyahzEMmk2a
zuI$&GJRKQ~lMcz_w>cw@<i7oyFU2Y3G)nca$)jQ8ruA}X)#Bc&93>@@&xz#j(#jJ_
zT?TvfB^kv4TL1*)SgEhx<P-89;kmhXs3hTF)G3qSLT!chY#9;v9%$_Nq{QlFoA!c=
zLqC}PyHS}+4m2+!leoXBKq|JSatjmqt+TVHK1jzba<jPAi_wDhFHwWn*3@$;Ilb~A
z0Fe2B(0U@%xv+dpSwP~MCFo-HCi6-T8<>GA9ji6Iu=nDsETe8GY<<4BOl<JAV$dsA
z+w0C&BCV}gzbzJh=Zs|i5&cT7W2j~1#@)gMp{j@XNVqtg6VwOhpQv8?gMtD;9RzX*
zW#8_juX4l{_^bpIx#>TR3Dja2eawNFFd*N8P%%c;@cE6^lTX+`9!IvICYI&-Ehxsv
z9`F%*5RH!~^c##n@&Ch^vB8E3-xzUkm!2N;m9Uz!Ydt@|mz`lA#+vIp{}1Ig5#+La
zNFOf9ZIU_H80}4ahq<wnD?=@fQPs>F+8ElvLS#vO`vOSOiCILbT(L*uS)WXa!E0|l
zwT#i}FP_{i)OA<T$5v26F01Pm4Klud<$q$bt-Y+ip89huhbf~tV*r^ZA-&gi)O)?2
zr9SpmE(5_ihvN|Ab>GpmclAVlzL$U(V1Hqd&u@f@upeT0{<2Qc$yOV9!1jRktA40m
zOa(^QER43NKrR09<$Jf1s%7*X^!38QL;hqVyl#iuX#PNH0aq_3p)QiVm31oKx3&TR
zo_HO=kyk&JeO?~kOAP25B@KiN*YkXNX3ld$6@>Z<O<f6TdAzECny_BfW+Z=CQ~x6G
zzAd*yC^!i^KM@h8l)SeE3j8LAe>_8EE~?tux?#4FFs%NfC(HTgRg0YrstY_&F{8M8
zYjG5?CIOGu<UJHw;l600_wLHm3Rb^Ug&Zj?$n8AIwaH@#0@=FyvO2pU!Sw~{UZHHb
zejxo`<TX<U1ezvIe2zRZPrTR{yJ1&psh)?d5A%&n^%dIG)s}Fpet<FV7wZ2o<6wNN
z(ft52#P~q6fwb<iZJRFzeCbajBn$DuO@*tUoupk}#N@l|A<@RpGsAlsko(@xJtqY6
z797iOdU#;tw6leF=a0<VF!{C4N?7Y-x%P-6BbUisJXd4!KWQax7C%y#7GXgI+4!IZ
z>C_tMgMaY^tK&%x<DH4p$i#T7Ei5|7JwsYY`Tr2+$!v7!89uv9(sOsUWaiZCix?iq
zxH)2&i)AZ+bF<aiO%!3NRTe*{*bXq>?l~W|{fwVxr(|N8lW|VwLS)X>IQD^cC<JrY
zFa)c20DOe?`$>ih)Ws2Jvn=G7IT~`(<nN9*VWtt$F)QA8(KgnhVlHi@p(VEeq<RKa
zmqJ4VP5BmlO((V`9v>=pH23A!f}Wm*TS<jm1SVy}HfZUSUN?gWKT6zm_TOgmq8uG!
z-g3YNq|<ggghC9FR{BSS{hb*SqCF2d4|S{G9LNr@iFjXSI6bsYBD}yZk!e$5k@{WF
zK51<B(@VW{YP~rN>;~<rRT1ky-uYqfdtOA0&V&7aaf(f5F@3JT1U{cc{hY}f;Hhm%
z_L{yafB6o;C+A$BUxcY--%a3ZyKgG-oCd$}TzX2?J*4BA<)ToT)634C3Z3`OG`-T{
zML$n0w$M5bSMG@a6WqJgDCIt?QmU@;w-wXO1|GW^*=m;5!@?rZ7xq4$-lrIGqTR#x
zszlYmv>t!+NVrA)PaL;Jj&M9olr2<wv__edlb!geEeka}mE3hB>fKJB0J>5w5LY?f
z?RC4%q<f@jLpcEa&&1wMl;yI4Ucam&k48aTbev$OoUe-uC$j=8k32tisDNL80qugm
z*LRikoYAu}llIPBOj(9G2IaeWb3qO#<>Fchjp#j_XWE^{iVRI?VLC%>*^pjF^<r}T
zGcod4zgfHq=(^V2y&NM4SFD6A+y88Nv!I>-m3@xf>#2M0umWu&F%DAa_5x*K+A3t*
zOUsi<dG9ZP@5tX#zlcG--R{n<|3EUFeRAI|ti#5vQh|CR8Z%vbHK%FbF0>oHX7c%!
z-~W>2{SVm;RN7r>Mu)#LBX6+8qa!7a;P6pOjWlWzSF832n&bV=w6wHQC`k644Os7a
z77lwIEhq!o+}pA*{<LN{HZ~S{yk|e#h@T6h^ZolT!Ycd8D(`)VEMi#@Far?D_usuo
z2<!K!ag)O+AMODCVxoM>gTDisH-2c25@`Nb?yzW0Mnn>z_%~;p;CA0z1&r<^EiB}8
zK$=(1L5qMz+r7oyewoA>cDkGy`Of~R5qaErcIs_J@bvzLlvY$N%LfZ~_w{X#mCmOJ
z(R%HTTLw<Mu}JCt*?%)3aAb`yzLo?%mJ(`T%X#U^)r)Xwba6V=&vk*D??DRUVtSrJ
zX&<=)H{WZg^;V%?2K!4~$ekHW3QN%xTNj<7t=MmDh2C0+Gl9MMKxm<!yO*6nDpezf
zK`ljO7dTJo?&(=^@%IH(4lQH`j&=80|0Uf-jk=Ti3``kJgLXP>ZhkF6xJ-2sLP)s{
zj1g5R674&{8Lc_K@NzzNT!n(EZ%O@ALENH{Lw(tail)%OjVFk&{h9K9zXIr%$^28#
zHMs&dddb1(Xz7glsbgw#<z^Q{l5XkNW%q<3?Md#6d=7`WU@^;C$%z|mIE`F2@x3wA
zqbnaR0bf{-iq5{;*BDSvO)$_9*<2AvjO(r!c$1^I)lO>uQEUylaV_FI%q7P7;Ys+N
z4}Lzo8Av!SJ`WC$bWM7M_!&QGenf^2_Ik_3%W2>OAyz$CO|K$-{1t9nh8pTk-LE~P
zL6hqVQE<xtmivULee!%W)0fJn1K;;bvV_4p-nI;gx`fO<tDC8$hhz2dh=0naO+i@0
zO3=)rwAZJ@169{yI|r>}(cx~dH;uJABdn+{y1N-N31(dq1OKnmq=l&2kp8jezm%o_
z$>4k#cFCf(;lq1Gf<w<tBhmn_B1?#p6$V_FD}yR2Dhi<?mlD3DZ|ILnKQH+J?MIM!
z6C8y29hW5Z2%rsjQJn%(;lF=z2#Wpx2wB<-I1$s|kHTcv5-n7&fSbxJZRx&c8FW3b
z-au#cJ>C+-hqJHjli&7F?o3nW(ADszx`+#cE8p&-zjw4i(i@1TMoRX|Cin9V#;5kG
zNM9B}!gUN#^0pL0E*%30Ze#8E*B4CWv)9~8AtgMq-hURXZ7niKif2r^RJ~i+;5%tK
zpJ<q3uNoWU`huTr?R8v*V0`r&f$@1H0s7rpkV5t@3|vw#SY2QLsU(Z!mNXVdp~Sc-
z#n8u4wJ{#Or)r@E>o+*Q(q+{zWA@iZlsONFj2pFE@Tu0-g2%<-@|@J#+HDKs^<Zxw
z4~`KwZjBpL<D@F{*EjjxW<-C-IStP>aO92!akx{=7gwm+V}_V|*19R$PcQPWDC-p<
zr}W}1^`EYgsGHw@M68-yQ}g0nY%V;9`jGaqBqWZBJbKAb*6to~=|?M6Xj{>Xn(^}Q
zWJXMdL@8_BchQ~rb?fCZQ%PrhMBcO9tFn5!t!1(U;M@kSyXrB|!6C}qK|KcP({fSM
z^3?g^zM7^MsPH0b7pL6!DJfJ9vAY)n5djMdtH;C&8-g8Q5tplP7x1*f$S>~I7WgiC
z?~)NiV@vU1kVE_dyPs|~60sUvx3uN-qwoa0x}!G$snWsLjU{C`wKZPsyV~me=ainE
zWCOCDB8&9R4j*(DVjmK{E&Ke=JSYpQ<}J<lD`r^42pmj^p%ZWnJRRCV(>mIKS6Nx7
z_gBcwnm%oYeMxFI2=SP>1Ne})4cvrymCftj%(fQQa5LrjX6T-DaEzX35AP4~K9uq4
z>SruN*OeS|<5&?z+fP<`S8O@To)3UcQQTg9g(5~#x1K$<1C%A&+MNI0v&(9_eM1Wd
z3nTZgjelQB_?un!V@|bYcS-}$_ipCp1WVTV6b+(FNZCH~pd@*#-TllDsj3$&uAy}L
za^6kF2ZOmoL||F&iD)gwKrkoQebzSput~5>Y@(Inq~r6DK?&NAPGfm#Ee7d!xr&}c
zDc$1bM>jqt@HsSm2}>2vWQStEv$x4&L(5ZoE75GLy1GtoB@$9tw~pnrvWI+^=eB(L
z0A?W$3&bp3P;m)0YV=7k^{W5a+J3GxgxKwck2|)l&KXQoz)ID(Qzqbb&##GW{crQ5
zyPjTGbiOca7ol!an1*Lst`#}+)L5Yb5xcV}b3~Y^4{)CBd2)D!YdXa*EJY%Zj}8|I
z%FmWPH#ZD36>OCnTJMZO!AsVqirmaR+FE+48+urj?XLCI7>i1%m@Rj&5(K?EqhV^R
zg~CPC$=lqA5Z}HE5UG2^cDRQ!&749tqf*ys!Pyhzb*pfGZ&Gx0jr3`lr&dEf%lpYO
zc7u0f*6^+&Y3$K{>NOzo((3Bv|2;>+cO3xq_&)QYRYMfbq2p{~xnmE1c!f~~7Z(Nk
zS3`83IURWa8VfTbH(c>AOc9lqCNE@$#vOanWTT2d^NoY(e<nob?tkTJcxNa)e2dmf
z-T~-$1O26QzT+hZ$J2&q7gkV?7l&#`b80Jv7<%#9yx4^W8bLRTA+9?1UN&}DQ67It
z(^AD9JMi(yx_rERaph?~|D8Nltzt}cT<sLAp{Q8(gCq%DHD=YA<+vD3$!*jfb~T(g
zKKx&+`9_W?(ga{^-yZE$?6haaLXp9Vg2{N4t-IFFSNpr#Xrrmkv)vh$-&tPd3TiZr
z2<q@ArOeIng&(U;Z>g2zn!VtSb6F0kh#-30bEtuiZz*&mHHmk{qpN?$I!sa*Xlnr7
zhG<~+o!4>M66MfbfyM`!=aTjY>_XB$H!o)AZAS%?Y2;YGbtapd+wrdr5{Y2NTb!a>
zY>Wy2HUG^{%2wXJ6cOhzOQp<_2%;j9fb3`gx3J}Y?h&%G)cv?rJC1LkkO;^fe@y%O
z>rF0k5l^6#wQFLW&D+4}e+244=0uh)1GoCxbGT~?YkAUPiS(m()(<wAi=4ykb{$Md
zVp<PDqF9V#PI+Pr*Pisxs606A=|Lyc=VPdc{~j)=L?egmFZ3<H;qO$IcKqwLldzPq
z!%TfXz}0-G@zWJwIMA!4Zfno-zK-Sp*0@qwPg5`3Uhf;NF1INGVC6r<f_k#Iz&h@e
zBHSiuEt{uZ9)S<Srmgv-f^q`H`W<Mbup0wIdVF~rC|A<fknhvI=@$wLNL~ae`DVA<
zxykW>!i{<OTj4qdt_nEIg*&xVwBS?TnSD=2Pc2eyU-{h!@_%s;Lj34Y?vwhBP@o9A
z1R-AdpI-zzyAs}W8K*;b{-=6IM#DO=>m<T4=L@smL)TD-re9~ddwN902bgeP><|NT
z<6k)W9r+NoRgyn33&;&wpq%?XSh~z3-KB}4%>CdaoF9;D7ZY<$&dE^qNZkTZn(onL
zlRD-m{e|lcI4uYfK*;8w(>otyvd%l1>F1?HCZthla>X#IE+Zl^TzkI&u`)_qF=Sev
zjLBc$cv<m^5x>;3idU;RFcIS4ZNBSyEttCVypm8Q^(;fV@mxW5HC~kM%5uT=&Hc6J
z?<plJfO;F?zUILi8qc;xo_XhLBhJ0XgdQ^!oR7pfqkOxwskNc7<7u>yV{w+#-W&bT
zD!A>Sp#shrHfMI*2Ir4aV!nO)x%UA{8<H1FHER%tOjI#bO+>#kN=2Wl5`lx>z6LDt
zR_6$rT;6VPMB-0y{)g)ZE~_~wA!t#ZG~LoY)AgZ<LGHA3fqI>%VYAPZ^kW9Z>L%>x
zQ_`#r#;$danh$IemD-F&`S5sN(_WEGI$NH#LiKHU4NHeXy~5m);G<yb2f$LlPL9ry
z>(j78j79B9Ygb=)(YPq4B5w`TrX-VZ0e$T{bH+*HIl%UAt+1{8p_qhfsF=<S^ruRv
zMu*>=v*N}NDA8!sjX!&{R5y9%w_oZAKmI;z9FKYGj%9**>sM2Obt?O3jB+GVp^zja
z6z0=mXSbWl8CVB-JdHXoTwMudz}>n4%{K+^sWW*_RiHu7$jgv^>VefZOTT9`5h#M@
zWM@Il|DENy3EtcdY-dD=QUVYb{|jT1HD-rW=B0Y1Sh*}-I0RdRQng!lMzmSFm){D>
zF*J8?>sK2cFsZ*k%*|Pyvkb>-r^hF|P0VPm90x9O7@O5YPVxJ*j+0gE%l(;0)aT+p
z?4IlxN_ku%I^+X$U#U3<vtn1Gg-a>DM$b#Gcb_(5D?7Dd`p?tD%#~KEvRF;ur$Rrl
zAS}muMuzl$Y6faQOrV9=@LMnbfVL@MZ{EClelUB^`Eu{(B=qSjpAgoS&6;_Pu%<&A
zz4tfdX+6z=5-siW4sgtYx`etz%7U;}U-L!|@%o_XL|m7FdT<6f+v!xgN|ymL1!(Sk
z5XF8!UP#Z->;u?uAy%h_(`T~EetUbn_WDP5U?C!inv&&pa9UE*WT|O;z#WN$7Bcl<
zQzN4DD)0BV+Yrv=2H?a9DDf25n)lZyJ@7|vMg-5U{uz*~kK$ryUz=_6JKkG=dB$-9
zJRRWhJmV*b^(yKca1N`ua*Gp}kU;fljXCv|j9uf^<{!YrOid=`(%7f4ZsVFKhQ!Yz
zhKIF~jJuJ~4l*MpYJtUcj6DN;1aFc3es+rlID(Q20Co|0I_(<Jqz3T;nHzYhOIIZ2
a>{7Bi+A%aevk&+ZqzF}m6wADL{eJ*!+#*l_

literal 9869
zcmb_?cU+Urwr&s=MWjiQt^uTj^bUfF^xmW+C`i}PJBmmLL+>a>YCxohs?tK2-UL1&
z^d<p94cr&>+k2niJ->U;Is5!Ucr%$<GqYx`XFY4p8>XqQaFdXh5Cj6<R8oX!gFu&(
zf#-v3mw?X>F}w}nAD)Z0f;_0SkA4OCa@j^sO%4PqkGXO3<O=Zp`U^!v7Z8ZJ<@^t?
z!@1xo2y_pu1d-GAG~3ANkD-5-nU7<8fkwfZ70|b89K#~=WQZnbf;<$8-e$BIsYW;r
zr#>;BwtF<gxV~vxBYbnn$&2OF7mLUVf$`flH%q%*pHPb=Um~K=T&S+6Lh542hmClb
z8fHajLOo|i{hwMt)o&t8>CcII(RwVY^1%}m#r?V36<FB&@;fjPDDdi#DZ0ja)-33{
zwV&U#39wO3SwiUPw8yMp<%<t)?pW93>G=u;RO=!R%i%`ji<#&cD>E0RCIEqk-_pZp
z8@ybcnsDttd@`cAeGP`m>iLl~$UUi5frE{KEcGm}g&)BcfP4{ZK=Lri9Iax|BtDRO
zx&Uw9b6R*)aB|ekl;xClu+}B)f&_scJg0{TU>CmGZ{b!t#~AmVX5X-AC3V2}NqkR7
z@)xu5K!NXb!DsG=Ye^coul4q~V(AuO*aZ;C?Mvv%D8e|viNT6b-8-^Qclb&UZ`$$^
zFhKJ*yg$PkHy5=r)9d}c(nca91!wkTJkml5UtOz($w<y$uyKAa@9=l$P?Ujz!EB~D
zdio<l|LKCdjaR<-ivsQ<w&>~mR{9YYxpV~XRKvvaUsWB-zMlLLP?<!2Vp-@sieXaB
zd};2G->bU+W&s~F)E#>$zMH9on0M&H1APO7&(IYy0Y1C=Gt%CFtv8GtO1PUuOUv1P
zO)ioVe2*GpwVn31*Q|=Z#$|m6Zp@{swjOnFt-;-jgX)uvsi(X_VV1_^_;L9ZN8u`$
z&+KWIIj=t%f*b^TeFyBEk#RV&CcC>ifd9xnYFnSL_$CL91@mJbY^=%I3ej2$7BpYW
z73uHvISM=GHUH%_H_xGCXO=SR0a`Wy=WOJ%x_1fm;C}TFq|1`(n)KFH=@(De(wEs3
z=%W31Wu`1BmeXXab0p(O_-nqC6;-fMI){IQ56R{JvNWE-d(Q3mk)$Rmnr9r$XB0W(
zRg+`Z*Z<Z0C#J7tT92++vy833Ym*D6tv%vwgh*_-1_E7cO*F1?%CKYD-|P!|)SBqc
zr9qd?grheu<}Fpju`KrSrwhjqX(c2@eVpUv;8pslIGUp^6v`V@k5XQT4ap4p3c;J@
zyBFLm#8N0zsqM=IW!%kDPf9Kys|AMdRbX_0sb-wB=DNr6K$ku*EcT{t^)c>k_Tjhh
zKr%%vUrLBXb>--kzvqt|xyR78RiGngv`JgSvA*;(PeoZ4qEY9$5eM^8RXT~qS;egr
z&d0iD%sEfDlOdzyudPH5PJhef-OAVE52Xj);Wi#NeLNk}SifVj&6AK51@VXdb!$(}
z<e3T=L)TcY`p@U$bGk~8^jkhoO?;Chglr;mvr#G|PH&Z|-%%nVWl~;uS*v*qS49!n
z_4f9+hx~Y;FQ|d$_0dd*MT4&gm%0bu#zPpDBb`Q4lQ|W#Ry2_e5s$jLJ6kIa$g8|5
zd2Izf&|X}X{!Vo`*yKHP^yrLfUh62Up5H>@!zm*hn;fp|7Z#Frw){i3@z7&Nx-KhJ
zc3sV-u0Be|!4YL^Co^3$E;^QILn!0qAyEX|Xge8rO7Efcvhr~7EP;!s$2c~ADb&Px
zG?Gu-Aa?;vh%oepFO`1xE<YNl?e#K&bL%C>H|2e*_c^!Aezh~4!VT)(E)eJr5g21X
zR@&&h>b1o<tx<UhR#|YgiF!j$Z(p>$$uZil+k<BB5Pm1}3}Tc_gLo0bLq=xpuU2BA
z1O;oHAdI_SV#rG<CCVl#y}lA=P_HRZ&cKaj&1~M08z<@RC5X=WY}ao!3C7`r9$bT<
z>FDSxZ2E~70$BMx(R2dBCb3CJW%os!J*|9>Pl%Y_;e*~lA*BGuR55Qc{n{MHbxc=`
zg8y`r9kMY)`s2J^aRB_VN1`aH`FhVb5g!7yxM=zte)Uyk`5`TM834mo;KW2lMPUz9
zOr3G9_0Mk2K^uQc?hhC;7U6@2U+JR5>piyo54Mp3J|3b0$?51vrnmXBj#}DOb{^A%
z-ro}g#~i@6F~=LSXV_(p0dXbF@CV1{fa4UwjiFiI07qU55U2o89BfchRu%xjEMOG7
zDF$X@SniZx4bm<J02U8*X8~T?VFCtFngj#Qe1SXK%j;aM3F&YCHG0KGps=L0H1!4$
zn(Q7?!&_o9n=9wPEG=FJz~1@}hW8xr3j{+OZUD9mS|tK+T>=w;0wsb_^?@in(EGms
zW*27C!;Pt$vC+{|(|YSBQp$UgBO`ilc)ti1K<{aRS<=`rk{+ABdwbLyB-R==v(hp?
z=mnjApMat_s){q2;<>zm`aW0yc-O|t($?@n??p+ys6~{}5wpHti|Z@Y(Xz)RApvOI
zS51NP!`|KK6~VIf`WIO2#?+!b9%%V0c<bADsQ>=vG>NRte*Ueq6F{9ae(9tM=FNxm
zLmRgOOp(^5w?Tp0fY`TO|9W&Dw=9={=pv0deYH@mvRH=)V!sOacv1^C@OjCt?%lIJ
z!EA4Dzc>iAgMju>@L9KcB1z_{!Irg}qLx4Qh@`(Kqse6{8W{)zVIH7OZzrNgHV%3w
zhJ1Nvq&HI3ZLFIO#0n2vw$05>Vad%v*qSE*miq~EIx=S7@Z!X9ON2pSuKPT=n9oRS
z(AR4rteiV3z4k^#BsH3_%PAshFc3RFF!y7ybHIJ$;<F)#GuYA`tg6u&1Sk14*}ep5
z(!9Ri`4j$wyMV4AlAWIgpyWNL?{{5Jz6is!*$*uxb?8J4;bUG^X<4(XTeY6HGbTzP
z5Y4$hz?hMdks2FfFVW?|3FIdV$HF-LxaI5atx@=rE-JgH<GbW-liUoFrL>UtX|Dl}
z$ZU_DtKFk3Vk#X}zHsW&QAQq~ekv-}$*G8&nE_%aIaq=UYrPBMG-a8_T3{xrW{HEJ
zui}my=v-?d*&`j6-yc_EU&cFxsdK}$_Ns!}a=+Wsgbk%DTQNgT8R-m4(sdYDW~scs
z+D#9jC+aIZ&!z7G(({QO?K7ZgkmfZo-@LiH>2|yc4;bTN&kW<&w^ZIvhnMqM$2o+x
zhDzm(93X4_9Hcq-)e5hU<(qj8$|w)m;Rakk2SekqCze6yr|wuqCJv%_jZ%<9Fe183
zhnf8%xdnz;Fx`o}mCSsk$QYrWo{dbZ($O_aR^!J)g~Qlg%b*a2HIODTnCXh!(KFGP
zdUl2h>%98V$Ym-c)@szP5`Lc_@Q&>+1{&%z5sylTCj+_e%H|HgPKMF~M9&7qcXY0T
zP=P1~h`rO|QrTIQM+`BkLY!8~(uk6B)N@GbTjd&zJ0YaBJ1(Xe5sE-$G=j~ZOxR@%
z>~{S8ILgDFI;<>=i{U)kvbk6Uned@}vZvq%#cIcx;Bi|j$6T93m}Kbw4@svxn?1LX
zg`Y#aqnh2q=+iKtN4m=Q6z@1D^7N!tE>Y7-ZPjQX%F5E7;enn$Kr_oXWmowfT@bCI
z-Y8aG28HpbVu!e?eqZmyTP`>8K<HN}g$`<Sztawn6WlWwW^fH7;@FH0KV-}1N}$;T
zbdHsk)%=e(Y}xEdxks~;17T)d+}(xcp5n8uddi)lE9VXr6A$2Gb$@Rpyu0%wWTVYI
zU~9JNXz_;2Gzdfygi?rtAt#g0wlgy3cfG`EEd96Jv9}N_d0ex}TvtKwDIko20P6BJ
z9i6Bi@1DsV?PN8cKHQQ~zbDcxg{djaI34<NINF;g+FNxA^!+A;G4dRAPTTSk6@vLj
z9r^tYm~Z7aY$B2*XKMkt`NL`F(;2R;cMYDfe!$IbjJA4vYYg-cH0eP{`0$V=fI|ZG
z);!fBGwt+5q2JuQaW6qU>wc+OV_kK1yK_GN17T9}H*81qLisYr!b>2~cfnBlZ$SWl
zat5L9N&(3FUf|zsct~;B)fIj?rxSRJge`Od!~mHLqP+wT`9-9KM(B4R$FaQG%^a%O
zDn%etBCfx`dk1!{{{?gt=cp;~eZHwsdRhXY_Z^sa+#T3+@WpbJ)Lx@LgaJKCz-+?T
z!6ElvpRYE3m?e}x_1bx7Oy*8&IbFsL$FdjWw*5cWde-*|*#J=&zebj$_W3+EdA1@o
zJj|9M`Eypq4g2T_6Kj5E$puO3#N3niR~b%TNxQr-Tf>duVWB_cRNtbi8lrSW70^w7
z3w|vlbSi0VFyXD>h4RTJ=HE*bybewZ@()gpvxM_8Y3dnJXDW6l#5mKBmx(N-v0&y2
zN|h^4ScU(V7}<#0V|G%A3j51#_o`|2@Mfum_X~!$$u2tkaD^!3kRi8CvAo_IfE~Hn
z3PTG3S~<X}-Qn;(6-8oK-Qzr~j=hj;1J66+cv<z_{?@~p@47K7=E*`c(*e`Ww73PN
z+-vYNq*RS2LbGP9i2?vNwkRk%u}!b%xqH&VIJwtXh`%1oWI@+Tte=KOW1eDSQGILv
zU|WF3J7c}1KRVx;@<^1TG3X08w!%S5nY`H~D!bgm&ghM$imnvO{;Xz7P^pxmZk@vp
zt$PX;M%A&@qlcS<Z#|n4V&Q3ot&nFaCs-|e7J3J-OqLjS6|Is(h}AB`A9}W*3Bm?4
ztri#|PSMjh8*A^^xAjLRa#paxee|MHIV*#?E#7*gO|yf7V1jX1z*ud-{`RKp$==1H
z@D8{L92s?^N<k+nKL<LEm}OyFjh0ffhTE!)jrLvp7nQ_qH)pNPKhDea&JbBy`u-9l
zWO(05H#74im@iGSs0SZEg^R}Uqe@-w_Ux?!MHT7So8)vx%|8{55_Lyd|33XtR8(iB
z%rp!!&K_n0O?>&J4wpc-KA%1?xKZCqj#Qq3Xhk;bS!27)ZDv`tH+g4Rs9Y+)Jq7#p
zn`-|<kAm&stcG!C;fDBsO1^{PCj=AR7QQg;4)#!bi{bx=Y5&s?1Wn+@KKyq_1g0|O
z(BH+*l@khXc3VrVBg5Bi2ZCcS9-!g3>@ZNE5<c)mDh_(^4CqAw#|P<N{Vz7Cf`@dB
zt5wy~ZY9MQnH)LFdapKryZ0L%+DWwx3L8XB(McZ88&=5<_B3v5o8615p-U^yPe05W
z2!R9=WRuK3J%M!J2Gj@u%aapLiIh~%Dub}8qY*RzV;MKDUPov9yVlCPo>i1ymDa(6
zN%8GvEi#OBzqfO?i<u)}@`or^`5tV4o38ihZ4<g?DX~DlqanlUv}WLgtM2a*M#@a3
zauhCq`C0Pm#-qU*lbO#1UX*TEE_RR6FWwuDpuS$1=+T!>*ENQS;I34T#ScnXaF}kC
zTub{=RGD3a<wzXJ4pw}%5^E#CEbm9}7J6EI!&S+IF2+QnM7MoGx&iFt>%lY1rSws|
zwjz%uin(E^=kRtQ06Q&|NZRmscH&1fhfhMK2906K*A#B_=t3STztPrxmNXTVK$Kv~
zp;8kgsp3_7Wr%oNca(JX{t5+k5|MGGe7#grsK%Ul@Jb;<hf`nB%|Vp?u9?Xj!L0A|
z>}r=T&Zto7EkF*Smc%M_nQ{)Z6nck)T9ikXPuXu2KbFYlA)GX(+=hs=%9|KTISdeP
zh{*dhx#fx;X{iZB2vuL@`H~?oAt~t1MMrRP^l_<A*}-FrFTxsriucIy6m`+47{n7j
zdqT;^J4{h&kW9O$u`c1V>>k!19^y8YpKpfrVI;{vO$gA<5LZc4^ieC1Xyj0~p(puU
z+HG*Zr@T}yB90z1elwz|0rMvI19yq#%DZaz=VhT+GpmhkR4BGVZ7o!Y?^%=5qVsAR
zP*c6UV{yOm-R|Q~_6ClI1kZdcybIX2o2VE^j%gXn`hG71j|g0bA7^W`tbRf>KMT)&
zrj;PmX;<P<Kw-}_$nFTQK;0Hh)yv>fB4DSfejcoyS^1e3x{Q}!VzY|TLJC7)3%PoK
z6zkSpUfG~=d225M7@(jnIOa-8MJ;*+n;OJrpdD;3(;)FhQ%~TCMgjg6nz<G>%yOg{
zH(^VqpGTQm+wipDwmrX7gg_c}elj{zIUTzV%4>OqyX+i1*!S*bxnzou^`6dSL7E@l
zPyz3WNGlMq3DsCs(xQnMSD|@Ib9y=!e#?Ge!rrH6g}st<OLmZhRQ!SI12k!7CmFK#
zh1<f4s#gL#oW#ChW-i=UD(H7q>u(J;sh)RXYxu_E9b?aklr-Kz-tuPR<L@7=AX#GQ
z?$YrnezhCk9@f6=zGL@muZ1m}ci><mVVu=V5L<B|K>&YvOAeSr5lzr%c8umbld*_S
zm$IKtTBBUjapW_4Q%+r#?-*oss_y=CGy2D1QRt9VsfJBtx*e?zB(uudb$xtNxW;et
zY;KMA4^E$sP0f1m4{fW4p%^NPLQSgFBCeRQV0!qzy3yqCihmv2S?lBu2A6$0r~{DY
zV)nD0&A|Y#pMx4^r*j6*{?Zni-rLz8_N6-E35H*TS3Nx?VK#b$DjT`;cVL0u=ZF%w
z*X@*eV@UVK2MJy(uk4?-&i&vqDh>4sIQ}pbg!pI5`!gK(<hqdrg-%ytwX+Ftw9wJI
zIoio9Hgd&>4C!PWA?49d7*S?VDlSBJ-v16<1>)QpExv8OZjdpYgo}{!c6mp%U}*Tc
zTEW5e4lMup=%<%`A{t(wiOMYBY8wME_<|y+CZj|}jam}<(%$zUJ&lEwHVg3_Z#>r<
zn9Z=hndFZ!RzAtIbI)je&3|@U)q4T1hon{kMULuZUj1_D1jWlHQt3U`Xl{g+hH;1c
z_Pg1qk<u3k7(%;0AWgN!CS_C>$p7g?XL+V_P@wKzy7#n-0zL__XgPH5y+Q;kin}+3
zuRXcdw@BisJ14w0%{8o3%VtwdTTD1(x6<I<SB5^h7{}EU>usb#<~2rd&>yT=t!Jk0
zXSGz}wxJtz&#K&9g{oxqiPgEdW_NGM;rO{reoC!(W~98S1xg?-9w|ihfBZPNJ!X`L
z?p}y~%A*NBiC$%4g-BcGW-l1;tz60pEk{E848jfj`jkD|+$TMwh)tCsfxid#Wx<!0
zjg1E$st6bqg|YECKZ-h8>_n=*(?>_AYHAjbJx`$SThNxFu05xA_n|XRzoXVrYVj6d
zJ<Tg)m@w<n_y^q}ZH~slNB%o#-xqL|!U~9U?-jlezMQ|#z2$EB36LqTJ|fbjabX=H
z&#OV`=p-6LgS@_R?OCj=7sKiAF`!#(-7Mh7R&8STeM|!R)bXzXlX^%Y{zZ)W?M_dA
zV>0>3vy<Cyk)8HWs}va~<51J(lu7{|6I4i-i583PQ(zuO2r)>L=Hd`Qpaj5${+$Mz
zY!siL_hAr;EI8L_QT7Pkmm#@mxf=H{gjo9YVE!1pVf^^<eJF_eca;7QajN*lZLPSt
z*axTwH2EC|k;r(?`t3VTRXdKAnkq6pI>#9z1GF8xe9^-4yVJ<R*t*I0TjS*qm2juW
zTL$h1`5%cb#{ZCr&QB00m%Y^yzhi9S&AQ2tTsi%HeW`?jchB{6PMXv1VlG#y89WL&
z_!%-H;<q)^I2&-*SO~gJ^v4`0bm45=+}u*Ys!61NeG%-J%2{_(#w&XLM?emlSL;Zz
zK>})I)5LK|jqCyIg>CF-02nKg;UnR~CQy}Y_lN^?EpG=%>}4@1=G8A0c)I{&1*p1A
zh0xfFNlJ4`3?Gx3=~PblKDYZO53gY_X2`0dvu7E~_!5Ke3}N(s?(aX7j=zh4G3pdN
zwY}FufP+C~JmteoKDeX179t`d7U|#H{GOa<0$wkme+=8nHI3DuSg@PVoKhtmTH0Y7
zb?rurIW^Q_Ty@1pud~D2267Yveg!cl-wFhH)PF!tvjC62CcYR)%eHosan=+>wbgQN
zb%P-%=C$9MCtC?hBU9=S#T@hZ$P8z{`DqO$J}+;7)3t{DepFuhjNU#cY$@(Q>2G%K
zqt09Gv-}TCJl$Tnf%Wq`$qDe29(0UGA<UhUcG+N*I3jZa4r7-;=z9?98yNa_2U^OL
zdAsh60ZGY`el6)w$`OP*4rdqVFVB0-Uy0+gjYjRwNRT0?d$fEiuk?rdTFUS#pua<Y
z>x53r8T-Klb4PmA_vCJ!lSs4mNrtVpw7mHgbCnSqLv@!kKGzsqPW+!_RR5%%L8$+4
z`t_f723+6YU41$NU}7nwKhAU9HX#_Pxb8W6zGcVk?YULuTq=0<AcE^3jj+H)Akm|}
z08TuLQ2L?^lcj&~>VMMcMs~P6oXDdywAh-L%bDaq6_a^X_USh(!e@WP0{gF#*$+p*
zkq;Qc49klvEY$W%s707>EYxi2)C~T>R#RDigv1ya!xilH#axtZPbAjo{m<>{Zn*E}
zNifv|;mM8dvv7U>3|QD9TNZiEUU8%U)Y5#aNtR=8ysqnCFZ9Q+FxxuwI#1v?5CR?u
z;K<1I<C{>$;D+746CjyJ#>(Hn1pi;7v0huhfx-=S`G1$civKP5Ai_iyp4>9{)`oOS
z6sp(csv9iBL(}z*Gm+Rf;x$$uDy5|!Mw&!La!!b&-pwj7tVH?i#`S=s5OOzO<iG3d
zi=62?`V-+Ewws|R>3QLzQXv!hP(5+0mGE=IIoBGT`Wj29lXDtoYC}BDyKT7r$?14^
zn9HMo{^xKrCZ<Tx#`czN8HanhD0C&#?+^Iho#(|wvb8>(l<1UuGySQci%Wz3pDPQ0
z{+DgBTQ!7?MDv_m;|ix;1ZQ@2hxPR8vWD^%n;WtszomUM4)d5KIcJw&!Ogy&Re~Ph
zxYlE(BQks<RIqZPx`tl8f{WmNXrAKmlTL*$3Z?FBPQTcZ#}k?yqei(}lVBS-zqL@Y
zgmEmfrT{QYo|Nq~;qdSH>W2Np3pp_R@XNN#yQ(h}KYSmW5~S*zxdPZk3I&|W1Ub0!
zV<?PLOb9M3-R$q|wqRScV0{%%lBGt8<ReqFBlpYgTo<}gJV>Z!VkV#)S#`Sxy2*KS
zptgE8n>^o7>cPq<E!nTeA1Vc(O0B9dW*XusMpduYn8716Wpm=eu;)~9cQJWL^`)+p
zXMQEzwbdQ;cQAENPXZ=xroO^>%F-&JH3{y?qdzm41ALuJ0WC}j4v}~-a*VU3hd*RU
zPG|6%n-+r;yCt*=HV!|EncH&9W@yM|g4-y(xZ-QsON)HUKPqP3K0})yRGhdLq5)yz
zeLDMn7^v~k0+N2Q!_SsvO}sb9Yk(Ro&Hdx(%$?0X;qb>gyHv6k24U$ot@kX|pOqA2
zq^2uS%wwrTwdFd=lwLEI=?Mj}>Bju_(IW6dzO#beZ3ywr^JLJyX)nq{g<(E)N;{9z
zek6dR%%d_)*oPb$S1Y$23Ds-#W!D@RGpr7kay0KAmP0S@XI}lQ>3GxFl;K+o&vR1X
zj4Ss0G0*+jB{8#&{LZtf_O#`um3(~ENK9i~!80cC{?)>Juza;xa=5YJ>aulcgXH>e
zs1oEjJ2s>(w;%!cZw9e8hMPzV(@1@fmbwn!0?^j(oEfo%nn=;A7})cDHl;><G%e93
zM|uj`S?mo4n?g5BA#P)i-gXXG;2r?GKd;)^$h)I0HFqk-Cn~5`?jzI~HQDrn!5YS?
zu;LfEUnfQmN2pm&dmjka6j~bVs$|V=n_lk#nPGqsk6h#*K9%aLw;^UKyB-D4nz?Us
zUqpyFiOcY@Snn{CCaEg_EzW<mJv0FF78!sn+zs`8ang*1d-EM}F_VQ|-%ASbW&-QA
zPUosb^14i?NJdkrtFcMDH2<v3Rhvm3yl;Dp=c|)79|urO1oD3+hS#W&z<F8zESUkq
z$X+1VAFPglKEev28VUIqmP!G2Oy}P?j1w8Xls<oSo@M`@`u1Z^RboeJ!mhUiw)zoa
z(mEG>(d3>Y*XJC<D~^O?R1D4&bt4$xf$<L)>`i@@6e2?b+vQP^nS6^hikFWfvztUY
zXQoptPJVc=_H*)0!QhT>-$n0plDST>l+cY=^b&XE=E53mq3S=Owx0jPCTu8v*(yYv
zM>%g-neMPR&c&V=dRlNXp`K$(sy5Hi)kCY0^O6csZ3$cyxCb7qo{|uL<|U|YIU0~>
z6iI0>9NUr`lzzK~3YfS+ZD4W`W)EJfmAQaO0?o)MRMn=Gq#fT!h#SqqBL*uBts#&0
z2VyV`+Bc~kbz^YSyZ>Ef5pdUaUY(_wXNKM8`Sbj5M#cYYxF7_0!JyfqNto_^!06~`
zPXfiIKPGcG++;dpMDvaAwE!H^g@*z~*$|*W2$Zb;ob87Xe=r}Y!oK}O5AXhQ=R24?
z|B~IO_WT(*bpIU6z^8FN8K_|=nC0;*H?LQfAH)or`>Q*|fPk(@`L*gKP(HetQAioB
z;*!yqaM*qHc;dNZ3@>#v_I(~>8YSdob$#)`T*7YFdBQy~r|@&Q=Y|3rh(QHc0W1+x
zLa#g;?Ysuz^)oQY?29*uBtIloSWA>MJ3s*x<9yi~^X_QzwC?ndX?Nu0@uEoFx7|bE
zI+f_?`F2Z_l$ryjCQ$<;F%NmZ$FWUkq=-~`!!RquwIKYA-EE&4iIKm~0n9XZyRmIN
ze+4p{i;NImK(5W^{@G^568dvpl#IvvltDj&C>el{GUqNPHjkyBZ2Bd*$C4HEu02V^
ziJ~f3Ql|H*rLKP;09RhIb-jIka5om_bE9-ITmzvOCfvIQv*vzmvs-<yqiM17AefC6
z8eza;dUg*eranAp8RloRWsSzG_dlob2AmE8X*rfyfQwUd@UaT}P>JfhzNJ}Ku!av5
z-sIhr{dIn*1a)J<w7RcSDsGONF^PiLEYB5}M*0UYo9YkGJQ$9#2_z>QZo!e33Ym~f
z8`m^um?_=HG%GI5gmrSg2x85nZ~fuMF*R~?YAgDOxt<0eJ$xzf0`}U&2TlXfmZ`pQ
z`xI94)c^%2C?T}KkUEv3?o&4E7D2wB54BerpA;{LNdr&<UA_(>wraDEFzJcErZjAc
zEy>Osk09@`nT!tWU$+(~@2%yWpiz)CRSDU)bnU49k(wO<Hx4!<9JTc^$lszitMp9h
zBtP7r4QK{Zr5uHrRF`u`e_ub+LV@=)SzIBDMy6G_kve(zz1~GDIqTFmGhIV~`A+JA
z5e1r-DcV00^%sZ+E3UafH@S^1)iP?-O`li6cMrZHlw7FG1mwWxCMLSTrRq6?0#dO9
zN3~GN@dVtx`U?H)tQgaJcj?{l4=XAvfGk9VR6LS0)c0K|3L#y-wfC}r8S20M{R07$
z?~9IThT`If2jo|hAOG(3sWxVlt#ghuhvHC$uQAvCCy?m<&JFd>mk)TEIB-3Ea&j^s
zBkO;L+n2?TTdj`AUm^l5yZjP7u4_UH&SeASfAg;h7&YsEHTvwEHF}Tef{5?|g<b)(
zB><&jK3?9<sTyY>?X){XoHW{x@#<Nwg5Cmw_Cf@W2^v_q@_39iHhI#QE50qEdm^C4
z8YtP8BufU!A?e@Kp5G!XuQKKR3Ssj11UA9fxJ#bqd|ufFuH?V|e*fzH?g&In1YE^~
jp5MRtq1;vC3~$`|Mq{b%^K{@%Eszpa9a1W9@%sM&Cvp@|

diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png
index 8d34e77eb9a9a00c2dbad533ed220a5bc16adf9e..4d90f1b6f259ff51f2fe52be744d89c3b4487dff 100644
GIT binary patch
delta 534
zcmV+x0_pwC=K+=I0gzS!s<BskaewKd{<dNGFBrx}{e6Seo%z=g=B514GOTj5cou&n
zF+EV;K`M`oAC%`urnVukr3JD^YO#{rqJHK%vq}h{Je1dtaIp13`$_(vsXY6Bc2Ann
zu$gl=#qF%+pgfe<jx<MkS}XdVsRXr|(qxhlmy?ft5~R&!lN42EYo)LsS%0|iC&+8;
z?sSK`g}R+wbgQ}dB}VlyKzS&y9cj=mPnsb!j#PrWW4R$KO=?@xFs@}7va$M6jgvd7
z-0alt!@%e+C220n+F2t>jG5)t-HzH0%0qeWNRtk>jvCZWqf8;JliVHFPl2!UN^bS+
zz8oOGFx;!j@YO_NU;ByrKYx8qm6_Gt$DojXRSeZSP#(%_M;i5BUgm~e5{Xl6lqd@2
zq&y<ghRG|r)wBC@fc!#XuNlr&H8;Dh8n<*To9eOJM(oP_@lzLs^+@yc^vmZP^y3Sy
zIzvOcMBTQi6h>;FypmfzyFY>Q%KCKXT=o#E$7&l<D{uXykA?L}D`m3s+UqxO-qf#L
z0}vjtKN?*MqsR=E!bmM+RFXHd2J()!&;-h}r>5>Domv<2Mxr=ZpWV3qM6Eo4@lk5B
zU7+lclUy5;Q_?V{sFG2`R*zl9>NUacTadQ5F65n-jAd6Z7^lUPd~-LG9tIK_H0<sD
Y|37J-CTw8hi2wiq07*qoM6N<$f;co4&;S4c

delta 467
zcmV;^0WAKN=mE^<0gzS!VX;?waerx}{=#AS?--y~P~Jf*kBlFbcfdG*u@(#{59PHZ
z9BdC5louc<uSIE^@}v>WzlzTdk^BXILgox{Ir-oxLE20<Nl|6CWeWR|h5LPud_|q2
zK4rzMPBI0vnmMHqKzS&y9ckPy&oYH{gu0_-kvbwPP4#BT!?>1__(t8d`hQW4lRK*1
z?9}Z;P*%t4(;PpmV@$xh9TF%H<+UTtJJ=f1$Znb<kqB=jcZUU%c_t^X<W|q_%K`EW
z!@WvM>XgncxvjoMZQs7z56VM%?MMUP%PSC_yyc?2Q78~usL<-kE4kIP`z1QFD5+CA
zH%W5QF=9dA?I(8S{rIU1!hd?C`FZ-~^NsuQh4h55grOK+qHbGM3PfI%t@284_3XYe
zmY}%Tk~*bxOD-kfZk|^t?z{a&t-SS*J{Hy^t;ou2uiw0RQ@?VJL3qLbfb>Kj!=|Vd
zNGc<vlDwHUkax6;N_1vXR;O%kdATu=bvq=YRvy5lNHI7bQ3lCLt{e@?DQTEeRLQ83
zt7j7B2@2+x3r`|z8+OfVg#(ix1{;%J3LTT*Y!4d%M8n?R{}1vX@MSAer858k002ov
JPDHLkV1nCT;u8P>

diff --git a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png
index 486779f0382c7a657cb2f1654c88f19c5f6de399..28ae086ef78a0791bfcad361bab42e87059afd84 100644
GIT binary patch
delta 41984
zcmbTe1yqz>^ge0_1}YMQfQobpC^-WLNP~0_3P^|2L%pJ+(lK-lN=i2f3?L<vBOo9(
zNI7&39m74NAD`dv-v3?qx2|isSc^IDIp;lR?`QA*JbQ@SJ|4GoJj4(hcA#&HN%x;o
z{t@NbA632j^lk38QqYn<TM}#1&THc_*SgMd5nT7L<u;YU@$Q_3VX|iL=_{?3(xd40
zx8`nK1vZ|YNwQ~dG5cS-_u}&Dd*P>a!f6W+lQ9Imz0KzT#WX~pRe+OowmrK|x8y}#
zovsd+qUM&?WK*2Z@oO{BDIqqTz#;JO#noB@>F3HZ>{0OJD=Gy)j6pgW8;{qmh(!1_
z7M=O_b<6+E%>AmGZCr0}WYtU3=pDHRLii}RLB%t-<y2Nfuiemb@{b<V{mP7Pzr?#j
zYW9}RdVIEj`9lIO>pngNLSL>ykroAb@NwcP_~Kp<XA87c?Yw)&yD4OSYlZ;1jkN`b
zbB<Jd4k9$cs22rlNL+%L3(j@6Zo|-xE1#;ch)qj;XWMFUaBzM52pAF&)k45|xKGzq
zZT8&N{A#<>gWq3m+tRWfu6WAJ2L^nmDL`*zt&w|ewn!Y0z3-eT9VGGW$(H`}(8J)<
zFOcs#W`2IYj|vhWFf7%MuMvxuxOCe&&VYyS4Si{AXX5^NPu6VX<OwjChHl{ZT8qk8
z$>vf-q<c@g^qH;h<Ag;iX2ZC}+7=|+Z5}{0lBKtc3eyHBiTEJfk5s5hsX_Df$|=#4
zW_Fu_QkGFkU!xNDQAPNUp>l`xPtX{c_|W($da%qc(IB4uyNR}G<VmX{2Oqx}a)cJM
zY-LL>EN|!uv*kVZDr_K~)%^~I)|Pt&otSv~k?frIDjqCa98+Fy!7Bph`K<j(dh2ar
z$Y=T3<iyuH@Gx7GuF=6RgYZjYT<UXEbAbcmc30sy-o(5`dKb+&jv*lk8v7P!$J;M|
z9z1@FYN34BzpVQC3hz-~ivTaH>3CWHAXmd__h65j=>SC`9$w3Px96*MHSCo7Otn(*
zQt~lxo&6gx>!g>~uU)b5l1iriDHO}ylakXv5$kSHy}O&p6(3g?brnqhm}{uWak|cY
zU&AEFXpApzgGM1sbqnh1jn<jITlbO7n1WY>vpY<U>>?M{irh4NsX@@iWfyY|g@vNs
zt6vk5FF%sGDHBDPVG%w)$K9KM-(DS@IuZ-F-}SyLN2@A8x4fiKZLzki+z4~;e(UD3
zcE;nJnts&P<Z)|N%cl{K-%dU$QO<EOy*q_usZg0pM%zy0K{EOJ?pSx5WlCaPGwBGF
z9(tmwRXEM$<=iq^pXd(29&j+T&m+CD^WO+{U*sCC6D*IaV7vL^cso-2CkEVcbz?fj
z7H;rp0O}$n!K=<gv2#`FbfhaSwK&$He;ki2p(mph81KtEEQ_Te-xpoRoJ_2QMu&8M
zzXNpWOC7w1xRwWPwv-*=z1aC>+(gDgajhZOui(aFjfxSS@%iv|*!YvuYR{|Mj?>Os
za#;}uY-7kZdO6DOL@D-Z<aW_u4ld%3l1LT$7a}T;e!s3O^~`!0$&CYi+}kAHEX)05
zzEMXA3!VzNd3@iSl3t+9!$MC^?-gF83KDp=W~O}DCZUDJ3QaxuA>HWyPxY60WbYBD
zOuhtHG{41U_rY8jiSU3`y$;!ClZ7RDtk-ti*tA}mEv44)+l859cQ(g^4RxZ=%%xE6
ziwxZ~z3;O5Dr$f9m0=E56dlO|tj)1%yJLG1cKdUkcOQLSAZRr~;zh1c&@~okz~|#l
zZs@VPmGVyFt7a2z29E_|U&mhjzBL2*Z0<}1ez@9mXSb_=Uwj8TUU=U*k_0ai6P~-v
zO@FcAvdh9y`R+n0H9m1C%Q*3Lwoftk6?S+ZY~;!E7)*JEv=7E*Sl-X=wORkXL`b7_
zgPgTy+lAMICnVYvOP#o-buw`~*wAB}_}+7bK!TGR^d>p*G8nYbL+(}5vN!>3?=$hz
zGUmur_r>asj;+*2pVQ-SCEWJ}M%;F4#A{4~S>F-}QJRrLLPB;U)i%60z^b2#p{p3*
z$p}MzE%e5SVYy{6$%KzwJAvxFm<ZiQ;?`#S`g(hL_Q!J0wBlJ<rM;Y0kT@nR@5%X{
zxKw%S?<E66Lm1DU(kc(|+#l%8z-;g?^2CenjO{v%pgmXVSoc=|1S=>J^BDJ`>ZMod
z`!oG-U#{=9_XR=s46@9W8O1Aw_kRt_3)$g{{~|F2?U_0dce6(J`rE*1K~ph1U(c^>
zu%1sqc*vF)R;B%3(HoCk%tMHX?6;8+?5_UT^GW(!AUq((0TO@qQbD4_FpSkJ%HG)_
z!xL6bHP5`J=Ky-oG5-cnrd|TE&rVReLxRGbtlyJ3=x^w`lOW{pe-=y*-BK#X4_7$N
zwrzEHZ&s{--Tt|-t?*6QLge``X%ICyd4#~I&p*DQT_*Qj_AM3`kBCj*9H>9RPmrFe
zx}y@OqtiVv6x6XfkGLZs?~1GKr=ythfSl$8{HcE--AUGE{EK0d(To~jvpSc46g*r@
z5M;6hK)dp&5mf^{z_xLbpP&=!^}u!q-pdG#cx8Y@<YPPPnc(1A8i@_I{YO-nTxGQ~
zc2KtL$2(RTG`!LRa%hW$^G;mVS%xWhgiW_#D>6|nLQ2HRNkh!j13<<PZ{W7xq72Vr
zQnDm>Ef%I8Zpq|L_1IZ>rm79#g=XF&Tm7A(7XjJ4;&Eo~>*w;^wLj8DQMWtXqu<b0
zIgjHU+yRlX;+Yo?VGp+QqTm@80QTOV?*s2B$B1|M(-uWlb-P1mSi;012|g?V@zYP#
z2Yb44b+WJ&8&s5^|M=gX0N(=9?}Ci1mhYBYJ0ZZEGS9XoGG<w91HwGZ*Uc5?LgORm
z{Rt}@N1A>j&8QGnPP36!Gho$2?${r2WmoMUtDG#=f`po~p0!4IZ3+RGM7Z6P(EZ2!
zU`RlOJIQ$M;&)r`%2mh>CpyZrKTGP19&(#RRO6Z93Z;YC=C{z!G?HB0WxuYx=m1yT
zdwU_TwY{k7i{N}u@5(Zgoj${D^N9Wg+AOilSGAE2m;aKO?Wq*RCD2Bgus6UjA~uJ%
zQl<V40>GGIRhz0mnGG5T;`|p?ySf5gHOOe(&_Nf4wOSMckO-TUwQ?407H<9Fv4U4@
zC{1yje-7o_KEoG~*FezDIQE3)ebE3C;5Aa71n)ybK0sJsm55Lv0&~m7?Atys{~dJR
ztiu{fH!vbGoK+LpiTBvrk`Qqq-rkp@Bt0e3ORxnQ%zB*_$^5+2fG+^BbX%A^qo=3W
zDD~SHSbGVV!KUM(y`CEPQ3vmAC?sLB7QdhsR#shLn#T*~`RtkjQ+__%n?sN{gO*k#
z*rWlL1%&UrjY-6dxWuv|!I=DDS9JO(2YkoL8eNT`m5J71<+-9NXup16>l^=dQbM)e
zPQCvt!lzuGvvpVLH;(dtz*DkG_y71ITvPlhKYwXpjMKr)@JV$1RrF53S@qg_A6kN<
zc+n0a>aJ>#1#-5<yy}hRCdR?pQ=}E42DoxzRaMm;+1=GZ@(BE1S)%9TVAfZ`;@e*l
zq<z0=e*6iqNSn7iR<VNFC$?y~ll=P-AFA`jP1Lt5r%{PlM8SU!$ZZ~3W;^UQ-qi@;
z?$oq05&tW1o*WFFP|AbbSy|0a`cN~95D#64H&Zz5Z>{j+3MIg&A!42znDQdtt02R?
z?-mBEO&&&m=)J^Gq$|U;$`b6*3xqd*6qzDT%4gk<qu=5~8IFUTc8by!hjYh`?GD%O
zhQ1G7eZX;U<mmX``sY8x`X-Qn^0`>OH|dph<p|FU{h!-fVr^@lJASdl3OGm$eQ%EC
z;_Y>F342u}^l-nhWr`Pd?Hn^?HffeX(`5@+o_~g{TFwf<9|l<X0<Rc{&tcS1RrL$<
z&4k9MLL<Cf(O%JIf@1h{Kk!rB8F_h;jS~bZu=hjjM`3nN==6nIIpNiDW<o%FRPfC3
z*ub10CNxf3x-`o?oV)OoRrbyI+6FbLlyd2`5$neTGkhYcDd>W7K>{DLt(G*{9U<k}
zv+$-wo3k1&Qus;O^u@juJ8Gb3V9x0I4J$g!7Z|xz<1IsT71jZ5%Dzr5+*t=k>#&id
z89a7bicz|DmDY~w6gJrhM`a6B9#)&*`?32bzA`k9M=bk7RFZsIrL=gVYlA?`1NLXm
z(WS4uj<#SGtMO9QD}vc{Zv*<o%E-@8`Zdot3vi1M#;%nZb)yD3H<Bf0!|#v7zgw4N
z8Rfd%kh)m#T1&blPECfg%wWBXIWMf{t%=qxE*hQO*&I~Jc}_@rK*nH+ifpkzvk=bp
zb~^RUy-uk%Nkef=xB>AEMWw3m*6ZlFA@rvswO5);!oV6?5T*JmODbi_U<Ag|Uamw^
zyXmG5X39Q_522qvN~Ug5tEo0S^Q3y5%3$q_%x@dv%R%?aGI*@C8%sz~4V`*A^X9s)
z2XCm*^xY3oojaxw#SgMIV+FsKo?CiF0}rN<p*~?ZB4~KO-y@T@cON4=X7>Hr@yzMw
z`JNgw!L;xnPl~h4I4NB|Oi*SS{IJ9*6@Kbg3{5h9B+bB5S(hW27%p;_D<4O5;<qJs
z&mi}S%`S}M#9AK0rvD;wqKEOM(ETf(JG>g7B_UY;X^iAZSn6qC_Z)EegQanoHqMH1
zd1X=62T;7L8J|WXJU$fT8=J)JzWF9*P%Eop1jzdQlo*Ez6H&>-xsG!(cIB47<_V$x
zeQCG#y)!ut+DndgI#?Y|3Vize?Q0kDcdE+n2o20QMI&9u7vAe$9{MoNVK?#X&AbF;
z#&7V;0m;;748uA^YN`jt1m0%Y)6rlf??&UP<owh<Ftm?sWLZk!%4#qXlofM2YZ)tV
zkho%A_WmSIY1WO*pI^2yt|J^Svpp*FrnX6+To6*LGKAE=*@x999aRn1a?+GC1JDSy
z3UlKtB<I!oi3~)i8!a|SO(+_SK(A1cXG!cGND?Zg2s|G-uJu}`e7Q?-PKHvfibc66
z35{>0<`A?#c`WGCaJ2dNi)5FE(dq0ZId7tJ1>sfj{jsSQXQRgg^)647{oRQZ^SufM
zQkh?5o<os=<>sc-4I3|%Fr1}5+ZBz!T7N8ee$oC1HO>(*CLX-a5Klzj<<ka%3V+Uu
zgeJ@8*fWe5#*k`^|7_P4!4WDHQNm}^@)G#_DjCUvrN6HJ<2?*$X}8M<BmWPmB$WqW
zOb!+otrX5v4-P?3;LY$j&qewjQp#T5O=pEwW9u0_GDT5lH&QyX_XqP};IkL{DDM-F
z2Pg`?s<t2d4Bxma{Dj<twjwD&)N5CPc>eIA$K;<0*VKypZ&$RV-Ek333-lipJd1PP
z7LB#$Leuokid$k;u;$cLsdXi7Z@7&IKuBUEp|RbF*LY4u-^eG)H0J$T$gs!|^Mq|s
z_}P0ETiWkt>YRSTjGbRrpJh0GiL&HQ!$A#hhypX8vPfHQ>;tb8hh9{r^`Xm3O4f=5
zsDWoG@>3#ref;fex;riupJML;p~K=)qDqeW_vPmvodVJuy}HgHWrpXTo$4KZS@P0m
z@fR0J%_X-NkgSGPA2UNUzSb+(baoMn<!QQ~F>-Bx`iW~|$eNWY&YCe7s=j|p87jCq
z{5ZX#quwoSOJ9MF*mpZRvan3!>9Cq$sW6ky$cVo-HYfRlJn~(;#mo8uKnBdwyE34K
z?pVwteYQUZcSr|}{0O?Q9dDOXVN%J}`zZ51P2d$nrQUfJ*-VyjdEZMj$#LJ4>@D9G
zR!y;yx7@kIdVa|LuGCqz#K{*Y8h$~Sac;4Z8ix+OKe_~i*;#h=5{hMn3odA0JoV;#
zsJhnF&CL3%g5j6mnZiHNhSKngw)ouOrd7G7B2w~zulrhXmdFeW`A~cH6Z7h0mD}Dm
zuhDZkG;<(Yu3vzWW8-3rS7A(4;y#+k{Funq3_^9&l0Sssy)CA}fAb5cb?|mFq<(#;
zGx0{yrHH-dX6OA+*{Q_u&_{81^>dx$=PWeNM4Ibg1d{<nBuz%Z#6C1v<Wn6Jzx>rZ
zBlrDq=Oejmv1_j_C5<piY##Rma?9A>XerI#(jSm0ZB)9-mX@is?{bWD74suP<(T|2
zvC|~W;;khtVKQVnv1i~9q0zScpL}iAK80rRI6NwgPgA8d;&pp;=SE@kB|SyQK0RFx
zrTIr?m8Xp!d1pA^#pL(Yq_NJ3t=_dW_4yHB%f+jukPBD``d9e*bUeIT^iyR8mCaU5
z*ZOd6@A$pGwf4MY+@|@&TOrFVL6^%@&$l{<38JY*-+Z`qj?nzbT}dxuE>raEQ}+iM
zmkO>xl8#Z4Nx9z>lN#wpGVS@4DdrxL7k<CpYS<=miEz0miP@{BP9r$)quw$|5vq=1
z;~rsm+PdSkP7XGqoeiw;B^Ey1c;#vAJ^FDo`w0||k_j?+xRcwfOE&A*x6DW^3E=8^
z(y#OqKiL30su9$Y>$EUCBRCetu}ACTl(RXKqy_P~&pPckdFx(z<&yWIAYp)`qVC-7
z2znO)Fo#}*Mr&esl(E(OZ9eS=znZs7>~>vsVjH59rCMg9-l=7ERb`sFYxtvQ(eqNT
zv)!^FtDAXqIdhMqRwVO33N{cLTE~`8lGr&KU-mUjtM_3Ai<ujfWx^S%jAX1?WmC6L
z>r8Cy`aM`i2rrY-kOoFux}wWQu!LAx9t>8(Y}k2%d_D8Y<cA<Np}p%KCfe^}-Akj~
zjt{A83I=hyg7omS%+d}LwX=id@bQL2xx_N-?6QvyvzKRjADfoSOZ;#Mo-)ZuE8MwA
zN?RV^T*COS!!~Z`x@qXzWwdv_jTl7MBvMNTVk#<}?kt<<7tD$OrW0vS!|V#-dHJ`o
zxqgu?ZR!EuzORFa{MdPna=rHTP$JXFp6or3Fs*+FOTdEz!lA2h?CvXyHAu%OJsNVk
zAI?dHpGjP)(PiDaq_#;uboh{h$ZvnHCD1<KFV(JyN3>VO?FuzDnBA#sPPht+Qnk|{
z|5H?SwHtg9!M`WnMaWdT?h*SlKc#@?&>@Axzn|`R0oeX*3#UHTCgU`+^TRhOJw7cx
zJX#PMNlkKc9QUTMHI@9zv1`weRyu#?ZDU&VGN6ePK)#9lZnB?<x1hI=O@)8G>Uw`d
z*S{0Z?koQG7FS+SjQ-VVXPw*G*Dp*SnHa;#(RS)&o4%tya_GhMVQf7ijfG+fC%AN-
zpi+D#+>-LG6W&io_YT|Dg`l+~8q!snH~VKHCz>c!eVxOtDfV;nAgP?_cEQFOl0t@p
z6hf4+-BRi89}xF$_=*MDE$7QlJWR^8SsFd>pM4VRJ)=(FnHeOR*Pm>zoIBZ#p#pCU
zt6GQosKTRfkf_lb`yHP(u~9^6qsO{=@y+23GmTeuqYJJZ=ybg*?i21x3HJ$Ry5K#R
zSBD9Q9!fQ1t4^Ljwbm7Rx%<OId5#{rvt5kC$2=eRSoNV<EhAjrb6GNeSw5b@0JE?J
zDfL51E0t?^ANq3mRmVC|Qpg*<YB)7gwtF4XbEKxUu3dRr*O9wM$%M2o3KZ`p9Te`&
zRR|HrT~B*<91t@z_W{>4h!6%bFZ%2f=0YkLAXBKRupJ4W_a+C6g2R4cg!khs9)WT`
zipOBH-OkH6j|mK(6LLi~uCK3y@{IlIRvs&{J_^0J`oV00iD?oL5=-M+iLjdD%}!~?
zek(FCe&;0Gtbbs@ZGH&5PlOsid^Y&{ajTMA+{JRVVW7uwfRjWV>>NX<ZyDC~@Amg6
z!ZwHYybD3GM&iG=v}*QwYdo+BLon(G`4XnKJx)lO7d<9rg9j{0z$J6{2v9LTo&#qH
zSgE3=?U+3A{dDi-kYPM1_9Pq@R&(^q=1M^PeX-o-0%0rNoc5-$`+OI|r#t>BRGufU
zj39Pr1{X0Fd3V4v0Z|Bd5+&ZjgYKU-Y!xdM|0MQICobX4$vHN_FrQt>#eN@PZ6&BH
z@m4z$ekr;)l6DZVIzY%ZtRVuL2#^L0^T^bY_Uvq@6gRbT<OnoPXJu7Ws0CdG^M8>6
zxyfG7M)lU%$T370G6hfXW@?JOrH#mTtHizrgj5sbr+kkN#B(s1hN)^D1E{Ir6n>N=
z`ZYd-+^Wc5S_l(W{);`qv);-;QJGXgDdpYn;1tvP&X=lr1nd7@A-kG&YlQ$6KC{LB
zGf_7l2{lDQ$*??BJZx`fgt%Em+9|uqc2NX3x5vfnS;60p@V-C4wA>T>d_I!mRUtxg
zulEOsvF94Rt*-9n-WYh#&onXOSg{>quUWN|$gR?Z$;R$HVow3~m}(a?prBm1q$_Q*
z>hrmgvWmkIgE4sL-YpI+MWAS*(zjGAs<%){&j$Z*6s*4GiSE1pFSRTh?7GC#jU!~@
zpN)CPv(YJ>g)8f(1!ahcW5=ri^ZVJW(+capQRPA$ozObUI}NMcz^oL+d*$QP=BAM7
z)=k)=9kkm|phltruaHkpx(tI#XP|W)0fTMe*y2y2ZjqbNEcMJYV^6OK@7}XzvHDS0
z9v$_^E#iFxu!QQJq8LNs%+bHM*#@y9z4G>-4)&tW=;qI8Zn;=%tg4CT1!<MKNr-{e
zITCw3aHbz2a91b@a6&rKByx71#B03Z>jDWTi8%DyFmpQ1G&}+H3^&3&GvuB_vK0)l
z)>Wn|2Qw0Tf9xetOnBit(}}!oE4N6XUo%ySXD=-+{nb&O-)Cp%9&Kg_$2hM=t#g2Y
z^Z7?D;dYJg{!gF2pd>f?UnhC@>nB}!`)7aq(P6aNR$^QYajR~QhKLN9BTVA=CmOf#
zIKwKVJg!3!@LvkxzfFvg2XU;fJH6)B{5%(lM0u;c7X<_p{Ti=fgc`}$B$hBC<P!Q?
zr7otUJrrhMtMmQRvT?hcJ*>*S)y13J{XK@&5Wa)not^YXhP8yTA;2vTlvr6&e6h0A
z-}+MEkF9a;XHY&{v(;{Aiv!L@Pg-B$ge&g$atm)R^h?ife?u#Gz!)s|;x_p0bFZ~G
zE0{d&UJC<w(L*V<gf!n)MxqiDSKqXSHzKVg42F4wa^TQi_a%(Q5mE$xvHla;eT;PN
zhvrF7kb4o_Cz1Qp{TuTjA3byzq!6(`Fwf<YxDUzD;@{Q&Kc)%ZPaJF^5O>`de~iQH
z_Xex&s;eBIY+dc2^;l}va4I43&Los4kxi8+uyOq1_>3Q~a{F<(YM}2>QDM=-gk(Fc
zcqWPC1^UV1!oICVsE9l(Yj1A49uR-<nqt?zZKoY(@HRh=yW+wNT+kcDnFyeh5d%@s
zR;rnVCy6BXnj~>?{sgRnws=z!ph|x*lLk|xU3S*zg>V&1dr=JaODwFxSD~MP+GX@y
z4c)r|<_tKG7JBNqfCOy44uJBtL}JrtNZ@NVz7@OQEPqB~cwnH=kOQ3GMQ~~X68ku@
z7J@htvK<^ZAOQAye?xhn|JGUl>nfQW16xsLWo7ePz{DP3Uc#`Cf9rIKz}w)aehHP4
zI3+{ZdGnuCCP^zL<A&N5j<sI3;7}eO28SZLiV<^Jh=;rU0;|eigQ)tS{zkg9wCU`u
z9lKM&Ue;T|5q<-=)H3yr;I%hvxW5!(cU+F|O<Q*MF#Xw<?Dh_yqt4NdTdpPL$#hJ)
zNiMGAQvo~r^O{eI?<8E${thNy7M))GU{T#yc*QI9Za5&%7>W^n?y`RgVVZqaIV;d;
zW~?$C4WYsXcn9_$>fK*><W>51=Yt!#h)IbekjEsy1W%HzCIaud6gL7+AwS>MS%Ub0
zgM|5ln&$`VJDIJ&-`wN9QvLuc6W!*{AK?!o`2$3V8~Kq3ko~S0>1;;F8QHL6$Z4S{
ziQQq_!rj(c-uA@vCPrM#UV2b&SUz|Op&$l!M3^XdH<fnvtrGH{UBgm`MN8m-J*~ZT
z(q?_Bk<-(;t+|(YxTBV$1Wu!u0$G9d;Amsh?nP2|i;senC62N0;Yv}vgNypx{^|Qp
zKPlXQLwO0Cm1$j~g1l$S#)}+P9%hf!vSwc?9ZpLl5gk@YUv%in(kB(=t2Ow&`sTdq
z9UOYU@(U<`uK=4`R?gGk+ueYcfl{-yv}`bG7hJW!zccE?D^AEelK5j*JA-4KA;QAg
zf&7Q#%aaxnk-kk9Jv0WIx3|fc$SepWpULoNB70L)_}u`51RJG$Knih~nr-wR3)r^#
zNi<6O#!b4UEaL{AwCK?;`?sOPZ|LaMs$FJk5LIqHUdyOAH?Bcgxy6Y=jje$8L~VGM
z{I*Vh@z4{`GPe&uh#Rn7)>UAGCx0UMCIMTy{iT_2-{0*1SCg5V6X_*wfvfW^G`Kgr
z%pxKNG#?^iLY;*Bq0cNx_vL1?`eXu)C*>4#W4k2DL<<x~@9A9;P`UH`fUkfAS-6oM
z(@g~yXx-{rT7gHCF7%P5>16krDuE)?2{9d=Z#(|9_F%5@*fsWX>`0>UD)5p6<IU@f
zulcl8CPB1*Oli`!(o#1BAlACZ6ufp$Ex|3Y@Z{tLZ;cS&7K!$~;fRfq62n`-^He?)
zwmb5AB{oMn_b-1s9upD`^{+!*H8B9p#ExQL)uu)WJ*qn01`-0{e-!!IV<2O^;mTm{
zRYI&C>Zc~o{4hJxb8ROKD4zRE8T<B6wua^hfv*B8`LW{?EZ^G3hP&Epy}$cy4XF#j
zIix@;W4#Q|00*hj4DU#pAxP6-B)r6XH~sqc3%HFLf*OzSsJ;~_LYxT>uCljw7Pn6H
z!<26Nsm?=NKdXQo*`EjY_n8MUAa!7=vNV)58rrF49oe1yvR~SycD%+9d_MdVe^2wO
z==K7M@cwlU{T4vdPh<!+>aeabDny8v3UJqPLUss!uRWk|-T&HPx)!xKn21u=WuzcB
z9JzZ0MqZfo0PDWKI{E-RB#rtMA^{yo3!RS9(Ww-pdDq665opm7>LlXHO4)KXzKZWt
zrMQ|EW0=uVI?j_-k)5+4RcFvAznuWH9KpuDHpf;zcTDR=%NcxlNo8yRG^w5!z5Nk*
z*_s9d3%4u7UAiUMS3ogc>MF<gN2*vZ@S7f$j$o>gc5}t00LsbyDEg!h<c(Lne+iw=
zn8VH6!8NE=&`1y=VA@O7Z%~G20=EujUq|Yhd;1d*QQXWdnvG07nL5j&89LkF8%}3B
z3vs#9Trms}0A#`YbFK^~q?bAEC1HmwFz224LK}Qr!0^KucdAs(ji*}7;ksYr<)`^d
z@Xv6PJ?734AF1M)OQ96HR#e!$&nP9%)FzK6tx26WR{wuaXyJj@Vqjs6Xw=Kb=X^?c
z%PnyGYBrqfwvuivzZEF>Bsq&k@DZ(vwY=z<N&9&wB0j;oKFK8IC-RUDxK7R`jO<sm
zE8>H+{|q#5d_O8FP4Bk$aAa88WRlgFEXeoVk0v`@<V#;BcXYIsssUA(=zor`kQ!7r
z>g`KUqTkK0XgyC&qUi3ij4Uk$B@nHOgZ$h!lA-^}66}Q_Faw|z+%#cD<AXPDW(XJC
znk43y^IW-O4N|ju$W|+Ig(dT05z6Eabky|6dut&5RSuh@`xITtQat}NfuuXym0gD;
zXg%&Dp7NKvuljY_p4HDs<Yx;nYNlJgA!GJv71jy0RKUb8A}7zcQayiZRm4ePazo2)
zUzV8-W9LPE7NbGk61vI{QpNcapKhSiTzjoxia@w72g*~=D{~#XNjjB^6<DJ*qi6B)
zLlkW}di1*~M<>pqPK4;7*cGU*Q=B<;8rY6sF3irsfxw!#HwDz;3-?(BMm(17!e{yu
zQ4Gv#(8|}gmVx2gyCy^#8wH1;?AB?-@xc=D@e|Yq{-C)<t#m4MGXKp>6GOmt79YmG
z%Kl7Pd8f%Us`r4&hikxy%f`mJ!!y@^pl#)G{_}c0Eh-B(nRVuW51%&}1p3m(@3#%4
z{{$<|qf~f}#fy-EPRfV();GD0|2jh}(`l^O#|dksiiE2G`GjASMMZ&ILTqp010cY(
zg(q=pqlVb|&l_}gwP2Hx2%T?sH;u_q&$+Ktn^^xgFP@Idk%B>Ae2isdmR?o-6_h%M
zHX^AN7NVCo6EK0y1?&C0+{+PcE0fqV4DxvYbo&v}D6v>*xlCxl9nJMWw{Jdj2_jEk
zEl<J6Xniy_x%Q0bw7Y;5hXLIf(ifZxYLs6Zm9Ksd#mIT~qLdceWqzRK_@QWPoNl=Z
zWQ20(bie6){KYZgRp7(2^71W^V%65fDV>Umhk@1=pnlDfE)#`_rAO_vUV)BaXVuPk
z;ApsbPXwj_!tKz&3xHN2kBo?kD5-qq{dG5VAlh-goe-2w4$3|CL>DhI6a0V1QO+ZQ
z6#ji+@Tn0jZ`Ycf)K0V>GH3ADIvtrMutnTr66{@q|6Y?_#ib2QBXSv%u{K5iG*R+T
z@PudfWG=zrpKqT~?riuuV_@mlGSqo)kgYOF>WwR!y^*O3PW~6ia*x#{;u$*1rH$&6
z0_;y$>LR#qw$Vn!jh%4sF$w*8*~SZ?-&%A_7ltx5%<m-*&)=okj5xqA0AE^Ni#CC-
z(C{NFZE-1o*iC{-2kdyjKK-czIU_$U%vFlqkEJ({UBnJ99zX)<a4=-U?#$w~NLq^R
z$~Ols22Wz+&+7Z4$^(SCWbvH<MdqaEKwRL?aZ?p;AS7W4FUeRMhpwZk$!_$c4(1`w
zQ$$7Jog!*nw+%T@mQi)tgrUu@S|JUP+UyD!k#g<`zN$G|A`I(_xaM%KqIV8i!F)Y0
zr5^Q)<2uxVT7uaa`@l|{Wzzbuk8KciUD3}!nPSx#Y0EBxI$`xXIpNEt17NL56f$5(
zboiOi@&~3CGz(>}WW;G^72}Z+prb1O3v>E0G4>{!o~(iSpWg_XhhfchhX39hL;pRG
zqO%d93a0=0)zy2&cwhXp59^`6XaBtnCNa6)J+7FEKR9xRF^LlkP-Ni9Aq7FZ9Q{Ix
zf<qyPfFn<}0QK__{~^@p*e9q9$*1Kye|OoqpF6}7XVsV6pQwFEhGcw>lgPNZI0rMY
z6;NoMzK)7XM{GA87%mBgKq^h@Em>{zd>ztEN(nxrszXFbF>zT$*xfiELvwrPst)6j
zLE>pzV_D5>Rb>BemCm6!{+xcVDZcJ-N%1la&NA;o?~1OmiP&N);hXQm^q8c4cP@+Z
z`fDhGB3)Xhn!UOoaSg8Mk9G=KfhoP+p?IgF|2e2S83H{WZ)mmYuvSVNXfr+As|gpm
z-D%6cJxAKYffDySZhGSbMXHm9u>=k4=Ln2HR|Qb2f(qT9QED;5%V?&*v+8`9;%KU*
z?D<;K-<V8i^vodVe0#=WDZ3OIHpEzfBs*UL2g9)Hn2AAVdx*)wz3eYQm}D5Vn3rhi
zxw(0=vf1UACUI+$_2mv(2J0$i7Qc^QM7<>%@6n2x$vLC8C6X(KI1X3cOw4-EIk;YT
zinFP(=txOnSS(wTa_ziiaKE;Qb^yCPl0qYyF#IDDb1p@QNl%96AERo-pU-2%4tg?p
zZ3nU{k0R@n=^Mqf!+4<7y|iT{qM!LSOPY8^-xZA*$>m36Jws!+#uQ{rbY&?!{Ra{@
z&-AORFe}=!yA|3-%b8$rp8Dr%#{8A1H%bYMd+RH2YX%i@t}gR2TCR3tFg|IO=@!D=
zA*N8JXj&NdN_yZGs^@86OV6+t<+;pCWu`v|?1vxsWCCOyGZCrE%E{WB9lCh{P=H}J
zR%%dj)OAPmebAgq_P;#S{S&DoWI2hfkm}ca^|(Lxvs$Zar|-07JFArtldcT>FGjUx
zh{;{-M8HA_u)O(2d_Ox&gh1-eF7+U5(@*&62P!a4N$GQg+KD3{I~oOJA1{*<6io$9
z6kSN-{FA!#|M3tyha=J#pD*g+gUzK-Xja2u&HEH8jPuVLZzXi~6vG-}SZ7~$Dfc=;
z=9Aj`BJ+zVBMIV`pG~D&r14l!9V+L<(#<>@)FW$dR2wS`x71s-kjpPpAryXrKL$CI
z3N;W8y&+|pz;#G1X>MyXw1*UKffkT;R@BE>yUQRJYycjTn+t7l=*8(@)QfpP5>a0b
zuN@=B3e-h*22%Woej=+5n7~jI+5-$h3$e$DRq)Xa-O)jC(UOB$0UT@jjT7A{Qh?K{
zapvj6^%|yGdpGUc^<Jf>Tz62C(rE@+@W?zo_pjT<1^jM!;yl@Img?g3Ent`+*Kc`c
z+GM%Dc3>_ZmR%VuvP=i{bQQ`t+~c=AuxnSGq@+aKAo;6)c@RL*pXoJz>CR;P4tx$w
zmTvfej5U#z=p~DP*hoRYY}A*sbbqhS4%w-YN9!Nm<Xvh2lggUOZqGfthEey_8L}<R
zecEN{k9$nn^RZZ2u;oVk@#c@vfzj+%?k@+eU~0U))<6k6$1)P5w}p>NJhi}S@_I_z
zY9MA}oaegeSYs|;)W`00RAHUTfV}Lb8_a`e+$qp_4EH8|t<2uaBUf$7*0xJh?1P*_
zhF%P{1j+xrTA~;x31+u}+?*Cd!+h}bf~nRz+#8va>A#%2>NyslFFvWqBjkeHo_rJE
zt+Gj~mi_spT~~8`=A}>m3}w43%npXi=3|5^-)Zt$-M{ZxJd%ROGsE)Sgta8e2~sv#
zxUzN0Oo>!x3zIA2XNF1mLG0Pw!!*mUHORjUT8CkOH2i#xZ}ea@A2G&ub6@lpz)tjz
z%eVeMjDxfIi9}uC7F9AYmTyFRH}0`aKB<6*+(i8>e_!}zSQd$nzGNOFep!j#T~W*F
zM;GDcOOx*hYb{|;`)V*Ie4?|sQh3x+Zo_ivR<c`9c;WC&f<<Sd4_@PyqMgpoNu&mQ
zku0iSQ1I{r)V3hvFa?Uk*i_wd3JLg|PAXu=Wwy)vQ-|LC6B<B&p1aNHDk%6)fzS{|
zjqn)nlG^#7xhE*`$l(r**G>2dUzbnva3vP~jzOqAF?NvTUb*9qcZw#FA+Pvn1@0}%
zfI=!u?%WBGFuXeKo(LLlGS8`(gCc2aVEFVv8~rdFCogElLHP+^6*F*03vxJ^o0v<e
zV_AO0X?#8pQ#LGK!Kk-yF{M?NUY%z77e4Y(=69a!mL`K{ORp>}A_p}pe1jp-FwTGr
zp~KO+JQ70NXt9cMyEpg=W6r=iBLn#bpstHh&{1g=4e5G+mfEmpaf_JD|D|SIUTmrU
z)>b<|3#BX~E>QL%t9gCfwH)8L73f4M#$w~NMuoi5o9gH3ckW}#y1sBKnt4R7FS5Hk
z;o+jm^oqh-7wWSJy{t1klgirx`ImUedx(aqbHV7w_nU}Eo=YYl-B|jBtMfTaB9XT=
zv&Z`QGJK<0_3j)Mc)Rl9u|2uqWb?rC+N6n`qIH?0t0*oT#Ujc9-4YLp>oWarMv!cQ
zzxSgquFs4`<E5J7m{<KQlNd4t-w&?2vdRiNEpzA%G;6w%YqUkziOsh9P%dHU4}vRb
z3~>s37kjz$<rut@|4K6<d-BKf@=K0$Xli;x#|%D!*2epmE!zt05bo=Ce+2hDoVVaD
zhui*hEb3%>O)DOm<BaMRWoHf4;#2D_!A(DKA`|)*Rh4ci_`y|!o9U~jCplVeX1VwC
zOZicEGy=sUcAZP<EKJ$*QTBVAY|DrGtTcJXn5K4)H&VCF`_So^MqZ(f^csu>_f<b$
z-YKp}If#WFAvT~i1oZhyIgRJeI)GKd->^z`=n|=TGeF`1Suhln=;6Mu0@#;d8BxUL
zBm33dpKqbUG*m=GGqC??D+MwSwD$kjH2S1``uqvd)BkckCgRSp7l6$XwAnAv#g76&
zo4tm*1{e6B?OrN<OBm<Be#!I2HHd?qU8+gaw+;ZJ=JqIZ`w0%fsnFxZ<gye=#a5%0
ztsCe*o_{S8n|h03FH(~&!BTyI`u2dC`ud*fhl@V%rtnYF`0`V?T^G+~NH7cjfLTzi
zX;jkn8bLXm>l0t=*4tie7L|R^?KP$Lr_dREbaX<4gT7TwR_DLnU71;Bf|X;f`k2;1
z%lXwt$Ex|l;RL1P=K}}tyy+t0DviWFXwv+XJ|~n%KwewEKdbo-3Pf)tT0|szV!OS5
zqPZh3smZ)b_y~HupuUGs8Lzfb`irK1d*^gU%AqC6C;6j}A*Ud`yvkl;yGV)sHts>Y
zW+lfjH&)fl7v)`@)GI}N)SnMN<uzF0*m9R~zH^qs-z_WLS5WESg8P49Z-fv2%2Bps
zQX|Abvdxvz)VWI!lT^i9?CbUCHe;cZ2J44X{j$$L-f8UFm{7=#h(`}0KtsP9s>^R+
zUJfBDlB#<n+c=C1;fOS)5*Yu&`N(NYPmw3{?N(5nWqkDk6jpD3=M7J7uh|#`EWWJ}
za(uYN4ADGVl|!_id~cupjZn<Yc8){fJK@H-kEjg()Wg{5LUh_~$PMARZH`Vimh+{5
z*b1n`=hSkDf&rhLFS9rO#fC4lTb^*5cv9FpV(HdtlwxsOG9M@W^uR(u>cdm#`cDrR
zTIHD8*{50qgt74ip{Y&c#XF~!)o9_oqMnXe0kttKHq*7TtAMF$GLt#U=^+myuIt(H
zSQx}x@$ns6kB-77KJ4ICmSEHtu<auL{FPht$cKFomoWAi+Mi@@olZt$lNNGa1X7P&
zcWO(*RQGC&=m(3E|F;&cWVD;XzD_b-%nVs+tSD3H$1@M<(r^C9SXq>zp7|jHX6(_K
z*M3`c3GHZVMqWCn`^PgXZp5k%X0CpiT3ubwKHLAYqA-ExN86G?|I`@zKC<$TnssO<
zpXyNJQ)8Z3odFv?`Wfux^v%i{y}$&Of-Qb$kK*TKul}VM)|vmbV1+FF_jdz?x|39|
zT^afZ|9x|er`+ltw(IVwp9mgqz{tgk5l}$akUJIA23zZr7(*U<Q2U!CAu;{>Rc=n8
zvWd>g;okWj(gYl5k$JocdLRKaU0(A6U%?p!70*X+Qrb3)oZ+zt6340Q6mfl2hCn(g
z1rh7fQB<z<RaB-VD@9(J2oPT@#Zi`>i6?nLiA~H$aoxWHZ6QscDrO=^kuE0*(nb``
zuR+g-`HA1GiCf${+GQ#xX0rA%QsumusC%+o3g}M&U8^rZMF%Lpyt4iTeEU`1c$eT+
zK-ZIsBv8}oc;nXu=i$mw5GEBa>|P&~5p{!t4kUx1d9HBm=LYlvw)nv~i=1))anzRi
zf)yiZR12?&?-}Yy4TIT5d!?j9cAy6+37lFx2_b)bTOP_|y)tSU!`|`?EB`TWs_=iT
zxGY7$ITNc!5X2>y%C=vDdak(3Qmy@g$pRYwk)?uAN!=`p>jC^^rQZ#}%^yQ$N?#)#
z3aUo>4ETBWvY#z{acD~_)$P!&0xlk&p^Bb%ENbk5J0y{^-b8uGh_sDiH}Kt=y5Cs?
zMVya=nceW%7W^(KlnaxLv3lCVzl%xVb}RopYrDS}^Aq`cl>?Zhz;BjPS|$&G+3i=q
z36lTU4=B)obe4O@P$h|u)kXk`hx1B&T>~lZ{kfYjkrf3c&p(wKpCH|()Q<4Y3~e{#
z$@hJQ5BPFUVrRwwT~ny^`|*!C^@04RrcZO!tCo>C&{BM{A4oLM{=G;$>x?tsKAw;A
zlK|rRqfecmV0L>Sb-%))E~}!^-daKhi8uLkwSnADhgbB9yTca|$-zzEUzGHV<UA+t
z^uJg7i40w4>71lZyKQUt9CxQzIrCD9rFMaAS%{_MTD_EXe=u#iV5O@g(^ZAcgS$Oh
zvwvn1Nlvf#yX<UpG2FR;wR%T&ZI<~)M7@R^lrmBUD7|shX1>(w=#8R_CHz^J=W(vX
zh~Bf2R(wyV)-w-3^<Ur~P($OP()t@a0rB>h5`|p82S&U(G)g&%OqeJdsS3c~X`sGV
z^K@bA&BkssEXuy{so7SCNqm}pavd$aRaPW&U#BTTPQjuG4%ZgiPLCOQPy!(-?flBh
z8rWGk#v_<J4|Z*Md(j3zvNJzP4wbc9<39QPnOe%<-|<dDomNBkLo9(a4)|nFX}b7M
zoa}rp1;3q~9@c;1B$kfhA5Q>u9-ZEdpk~Qy@{gIvZfM8`M62dmhuLQ*AaUR3DaZQ+
z8$dx51jkM#h%5Z}!6Uz)qY~Etrg!tI+P31%20>CaC^gCRt72z&<Kk#zT5&&GuHb=P
z3e96G`eDKwq8IuUS_t-Ei?HG1krnK9YM_B%+m2G6jZpMkp8SAU=Ezmr++et*_Qn?5
z0JA3uv5iy3N+h}a`_99$dwV*RTW5JI7-4p<e+|cNOrGYt7#S)^n#RV??Ik|+{Qtth
z|60Bj9=!n)Y!Ye-oJn7Xy*NSQe}OmVM971NhKu)E1fzI(N6H<VNIJ$jlC$akX%$0_
z>S&`vjL9H9?BLLl{!xI5#>Vx;Pe<;a{WD5WTYGbTF8OtcZ~N|8%>29!DaF4-n!W?R
z_)TDgG<P0%HEFwl2+O~_I*$I|IqDVs*KO$cH-COO9Z;Yq_8<oQ<Kb$dzn%1hF`$1I
z&i@L2M+Kk!(i!tUHRG!cI{oBgm0MWaflayM)J=k6i{FMi14$LFRg4b9*@a$R+B>#y
z(S4@-CcJ;oRV}n?1;&H`)yDjXPN+Ii*Z*6!+rt$Mhb!(k?L<NdHrS#StAy*O>&dNI
zMxOmdiCv*uPoFvQdKebQ+8sQmp1F~46hQmlF~?OO4=?C8ZlNyOz5~9*v|J;VN7S$S
z5}2#%ibyH!81oRp<r<Ybs(-)YMU_GdWxqk$2NXajy_U*q?MSog2FKHstDo2E54$Ze
zLim1}^9e3*(t?sxe3oxp7SWT$8IE07%}U{HLLaZ-_N}6nMIWCgQMn{klp00K*X&M_
zNE=Ut>z4jAwd)Bfrcz1FD`L*;kJ`GZm~pu+BNYyb!wqio^&BV_Ic91RKz@mzI?FJZ
zs%4R>e>JvNb6_a40f!2dqrDPoXG{zqW1haaRx^2NEpnA(t%XmbyX9j#>a!dT<mUg{
zST1zM%U`MSYs|)OHZDv*wV+Tw<2f3StnrS5o$0dqYup@NQ=qlbx?COdPr90X^5(u~
z_M&AH^R3b;j?Cva&Yf-_v?L|!9bV<|YwB@m*iY$%*#5ozy?2@)zs{<6)f^m|D?;L>
zG5+E~Bm}&<^b*YI?*sn}`y;u_Z%UIQZmSU--rb|511uxa^yMdjqVna-o4x0#3VEOZ
zm6Y-j5~BQ*6j0m_5)tdK|EJJUVeU~{2dza1LS9?Opeh|?DF6b<{KDgFh3=uE!tTks
zLWL)DtODuk2`udY8QZV-M;@&9Kf4U;Da7E+t${vuP_U8cOSMTPq7DwK;%`uHn!z(<
z0qw8j*tmanGx7aBmvB7X(fSW{LJoJC%#!e6{*)Ku_6CVYzSeYK=J@jQFo=2rt<C}4
z)=f8I%E9^w$MKw);|_{9<Xfwbi}kg}JlLpxxMQdTNp0$98Z17uaW0tRF1=iH>dX1o
z^)ZE6?wj;5a_F~s_=k?1y$QZ&7*)Nwx>uXybF8y;;(J4?{il}Hl(H>!dYZOWx3L@r
ze_~ebq(Euik{@61x*v~0kv)?^FFewrRkjS3ShcMCGoHUiEkr(jVD_zj%BNE}4wf~l
zt^?LnYWZ)9(!4vlmX07o_nsMEU)wC5D0@AYbnGjGpAI^NGEDud9Pj0f6CYi((hboS
zs`eNmExR6pBJdr*r<KCT%Oo=mng*Y2-<W#h9FfUseqHfD>AG={nfyI}&8vGD#k338
z_^hxnUhS$*!b`KawjSEu^l1Z57<xhd*C5k>enZ>tI@Ano^B=L2uSp>1J+nu+hE&@M
zTv-9=xmPOf>)*h!gm#5S8>T-Cr!OFv{U1pwZ!~?^llhO-+qSI0X}#=qN0H^KnrI+0
z*VHFN3@bq14CvOP;u{M+IcQGYXl4!-liGZ#yteVm4fTx5$8=)Q+<zp<=<yiMl+<s+
z)SM5D0vN6liPp?QB`z5ekI!wu>?*c)@-46gA+Gc|OU?1N6RUW8Uv+ojody2yUG(nE
zEU!go9`OYYx&M&lih5+&Gqk6#kb><$0<ldk;p_Ro`FR@H{*nGCzbR3e(1rhhvZXPv
z=qijjEb!tqetmwBlqw$7^d(k(2t8r?-O6d8Ff_NG;jP|U58Lxa{SaV0Mv^H|7*;71
znaWxH$DeZ@o~?f&MUfm&nV{@A?jDwbb0Z+>DO)5J^WoIML(GRpb>iksZAn4kA4$`h
zDo3#+CLqr-$E}ip0U2GMr>V~T(wiRyVv}_<;<i&^;~SK{3hy~oa*Hc$Q9oX*5<a$w
z%2g4D@H3}1w|cuy>4->ukJr(ZE7n$UvAt}V8m%#c?h>!zE0C@7E*w4=bo)!1|3*Gb
zyIv2LFk?Sw&@59sW*<{t$}B1b=PGaBJvdA@++fE+VH#6|A%1U_08HnVbRtf0o6giI
z+M0Ja`4+lPX7zDG3ch?9l2XkIFItV1d&MrnD#$c2$rUA&T!yz#bVIFQPZDA-*GLau
z=`?=UTk<kZS4W@Rxd&68@gzfW9kgovfh3^xn{`$jF`mjeb@a^qJzpP@vjd!og!qhF
zLM9(ahDN4Nh4uB@Zdqwc1Nb4w5BD^Z0yV64^3sGeRyF;@A+18^-sP9gt*Mt>5hmJ}
zsJ#OT;Rtq6hr^7&;t^b<i)C~d`>^%3-Aw~mgf*o|Yh>ok4w^a<k^NNnhzNo16<J00
zw|g0CidGSP#(w3sI(=j;yiug$#HNt(z$1Sm#r&6GS?s+Ws_PeuU49~;OP@B&fwYc$
zV(HR^-B?Tbq>{H3@0BGMW+Qlv>}`7asjtr<OJ0IbnjF*r$k)zPSc2sn6|cz7H`mcO
z*|G0-^f|Hexi`#Wu$hmMZ0qsy2<90xsboCT6q}iC&;I<L<e1fT`=^Ja;XTCh<7!9J
znL6Nn;K~pr4}nPi7vA`JE^oZ7T7juCnkFXvhS6F_vFpn*2L9%nw}W#?j%AG${8lB|
z`qjAHCapl{M(t#tr+U4nTG=q)FP0|u-02@gdsrrk#>Xj+P<JSvm$&2J|BEGizPxN#
z8a7eF$p(p!@y9jRlYU+P8v%Idl?zv4%P$0OXLfcY??qI76p{LSVmqj_i8mV!I~Hyv
zP^<U*$Es1FMiJcNpjh5%wvtd4x<um0;&_Qb8n^}8KMDb@wlkF+%)?WYyKsY)?2#IA
z{!fD8BhV!Cf3K?l+i&2o(574s-(e$hzTf5dU7u{l?;Qx?Z_yh-1%Hb!4<^Ya6PqCH
zetv}N<e>*5IvrGq4PC1pUW)-=)4X+HqA)xBznVw(+Jd-0p<*+aGG`S7$YIfo)d_u_
zVkCkX_i50;$;mQ?RIiY(WqE6{Ci&m;SO_^)&S|(e%315lJo~TyF?od`jlrEyI%bYE
z$iUfhLW?+p2j!rTx`l&5TmmX^n}1;-Y#F0@aHbv$OMWXDr4_qs&uM?<5ym0i!a%QR
zYBu@w&b5e9i&y=rC+3OXI@I7R4l*Kwoxl33ZlKIT67;*bq|tqFYs1TZtA1pjg%H)3
z=(cr|v>EfKr{|=1LR@)8iV7i32C53vv?-Z;x3Nin&MJ!7J8u_W`O;?p>YYs)aEecr
zVrZotPY%?qF=@>gjVPG@GPQLg>Z269h6#wuu2P6zcAPmiUypN9D)9ip0kJy|OSMra
z|A^TL)8%ULA8z4(JsZ8Q`bgb<YbrP75~1Jy*;G#_*;KzaRAta45)$%Zs=`RcE`Ot6
z;_R&CM)F|7ATm8UM;=|s$$Yu|7WnfaNy@4&C8@ZBC4dL;Kg@*1<lAZy1kxY%w6;VS
zPE9$R34*Udrmv)^R|Yw}mwTf+>vyU<jB1kcjhz9-&hi`I?$G(sNcD`dZ(>n}@}EkY
z7fMkhTHLfr!)^$tr|JoEeJ@iL6^<|Jw@f`0_>wuwQ-)&EW`v%2C5+CCc6f7K@ypGk
z%evtX#FL!d6aH|?vJ|ySTK<Ycv=6@I^uKb~pic1#ku`RkWZ~}}9~ke*2Fl33v2}6!
zE(vEzy5<(WEF(~@-wIo&aJq3Y>nsx8%Y-GgVAsEO+^LsLu#e77jO1_-6`CL@4O&de
z`QCOzSiG&oss1;HT%Er#faj<!>^y&wP5zY$4KKS<+Nq}*s+oE!O^VNFLB61Wug3mU
zuAfe7c0Ru$GFs)X5Wi0PO6he~4X(?(K?xdgt#+l(H8_@&$1WzxYC{jjtrPc$@wUGW
z8kLdHx7JACmj?BnVGi^dGCF+iFfenV+uPXM5+_O+N!`5vcyypD9PnJjY!9J#tp^Te
zLh)|^r<SbjxRxXa6vK+WFP&Fvsx(MccR5R|e+h2b?74UaUWEy^_;W6Bn0iR#VpYsQ
z&qAG~m`F*+L7TytHxp+IL9{sv9lt*&u+Q<SM8O~%f9_YX>%2hgtJ*JtCG<#iOr`xd
z$U`&iqWZ!$OKj_`+?ul<as!Qb|FIAt*E$O-GwbhK_I*j<d((F*K=KWeN0(p7#J!F<
z(x2e?*~{<5mu9b?ao56>rA5T{D!j0e3ENFhIAS<`yP}#Omcv`=cx|N1Ic!+#La3K@
zQhT1e{DSg<vti24sYd&GLGqm8N_RL$Ptne!uJ7FM-F&-oss--R#W=H`Ons@RWy~ix
zhFw(kLZf|BEZY41@JWh0+U<%xzAm!z6p6{Reh+66g^fYs$BosjjmJFd<-aGzW)=xn
zYGas%QvHMmq*_#$)d*(`Ews8xwaB0Jh`K@Ug~ur^uXT9dBj_*``G`VUPHylcJi-3R
zhpZS}9n88i%XF~yWoDJWu66xy-xJ&D;TT}v(Dw?;<)jM4X1e$|wMbR9PdQ(ACSI|a
z4Kth1^v#ohVmcY))}0kzDQ6>_`dmxxKTAr=-Tm-%K_q4oi8#{pt)^K^_7%-ITqqNY
zyznrIF5$k09S22=(SY&sSE6@h{hTB4JmTrSl%Y{lnoH-0eSdtCqQF}*b;vmTRI2v)
zJwV2;=VPvE%;kpZsaoKAivM;@9M8y*b!sJtD-XU|Ddm5vHR|A0^^FhwsU1!>4%V|w
zA7~qO5lK$8Hy=96%FBO!6vNO^-b#jhqTR$T+VF8GLM1g*o;KUo$nR@6SCU@a3zV_}
zGgRT{4CmaYQ8@GZ(dRnu6pfo_A4KI)XIm)VY0Dc|RCbn?F9KIF^Cj~ohO6+U%O^D~
zr_lQ^{x*^>scMzicq$5^*k<mGvx7a3|Jmnh1G7i;X>euEm(yKdj{^D}+8@KSvai`B
zzcWbcdKdmgJ;GndO`$<z^%gW9YU)uQiF;KeS<DG@*%K+X-5qMxS-6Be-hNAG=zRB@
zF@DylgKd|0z_s#{tULNqy}ecjSa7&U{XYv{w7g^)1O9qW2${TIoB{iOJ!ixP^FTI+
z;ptf0ln@ww)ob<0|BJQn4r^-py2jp7q$&amA{|5o6cV^1z4y>j5RopO(9Ts<q>GUv
zB}j*aB3%NAg^my@p@URIZ=opln}FQwuf65@-sjOj6q0l1oS8j))?Rz9!=JC3XjTQU
z78|536(@zpvUaMt)jK>Mc7B(mxY;*jA$WXTc1@hdRaOvV#<y^$@HzScc7mp0>8x*&
zb+AoXf<Y4-z;%4d<bpxudfX^aopFsQt-vYc%f#O@29^2Xw`GIK%X^Czq+*>9#xND(
z(*V#v=7$pGf%Axh?gyI_>3~uD2LQ~=%jbs~qxgG%BmD&O0Un!u|KuPC>XiC@)ES*)
zXUJSa8ylN_fFV?(%MTcY|IAqc<y=b0AwT~H<bD;v<J862%Q#S3bMXR%9*a&OsW9E6
zcXRx{itW<GD`M9}>w8D`_SHcoHLZn6<5UBYRSGrv((K+2b8W3)r5y0i19Je0we5}P
zqRV;Jkm-wmrv;Cbbd;_7fZ&VYSaq@Sqm$iq$?gzn5tmiHGkS$lRYl}w<lh%SQD<Ao
z+VuI07*lz*X=WsN345Y-YwFg&4$nNK5*HP`_Cgh&Hy*FAixrrx^&eh{<uqG8BLMQZ
z+4geT*1fu2;E~WQPW;qmQ%|R@Ap8b)utUl~?t#_=p;N|!=UUTJYauUmI)@maP^eBb
z=9vs{17l_<CQf-;v6=*A6((iK$_)&Y$g#|yAt^e0u_{5l?={h9Mcl!6VPf6S@PrlP
zj2>D_r&6i&t8hDM`hbvWxm1FX+Tc<mdVG`8)WSg~<-RZyw9UKvDBDxudq3~Jd_d8G
zE-l1=N%5{Cd`&$Yp4ggH<$R5_@ujKtz{cYUm{s^SKG|}hL-kg^?eH@X6XSCVQ+uDC
zFRzzx3gJ$)8gI>Pd|@xB$nnje&e~$CFpr(j5)f2D?(S2%bT|f%kB<S&&AkK52htVR
zWe$_sP21a1H&5P^hgc$yk0H^bt*`+SEqAbvAfFxDqxwY5T`oK+N~-`MwJ0j#3jE5|
zyZ$LEdk+Ah8kf(+uzq))*>J*PUr3ruvVQu!A72nQp2cyl4Ra;N+Vc;B9?oFs;gz9+
z>zzO!!0T=U$u^nKOpT-X5ss*Hz~g1fZfOX0h>QCdfA-|nKuY)=puWoY%aiE|4)1@6
zl9SC{S}eH@ANOtphYJF%SP^Wc_qUzmvePv{*>PT;BnVSP-;vn*Vg65ShV<O`TOsE3
zWF{Pks)@&Dh!SA+G@FY-@Oi88z-yB~7KDC^KLHGSz*>d@l@flqTC7TP?{q2A7&$#a
z)zB_Cg;|wwt7f)paFxYoom&oedt}0G)M(pvEzRzzY^701yV}=6?H{Iv<A+*OdV2Tp
z)XPksXj}mEjW_lw6YCl8o33~=;*zRr!!qbS-(5eLybmg((*ixoxm^XH43$bEiI*h9
zf+*nvK93jH78WK}ig(D(CgwR8$|P<;+z;B3-mVYbUHKkdp80&}0whL)`B);{)z{_X
zmYPa4c^WcCMt&q&hR$XeO{<6Fx`)mzv0D3mH27HT?o79?vT?8tQDWttRRQ=}_hfR=
zs}ZTt44I$WF;XPR*ZPP!5l#>(4udmMcIj{AbBo`+wawenj1}`5GD$C9qTFmSv+@ad
zFV3krT2#7%g?vanzFzpY2%=TgRZ;cTk4a%CW__jwxA|j1n|Du0?wQpEGdA2u)qsG|
zip^Mj^^;*p#m|b%%TT8SZeboI^m2K#0(!pOCw4sVm48><l^a=1N5<{-OV2a+7f-%l
z&7+o4yQ!kaC1|(xvPBH%I8I+T9HrHM-dnT(b{e3c+|nJLMl$t%cb`Be-lW~4;=5t}
z_!Ps)IepgK-93zgn%Fo~9SrgHgLg~wLFWQ)PT@u-8-15OIlfWor?TOBX1iyT%PgT-
z#_}1?+3{Ka*vXeO`FgiAk2|u6jx^Te;M`{kPn@_kq<maZ2HK!6zL=hA>{e;o_o_!;
zr!$`4oh-QU_0O)jPljqjS%Ei>2zK$XDb{HTRW$@LAzi<W4u2?YOuBpO5hp_3_LF9U
z9;1UoQ3;vB`GIu4fCt}ZZteA4WcDJod}{hlK2IwlhZX5b!mPZVSL|4=^owSV#Vit1
zd34q@`CR$K+)1Zi=-?J$K8<cAYL309PyR7rp=ErlZ1$@Esnml>`f3@nmurGTof74P
zWNGBdH~Zy!-H3JQ+C64_TDbi&xE_tlpg<yr7tdjFEZgCCVMCXTWF5x^(gGmc{PQ%F
z?zNteFv%u5t?k&Ul&DoJlT^?zo=?seKQ`T|y}2aGe~52A`U#P?_%3t7MBR})-!os@
zx#Rs`j`*kqG!qI~Lo-axFk&*fSX&iNz3R&bu<r^z8G)sCLG&_Tv}!Q<3f?VCI{B8`
zrc(5x>n<#Tb(>}QHNOqa1Z1O=)#^g^IJXG!DG=+2<>NFKR7>Rr-w(Wu!3w;yL2#+U
z1U>e*0)Du7wwm^_(YqKP%|@5&K&0V&@%g)6?JTK0U13`^j;}JN!_<n`Yc2Se)3<If
zcPCpvXLdMhBzuOp<((N##T%|UiD<P;Y4U{z@9M49orDGyYOrF@R-rX|4&nEus%(EH
zvfFcWPx#guM)+slro6H5ju=u==_dBZqi)U|t%;3UX=V!Lib!oe!M2YIUm&8Zr=ihw
zUQ<wST9Lg-aL)O))ZDZ`U3F99?D7|0q-@hn9(Hu5vQ<6)N2%U1{+jX9@3)Mt`<;@q
zjC><MzogyZgC^PyN4Y$DJLo$k<g)Iwmxvvk_(ZZ6#XlEj82zA)_&WQ5ll@GSr<5?O
zpos=eN2P=AN~a;sXP$I72L2hAUNa6#8ZDjlZSlvno+i@`oR8Tb#~<|9m}baxa?<sX
zU>>`Iy*2dEowq~tx-L_x=-yCe@B_V`tF{a8pt_*wsjysW#lE@QLh9yU678d$fy9aq
z7cCb&(>SvZwV2lRF2*h>mVa}gjfdbOo42y0b4?3IbQaJX%c-&ytl^6?>Qu?PKcRF_
z5&4ax{<tUBUdaOSbvTuKiol!uhbI;&1i=KH=3GMGtY`6#i#!Eng=<H`y&S<(%cF<j
z8Rx0G?*(LE!A<dHbEmsy^!6VV%=n-!e$k|B(zK0wnaT5wXn~Y%^PR{jo-2r4b>poD
z6RKP9qUA~z1m&S%yFX56PhQtO<wZ!86pD+%bd)QS-{m2+C7<-S#2|meE6IRh_rR=1
z+pnTarow~^o=B_~{jQcNtGm{k_70l4rljqJ5=$O^eI@th7WY9dv-PNie)?un?n-(6
z%9sauY)`=IsTVow(;bC3E@6ufw%O^!dDBwNQUcyxTaWAaGFj@-zxnv*y$pD|qMHuW
zv;2xg?SQUe$)t(HrtJ}HT7@1XhC2M;tsXN?-inO5|1;>PoEbXFps;EV@osVfqII>g
zI}mC1tVGsT;#rbf7)kbL?DJD+*)W8P6WX~3gPpoGq>7MwYQ<o+;*ujf@uP4ly0^fF
z-g$GuOwWR0mf19zDtv8Ncyf3~o3}Jiejz`9tuN=@bnDF6tM+s3_(I=^z`Fw?8~hH4
z0m>N$4WZJUxCb3)A#BNa&^vHkXNh*cmWD6Ay>F6NTED`K)7g%$r_zPAdi9Q&da+Rc
zw?D|o)kj1E4BuBdV+0@Q-*RozWP5TqT2NK%p0a*-s%5t|`O1P&Afh|;f=S=pHQK<O
z_H)9;oj@rnl2IRa;6xOi1!0Il$R2#^VB5d8g}uGacu_x5(YOT)1i)TZ)F1K2!;H3d
zQtR}vTuCG3v<a^R(6f6%d(#VzV@G73tU30AhDy+Pz3XM!Q|!WuszaIL>3Kp`U;hjP
zEthD`Nh5Bd2UxR!kO+g3;hVLpFg#kubvXZh>{+|ckmbsVY5EdJI!>?8;hw0EeLsAy
z({+6wdE>PLbU1bBxRZ1BD%dyK&&&`8mr{HG!tk7yVb^MC(Dc{uGjn7WSJRKz|DBk#
zm8qJ-)nEcAiyT=0&Zz2g+T`%DqpJm(FS+<dLEEUBsm~^3E&o~2zM~db{wHzY$wS};
z0t!Eno2xiXfocK}`A#RvueKo2I(HJa&tC{-Z_1Av<T)txy(yL+Na-$%@{>!ol}44;
z{|FyQY%f+HN$^GiNbV;d&&Ne5kVIv?5QnaN4Yanlk~5|Je6z59Yk-yl-XK*g3j6?w
zR#t9|2|&Zt2|qqdZhXG&Pg$|C*jRkvjpa_VG2k-V-qHVYaCXw5E9d37r?=~yUaT#A
zAjzi6=%yPy4|})8i<85xgr)UW<eVJ>fv5ypsM`xH;LpZK7Vj-mf+=KRkk3T1xx3q?
zu{Jzu&gD)BI;xIQ3Va2>V9Vm=Dc|{gqM3y2K5f;IQJGMZm$v{EAxNl%jZqGXg#geU
zrOnhs`DYfH2?SU*bwKr{sKzQ&48qtUE~*uet$jzFFS|E_mYuzOcBRdK`p4YetgI~W
zpN*zlev&`@AiVEN0c^l;diV47ctm9JiBnE2JuZZ?dig|O)sC+glucS<+qBl4CTkXX
zvx`ar0WGo%Uo})O6tlFdxJ@HNInW-%<oh9yi`47&LU1Rjh%Qj!C#BXw%2?l4($Rc+
z>BlpEtc68xN3GOcVHc9s!*wEXjTce`w0|$HqC_-e#@{6p#E3^PVX2;7%%kKN;W${Q
z_)w_Jk<xcA`^{6AGkgzc1@+kVZsWjZ69q6U!|Lty<`_-kmSAC=wa0)&3J;#=VR0=K
zc<35v;>`L%nyaAhJLwiDDH%+3W!XIW<^2+`mc&_`am|1_Ei2<w#@``7(}E?w)$9CQ
zdO6-Gn-g>j2+;YIc=07=Yc|jl>|Gz_ko*Y{;~w)rC&(dXuwv$3`idU*?3-u&@i^E7
z-H7EWW0l7iWlMhW5_=tPF+pRM*+eVJl(OlkL@wX$^=}aQQ722Tu`y5IV&0uL(j1E~
zvb>=l@Mxg}$X5SUCt(*_nf+5v8f>{a_5o4V`L9GZiWunux8G}*+h1>=FNa1vT$$ES
z^~A$h<KTy*4R%OX4lk*Xs#B40U;_rnimT>Itiua>x1$2W3#|WqtH2i}%z>p`W|I}i
zS_dOg)c)WZqu|T1YB00sDz|+HhM-S{d;FryUNgu;rdx|qES}?+yeO_d-MLw2AW`T6
zQ%i)MCiqQ|*W?G%(Fui`@5n%~8hk+0c*zk8twVc@Cb*5XGv-B9!l=XGr|Y}t_$N!3
zN0wkR3!)Ea_I+6TE8jN<T9Xib^<nLk3BNf5zz_p+VLN#1x1t@UE12f72s~Q+=cEi7
z^s}_&=QYOJLT0u5(MQ^j?*0<m>;yQh8<vRuP;daWquu{z@?@s?^B~^O>dDU6o~Bqi
z3Ok)f_1@+ZII&Q4vCYGxWq;&61w)~L?u30H-8ny0MhCi85Bv$=|3CWF|NcWDk^x-_
zI*L2_r7l02)~Utmc5ecDN)B=&qM`|F-7mRi$ke_cqp`V_j`dqrp@;syYbnp2CM)kw
zDS(TB=ShYLc837o2KkUVZ+v1mZjn#BgFC}%6c5X#oXyE0NTQf`U>x!z0|(Jj9;IIQ
zBL~8>Yi-OSx5!OWIZtg)qY$?<IHe59Un7%DetiSEeYcl!-}wTfOcX<|>C2rKpxrB}
zNX^5pJ^TGvL1n#i4F*}yl>1DS`b<wG85h~Ih!-IVHm~Lsu$}LZ;oF2|EQAMC+z;s_
z32T+T^n>S}fM9AYfhaz_u?iw}(n2Sx_afU)b%T7X0Ejp!>c>PJTpc)WAm0c&@Z7hw
zTTFh02s0<jJw2%~BFL7CkEm$PtFqMph|$T*(5uFBDPJ$bE~;}HmoK#I-tk97<s7tV
zI>c2R)pPh95LDWIXurh;D3~~N^_Wjfpq7|vqFlslof#8Exb>edybImfL1Z+~^3r#m
zxx|<l%?oL6scj7;?h+LCheban>h~KhFNuGmj3G`Cy|3MGn1$zxnK}*wQhEPxmjocf
zrM7t(KJ@^A_AV;@wCJC#w|f!p2Z0jpqn%mma5mo%FT{t&M-WoX1Mqw>e3l7GsF%4n
zBGjm-8Y{rK{Q0J6Coh6K{{6+<#kXWB$?*TqlrC3z-g16jQ?pCW3ttf8hP%o)p*QTz
zh}YukYfMEVuFMK!uNGtwUkBt@a85N#Nqi2n_Y1y226MeTImq+r9(4Boi{<6;>05u#
zq;MaF869DC$xiR(2X_?Og&z9fOg^?04l*+J!JUuX8M@mI#LrLh;UH;695Jmnt+%)A
zKuPWZ#nHWg{a1?+`lq$~zh8x5!QTmszJ?cf97KCj#=SivamrXjmPyk03gi#ulE^#%
zz7NcT`snngv=+OSK2i?MZ4T&XCc6^6SWv3lDGH^{4<dw<(JlO6m7dzXK4n-_7_zb(
zCn=_>CYkLeRVW%nC@(yC6?=I393gOcM6OT}Ze$(5kZKT=DVm2yOzRJ2ry4erUL>Hl
zT^S(oAk<6T*R8&_u%>8#-l9ss<s(~^q)}VDAcMcqZ)nq<$m&|~`I4UhiH_sN6|n_f
z<aYUAEzkcBsBz;}4kd#OX+sivOO78a!r;1{;SUgm7JKifXV7~X!}4WPX|(!At`&5Z
z&%y!QfJ?Wvb(GD2UrC>bHk7**xp*eF?Vx|rh!1(o1L7d)--DCSa=DaGpB#~`#=%zZ
z5^uAprg6S8oeihXrQn)i0gkDajLSOI4XM({mRnS;$$Eg@CN8gzjK#!IADM-}VSSc~
zclzUine%Z6xJo0$Jwo27clMOEDWt*WIK89TqX%zK%42w3&JylYGAbUEE<me?$Oi*R
zK`NXsg!4s4Tu)-O)r(rfh2?q}8?R^IS<kneF&|8&)K+v)x)p=06ht|&Z7Ddw@z0;C
zCDJ|`uKTQwNQs=-IUlM<oD5hv-kZF|sZ-|*Eu}wCmbQSr^ZO<FZ89a7Sul8Jo!d(u
zw+#r7+0P^54({x-U}H+jMI+jdW^>6Z_WAF>d6ht0D1QF0dqdDXReRpDOjkYMkjeB+
zX}z|%E8sx2Heq5r^v+W>ec83ZI{|k%J`NrHYwv?Emwz><X@+>8#O|H*TpO*pbuO(W
z9noQ9jpfZFNV`|0>WsBhx|YRWJWLyHeWdDy;iipe()-(|m+tF6Z#ws7(W!cLa(%Zz
z4>H!JHj-5BRqdp^66dV(nJ<lX{1a^*ICWS>M#7%Ywrc*n6BhK3M=V-b9uQUdJO&Dh
z3xtpTgrWzHARnBgEM`89%W?2!e<0|$?EffO)G?)w&s8sS`r78E7sFL1&Zbz3#?PdS
zLO>ZP>=owi*hCZ7Z^m4$ET@RnQ}`*8l)glK6S^RD)9Fc_CQ~GP88{xGz5u1cc<AWf
z=hQB0`Zh+GcOC&DyNf^B2Vuka)U|r*$LVbY*~rPayxl;sbZ?ha@fv1j7skH&Z^a4O
zM|QgJ$x)K>g8ni4!{W^!=PGCmUkFMEy&?!ur9--@UOM;{3>~}^-WzmOe_6Lv-lW^G
zJCT1Z;Esmfb0SE_?!|S}<GnI$A|oShUH_~gYXtnZfq?zv_J5^R7#lY_gv4U8#bO@@
z$Zvmsz^w-;eK&m8GF+s!gXZt#p4Vlbyy4o$@=5O5(~MF}uS~=T6$=Zt?)CWrI&z36
zN9Z;*PW})d&@KFrvW54`_rfjcOP&b`dS%O%P@|KpIK@|_zxLKid~TKWI3pZ^D9O3P
zd`cve-F&B8a{qf9RJiAP;3QFHw7FGs#Tlpw>Z9Iy@<2Q35jnRgw|a9M@4Q_cZOWhb
z7zhx)+}?^t$5wnF0+J%+Wp)hR$&-bhkc4Gog&FogQu<-!ZSVG5HWE)Qv5JA!!LAqF
z5Yp@iz;MzySNa4Ods>rw<^!gFkHIIg=cw|JR~l`0wcd~JR=Q{J239c2%!>vxE3{Nh
z!e2Vsh&8`Le<aPA?v%|@>6;<?3m+aSG6!W2D8|$^v#PxQE6Ma2V7@q7>vQs{e5S4=
z!;L6bR;#}x1D7!`-yqazc_vMK?!{Py&tG`PhXP>&pdWJbYLAIChg6?)3telaxpR^W
zqljy{Q-nDW{X+ZL3<y+9F%<zL`QoLK>~T@T;A5aCcC`&*x(&p($W7tY90G&Le)CP$
zcTskN3GnkF%I=f;gf}T(0Yx++I>|Cs-y3G{;D@*l7F^p2sURCHDd{9<gKjf1n*mHG
zD&}Eqx4t6=;#94a0y7cgM$D-OP{6IV<k*YaHlk>bsk#tPFG`O3oAAF{+xL48BW3;e
z$6o8v)>x8>$FhpZ2WLoQBZxnXXzkzk#l|rhD-ChoVc7-hLE8K3YL^;C+ku@dkQr=O
z9?Z&YyVHx}t=u5;YRK+e13Ta&;>YWs+#x>jbdFGX0g12Oyc+1o{r8{xFFyp@ET>qu
z)^<<nH(8*Kyv=}quf2R6>@@9sqmq&(OM@tfvr^Cw7Vx&X_&#K|3b=W@89Z(o=E|l)
z*eQ2hD0>d*)1N_(L4J)8;JclC`s*Y?CWkN_-yQ3vO~947O0%2)=L`H*81MqD&O4mD
zkARwa=C<E8EjC$1s4+{v;RJHX5^{epW*8Qve=iCwt!JNht|IzTUwp1C-sufi3DGxn
z(9#`EOjzvyxRRGXb7?0;CH_i}Z3~BuzHKOG!^42oZSTuDR|aPg!1jJ>z4W=9l>S(j
zp7ep&yFg!A5V(|-F<xN_D7uiQX)4pyBjILEf-s_bCxgZfT(E2&1D0sr#s&G@Sdekw
zCZAT4=F9h}HrMc#fkfA+E2V<pFIQ*0d^=bmECWyTyxidwUD5#Jw@OqT<GD0$?NpcK
zS=V9%k>X7wS%DZ`lWQP_-@T)S>U3YKzGH4ENoW`xw5PA0Lc3cxLZW=>x6r4NpGH-z
zM0xxEj7g=mX^7~uRPK!9eRe=Ip|PEgU3`aGMSik@#J@W;OqqSww_#2S1KM@`FC$|Y
zkZ9j_4z2Q;Wj9*;nlx_4_U=bSVNQW_04eyOPCmvAu9B{ZP>pb1lfYwpb(%;q3B+^t
zkn@Q93QVm;+W}Rd^Y^=TaMFSuqi#)xE3jC1FILrAtEZ!h+r!4MV~E1rzJQs1zZWRY
zNQ~Y!asTbTbqmtzlrJpB;csY#PwFE|(CNduIc1aRbXF0qHsP7HV)yl~R$U&vGeO(q
zWv3PS$v}HiEMf1V@5i&HNdEn$|I;ZawFZbOdlT)+635=C!F-S8H{R-geFCUL%Y(Du
zhWFM60gISXn;!5ZeuTgp1lhAc+8sD0kc-uzZfE}cQUG*P3JNf_|F2dj80PPRK<TeY
z@L#U!fA~~OBC%q#If5(^0}i#n1_H)`y87rm#Njsg@vp=7KR?N9szAGKaWq|GnG1jq
z@LyTnW_=fI4v3~E{HWp(5fPad{2M>uFejC-0~Di_h%WdGg9xv0%FHhF%dYjSVFjdt
z_yw?XB-gtEMD>XoqEKcehwjtxIdXQhgWG-Gib%EV_uZ+_p~+<>F?|#%-MV5Vz^$l`
zKB)m18*GUjtvmv%iUaTP6ZJr#bPn2Hms~H9yuEk_Lq^R&-kQjs70+@q$0YaLh){sU
zRD<@HdVXWUgovtXyq{oEDhV5c6JbX~MAP1YX0+$P<m4pFW(x~^xm|08;f@&jOFSo$
z*x1QtW8kQ;_-raROm24Jb(J&K=2eIFuC{?c9p&b31;prPj2@^~SSY{rkwn9xh6V_r
zWNBgHy|8_0bYyO0F1m!SuURL#^?eU~09KbbCwc<QSuQPkS}5cZAEDL@a**HT%KP|T
zAvPnor~fUTO?3%}9G$G$;VQ!ABJ7NLdLVW8d(7cFtTtEYeCaIBQmP2!Ll#?1W08+-
zeN?FjqR`icqgod*;%Th;H1Jqu{tKp+#RF9ejV2xgH8nMxtKYUW)qEzw>nc8WCuV0@
zQ^*0K?8O2oth3}Hw3?Aw-bTObDy|_)c`i4kLE^?M9y(V=zB5zj4`5Hq_TJVgc&}^g
z>Et!$yJQ*PiYWJw$#&EEvaDJ~V<p-td%C!j8>#;|AT!5vvr4u6sq!S>Kr^-rOV4P!
zycU9b4LWsVzioU6u;{TZYraviZRxj|;)O)i^+Mkl#jd+ROU$Mz(`O$iC53QYWndJ4
ze??HRR6`?Q^MbWaW_{AlS37F|^sZDD3S0^^ZtMca!l^Sx)bK9j61}1%?9eN0j=^S4
z{0|dDhXCmGD}=x`lO<1ZT~LA#;6U#n#CT|n1gr7;Lf&&dr;*LH+@i<l7J3+79ga9R
z34xZkPbX8LgKR3w`tSjQ!&3S9QVUG27C4v%M=rai4)bffRvX}p+WbDsgb#W)e7=Xs
z_I2WLdkYBo48_+y(Q8JzUj^{%n{$vU!_K@W5OjKvzW_V=Js`WEtA20+AyMH~-g1cJ
z%&+EKx^Zpl<v~Rn=`WEDSMG+O>Ei+Q?KKw__44qHVr?i*V^KnEmM%~0!-m^10UR|I
zyq^U%@q|ak(&En8-5ye*a_}&6%tQFil~Y%6s>+lwn}vf?J8j8mew|tAgfv9QIW?>?
zt;Qh$Tpr3bHEdc|O?i&CG15A{!orUW&&*jH&=g1AeaZ((v`ZwKZ9Pt(1ttq-<+klq
zvSuzRlYx3lc391@q_(!+0{eR>CL7$6a>e=FfVshul{Rbps@Kyx*GBp!2#H%pvy$Dk
zy@p^0K5HE3T8`}L#Nv!5Z`+oKLUtTC*^p!ypD4Ng6M)*1KiWYUsiIcf*jlYDVWQ9n
z5GSO&G+!}uLu*2bip%6lFx(C{H(HPKr({|qBl~K;izqO4M3H|U@!36)u3RT~<URon
zxg|g$6|C5V&F+LvmhIZ@1@asRVwqx<kB(IABBCodS`e?FOsmDf=Q7jL!;&xe?;Z3w
z#MiwTC@S{jQP2H3sX_YVQ0Z(z<`*?JsgQXWf~Yg<=49@XHkrxMk!@&5akU%JGj=-I
zc6!rp;|*~xKLPj|=e^8IrW=!fk`TEjMS!(@hJ34F6ET5CTK&}CXJSC<L+INLH%FjX
zN$!9<iF)II5rutr4Cv=kweIX<J1{>?>Qh_~PQ1$#_TUTa2&o(#%u9(Mj(H8XeWkT%
zUl_4mbU&I*9>M4gk_;gN-2g=A<CR=qyQ!6_Skr}G5?NfHP#+T~sWa988Pq!ZbEZ-k
z@}~q|Z!cp?rjgG)22`7Eq*`AStqQDMV&N!(=SQKn2gb_-wK-jED*p<ioccH(g$<uS
zI94C=%Cw{^pz;2;Qr}LuEIpcjprEt)^kGD<191}hp5Zmh7-uHIbE`X{R(r<S?mR5F
zL1Nm@9f<a{H~skVNVasxh=EhWSGwZs=P~%Vap~;pcE-GX$gEwc=TbGAcEA8v1Uvl`
zX%y^R`m##x>uql)YK|P)cS>(RPwh}8=0GT}%@J=A)No$_p;%z~GYO<?;5_SfpeA8O
zLYt-ZG(TwKOr9&6RJGlHo;>$9p!r!2XL4v5+rdN_uB77{?koeDQIb_~(B@F@K$HHo
z=mIsglquF5?_r(?uv@SP!5mcn_Pg0?d^gOTYuKF7ivO%^en)9}VSrH+QnY=GY`rpx
zbra31HdvUc4}bbNdY>b`!i@ELSLU#EaV}=xBDc=|>)tuAr_rZnc%)?m>4aq>PN|kE
zj}FVNQkx=_zeyBdh6@M|q--J~6?xz<=%XaOs=CKN$-{+8mtjKPMtG|D%DbN1ztu8J
zN-k?en@KHHrhP1YRguj-h0f2bK3BiCWm4s7&-7HU;kK<R^@Wbm11=?5MyJB;4gXP9
zz8;+DZY-U+x6p`;?kN_yKo@(ZHVnY^`YlHwJPExky0ChGwajL$sqEd|-T<6qoyQEz
z%Ev^bybP_LKlMuHBcu*xmC*=K*;J=-lptp1ppF)&v>>n3!iF=L=&AVUT&?yw^6%Iy
zAJ6hx5@Z|b=3Xu12nH=drr*MH)Ym_CuPheCMTlv|t`LPU0e(QBSMmDzZ1<1~q}O*>
z%Xq*?kA@6Y*-zj1zNud#CzBMT&d;ux5oWI$1hAWim84`CXJ>odjfZplXa$vhA`hHD
z6RYJhW%W#lig@v`mxc5(r1djBWFFgpRKY)gm^|JScp>+1Qu~*(d-|SDt=dNAD>OPk
ze&&vJ^KP1%Hp(@Yv68m9BuJd^R8&>7&%MGT=84kuBx^k2tQC7pbw2Sur7wul`&Ry7
zK~0~ZXjgwqX*OMc8Ga@%ycgvabPmdSW9%ON`I+YamMji!wzDHLa;54iGHk~$17ZN@
z{qv)a!g4;>PL~8SmpozS4ZJcR^%Ye?>laU;I?z}9@TEcWjV1avX%YQX$NkI9EB+v8
z<Z>&lcrxLVM0sIH{Lrm$wU3ii3Klfc{zC-k6Lk9AxT0SJkTa_D@X^YJYeJZi>zRhn
zEl)aSk1ma_Ok(csibg!M9_D}LAd~$aSGbzE_FYD)hxCOwPAY#W`SE*@(D9WKN|dE_
z+gACN%Vn!DXJ|Qq`w>jpRmS>tD0wJ-x@=_gkL&yYv-gLvx#K~l>p2jEjKG72veVzS
zo^zeernApK|Ee$8{pG^%#sIoxCDUPi<*MpKjxNX0ijB2VPZP&l<81rSXyWVM(lVAP
zV=H`6Sf`S-?H{LCnD<94T>c>R>|r+8mEm~hfar{<n3%3`v(gpk#=_N0@KzsVmnyWM
z)=Du|1@xoEIn%(~nbvZ&I108q+q#R01p8Pjo2&oEgCq<3mNlLG-@1?_cL|z}jb_bz
z!x~g{{eWqKURLUZte9~^_5ht9JY6*rnSBt1kLpJd;2Xu?sYMPE>92H=zF4yFBX8Hi
zg2992?fL^X4ZShP6%+J9kD9>=DQl2YX+|trd0NC5753;*>C8_~b`XXP6|F<u-Ne2p
zMesR&t}f!MZk`4%7{~{>2EJ+mUpvVKfx^vc$q8QW^yc>aPe?Jr(;XyMcNKR(T6Z(3
zKkXr#mhtzCPW1L*IsLCuOIl2$X*Un+QF;=mDA(bMu)I^_i8}E$m<1CJ>}AJcOzHV(
zvD{1KLx2y`0XwW8I)~IfADDjYd#>SRPKrD`RMRNSbeG}jn|Cy>uoIbfMFu>Az#hql
zyZB9xEyv-ov}bb-vh=5)q%9kvVoql=uydcSd(m5|>cON59T0O{U|SFH9dbbwjdzT!
z6&Q+orimoScOJYKg{H4Kgjm(w@nHEk7A)7F{jy+zc0E`Q-apI#oh1MnXx(zQ(sT$@
zi)ha-I;9tQZs0uOCqtkFyqR&#VF#GeUFBD=uzqA}IP^WXLKuHkwU6qxFet+0vpV1z
zErb6!dhDoi$h5@!p1_9-hG~A4{`=Y<<;TAo`*>ytfzHJ~Ae_NFNRciwrL>UV{b1sI
zOk94#vpB;Z4EoVP-NH30jov#Y=rTMk=-V~an`boA|Gek#9zw~RPYHT8A;C}+BS$Vb
zIxd3vyd&2D&TiSz51UlaCodG5$tuc_8S21`r&ss-nsx;~HyY_#fB_P@A`6h36m9(P
zn!%HnN*Ef{EaxB4P0s-`noCqW6w<!~CO>KbAj#(($NN&nw`!<2$4rc|kUh%LYarmj
zYM=AqlYd~Bc97rv`WW(Qypb_(xG31EO)*^v&qK?7MN`eegqCkhJ|erezb?ngS_whP
zA6^;4L?jnAa~*tBJKi^XM5RKp0<)pXl{}cHch}Lbn_l^4bFECW_IKKwT&9sdw&(lr
z<Kc4+=BuIVX%YsAiq$-x6?v^3Ap?u149mh3OPWIl_diDp+TFgoHfDVpb_?mmKGw<S
zI-Dl^Xq(-hjJW4jqB(pr%ETXVpiA6L?9`^^V!!_JiqH|!SAMfBlm&X58AC)=$he*_
zX^|)cK0~;nL)zvk9VPfsHAQx@5}%K2b^W$!sJc_ZxYzb@wSM{2yG0|wmpIEJnPf6P
zw1_s%_@m2gGK8NW6r3ozR<h<hTC>NHb@&mprN)TMzK@xQr=o8-c9)|n02oUPyeF}-
zigkSzmEf+RBj|KdEfRCC#<55S^>5yVpPG{sdbtv?@jY+t3YCfI&Y_99A1T^N&b{=(
z37x8<Z3?4@W&4$*K%_@cezzj0HO2pw)(nTrCdV>Seq2*}tNV7QKd#!BTJlx`M#y#e
z<5G<^5PGQ#1hpaIpEnfy3L)><1!nz;bZMg6YfG6G$2VRqM05geTYvOmX$)g7Yok4j
zc&ZVG!8B_)?Ny6-3t>su?ob)Aj;Yft`8+?S_Qa{h>q@zrl>Cg#6k6YW)E7z;Q}r+C
zBJypO<8AdNlPp>$K2nx6%XO$2{Shy%(q^)bssGr-F;+4a-cl+SE&%B!-S<iPmSoBP
zzAfpH)(D$vxQJn3yu22`Oh67)@>dQdxV;tgi-YSvzgHid<@X9aR=pi_xJ`4V7?b7I
zP(x>Vd1~E@YO2(g#*FK9-c6N<dg7E{`}3WIVK_U2&zw0&AlfMgt!dV?!JZ6^b)c^T
zFRBHIcddKhKh#5BC|vKXAh*s`OL&<$3JI-pJGOD#`;QIA5F`9oeD#Cd+p;rhMCI>Z
z-3saGKmW9^F8^s#z^Qlgu3BYh&1lL-CS%f`yNkKq%M4D_IQ<qcJW}bv!F}*ROmWNX
zz0W4}4!9g6<$#&1u+1O(8JDebIZjaIEcdFGWahjXZX(G^uqMGq%SL$?Bhl}mFw@P$
znPX?|y~)#Rt+aLjS-SWyhHt<#(YuaiDz5cz`dNwEPv0fRE{xslXRZLQ=KrH|UejCd
z;R{uFa)UW9sX<L=cm&)=34*Ag18w|4&x8*q8U1P0XQ-g%788oucu~!|v%-N{S<Qra
z!aJ*p*toK&PPl+uY}DtC2`9yI77X^rQbWw${KvKe>7vJUsVeWkUd+iAJ?AVA=h=XZ
zz&{x86Vyn(%V?q>QB@x!4a1jBbKC3Q^B<b<SBg@AI<yshTg*E<(t6y?s>l1@3RYm(
zTq@b~h@%l|@yX?sw-Dh!B9kmTUo^wizRC4(>hvM2<wD90({Yd8`v3d7V;}cF)g5)^
zPCjJ$tY957{MA&Mx|`wNKl&ZHjt350b)@vXgE|^{30k{QSY_|eJ;2mbhSwpFH}L(w
z(+%!-MbdcQwRFsu$&9MD6Yt|uqU(2zg<5VZHsvi%-cO0oIr6SlrtilyyF$2ryao*K
zD{^Rt(kA`e@czlVyY&K|dN4OZn+Q8r(<o1KPsH+suaX(Qo+m-9wr9+`Bz3%781SQn
zRuKt?8E1d5h}sE%TFH=XFs$4hSEG^(XxRF3uM9Hk(1a!>wG-f&XX6Xc3S-Dg*Z(Bv
zLLG==hv4lAV}5i|^RkQ;ev>sKkH-uG_c<LvYtRO*l|=|fu`f10UgSMr+_H90M|P?F
znwx(>Tdwhkniw#KnH0=jLNPT5W4~-y^gsmjgfU%(!UC_*?u#>@=@D_r?DJllKHnPt
zAG0lp^Zz8>;sEJZCMS8-ZUIl=mQ~5kE;gqFZSFT5@ub=3CgGDEdfEk|2BfQBR78!#
z4b5j{ZM>yI+imKh*b)PNcD;{x)KtDqyrOQpigfcmZmf6Q{wMbuZ<bwqi3U@#L^qI5
zH{?rSk7#@)MLm&i{6|IAq%JOPz^;hrlGwo8(ds2tT@|hx>5^>5ipG}`S_N^`;-rep
zhxm(#?Gb7rxsc3D!<VtS@pUg;Mv&pXX=NV+#q)Lz>mcVdrKdz+Va|B9_+hBRRU*5r
zlgb8KF~IE)*ROKM@3?Z&f#IjwTf%USZ;3}dg?OsIpS+JOHFH`%P8iFbrlookgnSiC
z<F{1Xb$ID3M%A3)k(;6O61EUnmo-FQx2PecE8o@CoAKGTu2IxXbD`t33$yvN4g#1u
zM&}kosE}Tv|AC#k@U^c`ad%RWFiLXbf=fzGDlE6fX!tDJBa>Da6-_qnx*GKewqE&W
z{#V>^!0;5^*d;cEli46JT1Wa}jVE*(1aPJ>q@aaGNk~_XS=99+9*tY+eJ@o!@e4c&
z=UILRrW9WmW!W5fAkP8vwpiU&!`-|M`Umg44Ya9xd&KJ2Kbq%V`1~*Cd0H>EzRY)I
zG}o#xO*js4LezP;%%qEO?vEyQPHglX7yUM!jg&2l<VA^XUm<UHn~SidWG2?H>QXD*
z@tg3I(Uh-dr>mSO@Z4lZ!;0Wqi}w7|^B3?Fph60WBm$8oLOZ#f!*<fQVc=DNR%(SG
zweJoeKe?DV+3mbn1epHvG^o+xcYSIgvfI7?&-(jbUcEalJPxRf%EuvpvLPif*g`d}
ztQ3>G&l$+c9r&&_#whd+<j^lZEj~^xcQ;G>rFG;rUoWa73=%lmOy*yy-+#;%|EjC)
zQUA#8r-|e_-~pM;IayE5-kDl><7n+P*0uccr`9btt5~1;e+ww_?bIR5LzDTe$!$5d
z2n845i}-a$=gAXz1+vI?PTBqmQJ4>IQ0QBY$8p_{EZK(wVAC-<+#s?{arIv*IS}CF
zl$nKH9}`Q~=?M0eE&D@&HpfE5_FS9D!DQ1MSu>6YJ-qomj>Gxg+h;|0S&sd(uiJhS
zejF&!j*8^FD_>IqT6nT0a>?L50PJTP9Nc*C`T`d(0l2l>ccjka_!MB^$Q=);)eFow
zzH*A5ngkFT`!2QwjlnC`{oev`$=FC1p3J2AH?^m>dOV6pVd-GSS|*A%f#BhOOty>}
zyqrVmPK%`x(NuLodIfg^ty~Ex5eB03g{G{Pdq}oQZ6k$1J6seEQq;9(tbO@P*o`&H
z*m2vPuB#iKB?P{2WKNJ(_CX0?Eeaj&(EsHvx)S^2*kSrkrXul$w|cvr{?5Da^9zmZ
z0@uH$@g&{om|r55ziq66Nfro*^*g`+^ymvO)6jFm`nMT#B^5M+-}r*8?lGCSg|d~e
zq8aS6R&1$B<<Fe2Cp0Mp5aTmH=ACHm1PWzqk(2gCz#?L&dkGTUKD^hyRPukAI_+dm
zmM417eRpm-M|mPl*vw<sBP6%%;BnUMq(mOf4Fi>>AJ8yjjXRdhEG{iBsk$W)F(g*}
z?##8D?_V%qvdc`>!jAJHS@ot>UV-~vNwc=F7C#pB%By1rcgJ{<wOYk%^zo8tJir6+
zZY=$9!vXCeaa`HwG+g=mTTZfDYF}5=52t+lus~_yL?gvl>MZ>!bP-zOuV!TAkm@;^
zHysC|fdkxT(QCX%u3r>MpYLcpiDhlRb#kTQ`Ps$xlX;6~awbedr8ln5<Ui26eX${e
zrcKx$UGh?PI_o?$o%OCRpIDH{={W^WcEBN~s@8DKPff0tkw`nPqH&6!Qt1eHPyc%N
z9q$pZUh9b(o$0OWXpHuamdpB0SNa0FQUai|i{CFqX$w21g&2kyy<kpP!ncWPxUZhH
z&l#TOo9h5RsQ=dxQ6>mem>EHm|BR5G6Qt)sdDs|xH<N-4vjo+EW_h9X=GAVJA|o|d
z0<*A7ru02*jv`K`C&E-kOx@UKf2Gw5ti;7BV)D^z52q`NGOpal*+AROGA(FIX!6j6
zBM{mjMo&@c>_<jV2DV>g+G*IL$AE^d9Z%SQf`y=e@Pz$^3;o9w<xS^wQ-V#03fVC-
z5-^3yM`juhR*Sf+!mbnT7D^>g92ko7fyL@ig$F8E-?xx3sVM9_euq+wwu{+qVbnto
zV6-5?;L3mEO3(=ME{;?V_1FoSojUw)xM0h3u@Rg9EgS4Ejks)9TpTSrOs*94S>5Pk
z3L=w5J`ZR&-N9#SJuqq9C7j!d2HcRgx(~?eSJf~0Jjjy42HSMX#5F+U6OR%~SE4%}
zC@dx%>e)<*6!Fj0acQr^Vhx8a3VFv=v}c;}ngs2~@ibnMGKve?%^IRTr&0nDey;Q7
zpmWlx(?wLT-*T=Hr!pj)hWm1Bl)n$m{Arof7+C-fnqdQGJ(aKk6`gbwy>*iNDuMDj
zeeqi7lC+OM^LSGhbS73PdJI^i6L_?vfW@Np8UF7Y_L{&v)12|^ZLAm=iV0-%J%e-7
zRU4)4?Aoz4dUt2zFyY9w3JgVlFLagY*Qt;67~)JA4agZpMhG&B%8aWT*<=m84qqe9
zr>Z1jqsNB_kUtS0^bCN+sxhDMKACW9^Ti7)w}v37XxQm0Ivq4s$~b%_RJ40vYe#Fb
zmtiPxcMqszq-|?hT2iQFj58%=f<)izjG3XYbR{z13!h@xsNP@`RMX%y7+&QuTK*A;
zD=OZnB>34dS&Zd&OL{Fbc|)b@Z~zrya^MgK!8dQi)9};8AC@|9ur*&N2FTVsO!ci4
z=ElE3np<Qb=NCC(t%mmJ%GsVrsOV=GH2>qiO2%NS>Q79{N|7-b=SkS#7>v)xLhU5o
zehSnVvYixgPpKmBoIADtKdp`cHwy$*4K$iS%gWkvE@Zde&(1&(G@?O{kY@^9`5usa
zkn+;eB^4DuKj|I#;$oqR>3Wv;i`iuD*qYa+1p>UhXdmE-$nL$O1pL=R$S=i<h@9JO
zEX(EF+F<0^UL-r!k)1`?BPt~w<&S-PI_3;y(cPFS?i>Z%7*q`kzToBr-XpilBx8TJ
z79>!{`As93Z*F~fP0IBK16T<<NI@Y;&XPb?wmDurh@QB;RYiXQe{mg6_6bd=hunaJ
z=Xxsej6F|ITZrh@8bkW`TW#A642NI8;3SAUZ_%0z?x#p0j~=&Njzx5aZEdg|D7i=t
zk?(4}sU&Ke9ym&Sldl4bXFyYnL^PfG{0(<wN4u6yQW;?q2hD<V^p08BFJCJ|!*#-{
z>6+{t8WhWn^?|6O?$U>Uz}se#WZOF6_c<MPih_a+vXY4xzE%ss1JH>4yA#$xOvFyx
zp$9$(0W&jC--RNwrY_lj4#?e;8y3(npA`g=9;qqIcq3wgAY&vwcHlu;Kd>u}``JS7
zU!n&dlZxcK{Y3iyOAs{HXl-m;qT+|<MQW|^LLyUK#n1q;nT4wsdv6da={;shZW)>p
z1r}aA7unU4hE{(zXf@(DH(vj7C5^R}uw;pKkzHh+8F)3ZTn^qc4p62lj{%c4&;ya>
zF<2+w(7Ltuli(i)y^V!!4VTrbZQpnikony4MwI4vI^w3K$H2M~a6P_=Am3aL5X|!O
zS}&?b?0+2{SY^!TzT*W(E?8C{p!gG1<&?=fN@dQ(=I-jBRvSm`0P+M3oVv)ihJcX5
zNv<)9ZOmanx5hm1B|PeFwupKt%;%P497a|#nvQqFd(D@w<N47V*7lXCLuuUmqEJ`U
z*e>Osqo6oSz6E<Yne!pgEJ^?T(CZBERZAiA<Xky{a!Cu@XNo$Qeq&!J3ZBkP8<rkO
z*6KV2+QG=ILE4dp@`<OY#B>EzX}Xm35r638=^8+g0l{9ljj-I^*S7&=p*(>k(~}qB
zNxl!;!@@Ri?e78vG_pQ1xsd;tlz&PF3s}@O$50aGvQWq+xsD@b?erQG8Pi9P8hWOU
zx@6{I47)nLoys+6(VK4U?waS-UQ@Y8NBaVaHhxvN*>PEYAjj6x%fD6QozS+7jReZ;
zf=+MqoZg-<MNQB4aR8-<V6x8fe!NW@faLCfnPo$Cj|B!yB$tMo-n(D=l26BSOa3Or
z8_~n;a;RG~+9)+Rh~$1mN53EVUMM?0pefK_er7BP*hSZO$8Zkja5C^B`Agz$yLg5r
zZEa9@POp7M8Ww6G(F}t~lOUn<Vt0A~yC{066kL8ka7t)<z(D}|QPw{i;@%0W2}^7V
zV=|;Jh4ioINf$D_y*MFdsp7J9b?e!lX|n}iXS>^{Ufdsn=LRZArM-L`IiAElfV1x9
zn&9gFynsVE<nsEO``(02&0EFE`yiHs($eJyRwiW{PkD_n!g8COFnK>?F6X4UQ&n}^
z?|=OFjYznA$QUQ|6Nl2jc}%8qJZ9|LO1pBV!^_1BLZ+|MCSK4lKFTI|ZL~b`6@#cu
z`D#{5Eo~IGT~~X7j&Okc)<S29TGY(YkMR-QTltAUw$|I)Q|HrT>2s;@s42{vRQBYY
zUDJ|V<HU6%lyrDYf_^A?dwWm+`y;lwj44tlK3Bqf!>@l-+?i*4V^JD(taesQ`9nva
zet?O!`uFfXX&Qgr5!gyO1iPJ+B*~b`on#ZZ8C_TO*wwtvxXgt0f@$HwN(y>(QNTcU
zj{fXrB-h47M8?nXwkb3s{?qfu?wlTBuEUpur1?LMg2gGgdn##iarL>fzDkl^gr#2;
zxo<X3*F1#rmu)$&fhT2IxZt4^X<jo!9@PC0R#4Z{uiYnoGOZ4Xris{`XrbLiVZ6}r
z>tWvl@pe&K3Z^KR@HLs}I6&w8rMi6%hIc;7cU<FiMt3mN1VRKoL>d3JPRF|A+F?9T
zGJUIM6nE?5O^d5=0~JxR5+zUcJG1O48{Cx%R-J~RGsSbjp$XcX=qJ$}v{e#!G5SjF
z3GIC$%Rf(LK0p&ExUyln3|vRF4Hd;h67u2sc<$80_3VYNrH|1EQu$@x-uCKnN@2ce
z4Cqpr_!5(xiI~el+EycvM*w-yd^Z!0nJ6Xd%Pm~5ekawEp%onb6O}`4@HCP^94Mz&
zE3Jie1+3~<WtfB)tB$1F=FSv!-8<JimQaMYIdX76O$AL$(3O?k;rLHy@IvCe9d@Ng
zB;f$s0Fx&HVDax=p}vcB^mQQWZ9WgGJf8*pr4*U~+zG=QaQBr%Qg!kgk~hGF08G7|
z<%pdE@hzT@qKj&>wsz~{zG<=$1USE;&gHYCPUQ=NzwCP8y#XFCaOnoF(V=IqX||sZ
zU0cYLl&A38%`pG}f)1SQe;P^eS2OE;&*!20n|u**dbjWZ&=|Qlq>rQ|uFF<CLf#T1
zl<wipu-xmV(fB5&{xf`Ab;Ht2B5uyIVB5-1E7uiovM;%w3ix+lc9Sq650mSu3{5QI
zeAJ^zp+?<KTcx|kIv}Fojb+itJZ6PFtI5hVx3ht?wnLXNu>7gn?QRzKBg&Wuk7l$|
z68Wjeke))#c}XD+q^dtvMObJSV7dKg<89e0|DJ%ahu6OB2|kjY2&Q2UvJ$k^p~FEj
zz~eyjzM;wW)4kIpe~^L|AvXt&pb2~B`E_S|s63FjOr$I$;q~i<YHoYQa~0IaDh>qQ
zw_c&gBOjccq)%-)Zt#6HXBy~dV-sX5r0iOHWL9{hpD^<Drh`_mzm~SMKcaoPd&fU2
z-Ncji-6ItT#i6UkcfYWyzW__%bP(Px1#MrEa+SeG<hu_x)`ZWpY??+N>Ue)S!~?w%
z4=ci^JRvYnEjNm>-U?sy>UC1eEI7*jBgpf>S=zIVu`9m~^+@Ogyw`Zw<mXz+E|vE}
zC5w0gA`!WD`<e~&Z5ZAaX`pqAl-|gdSeubE{FP@)DdKsY$tsL3UM8^A%*)ruS#R4y
ze9k2+5f>u`b-uKu(mqN@$UAU8_clE=WS;+9u*BgcZf^OSSh!9)f7LvuSc@ipsjqQ4
zq)2liGF&{<%Y<ETxyJKWznO^oPhE9sScXtk9bXhI=#A7U@ARK8PseN0z<l0&M2GP~
zH9}`+)NB|Du~n*Y{EZO!$ppx}^ob%3CxS43&!z;8sEPB+OMN51SYfxw`}lYhT2y(Y
z>R-M@^em~|TD|DtGhmeK9BMY;i<?Np8g!<nN!MUU<trkW&^a(Q&M0O9Yfm&$M=4%L
z{n89_;<!%FyTMn#g~LH)%Tb%#g2yT_U&YNma5ma_X9(XOCDdzJNY9lf4gWIpQJOQV
z*&e3mP=qlmqNl%A{pC0e|HX-T7ET^wN>!v8ttMma;%|$c=?r;$-?N$wrdjqwy~(3H
z<?B6t`s@e5wk7LLz08;RwX{!)DI+>9y}Z08TA%JH(y_^G4rZ{htot2&yZUSW7#k-v
zH8mxauO!QbO8#;59M|L#xy>J4EU1ea=k|R>C1xu^CWt-7WK|nF;v5k5J{aOf=QDAb
z8we8LMX>z#LP4H*r8Z|&Rnd`4Xp)i$q+Fe&=xr*@<pKIN5C+`>2}JcjCJ<z?|B0=T
zzc<jeLF9<z$FC%}_rqVD#zYmhpqf>qY{1J-o=JC`^~Bk7Dd#N8eB*MR16Bvsi3^SQ
z35;%;KyK^IubB5v;&(%|Q+Q|Ww6)Ck&yFo=T<7!kW6j1aVh%wfn4&5QJjuYQ-q?7u
z9u%MVg3-^CZ^jy(mb)fXo)ZCshar(?&wI;#oeIhypqVFVtj(B-uLSlzJyYlQbI_Ws
z<|tQMoOoFN)&jG*Oq$Y=e4U(&2CYMXcj^4TXnD-z2lNOw;e59UWlU57kY^eqmAj?0
z83uBB+K=kwzK`~_@<}XTI0e$Cn*;`<FM~E30%l38TE&e5YkIp679zLA-)FwD7>bkF
za}D@qR=2qd<KV|tl;2%<Uvs+G&03Z8Heqqa6!$!qb--A6b~vz6$C?M@5j45)k$iRG
zXUO7pkDDG6nRl13jkZ+LNilXaMPwwQ%(3=4vEK3t#^WZU8cco9vN4xWO+ottSlJ}r
zPQ#$TmslEhN@!nYLi*fr%eS@TIv2}xV>$j<Q|Ed7;;ix47!`v<ar|{UOO|Z1GA=54
zEYzjCZ*xL&cq7=0X4VE`Iuwn-($l+D+pD&Cehp!GIw&qi)Hs{g!^CysS-jU~kYQOg
z;m><i@YJ6r6sy<&x+-LomWw7Tf2vVFN&E3;-1?c^Gs`eFiI{#Kqmn><`FCl0?b3LR
zxPF^K0G38Mvy*pt1y%m+V=0HKN(Un00KUNA6T9NvJEr}K7Q1hPwVJn$Rpz1cZ(9fq
zPo1d{K+Y;~gOu@6Agfr^5alS<m3ro~)Os5Yadq^@{<`^(seNkJLPgGDMuAB!rSS$l
zv&dmhkPG+<lD}GKDd03?o9k~WwJA(3T3RrlpGD)Frn6`VQ8Z=g#?P<*o{FHwU$$W%
zA+p@HX#8C%+AXDcrU=`xlB-|Usc6g&uZA8zP`jCz(0>2%7}Q{GM$S7F2{a=>bn@_2
zX?7IWhpO@Tq;tM}gb07v?-yi&<<ih2!$eCqk~Gqtm@<!w;Z!+~^vFz0lMq@Vme1oo
z5@dpXY0qJ<<h&<dXtBdSZ*c2xH{i>82|QAa7utQ##s(PK<(;E-kOZNAT0PoAhn1tq
zXxdCyJb;$#eU-&0hd(PoTClfVUc2Gh?)9MbvJ`Ft8Lbtd+qD;t(}4N%p5+)h?tuM8
z_16g{CkGE4w2LY3$n69p6fVynwOMi+@=N}QKt@g|0sS6Y><I&Ba*9j$$fud*5p(DT
z#R_Po*-3Ezc6i<iT>xux+-;-+iv3Tf9sYh5C(&|sTOdo@OIH8o$0bLgJs(WB1hN^)
zfe3J@erv<BBa;VResCF(RsK3}cupaoUbf4+uw>9-**C-wIHD0(=t-qO054yLr6=56
z{fqn)VpCRDfSngTGQB0LFgdpwSeg8F`K3P6C|kxcQu%9(B6wbc6dIF10Fi{?@7lSF
z)_h@z6R<hpnvm3gbX*;Tw*?U1ns+M?_dREjQ*sgT8;4$V;@e^!F*J7CCS#@TzLga!
zNRzS?z5Ue*z(Hv*Z+`9TH4t1#op}Cz1_2$%ClKRr2WSk)_7q9+Htw`C!AFlu7r67M
z$w#7DNGC)<*HNosJbv8T6I(2mXIY?Ig-WvdIYY=AAFOfCG@;9F$|+nbU*pcNjt?zA
ze=B@kA}C0!xRVC?@;{%&(ppK!t*-8G86Y*>wvnushXZ-NORT!;U)FU+D-4?5y1DYR
zmeWB5f{1R`h}QdxjZ_ZuS~kcT>)!i`Z}R{lj(_-qAJ@PZ&}DCCFJeb7=xktzPRVOW
zKjDZWckb-X#eWUmBK4V7QWBR7_9t2-eIyx0S#l7rLb$lIlg}r)DJ$}Uu`u-vy!nNu
zjZ8$HxEw@VlCYF|bn<zQ6QhiDcYCB6nm+D5(~GP(=`IWO5-XSfp4`7qT3_>a;RtU_
z`>_O5v?`v5g({?x6i3k=o%6x=@#kw!9FxvXB$qE|dptC4km*`iY+V@TO#|-)-k>=>
z`K8EpT^YS4kEYL6|8k8_6FQjw`%xOi+U&{%#06_P{oV|dqi&N(S(WL;tqVmjzS?@v
zQH3<WZg<ka3t<7<%aEsMHa=PL1pdV2bN-)F#r+dUh(Hl>0cicGJ_~sbd<ORB12{)j
z!Q9Sk^CgvdC|=Je-XvTV5bSqp)5)IFgoGHA<(yJXc;+#!sY_=EL;~+-7L~i{bY$76
zYF&@~e*y3W5BtUS;A&$+=87ryRcW!?sONcCDYYfJqDt**R7H{%s<d&zNeZ3^V+PNI
ztibb{!SifFuQJ|KxQp%@)$`n67xm@L_7?3$iYXDZ5qmHZ=A<J$Pet#<j+Dzq*HRIc
zBd07j*U}Xdp6B#V#k)#@=Lz*xNo>iL())>A4RNVs74#BSW9>>#bnrYFGk6|k1)kST
zZ#|EY2?>*-vMGQ0|F`!)L3SL6oi6I7m$T#&OD?fwaD|;2F|)u@@f`BS*kOo#(i<Vh
zFBrsqcP^g840D2SVo1gtnD>rpf+kIZ9)W^dqS+L|79@f~18krVKvHN@Ex9Qlv|2vH
zi&hIF(2qf&UuITTR%TXJ_NjB~{K>5Ei(iPRvhrW$=@SL@DeE*ElO@ePvn9QwLJXz{
zCWQb1eSb+rK~$5-|2VY_0l-jyGt?iPDF0=NQBi+)!t2idD;4&s>~CFUSmkzcqkrIT
z!r*z36nI`3Jdcpkg6GW{Eqb2uxsuG~1@_+=t9dQz8@aQq%pN=sk^;{QgXa-4TJXG7
z(NZS=V|$)^Y>uS<SqkSJ=J=h>6g&@-0?!MB=c%kOZ11fsd4+_8g6EA2gLWx>WP6a>
zHq(<y@*sciP`6O8vy*-`|5##Gp9k<fND4eJOcy=x%wThG@4iazc6FX7%kOXWOXW^Z
zZs^|f?3^ss87@N&SCNV<nnv6U-(5K4S4cZ}-dIQ-GMXhlNF6vrWJ<HzjwxB^43=Rz
z{iw#-fhxB<_4}}}y35I$OH4awB#AY%qPpMFY{7r?ASv*?Fx~UK{>t9oW^Y}+7G9M(
z+1Q?E)lv2{n)Hn3d6ie>&#Ep%R;!HN_IPi%YpRFmjfdw$>ZMht5UQ0OmYu6Y(uzuc
zb#p8SC{C1nwJD#?yzS_->OcCNDzmHk*PxJn1%{e3cpfALo)@Nbo+r1y$~sc#c|)bF
zO0s`sdvM$;nP94~Xxg5a>E<+d6K5VgZ%m936=sx)l#8;XN+VP9B+*(`RPw8vV>v)^
zqOw<mcUH~KZL7wu9m^#=)^x%1ASv*?Fx}kGE18YudFmNxzCC7CMpO_krP`LBQC6su
z<6df)PB)aBZL+>?flE8)QLojN)vD;+?@E6amaoXJ7HD2sO%@iqX3b5#&MT|=2R*N9
zs@C&mmD(lBJDKa?dE=t}&T=nZqFy@$Eh$&7qLN?T9FO67b$xnsuDgWrSknd1gQURo
z!hGZ9PsIA1SlD>-&CkZkiL>kf>py;IZh>>1+*gdu6>{TBo`~gng_o#jl!cB|cwT=Y
zJ*r`TRyGudBq!h~PL);`twdpMSL$`u6_sZtn;Q=^XT#MB&#T%swA;$p#hO%(CD%mH
zu<XHkKhAZ{cksON5%Tl!(W91nNlU8Ip`az@YGqZDFHHk^pw(*(&vU1yj<Qaj6GbCY
zT=<^bc-G)~kQ8`cn1BD`ntkgUCx3tX;>TXeJV&{jQ4{4QJt=vG;;7_~;@Xe9cU4j)
zk-UPhN1|LD%HFDsC-16Cs%pA2hu#%c&Z>yfsZurfN{#2)mX=4hReouYTaF&9<aT<L
z{jO_ngXgt?@-bI{loAzW=SoJFHO#51WYute%dO({n&I{>$lE(7icV|Ba;pSaj59O0
dD^vm8C=@pI6edywKLY>&002ovPDHLkV1kSKXAA%U

delta 41703
zcmb5W1yqz>)HaNPg@Qqd2q=g&s7Mc>(%lUM(vs2)bz6v(#1JAdDBUQH455UQBi%y?
z3|&L#cgA>pp8x;X`@f%Su~>`y+~+>$?7gqO_qF#iZkIT2hd9g#8gZum>VqSjQ{IA4
z-HEAMGndmYM`oj`vYND*l*>!#9LgWW&Mh@~qjy<0c4Q;HlOqiJ=JgING}{`)Bsy&Z
zKCTB*D(XF9)r~xLG)3lAlEk+p@^2?tJU+rZ-f>(pqHM&wY_6?&e@gdiyK4OSu@YuZ
zbLozy=O?jY9)a|!Nr+knZAnD<C-@9^1pJyfjXDW_g)z%wDiHXohK2^eNoO{aAWN!u
z;dm;lE<aCby)rkK(~FoedL!x;j<r_*lgrrJxV&=J-WKCmdX?>t!bH)v7N3;s(C!aR
z7Rh=m)uF}WJP8R7mv2~Mk$)4sSR;DD6T6$O4MmRmENoF74ZXgA@5UXj)y2}YYFGK}
zmQ?0|QADQct7u{OMf6IK-%|COjxnd1rD~q{#(Hl_Y3af`F&J@~I|^61z0m=Atz<vV
z2^*fs#vIPX;`4_-xi-U1z<?*WO+=Qo=jivAqo6Z){pLkOuR^0=R?Ej3j)A98@TCRB
z;NW0B=Ye-owe3d%$o&>{!)l(dBHrXIyKPLe*x}b~?cSi~b71f-zM`Ms8c7r&?~`?Y
zokO;mhnYUCbac7tCQ~whtKt%G>DkKLuQ(oAm@AexuVZM3RXA@p2bHvwy0^QMwqciP
zg1WdQ!@0!{nJqC1<<2-I$g!Sqjt#XUr4A#a6$11bjUQS#$a*YrXDE1Ru<zv}+@cH-
z@bWKmUC-1!6KME*Uc|>nM?JUDkBwg#$;oY%HbjZ|csM(E!kq}4{rEU^mCXG5)0n%`
zVy6o|Zw!A+sVz;dU}4hI$>?kErzv*D3V2Gm@Q~q;T6WLW;h}?ry7&Ae@Pe4D;B{k;
zA?Ix>2cI7kMknAMm-l-*1d)`qD^(qvblbk2)N%F(@UCZ813txB*!aBGJQ++-^c}JV
z%Ao57N_Kv8JRN(1Qr({&?#gG$>K8Wh(z|Z2;-P}a_Sipb!*ryQB=2j77Y7D>wZ)p=
z%9VpA<@HT1QjeWZW(!tCYvd}(ld?*Dc=L@t)xXcJU%Jldz2@!mHYedQG5m2=iZ#@p
z>o|gqgoI=xf*`$MKQAthM6ZdhV^1URrdaTekHva-&Tc0LA~w?8T@PoewywM^6E6sT
zT_~FwrTL5^x}saC7#mCa9v3?;^*+?IEF7w4`0TPEvQ%8Jz2$Hd%vmEqy^erO<i>Nd
z&SauqJbHvbn;Dr>gd-L$6~~a!uu~MeW)Vw>D1YUs5{R)t+AJY}ZEUlbg4NtolG@ux
ztCTCuI}0%Bj6X8if?>=<6LH;IEE+9qM)^WFM3iBBb9Hz+@5KW@XUheqlSB~EV3N(f
zo!;t$G4_!&XbB0LP~`Pg-tJ2kYz=|vL#Y6}U_q4ue6WB2&W5A0qfBXqnqKa_#05-t
zzDm{`EM;m6ZpN-uuaeCs-pNA*s6&<89*KMmSD!p7VM&yWw+}Bjus@A?bqXUdn#2=9
zzIRf~rKN8*)sEHf90~`mwYl^RqK*y-MJe{cxJw==*T1OAJdVNV5YKA(2(7@(JDSo7
z3ni?RanI}WOldqaqS0V12DQHyTi;n~Kg^aV0G`%(d`E4re5J20xJA_`%X#2jCfo8N
zZ}}wmVeQFkJx(ru!kE7AsPwJ+UG|ZK{^Y0c!iI7A&}$!yl`k-;lM*~{2wjKO1Gq`v
zKZ$Jo0NWbc&rjGDJnV;oXMI#`m<pfWjqTLJL!XVqGiHAC90Yh_Yuw%X5&9PkSQm%N
zowtYOx!c4xwZDp9(jj@2crvl#kg$;PdIV|$m|KnLI0F88eXf_v2olS-U7}a=U0;H4
z8C<))i{ci==aY)A(^qe;?cd+6!V%yE5?P@qSlPi)HvOJ;)JP-HlPCL3;|SuW4Xn>n
z0$x6d<Wd6}w6SAZwY~xQ_%<#olj3mPxf~Am_Sh<)LAV6i!IOQ)8N{V#_Uf`c*iv=1
zQ}-g6<`~hvv&cgdIP%_E+TTAXp+~Fex!(Nz++4$hdVQ*BjH1%(z4@e7v^2_ybYPPo
zNH@c#xV#*(yJ6?G4QBoY!|I47Bdno-`$qjXu1aKgnqTQ)62S4B_&p=BgG2AJlgfwP
zg=EAFyK(unhtED~VNjypZjJ}7r7`wc^rOG1d<gBdPVH@LSML_a5>D<r&t^F7#FFw=
zp~|fYCvz{wpTK_%gU1?GIyoK0642~vSs1NE`6`edx&ff_ll`Ps7!yLwdouB;?)8es
z-q+CBUPnJb@;>>qV7<4ba&Y_kBetk`=;n9wg5AARs_LB$VFyYoYVZ^?j<>>8xX$&&
z;?vVtTo=OEKM$|RzH{tw8gB{BGpx`uum_`_e0(pm)U>;F&^a_h?A9S$<bTd=Dzq!K
zN5YPPz9RxcKT5s2TUf>rCoLTmGVuG|A2A&8H@F2(@N#ghS0of~7=H*{73q8m@;GKN
zI3u^Ut<jJ|`2Zpn;VFb&wjI*JizxG-NafQab(=(d77`{4T?6kL?+qpIiR;RYG8v{W
zDt}5P7jRz7SmiOd)l95MbdP-t#37s_6|{YOG!rzc99Oxy563yZ8h@hv7m=l^%{H<4
zJ!|kX)3~y;G=Gz{XT9ovbdR=Bs*i87@0(Jz6(s!a+m6W~Y_QP5W4QLga2eVPMKW9V
zHLw5=@5gE<9(MZS@&5oI*4t|a2<HqsC0hcfEE6Zf)`GF~LNN<(1t3tHN42|Hy_Hzf
zxMPZ4-QxZHi2qp$&?^zAy{Gr&KFPHtTB9t_=6JYf7q_g9ltVbbgl?C5`xRKetx<eT
zHI={#jBw%dY_5Lkye0t&`n(zz5npPvl6yX}Q4DT-=^GlM{dsSjZua9TDYwaf!l+I;
zZj~Fm)6iIbHYFvyYhSiB@+kA`D@gtPq2^6=ihrY9MS}NMX(DQK)OnLTUf70P5X@Yo
zQ)X!gEohHGGc-?QT%u|c*Yd(XeD65XZ9j_GU`=4rM30?gpSD|YF0hP!h+<Bk6M{Cs
z;M%x32mat)Ifz<j>SK;_&#?7i4ZLF_qAlvO)oQ-uU4m=M)hvu#@YW)^7+wT?y@a3P
z6|F>U(dwh$hw|)T^H!UY0kkzp5Ams7>UbC_%bv*f54@G8A7+}ZDmz2&ll$&}BLY@}
z1P%{o;QMyLqPS+vVI$DnZSE|>cD6pE+;=w?3aQ|`*`|r7LHKdg$aAC9+0v+QV1SM5
z4q=SIM^t(lSoGdp{=qOwB8eFUpp8t_y*dKD9>VM8^HX!=ClP`ArS=I%Lc7mn4(|)f
zflw%AulLg7SW9^)>?a`k)Zt<E3BvB8Tisbsk<3QE-X@6)`@8f9)z6|&Hxkswp=ygi
zpQFW4Pj||F6@1zlIxUiaPp}CDdE2S=etv$vlt!__yCz>ICYFaVqWIj>>W#hFcRmol
zqaQh|#~Ggpf#5Gx?4S=W4PFO;wup#WSXjuF9Zz@g&H$*kKYy%3jM{sxU3$Zlux^DD
zwIU839+OnPQMmn0?YsdW@JFIoPmv=hD3DK1xPYINP>0P=Yp03fg6oJ%%RsAQ{E%HW
z7#Aj7xq;5j&5fagdjlW;V(o@<%Ra8T+N0SQOn%LMXAuETQUHXS;L(V{c8mud(LJaJ
zzYOb09z_rlRUXCE;$=b!f$iEE7#W69<O~RIzq2o+D>u>g+ZE5Z8SgXBh-+REJ@#YY
z<M$gjt7yi#=M{52t(>);!yyJ3(N`SC{~!u3wmg|;)=V*)%0}8f;&~yz)ZxdbX?i66
zIVPxNwNUBoqf%75Rv8+*rQU!CCoEQjPiw{ZgtD=+N`95-u6A7eCMO0{7HiRuOTY`w
zJFi7_VYHh~R<{`lVfXG4RH-ROebbfc>ds08qG768dfnd9&P@{gtu>j^E5j<1v!Ki-
z=f=A?hSjMQa_Lv1Hi$zq1EQ%ek-Tn$Sg>I`;z`Y&QIbC0i=T?$uvfwQ3(Ex3o*#;{
zBK5il=1m+KY-qBcqvcXfx5cbfnFn+zdfT<JF3vQ3jhK70VWnMZ^0_gFe4jc4_<DYy
zngc&7eKB*x*Vb3OZTMU3^}*cpG2>zO?xEghE3YggE7V49`Rz`po{St+tink$uTtjF
z_^<V{my(fA1~*PN@^F^eweA>v9BZ76nrj~vO8xFZ#;c#3b$Kp9MpZ&#tXp+qid?OJ
z;kwsMgm$Bm_^Qfx&S~AYxmIK-DLdpfAY-_E^UP9zR>3f5#Y`s2{dUQgdq$$@NdG-z
zX06nV_|v!f%3+Sg&v+u7nf#e!v=3P`rX}UrtxMSuGZSIffgfJW7I-**Gi>m1OnAwz
zLVG6q?OSbkJZ-6fhC}di%rT;Aiq2U?!o+9h5!eRa^mB+xn*HUZ`pt_7Bq=$>hW^Sf
z%!*utwSP^?FmNs8&E|c9qKai<RSP(HK%4UTMhtV_y~k4LwBKDp8Nm0`jZNhOD5RP_
zv(+4_<lr9%{Bn2ZZUhMrle1c%aGkJURVnM5Lf)x(O58(J`%~Ra^hB0M#I_e}zl!yl
z(?Ki4iRhglqf#u%4u`2{-axNT@;!~2)-Skw-7(*l-^qE<O?({nu%h0fJ1Nfb=!!c`
z1QVnjxq<e8aOZ?pc-F@s1-eU(8MKcjd!hCmi}a&jFU%-vD_+RuaatJ&BkW&J+nMwJ
zTA!Z3l_@ohjOd;A@-9Mg$*wh|#FN&74qGOiK}lR{LmCA>R=WWu^2CZ;RG`D>L{T_F
zd3Lt1EmBuPv04;O!$r9AfCvVPrF<a``3PA~OeeW=+k`<Q5OZTtvT`T;+@ZkB+^kn@
zWgkVkv87Gjo~{}d)Nw3}3ECHiJNKs7(czdUO0z0HnVCqoWdGhst^u7BKc(RTPsU~T
z2|HdusP{sfqZ39(xl*n4?SpRb+CLW@2A*f_H5z!ikZI!IJCXUe3y<ECsDEbXU!$5t
zaw$aU!TqFW{N2=&uH}yIm+3J$qpODfq-Sj{wz6zp95IRL?zh)VWV$c2E`}D|rfOA4
z*g891M^+!LmsqOfO+6?!aGB&cK0HLl1TQf`{i&-_4DYkUGtd6|I}FB6w}2Qs_5kKE
z`}_~8$TO{`74-Nk=q|&Ep1_~t7W(j~Vypf~{DHwj*H{Q(l|NmK^8sjSNrj7=z0iT&
z+nXP%SgJJrg??8nH(-8hm7GsR9YLtKJ9Cog$<R#2uQdG(GW3KwfKN4OE$Y(A#d2KD
z>53nnk6D^B_P=5#^3Q{ykO)S0M>0+^d2qfQXNZ``UTEs_n#<Z0b*o=|)P#`A&Y@lp
zc6*9qi*M%WyOU-P06nSqr@P|E>LK<+<jwR}s}DALcWY^07K9u-d1W%~zK>LKlE>i%
zI|cU`JxlM*9+O!`C<jMjqvhc|)3XYj;3FcM=luoRi3#P)qezE{%x^!q4ZL>~++Mzu
zl*xR#f#C)iptc_Z{k5URhTw5LE^a@N96`~xXf3k8Q4za@Zn#twIk@b;{vW{83$
zo$pRaG%DTj%bS;jAEx)8dC`02<T193cRzL8XMeFw4w1B<bCa2e<uJ!CnA}^bPWxOG
zDXp*BBi+<MX?bIA*X9Dg96@fvM)pxa@q_*#IK#?gz%8WR%oWL3p)Z~BuG<O`Q8^Wa
z59zwz&lSWQnRQ;ubSLJytCvPZ){#k#q!$A&&-FBva#c#GPBtYtDYXV1+oV&uFx*u#
z|NV(hJoF__xwGI55s?cK${(kwIN*t*Jk3n`h3)9)Frf$`a-jerV>cSP(-MVrD(f<9
zV2%I=&MT_dR0WG4-0rxxnSI;38OF%*x{TGuQuXdrF+aNb*2_5{O5QjRTvpuMqBR&J
zrKq3Q@jym*b$^E9mZvY(j<(NhG=@#*e~|8?hf>e<D?+dO<TW;SnFsgx3!-<_58uD;
zugnTsbdbr`yCwM}n26{@`Y6H!+m(`l>%RNICNTVBsp>W1G*aS)*M!+}PHKo;+^3Kn
zyOiW!DR~?1WbHTBbx_6WHh%B62JIRo{oz4qkRi3?Ey)iN##CTw7k@2n75&{5B5&h(
z5jV}}Hy0~p<~AGMsgd;{N76mZQ-V_0Bs-vXJz6VDoxN+p{>ik4aTe`)Zrk<znSdSA
z;dUC`>y(zaI-9AHg&+<3I*QnxL4@X$F6QM)>Q@yM`M7^r_jo+LGo}5EvQyXLtQq<#
zqa;^mZ9zgx2+r^I!wiX9TWV{JL1u)1*0GlbmG3nIbb?11Kgr3fYR@XSkFPsumS0Xk
zt(76HYyEaod1@)ZG0?i>;$hhr%}`8+{tB?x%Hx<g70hl+XPoxQ!LKMc|DHCR&NKRL
zi5-LYX@6K2;E;n9jF5luhGA|oc@IVY53xNPYTYcbgyWdz0QS(~pvfaZ;XSZ*o+xI`
z9p1%Ry_M>E)k;IU+};)Xlh)>Ev6U|y+^n+&$hqES&X*A|gDAMJ$P){BZtPof*)HBu
zZp-)i@wK_*M#EK3HLYric)h4aO_9NDy)~UpTW$ukZhgp*5i!}`MC!__d_2fn9Hxxs
zpo0L`5IqThqlT%tdbuVtjZ4ip2+3BgDxg~_nJ)W{p&F+>AGrA?K)VK@3{j0nEgrq^
zi|U;~OfF_}ZU^#te9(4fcXy5dG!wEM{_wi>Vn2MA;<37Jzd#-VxQG}(FX0pymvEWn
zCpMt6osoi%*rbd3>KXdaWBbK-KBK%OnB{q+hC_c1eu`5B{vh44JG;YE-YycGJJhzj
zkG__L>+a6Y4v>BxV!nC(=Q?CY5y%CEUn;^)vq-}t&E%}Y4etr9vyK-`*LO$Ww#Z_#
zr512VG{c|4Kq1UhpowY36n%WgVe>`d`n`%vNd_xRx?7Ql-9iYC+b<4lXo+efpX0_5
z>X%^o7d9P&Qk!S`b1E7kX9e4AI;BN3ps#P_mSHdl>n~n|CvqZZ#3E4IwB%pXPrJ!q
z2|7YlL;i&DHqvJky?i8QNs*~7xNFRdURd=itN+Y(rZlM4J=2PI*kkks4fTbBGu83_
znRcOm!zQ(6fV_F5^mFEdLkzx%RIs&!&dd#V-6>bn0TWqw+y53v{%dN3`8RI5cXO_v
zpFBD-fmOKT_~A|KdG6yxM4iWe0>;hJO1n{U3-u!ENNb7;S6rZsUN`If;>P;%?x&ub
zva3*rdrevVJSFP+eX>Vy0MOh_tn$L{eL<vpnz5~R#P(`q&l#8vNzAv&s6Y9boZ(E3
z=+Mc{67m}!u0p*NI-ff$bCuVIe4(-2`z`J$(UXAmUR1hD)=Bj`LPDo(U;V+Cd8oPM
zja{gee8<W4j4buO;e{nE-X*)V&bT#G{SnAM!ADV5UUW4XEZgOqHAmjV2O>;_x~ybV
z^#YVUJI{R=)~a+{KqP4elulWPS?39*wSiaCPQb{FC5kACkD5hhBnfCa=b0GG<{+oX
zcB4n?v-L)MwaQjl4TIVydjo>Ox*i=xUbyHA$rqUGJb!3V?Q3Y5F<9y_NJ7Xskw;Ke
zNs*HsO{-tV`^yWtGrYYvR6F9SaEa<vv-9J7fLE;EZgrS<1;_ei{{$wx4~zB1FEFKY
z9In?vTfYfuvlMT@HT&+(B5^U4Vms4}Ke-I!!x}t?zP>)-nzlz0Ap!C-5^7#TR;k1p
zuT!xj?_~~*);O^SfA?^XKTb?|7YSGqF%`;!LhqS=WwFEA&BMu<rT#gvV?qGWPsrtF
z>ebO13ovF}qUuq*d_tNRoB)IdvNKA!7=h@%`xww31cuA9EuqSFF1oS@jJXBhS%eVU
z`FZsF+hQl4-5J)6uNHnIcJc0_`oUn3k<V@d|3dKzu)`HX%H)h|>#yhW+P6VS_ndS;
z$z@aM{Lr6va&$g~K$qz4njuh4AQApa?hqKd;BdGX7LZ;>@etQ?L|d{*K6ycGRPk#K
z2W!~UF1L@V-GcT;AVlCmFV7U?Dyw&}{6>3mHS$8CYiMx{V5Ltq2X(hE@;pRsep@*S
zh}S}G0%_bJlP}^h)8PkLr3a%-3Cv>%Yg0S7mFbt8cY0x|fWyemo*CnR-PSi2)qpU^
z1q!8g$&Dhy-v;z=-Z1h#P^N5a9b_kvm8NDpuq9|~)gcn+8i7nV+9#ypV5N+H3J&`H
z9bc#}6nH9gx}i?l=UgqKwY3zy#WL63<q(p4r^j-nmV<+%j~;*>*yju$UAW}nGo>GM
z%ydu}4%?qKqTN-v#+2~&a$Jx)yPY1EWN6tZdrqZ10by^MkiQCR&tRN8?(foSQVQ|y
z!U>TmARN;$c%cbUDUg0Gc3wsncYzFRHsA$czp4ZayJY_S>3f`PbJuO&uQ&v{6mVXB
z+@1@Fzw}Om<t9p7G`f>)V<?PP1mjGdh}&NX74te^z<|7vXyYjmMzKw=Qv9|mIJER!
zTr6d;dgw(6+JCTMpM!BYb%ES`{oaa+`!(<O-F;a23Igj6@!^||e2nw|NE5ZabOW=r
zUTr%#fVWNd`OJ3sIycZ)4%fZXq_t#;3!S#xHu#=_60sJVZUFDIlQ`2udmk&u!S`=T
zfz<|X9!w4|9prF5Oo`ju4-j{#sx*W0c?oA2Q{{#7O>tjriAg*}-c$Luh)=Z?+sFIq
z(oF$tn5XjDgw^--^bGY=ZR{-Ak>TgF{d@BcI^ZCRB)Tl@ftmsp7xeOgsz!e8-smJ$
zwztUilgS_?#2kmt_+BxiH?*~4q2WGNdwYp!fx{tC44RK3288$%pQD)UEkNpGj0`+>
z*4#f-CQRnP_L*AFJapO^iUrK*pbbDlqTQ1ys?{<7xu%Ua4zwqr1_9~G@(4*^y)yyS
zp3+FHVyAg?X{g+kn+c4bXZL`|0|v#g!p+X^i^oC;`-p(s%62c;;C{duKLC%`IAC1I
z2;Xlc!o=N#Z`ZG5yyq4U51KS9$iM_)C%|9Z^06wY&GmAlegcv4<gN$yuH$y?2rI^G
zOW@Fe1N`mmNidAyor$c-Q2dHN9pra9n8Vu|g4o}QfHzh?JNV|qmc&GMtA+{SCi5Jp
zcqxwGo)shPvIZIc{o4P}G%JVB`Uq?yv_xA`ZCM5lZUQP7SS6!Z0-0}lR^G<c)D!{X
zG2j!%y`u>Am#Z*}icVfo?TUd`dH|4Kvh-bB=$F<c)PR7J-`fy6^no@Wx)vvj_-wU&
z$p$EyZ&Ym$-2gLGfJ3>n(MBMBR|m#1)qvQnUYk!R6LF^R&));Qm6zi|IY~3lqXcZJ
z0>o8!HooBPN2>N4^r@;2J4`QQCnmywki`o^JISG<1!7>%C+(l{X~AtGOKl0lK~%Wv
zgU-Xt9?*&YP4De(F~p;>bO6d5(!jKCF?e7jS8yX<(g^I=LyTQTwastN&FI9-`!{dM
zt;2;6S2s3F_8$@AtD`7>^Q%HTd8_DFn&G{vp2MNNb&`DAb3@M*H2zda=r049V*!UE
z<&Sd5wIvkd+6Z4gT?a8#{6f0>KkiO~Y9!E?)`LE90D3@5)U=-1d}x1;zG^l19&1Aw
zfX|BO_hXCu%RkhT77Ebk^SQg2*6FUDak!e`IM{8iITgB<@HMR3Ys?v(<w7VZBEAFB
zVr2V!9H-%@<>DVkry@<x3Koc#RfwwF(ge*m#6v0Zi1q{i0dgllr@_TV|JejxkEp{I
zpzy(Gz`pj<El0Fbn?QpcHr+o18SZb9WnPW1yxpfGXyq;)^FbB4R&6$MX1{xOy0pf(
zSzz^tcH&;EgRdz>s1GgxIx5&d6nY0+nn)cnI9PVCXk6vauf7Wjg#~=9+qEl)<i1S3
zwjUDkO!1JNEmF`o-u}`hs)2|4+bXlyjoP%h^}*f@WAxJeE5zNRA6pChi6zJ`zi@zU
zZ_Fp#*w}1{gU@^?g*h~B1*NZf4JxfVR6EabqYiqXD$gTQ!e;DjRC`)ph{Z;GDlZ+;
zPc@L+l5;>F3o6j+s&gq&5`bLGzKl91(+T)ucKwk?KAV*yhwdRqh_3N0qgj6>!pnEI
zmk!54wPtkeM@7>Jo!8;vW-W=4_mmN_=*QlVYMKoqY@H2LbRTAplXb9hUJC8Z68)58
zwMIWm(J@v1l%kDFAy;13d<~FCh%fvvz47(c2xwho_c~a%)k#z@Qi6dIdY5fl$CdVG
ztjozSy!#~yje3>)Y&E>nv-@Bf3>$cgTaN+tJ9<#Yt6|;{I1n#pTg=pty_cR+nQ52m
zzPga*-7rO#gX(75=Xj%+_n}HpMAdfRi|*i(C&<K(Eu#;depOlD9M<z(H@mZL^t@AV
z%5%rf{H%lcK}0-sl`B|99z`>acrPPRZ1BEXZ<uH2mJ^16!9Jj51MFpk8JHP3=KN}d
z3bzHIr^Ip}OD|l!d1;qdpi`&HG*?Umx&M634;!n>vzm~@F}*K&P7qAx*t!$8f&=ve
zPY@mLngTy(bq>{Q16c2$r1yt2cOD_kp@)k<Ld8nNcz})ej3O$f`ky<!s$u&kF_}1Z
zun1}{1AolN2luD44vb5trP|gjdZgtT(UXLyxX+^<O*9$U<5L8y_t`IASg_l5J_@|U
z1sK`gYP~~a&=CN+&htFA4)bYzjv0owx}fq8-isRxgU|*uh~sVvdC=*Ul#~D@-<_YS
zH4;AXyC?juFG*u}&^Z((=<c~5vouH#66G4D&-fZsXJ=;+gcJth0VVvV;VQKL^($PE
zPnf<$SrV@AEt$Dd?Y)fsiHBg*##Ez-^JCys`kjr8nCg8%R2(?{fCl$7pBdF3yF&ED
z{xkj>J1MQtCeMhc7ybmM7RY@W_KgI&@|FvE3&tJce}>Nxfdx*3o2%OQ;r7+*W+sKe
z-z@M`5?vfcgi(Np0DqO?yX~L`ckP9OMb-BB2upY22+~kN3Q5m;4!U`rhuy~g<gxH=
z#$wS{!2&M-rIZJ;fKoo;-fL;SAg;z?Y&!X__l_rRf%|7X(ZCbjeJzkbonJtJV5)0C
zJ(FGIyGf3Xom<}QccF?^*i4KEHiZ~-%<35Gq%KIw9tds12JgtV8a8l@W;jV~$^bT@
z2>2tr8nCrxG$bqY1;3VDJXs%WzROnPA!>;#?T?mAVNm0BcVWC!C+a}L`PdOFY$hM@
zRC7h9*jfXvWF0BW>-a2d*p-A%s)3n_@!wy2HiFTIa}1D_e{5iEZPCu~kbk6_CWFYh
zD935mmg<r?;4I+q&iZb)oJLT{Mfr{pXi~Ou<ID0Hhr$wVmrftHbBaoGQh=ZT4zh-V
zqnNlCcSSMm?#R%lan2sR){weLua3w>p}n@qcIU^`J*l`4?V6WJSkB!kxk2k#VBvS+
z5U*77Q0<P|GVBQ-K>!}u8)nL|{O`$<>(v{#-^;6ZDqd-^mzV8yYUlmYU3V0k|H1Dd
z`?)4uL^+r@lZ)gLEsX5lIS)EBVif=BeiBS4XO_j*ErmL|RZGXzq+^}k*3l&;WAKtI
zs?O^3I|#b|hyVT(GYYr4c_Xv0*xoELuU!02)?mZV-pj+GJdVk88X*=;jn)T86-w{-
zk0VfS745M66>@o*-M_++eYF8wQ7h26y1=iBVQ<O2nE4<gYwRg;bdNb>j#BSg3c0Ol
z#{ve;L=WB(d=o`9=lJnn3+*ZCHCWUdYgiBRmH;Digqxb6SIDI>l8F1~sM#?97zS)e
z(s6B7_fEyOpwY|Ypu{rZfaGGKJn!9kWc38*dCv5ALRgYUi@X3+;{l0F{bVmU2q9i5
z*lI!Bz<D3NcNB;ti5)XIG_==fBj!n{!-O@qfXsj<)pLUe>7XY?_#)&1r;F9qtq{Ka
zs)ast{ZU)EtKd+!F<CCAtW9!01!!y}=O@el-1pb|WBzU%mJ}tw)$?8EdQiz_c~B8?
z9&}ZW)1^DhXYYY;VmL?KSOqBh-}*cm-X?-6dGmJaJ7{Bh9uoCj)4v|!y7o#epQA%X
zg_|$p<6mu@41a;6)o?07XV9Z#Pde5AxI3&<sibJr{~lCtEMy#6-XQx}?-2W^q(%)Q
z$=GgPSmbJ}82LCDfQz-R&(;@7m_e$r>A=Us5Z6lK-PDbEgZuq54U~Trq&hK1+HD-+
zdw8#TEpM-0^pV53gG13KOgC&^{vV}))3sMI9neY5ILl&q@>LWu_eKpaZde3reB!Ia
zUj$o2K2c!&BQWGW4pQVYGu4Ga&>JvNY(qkHs~=tL)aYx9bZ7Uv@gFgGZ>)`tjwmv}
zP*9>1Jg5OR_YE2nqSMIlDgw|>BmqB~gFsp9?@F*P<`(7)i^kXPKq)=U2|oDW1+MOm
zHsz=DFb}$WGyvMpz#Kj$i7Yj=$Le`iC<No82Ho60@CjSGH)8)DtfKZR9yVBjM>5y}
zF01GW&>#>|usdS(<EcXHETHI<N>fFB{k_S0xo0q)v<jxn<ccnN*wi%t7TVztA*(7y
z-_B!rQaw^iaepDLGir1bKU6EYDWjkhsmk?GyE(}3g>JHwxPfK<TaJs=Nv#e52p83L
z-|{DGsHuJ*<YF9-oY(y4q_Hkc``DgWz2`vR)1-RQH}N~lQ!VN>TO&`;7v6a3QQs^&
z7Hlp1;QR`DpA>nS?K+f#PZ7b0&K6?&G#IY*P9p|7vY7qEVca_~?hIqKVA^rS`)d&*
zpb_pT7LAXHI_e_e+S@_thpvxpt`FawK{R}f?v3(~`a&L_UWB8lZ5FRh#8G2N%<}H{
zz7<g}y)hBxa{0Hm)EmK46LGE8n}f~t2lo82)oAEoxS#&SCPfG0A}ZZ3CyaSaLDRGy
zzUK=k!SImw&Lgao9jWhMfhjMo-g4mhb55X8(-}2Bne(cIt5fGnoOd!?;-^Q&a$YEH
zgq>UcBLgRy4-o~Ss+C#8Zloglvo%Qc%3ryK)7J4ft57$Zfz;OO#xDmEPAlPs@*t(M
zrjPyhk4eG`lIun=5wfJnYwSXFpH|T}y?LBOHD>spCZ^pG;wQ%eKuT&8YL#I}knL}k
zkTvYr<bWTw0SXHukyc;RBiD`q|I;3Yv$MBvOW1BKwWMbP?hoZTLl2Opa72elhTzFu
zrV)e&l<C;rQ`eEPAp3ZNJ93s7d5eP%*a0=<Fz)<#qrn()+p6nVczo$@LqyI!Pl`V_
zh~l5J5~L~1X>IePwSM#i@kx1LTWA>u^|Rrnt$hYk5t)rLnG5!}_y4*S8t0V!mYkeo
zmCAq>nCi$IEgIR}bVkga#eWBROULR$bZ2=#@S%F+7XjuB2?#OjZQOM_vRn0r_1r%m
zipJSn+7X4z?i)vYQ0ZRn5NQ=|n*FS4;Ir13l&+p=<~Od=Khm1vnb*oiH+()}&f3*V
z$(7}`RN#worZ$<#i^sCZ+nJb@dQ$by$`Zsvkjl!^!B^oX`~lKH@FEoE`M~HSn|g*$
zf9@2bt+XW@`{`EHpyTig+cfISp#iaBe+iY8j$kw`MMhLqm&661GxkiMFbz$glazHq
z=yfGwsUdoT^IGNQ{s&+F2w2qJLlS{q#4mR`zz}CJG;|9r8xNygSQq$1F!(0%2UaGt
z$)Q5YY)BS52D$fF^yj7GSu?fRGZ{S9DlS3{`fOP#jZBitJ+A5jIkCr)eZ2ILKl2m|
zn;`<VV0@$FwEA<L;E$r)!whZYx^81;8|(I!GV6DhM5EO|rlOrWkOpeAW|K8<c`u6n
zfgN8lhn4_=KqVUt&&@75AD8e4K38Devr@S*<x&<eoAVrAEX!R58ZO44^ze-X^{*(^
z$o?gQ+1HSoL=hF)1Po)dyNhspB|E9W8gMs?F^GB*;i*j?O3|)5%-4hC&vO14l2*;H
z!uysQ**$S|qGVXH?|S$j;~GVnDvh!*Ec(ptUC6cSz)#Gz%ULnZCe!9kr>TE>8=d|J
z*Dr1&(~eq3XX!65bLiEj=!8O5CjE<%XU!8mikHo@NnwpPG|11)8XWI&t^d{g71)#a
zzhgqc0Or9fKb;`D)Y8)vz2AUr)OETbx-*^ZS6>J~|MTAXKE-Yb@|_C(aR&~f8_4fr
zY``~=L9UdzCDN(T;~_UX|A=xKE!#NM9`boKuW{9+-2<4*=;BUrZ|>kJOq{MRy9GB-
z!6B_~Ol|F%4XXv0c{K3BW%lNYQ_sx0{!Y>Ot!35t!$+s@w(OPcFD&L!+D%%`GR#3s
zq@V?L!hX2BC14~YEgF)1OA?{_7xHg1>^#K!UT%SVqU=_VFJ|27RkKv=I%<Dagdr{Z
z|2dX%=cCr>T{hJ8E2@f{epIuTzRf`v9^E>1Fw&xhaaKJ|OFK973|#7L^SE2MD<|?m
z@9H@V)eyN|vt*7AgRtN$Ff!<8WL96jOTWZ|*`32_(~BN_wqH#skAi%+14gSJNWJnc
zN=uLxUA&mY2%q=NQ{Rey%*w8iRvCHYx>`Zy2mUcc+u*a23&CC7?tcD~MJ)=dkp<F|
z<IM{fV9Mk-lK(Nl@>=#Lyj!AwqVJDJbq}n)dQ-G(z8vIYZO<%{vr4x~$LGD6y7q1U
z#6s=J;LX{%<8(ba=98+1AI@uuB+rE6LYRLmb|ANC>d0W*AKXX$7%sMik5$@HwX<0$
z%Dj5L5eKT*FL0V<xWH-qs*HtlTtKRpv|V`C>M0bJ2OBlhzYJs*QWIIZn3ODn;o)l+
z97EiuKQpk|hj)>e7;WJxU*GB~ka50$$NH~Fyde?v`qGsJwU3s@j@7b=H}+&V8gF=T
zW#l-zqnKYF*GqHvQ*TP1QYjwnz(4zsLYxlJq)#ZLc|=`6>ms*ly?iU#vpcMSe0VnD
zQTyN*d{*0(mF|s6geGgD46>S!?}#CCgAY#j|Lqyhs0*#3Lq&J2NQiE}(J$SCT!_R8
z$;U6ZQd#oY6Xbw|XtJ4vyUKAU>A&G7A<hxU3`v976$TpB0Jk(xNUo3<?$RU4jLsnM
zvC}|kQfD)t$L=Z?J~st~)GV}mvece`1_=1B7K;N!xb+cD`>P48qzjA3?EtG085INC
zc4X84T0O0~g>GY@3jL%vV`HqF#BBpF6dzlmjhU602Ii(toMsIvOxdVt6|K>_&6rln
zM>})#k5pj!NGsm6j(R1@cM(|MYz({=IV`|%WIaOgD)-vvTr<vklU6UD%G`B!T(g9n
zdGV%Z@{qyP8p&SU6P{7#rBmwmf*_@;$kYFjg_IW*<%xNp-MHZil~2`ghqzJ<GTXVX
zQz968QUhHBi8E4q3<Of?m`3D!(>iMtq?XKPR~6Q~kZ3_#SvobTB)8(2<Cw#v<+r7h
zhU+CVWYO;imd!FeZ}#?8e_-d0LEO@68SlNF84$y)&wGrgV)ebT(>cD$#({(N88bOW
zTYgs$A#4VcL5L0dE*2KoVbN8BV3?#+sV5n**HpydllEK5J*9Y6HZ@4TFMO&--iZ6;
z5yiP+#$Nf7ElqhWVSVPy84v7h&@l8fAOyjjkgSAapw;~qlwoY}1fs{u_R!;g)Co+`
z1~+M@C{J^}g!Q)_1y%@-+35!piEw{>$>zE5h(VrAuWrU6a<z~hLaflb_HFT=V(g5e
z>lyy3n96h`zV{xQoQ&VJe9ocNXAgR6p2?4Sp-_$*m>-+?z`u~TsKz20D`&Ikwm^LW
zQ<$bhdKRW^t&;Q3F2`ERfO$IK6#X@X?UUqPD^LczX!M-UM8D3I?@%p+e6DC%Yf5?@
zU1ub|Xt<2@6!t&*GyXP^2hq%Mm5<jsqMLEx>chX{pwjYkLH8-<5tL8l`8%<Q*;EK!
zQ|&-<>ntH@632M`M}?1oau^HpGZ$-w5t)$LY~k;_1{@uaGoZgJ$@R0ELuf#|zuVIE
z*1p=&rNIHi16oD98sBno_q;}472)}BuUUqT2fX5+1AtMP!la`jBa=*%B*q%r8QJ%j
zVf(in?A+SsK49AA)soW8Z*O~Fz}Qgz6HDRLE{FQcvqviNvMrEYS>R#Y^)3AV>Vd=>
z{#NJZKDEl~&6i#D7w2qIMFBe?`?t9bX?r6IEFXHMiSPC6TWi`B2Gs}T*kzEevPHd~
z%uLC-WS0{-H_h(wsr+2r>}+mp-qsx|u?fy%w;hu*xLg0C67zt7-Jd=0RnVi8VN35#
zv&rZWjrq6RhML5x_aq)0#pdbIhGUAF>_+fK^ktUvsdeNX#wTYRuJ1#|s{JSZof?vq
zSnrx(AGF68SdFn*_uvB0DRbo;gkpPG{TjS7`mHtVb(SOo8BEUPzqaO24`Z_@>z9u~
z%N<;a@W1jYK(<o1NrEQ*)*r;i(85(wrMs}bH5z49(-(a35%OnA4u?|2-rLJ+bQh(P
z)I^({h7D{F-$KQ8wo;P)vLCZ~>$^866xyP$f(Ec@#7)oej=+IjIk=Eu%3FpU(+Cdu
z)zuabi-r*GcR~}~yn>mFQ^NLHjyr#hWoul$S|ytA5bMAVZB-0Ugt+&j5KR7?C7y##
z_a~*^;~vSYT+y(|z)9|qxQ4Y|Si5`MTtx8^w1%EuZigv<jl9Sn9KEiUI?fe|HYq02
zU+<NrbpOPv)^&FF+wjD7D04<O2$jZk{<G(g$Uo@-sO^`Z`f*$7+QI8|975_s{Ow5p
z4iweW68iqv&Cm>4kGCDuh@U-V)E6ONt@{608`<{>2+=Mp3EIdKt$sxQP0`C`ezXrZ
z)eySFs10d8<C_k$p0iI&_67vRq_fIm<Vlselw;VmlL-A`FVecR0yCb`%;Cp<vJG;z
zrHkV}28?476zw7*p0kL3%aA<FS(Oi6UDN>*hPMU;nEq(XD1wU@0cF|aP&kSTy=xjR
zBh$8o4!Hh|OKdW(EJ>`zsdDszq{`fwrZCP7_Q9u5ThAIrg>WshMwaUF)KO+$VXWU*
z<(o>1%^WW1&ckvkGb1vpy85Uog1Ak0rT?k}NQjNpw&lXVcb}RO{Rj3PjFLpSy{YcK
z!i87<%>@S2C5)b5Eb#wH#3-|q2m{Ag&Lc+P#0maQoqL}Vb@CSZFDivlx$Op*iinJ#
z^$!db{F4z)5;`xapCDE5D<Qwzo`#b2F<w41Lq~}eZUyCY4}p6GAiH{Zf{<P1;xa3~
zy|-K>5H*0^H23oQ=h;)-g^p|h2CY9yFuLoNgaiomuK`N%fAs+F@YALG+=RN5N`F?B
zeM>+8WFp677%tHO%m9spfS{YRd+7x)7bz^bshPiwCiK#Nd}{Uugot;a|0F6a6}>RR
zYb}KE63tRUn^37L(gE78K-=3ro}VmR@8EnJ-hz~~twP$<14~ZOP68uUgZGTvK&6*5
zLJp6}+OQvdW>de_5yCUVLxHV*BNmL;bl>dHj>)Rs0e|pnDwid1sdMHH%v>7%%*@E(
zzdlosBh6>Q%-u-bUo?j~1l}3KU!1*3+W(&~ZY3ccgnwJ0p#{Ey6AVn6oIeYwkSs|+
zOI7QQ(IQ#IMIbT?Nl=6!@B;rA=lOpvfniT<IX*~koygck*TA66H9Kxe_+B)SCUQdD
zRm4bb*OmCmWkMQWiYon3cFTQ(_`$b2i?N}8{ZbEKvasXen5O$cBR(l8%>h;#KQPV?
zN`3^6h!=^y&ks3#`7K~8+nC>M(GM4<=jw0D{?Qt2pBjG&A8Bt1rp6rb%U1OMHz?E{
za;~oFxv`|Jk0ORo{v)i0=ubq&u4Sq_AhV9j;upnKfQ|(Q{blrN(tpk=gwyrNmF_XM
zm0eI;Gd;t9B?gyEuX(9l+S875NXP@e32gf<fpA|&e@x}N=Nshqc6HchZRO1@AfVED
z+aNKTuG28?j*%NehP7c0lR#w}c4Re^v|QOKXKt#6<oOEBu*|87^jc7b+P_GUr9fsr
zxC)(XKWbJfk>XS)7rIu_OCxPL#L}PMMTPg}OVYB4P8y!eA8da6*@g4vSwndDd)s#D
zpp8h}_F##=SwgtFQm%9~)5@O%NfbsWfq>6@qatPn{c`K*L@A)NmQiA{I5nk`d6tpb
z;7$#D4V`35LDsLUrLG2<bzywe&7BFZ$<W(OUX38_m6ski^6^eiB5>V{=a2^vs3Ewx
z_mNfoqB0rnPF8QpVCywlb%AUts@ED}J!qt0eGV0d5FhY_yMTi6@}Fhw`2xX|e#~O>
zzNg7_K2y%5F3i&$8ELxEf`7@CKV4mN9h>1ckC0kgvv>OUdmcYus~LNiEcpc_B`LmQ
z%FvBT9kv1gq4OdJdvtJHnYhVJa`rXPKvIj2b`gi^C0xKLqV}&bo5~M2j7ON68cMIV
z(<VXNMezQVX`@BYgOu^v7tqr6+h)_N3N4KM&~5vqZN?p|+aD@%<<(-@42ffsz0Yyy
z2r2t7n^9EuKFw$*P5)QqGpA9~LZ|*U0JQJlM}~`Y3QZ5;0mDfIl-Su~>@FBV^b7kc
zi=Ae^tO^3PpX!*LB-|<jxpLRf%wnC;7ngYgdETD|x%`$JsiH{&t)p98TX~7z81wP*
z&G%9enGlc>SlO2^Uw)BOwo_CXTL*{1KeGsJf_@i5;?ajL*&@Iv;k*A!`23H#o5zEz
z1P~#VGwl@=@G|{?zI->Lk>ECdABN;?Lr=rl%Z;DZIj|eOwJ@Nl&!W>97!jyN^yaMW
zTM#MyMpX51kyW%f2n0`nR-Zg`3&gE5eVa#JWwf5~xOHUZzm8CHqX{4EVF%h|Dx`KH
zK5NbgyR(4B&H^o#1Okl!;7QBq{DeJFM5Ud`2kjZq!ScxQO^Sluvv?RjUO_BSJri3S
zD4O-Wqj=mgVY5zYlhvqewzq7Kr~Z&qdfjdP3cry27$Uq$C<t#32?yzRsH$3S>4w?=
z(HU}7??bw+&m$)`Auy|zh?B{LnxKKXd`F8nMqNDT1)@4ST{EYz$7c<R&XUw-NnA*^
zkkx)ILgFHS(S|(&M$%yi(pd{YOb33!NBeHKPm)2UyXfWB^3k*hLb9!a67m!7^YeL^
zQ#s|(hEdh7xRT)-Px)F7aW?JzCyEiM7}4KTAdTe6srv04;i9L`(#@w@KFTtff7_-t
zFceWYfDDwoLLKQ~dJs0wG;?9SdXjuSdW~bf>9$yBQ-(jXQtmSJn)38+B*WxBWkO&$
z&(gMTC6l1Msd<dr4;TjTdyE@FnKJmtK0UA+DeZWTGyP7P2b7Zi((W<`xjG}=67t5j
z?YbI22IiC2ALPICeTfs&H_wUI$eQ?Gcy0KPYpcQUT*y@k@6AjhBm=+U(D(R73?tuP
zmkAm!>rO;Gpg`{3r(y~OtrLTVp%)+A<iiJ9g3~%dI4ye-2T%$Hsmhy>kaN4P$WnPf
z*x&RVBrMy=Uf(s)z(wF)2{(e|)_>;J1fu}$4Tb4s^qy0q55Ad6WzrF17UTtEx(J?g
zkfP+T`_9KhOxu)tKKxEzG-QjBl|Y$)SM6w=XG^*o5(n0P*MjEZDd5_3##Bho{W-lK
zUjSwGZ#s6P2M^No%;F^m(A8SZk<WjH2E{M?H_$U}(?FnN9-jj$Uj$`8qB4Nzd_sK2
z-(>wKV22KAClO?{`aWA*Co3AoF^1c-WJaeK*;7ytQI>S?yWwb{!?gqRLoEdh$t8A)
zFK{!c=AgW4-a_LXSu^YM65~lvp~5*n+oHp$b?q0J)PeOgz>5SW*GG&~eeQeM508IT
z>6ZeO8v2>rZVio5OoHnoBi_3mREbq$WyN9F2BPENmT8b`mq)Jgjo`b^XIp(ze)Pbi
zB1>1)l>Kb}w5eUbK#Gl)eM<AEuTJ(tGj2|UbNR$=tjRE9LD#IxDt52HpwU(nHHYgV
zf3{A(WQQBsT_C7@T#FGLnw_MFfOV>cI>`IVvvA2h0eU}qTKBqaecsxG@T}*7{9Zeg
zne0rvUZ(46B0PgSf;uHZ>W|e^23*k;Y242iEi5xhi8)jL9NZZK>AGUeYSkW?oLJgO
ze)NXaLM)EBklz!&JpX;2%;wXuM#byWFE4{s*6wmD9iQX80RhnXQy!i2NTVov5n7P-
zO0^0Xa2?d1O||m|Kj08mv6*G&$J0mCWQymyM7Vt~WKECxCVG-&{z*Na;z9&bkNh~X
z`Du+WeB{z^W4d#0x#AF0*L9!c5Ybw7m7lsz>xB)9yOJ!khUqT$yg{GRoaO3kAbsdX
z|K9~XV!hi|-xM~TEc~ikOutca!O)sXr&a_*V}BrOJAmIKZXQc}+bvK?RB5ObZcQel
z%;a`q%{p6ZxEiabc`Y2+?C(POBY<P~8L!tOLzSsdVvC3|jKXIL)sMUX3z|xuaMev8
z@U}yrx<B*NUUNXUyfozo?L8|?s3Qsj;7)&uk@oL`$0VXR&(O<m%w>5g?b3sr%-r1Q
zt*JqIP(z*Lr#~`+tWnY6d{>)CsCxh+S0UF&=5<aSQ}>Ah;-7a}mn;bk7S&_KN2{SR
z-MD!RTjYJ!Yh=00FLm$-UpX4#cU=qWpCKQsa-WMxZt{RF8N_R6i;U+Zb5sQ&xAo)M
z-Zqb3<XmO2ZsTBQ(&Kn3%pZtR3(n$Jev~-!MkfV+uYXZU`ig07y_XJhDs>iza24Fh
zGfOdcEN{^nyht0j7;Rv7@INT%@y)1Ub;yBc{~S-dVhPoO>Sg7JH$D|Ab>IySA%;xd
zCRI<_)X$NF0rjuk1e=&TrgO^;(%~sSucpt*a&^xnd#_!Ncg=m5sYThFV94uWo273Z
z{?n%s`T;<5!JuwYe&5LlY+q^~c&V5?bbG$hgo9aH142Gj&N|vUl1u+o2s|qjxgp4J
zV5JgeWlEvnlg+BcR@ucc2}R{3xT1|$oidN3sAi(|%*6iW-!*u*=%(0UE)C_VB3XgM
z!uC63G_q7EsyNBl1*us(Rk(V8D(Befdu@9S@1Ak7yQs`+bQ+i|B%0Vh?kRrO*qjP7
z3bmkl>A%!#8v_hu9atO~DRO*))&oAI`bBjP(!4){f64k9E}N^|Zsn`~JvW^rJ3Z))
zL0ox@<SS2juJK8fcJ{w3;|cY6^xKD#gLejQ)gf<8QadKvOd=X}Cs+z|&qP<4v^I`u
zCi!aJ^+Z|r<TSCxT%?k?AsPb@wjo#2%@u>+VtOnzK6Gg~B4}QcurlapE{JWr=z+RR
zVZ%2S5H8EgptYnB#LTjI9l7UK)(WVwL`hFnb(V4K$FWaPx0Piu@2px0i2m!FkXAXK
zH*ro^veY@%^2D@mU4J~*XI8q#fd5;F8BE-I7I8mVEP!WV{j?ig#hlw(N%ilUa2?!`
z$6O*45Kq1$l0c==AM{oo<ifw<q*SbNSypXta-ORLaX+duLy-4R7A*p@=tT4eqbuX}
z-wiatYQ+hO0x(U$D^HKF&dqW?0C8H*!K%-{Xt}@TNn>s*9`OHc%ywsk3gu^8JG*{D
zS>-ng4Z_0zCh0%^DW-?RR3Y=kUl&0^G5ue?9&J3J$M05|O#xa*_|q;&+uV4CR#68Y
zxVdSGEjPGy{shPyJ%8A1cXwx+)BWCMJ+Auj^(xx`b*`xQ-t*y!_qaUob^m-|GdVx6
zn&(`-JJ`fC73v`^{OaPnN!L`*id+cog~4muQmLi3y4txZ@y#}u*~mBG_5NV#%Fj}T
zP-FG>Mk=?c5A@ikk#FZA{2fPvRIm2S^m7(5SBiE|S{TBd*cm4KB;t%V0~M0~X9Lbj
zj$-;izaTzdInmMt>6PnGzokxMByNWVu?<M_iuBBXI(MmCHzc=Lws=lJJ_r`gz9UVO
z>)ROp(3Q=!Go&4Vj!QL2E$bV&YPu4L&QV9VbD3l<Sjg`GsihO_7$G;9L8pRPVk*`F
z1)(VYQ@ytrQr~54thO6oXR;XddOY3TerCE~2dXsuDi{{_ej06}mS0%9u=LV3X|8>t
zZ2{fc-ovEaA9XR%;Ek@UP&;#Gg`S$jzbu-XQ4^)0Q<}XUtDZ4yZmyu~;!?pwqso(^
zj!?@2ld3R@XCfqDJdzDsb+0YW3t0CUuABL`@mMxX<KtX{JVK_dxN$KWiPh%3k}~WG
zcQw~Ykn4Sxsi;7_WY9D%)%i7Rj4KAoq(cwc`zDMn2(>+BqYiA#rpadT+JIqN^MrzU
zC1O(4E3Vx6R6ys4EB>?lqXZB;A-K+Jm)zIg_MV<sHbh4DrM<gr*S%rpq-&qzR%AM>
z<C|d{ms}bC%sPia^)Q0ctX+l8*SGdbO8ttx%JNZy2{fySbh}3`sS;O2@{4K>xihK$
zh;|eq{Mzl*f^(E{zm@-~$kh9Hf@8>Ui@zw)VC~M$`0=s~p}ruL_s&Q#Uc0_UO-m;>
zAJ)S1ZZ0-Q9Wi)5lkMgi->+?1sB8=W=^a3^#gr;IT5ZZBIdtQGvEk+*uR25NGKt`K
zz@p3cc7Vye2n%S<?-Bbjg50@5Py0^`z<ZpC*Us`UmdYY>c8p-V$o4Q+$b-)DPf<U@
z_OINYS@lv&xLE#k*SfT6sQnyoj~U{lo6Dwdd}tn`>l8*9q*0s1?wS(ZX>P?8x7wAI
z?ASnf_A@&382uKwidI@pWyV!+wN#(6=TxVfLjYz9zDuB?98K+{QI-vP5HL2mJI|VE
zC2|o6!%VC_JGkxQO*WXI`Uqhdmw*h}kz3S@1oy+Njsh+PgnVtVrNR*eK1g|len>Bk
zt3l&68wE>ii-h3UkYs5sw+RF=yHWOEX18u0Lpq^9pj5DXhM^-=v1r@Xq4BT!Z<gFY
zqYkw@Jo4+vlw!JiKiTJwnbEf^hs$*L%l(x-lkLSk8B}vQ;J@rnRe?Ec=BY)m-J6Uy
zYuhZPy|ALYA88Y`@9J$vaF(QVT&6LhxrC#ECsB55Boz18k8_r@Y66>6iw;bDYZ<1P
z{TBN-%(<p@bV9t$X>bz_Js{pweV_<q1$wyQ(scSop2cg*sfUAxyn}E`jfKfB6Kd>p
z@%-2D@_em!ai`WvHy8NrN8TFyDmv-$UHZZHR3^B@@DeUWPu|<Da&ikTR3<-Kt~{$N
zLgR`yZ}DF}yq|KMTyF}6+(zM;RL<?kc}LxSC5m;1lC95x(4d`FV?FK8dyX^_ty>xD
z$du{#t3&l}*6<4mT{B{b-h@{nad#c7_{M`L-appN()-A++_@M{l@e&E=_Je6n*A1Z
zrv3@xuJQ6_+HV80d{70el?Kz;GBD(JX*uuyje<Pt(#vp_5ECx$cA;|@8A)a3<-c81
ziLEPdK7+N_`Kl;XmoXHjnwljKdIL=YzjbmX=_~jnl?<66Qi=snjkVivC{MkA;-@c@
zEpz!Lmp->n=i96}qpvh5*bUBBdud#Eh$ivR^}45{w7KrBQ#HTJlS_BIZ{T8nco!+J
zMqQFM^EW*rx%jE=-GHJOO6$0@%<lbmqfp+2^^AgNMIj7sfpUy$FI6?Uq-I1f9De^l
zw7qp)RBOLCtlL0AL1~cKgd!lIB7&rfNOug464D^efUveG4FV1wgLH$mFoY<LFcL$D
zATTt-(D_^g+r8cQIrnqUdEWE>;pem2Fl*Me))l|_#t0N78GA6L>vr*gyi<I<Vt%o|
zYQ=#^vO;!};?9V%-H?1=NJ2s2y_6rdX5aH<SQp_BFSe<tMW)_%R9F2wRHp*nz)TY)
zR!f}YhPAbG+8#-P+QWBz$*ztWmX*kdtBz~rDq6G`KD$a^?jF;zi0K*%5VY}&=Z8z#
zQj!miS8=R6lt(py-C?#ssfVT^GoYeg{42BDyS#MOpe|J)G$EQV;%UJbQja^a19mx3
zBw2KLTkyLJ&6rx%9XjTF_&VV++Gx?%%k=dK2(EuQN^2f-!WM&#+3Ijo)BrglC<1mB
zJdI0VM?mDLtZ6(w<xMsA!LjqNJtYFmUUuS1QH4{^D_g<)V0z<|Ry@VA<kg>bb21VD
zy#>@1P&U77o2OeehG;VQ{WKmycbv(xLIB{Yg=bb#59=kKA5tgv1&OVrd&D-&R8mX?
zAKVOp&93kjc4nv|jXr0E(f{4wkXH*IxKY5F7<f*8E|i=FC8Qab&<(gZM?L0t`jP0f
z7(_<*a|>gFzt;d6d7h!ncMu&=-{2_|A#V<~hHklG;rhAQ(~r4}#(Rue%>RB}{P#Mw
zpOrLPm)s*S<md9<seq+m%}s);NVrCcsS1tAL{822oC-|gZL`>r*xynT_9T;7pq(&@
z6G11$_DK!?6&ZXCJIYdJ6+57n7>Ht6TWbECHKBF-xRRVt31mKdfW*$eRA>t_ib%<}
zxg5CaHdn#HMwX+pB8*locMF?psQ=B!O&@OI$zuK!a0LqKF4OSD{f;<;7dr>vdLIrx
z7K+SJ!Yp_3(b3MqH(ti@=qI6L*q*z=NY*@k3yR8_Rf=Q5^$IIRuTlMhUHt34LsjJo
zp<4>iR758%1X4-ElDd-X9d6_Hz65vC?|DTCn}^-zdR!&AQuSV{`!^p~eLWiK`M;NX
zi&T3sN0PZfs%jL|h+()w4GC9IYp=PHtaeB5Gg#%1svXDKGk4sPLVN>K+CNbp01f?U
zPO)lucfd#d8N?sTRIS4i4qk#H&J_*Iys6PpQUaf#;4!OA6GkU01cUTg@o~>u*`m!S
zV(GZQzgt@B_d60_<_EW@){-6`1nv8sBOww-izXK%jpcG^&9Y~S)s1E?yg$dhMt2P-
zZL<s#sUl6USYLJ*EIiY5jL8G#9)y=1)4$+8i4Z+PbYzS`2>{@4F?z2r-7eJHpV|ef
z;k^gX@Vy|!X=gI#e}R@8c<f(k;s(_pUd8yTA3Il~7Wffgj0B;P6>|Y{lb(a`rmL`X
zDaWXBppT;GhP)g1xO~6?jau!mW(m*Q>{Va(SO^&D4#x#)Xz|X`EdC~<E)b>l-bAkL
zQjli_ZC2tt^Q<3`Stn7lbZPl9*7Mw~wBVYs6Pd{K`y*1_o5~(>@^sb$<X1<bN7Y|P
z(wL|(LYbw}Ze;WDhFFSG-O5s7k_r)S5XY~bZ=7%1%@`W;I_eGuSJ*G?eA~-<r;J^}
z)Qw<D--VTsP(9z9{eoLd&>MNM$Y|Hak4+a>e!R%oL?u$}Vw-2;8_?5E==+XMndrha
zVPth&alh>ZTXapO{JzoRB0ejyU#}{-0a=gHUwBl;P_S+u2GARuxsin)3$yP(cT7a7
z544=$F)eh~#|#i{3YMn9W?+=6^MO^x@I{Ht;8L;u`8b1>A$MfHup;Vp#mmZzfulSh
zHVd2fP*$r-PVe*%3GEnpD3h-&ghtQw57iEEpCv!Eq?MC}m#CX~q*__oJua%Lg(z<&
z#z``zuU-o5K8-5fKjERNkzXkpl}9|b+wVUibx)3j{g(AXc&A{c-3&?dM3ia|?F$uO
z-wT%bXrp-mC-|X#xeNEufn$$F`+3i4qMMDpMUQ-nO8E^_pWUm?Rzvf4KA#(>;w5$H
zb!x&y?a!?%h@Q|&V?lE+4cK&#K*jABM;Wd!%`9=p39=5E6#A%8Oo-YXD;lu=cN7hP
zpaE}gfB-?~04Iw~vnp?WYaj*O>B~36rjoYgrx#ydhbi6oq{65<Zwscy32@UNakRyp
z=xz@SOTW8I(C_PK7Ty(cc44xa;cmF>jrTufdi!c$MKi}`uVT_T)pxVFoVY_=a3`BN
zMqH6KCa9r|4~qn6e_t-j5`Taa{jbFmhB^L4EFt&J%(uIrA6UFG>`Rn`$h3@q<xh7j
z>#>PcE8=bh;|~iGI<50IXN5YF4(-^@2AWuf3*KMEMaxTyp5RrCutK?uhA%8z$~fjS
zP}n`%CsoC;zo~5PeeI<sm)u~4ObyPa9x8KHt`|1R<%p|ilQ+2P{&=0;(XLpbT=`M{
znDzX{ZB?kdFFQJImie@pB_^|^VB@4zyz+`dg;Zzl=v&$xo)4BVb_L;1_-|bRY%Y|i
zsCItRW=<(J^4?b^ncriFEMAKwA6(a~v)K`^*H11Q6B}4sjw<a*+#zxLvZSu(2#J5Y
z?e!#}ktSv4yga=8Y1u=$FtgI<Vd@!^hE<3ln9~JFY|bEF?QmM~XuOF+!!g+X+FG)*
z1*0I;hoL-N-UNe{#3M~_8y5i8W|^_I7!-2p&rpk$;R!nZNEkh+`BXxJ&r(Xlw2&jB
z=Tp_<ZST>6V9JK}e9^fWt<|8|AtP9e4wRN8xZ+Sqs=L-{)c&fnr)uiHR>g4S$Xkj%
z=;~~b&Lq2QTQ60wsATTrt5JgIXFuUA_|blR)W%IcN$*BF@k3qzBU>`LHu-ukG?pu@
zZ>xNvAYS{aKxwUQV1j_s1$Bb`vCFw%zZ=3HUzWR^%i14oxa${#Ncn_YxlX0!M2JFp
z+=@yroNJa;-H)5UgWpuv7OL}H(3DU}V3l8?=b=n${l4g(Q<$cOIp=$2L5l_vDq&p+
z?T7$jc3Z#ToPn|r_fp5)-O^$^uJ<BqWS;q9Uo4%;(T(V*^cZ$*fscH&2(NjR9=>@}
zO5>}nlPm|x87}?oBK`JN!c_c-KH``+6|m=aq9e|Xq(2u?_5GqSsXwfg{Sf*ei(kMp
z#SgydUw$AEBMGL7v~45hJCueKZH|v5CSU9}U2Jx*uq?|_%iNUf(O6QTug<j;IFj1T
za7Qhnx?j3FMaAtQI*{iJqsn^jS{fv8=iV%*+#)|0^wu=CN@geH(gpuK0~-`$ysesN
zSdk~+S0t>Iboo?hzEW;)i2zeh>FLkbS|eQPsmU4sA8zl)kGSiv^=jSo8o1qqRJ}@~
zPH@4*T|A4lkh)f~`(jNd=X!?O%1(K<Zcz7W&YpxDeC?}jxXpS22|jawNOv5{ZZhr3
zD?OtbaCwvtvrQdfRGHY<X7C6Q|CQU9^xnB)eyc4@re5ZfLn<XhMb#olBg;r@8b<1&
zsOLASMmRn{-`q+L@#~=~P^PlYFl_Ob2#AWnIHM+3Lv46`Q#-E1)7Nv<9C4B3jH?<`
zd0#g!^C57pFQ0L*l)G6%NU8!Q34@chik<c{!Fe4I!!f)*xBH$Y@5}N-B&X6(nFz7$
zUL-%Ni0QZEzU&XZ!R(JL8uZ=Zdr0jw`~8kYV|aw`+I5}0gn+A5(<Cb#L&(p8yS{P&
z&pj7JJ2Ve#No-rcfqdz$8dzkpIX9>A;}ic~TaSHA{vntvnUD&sB)I`6yuzYn8nyMu
z#Tc_gFYLPSkyywgAO#dLn}Q%~k|Ux{;N)9o<{eu`9sBa<n6c5>#iXuNFZgb`xC}{3
zv<BZg71erSFk92`X<F|G*N#Fmbg`*&!iU^tpGQMZM*Fr`cN?tZ&$OmIRjh7)V)a6#
zR5i!*ehoHDvz~*TETR*ZJNowEvfoCw!%o*CkPA5`MOC;l&=?V-iD-F4$TWr~h}Mn>
z0ml(~m|jK!k_}1aGsyo7F50+nHU%rcx;vnT=)BFv5kM@moKaA75Nt$s9`ujc6!ZbF
z*$2P;K<p06-TJ5gXqg5CmcK(6B|sj+D+zn^kGcU-A$+ZXr>|h}pJh0#LCqH6;NgRr
z!|jTzcxDlxwBXxW;QO)?xw2FMj3!7$<WB@06C_=X<>KNJ0l;ZaPEKdWcLhi9lYvPD
z{6eqRbHB~tV3kdD#b0divzV~s%-1%aS}T$hYj|89;Fi6KAFRZO|9V9D@SnkeerAJ1
zC!}29j$u9>3aN>CKf@P(3Z+A0F4MMImXniXaJbWVxD|4^MRM?sMD%bQ4e@Ys4V*f$
ze|-9-Gq=9(DBu8jffC3I*il0Lq8n?W;w<SxfLtJw%ARuIISMrP@GNsh&s9X?Ry`Yo
z$C`4fCCLe6&<w_t^&TKctFrkNWHH;S)+A?Ejdk*EJ=0b~t%kds`Q$#i?S#@FiUdVO
zMDRe{ZO{(_2>LOA_Ka+D4?SK!{M*~DUCv1lY*N~jDurp-d(bVk#4&of@D9kEHXzDV
zE0<(Dt^T7~itEgE0%9GK*=s@@!cAm~!YeJ{j=;b|wiiX3@v{>=oh?68r=<NmbO9~h
z<-Hvwj)y+t8f~p9+Kfci-G%@d01k1;LMMFnZ1zUFg}6w8Hp%P_)MnLhSK%`2??swH
z#!xizF)ZTSv-jWW_C|Fc5Y7Is{cYIjz07+by1_!McTMJCpq{e9T9ypv5pVBI_Bebu
zG+(&j;{d}UJ7qKe6#;(vrowaHe!GLco5((oHQt-MUBz<SQn}-yGLMil^A?bR@!h@H
zG+Q7#v(jWg6{oB7UaE5N5}N2tm}9675H%baWfR+Ok!1AfSvn;LxCX{&maW-@N}IGJ
zPVmunWwjw}Zh7`T&y;?@z_kAa-L4Z6Kr9DCSek*caJ!Gg1I7*yHo+8%I-ChP@FQ>!
zB{<rp_&fcDSvkiN??QAy#Z7p2M5Th3m_p*Wd3$A%f_xkQsD`3&ex=eYRB{>!%g`Zb
z{-?gi`~x5|6L8<iRjI}z-8;bTa2;Q(<^1VPKe!&sNz@}V^rn$4^TdkgXC^WhQ+0x;
z2yJdl1&zfy$slJn40XY^<9Fsh2M+-92V>A7v|shv+nnGi_5vaK#vqQcW^al|Z0)PK
zGr<$WBP@;ZL$|jpuE>XQhHQdvAZ&JoU_b=5<H&u9>34wQu#L-!bRdfeUO7uD8%+jw
z|6sHBaFR`|W$dH3IUYvz5eKf_I13M$u>Cej|HtfKDL^B%01t3q8h>-Xn;=meP{%?-
zkw<AV_yNyg!_V{_pm6<Sof*)ZamBn;k=%M^WBrAHVC(LD%Amv(3RSI6el&KN*B}^M
z+xP~*8T=#5`<RW$>dGL;^1_0N6UZO*v-}W_e!SK5Py=LP?<If!-A4#_;z`Iy+!NYy
zRU$C1lOGuX;rQsvzoAe4Ap#<4^Vf=8fXYd5!u>Rop!?j>U6P#GI44Y!ep$2>&_fwc
zEL{GtziFlwho>OpOAe0P^t-|IL`R>2!0mw^1ZW^+c$THgTn76ViRkw9ye+6V{5{H}
z2a7KSd;~-OZ~xFHbS#2}DVHX}S2kZB4TS$ZSm7HZb@z?uSF{tM1d~JI<<`Ra)u2}0
zu|1i7M9@)h_xMTSIl}HN_l-8HX2`#<%f3A-KphQwl=U>4#R!iSIs50&tmE(<40c=9
z61ymiUNlmqTFf@t?ayk@(NB4ys9n7w?~2T4=g2v*`M{Y;nir!Tv9RE;_YDHvns_Vt
zlEnuOb)Fnjy|Xm;@I86_*V73Ukq%#Qj(;`g&S}QPMFv1i+o}@o<NUp@uNf$Avj#V<
zg^R)%BHmmrGdYu^(U59LS&)9SvnRV%FUfJGQB~(9y}n*0X*eHMs;0gLjqxNt|NaJE
zGhP6K?E}q%0OUyxp@*K5?j%!WIMzH2;o!{~tQMEZChjV%FN4+LZo=kf+jB<6`S?=%
z<@01RBCzT<Y^E!1l@!;a9z4dw(vAiX$`G&Rvaz$+7q_1^FNqWg8rV%-L{j}a7C^TS
zHFrf~yIx`=h(go$iflF}Z#OsB;h>-IH1736FHSBH>tMn+t7(Yx#>Na-dOjO6%IOMI
zMY*n<q<9Ko8)Ii>(z>aPn~y&F_a~|I3VE)2?*roKkeM%0_gnBphFp;{<NDm~Ik)W!
zw7g>^M9>$)7bUb@C|7Cp9e;Ti&`WICzVz0^-ag5qqhiyaGi>+mV2*{bE&A_yBe}sc
zIJW?4O91M(J7ChhyLh~`9=ZVyxBt-($2~W*r*?KHPe9kA%f~7VYYUCQo^Z6(j!1!*
zey;ET<y8n`jDIe7h~btA(q-bK$R?e@Q<oRC#1b^6hg&gw6ibXpn=4rM^+5mVKPh;~
z9U!hv38$#{2Dv>(-B+aOFrl=f>ApR93|a+yOs4yXk=PUA)^q}2uk&A=<ISdM*bOl=
zszmh&ewQt!RJAn}DbPG${3%YhJQB-PjyQCphWMRtWDcQ523<<dv18st_2x>6%6Voz
z2X-$ydEGaAwVgAiMslB@>mB#1@G@DRzOjMtY5z&8p3NzMzV}N2z|FKjf=VCy{&v6d
zjd#n6@FHpBonaq|Wvb!bej_J(e}-)0l6eEB*BP3AHt)p^lZ`}Ltf)=}9P(X+($j<o
zvx`Jk?v@F#XpI>JMx)zPE~&!(8qB>$1`lfRV*`9k#eFO32xibpWq7gLUgM^pBx=*W
z?YDBp{oN%>?3FC>B0WmW>*`EFjcYsv^BbA0>Ze+>9-S|pJzJU?ubpJYLmVzN6(0-4
zCPm&cS7uocB%Lf2@a9iUH-REnULI9-K$&TOU6_kh;l^wA(_TzYtWMV*Nu53}+zlu7
zdnWR3E^G!|giJ#FPV)U^pfPBe`d|rW)DsDRtVw65I@6JC_8UYf(jRwAbKv0keSiyA
zum9im4}tt4^k3;8B7Oq+5NjBm1#J>vgOvZ!^-y|MUoU4#arT#Hy{EDn{0{<>f1K|`
zjV4p;-z)v}+yWY-6ta6qolU$`%c7ao)Q}&<9L=mL{a)zgU%{rL2+ta|H^fUceyvh|
z+%26rCZTfbPDJ)4%g%&shA@f9ev66c)oJQeJ%moEE58d;L|YKl6Y1<*x+T|$yR1Fd
z@N1y?vS!~nxv+a2gaZxGwQk(QrkiTXPs=WpV%1v2F(<_bMwPN3-Dq6Cte2MdpX6WA
zKN7H`{0r>H<=^1l$R-$p3#>1h%Rp<eMyTISSisQ($N3;|HkbeG?a_~6%uzj0wTjx-
zHkY4%bbNQm_O}}(=vQ9=rCUTL`%`2Fe*tk>h{z&wUP50wMOnO9TKOx%Mzk^dGPA6c
zX5_+ca2DQ%F`yt9=D$AoQfiwE_C}9USFh5Lgk}+?ZONX?sow-`_1!K~^EGMV{(EcU
zU-S<Q@5xokUb7s=lukf_DQ+lXZ6LBp+|x>3<$f`Eu}8!1y6$~dt=o7x)uThe?pw1A
zJ}@NqT+Vyv9mJ%an(OHg36ye-<hYf=N@ogzlHsG~?DERTtF0*!^m8i6bCeh#SEQ?!
zTw{#KN|kTrGjsD64T63=<vl>`a8#(S{Yld{?z8KtXzKq(MR9bJl?1J$r&o$Od9--F
zHp{vJ#tgQE9DG{<nY|)#S1-4RHD$$(o@1n;OrAzArs<#LkBA61UjFQ^^T%C$bc27a
zPGN-Fgs0qf_iYC>ZI%7|*n9Hoz8uA%BFTuf*w(izM>XrCaK(0zjEa3gMKm}^KcZL1
zB4y2H%6W7dd*&$C)RPycwYnkOh~Lsrfju1&>PCA}T(@3x|DgPuLl-Vv8By-W2^~dF
zU=;z`sjo@c3P|S*PgL}SgE*rW2$BnF*9ThJ%|yrH+dM@tW{nZqgQ30f^5fMP+@g1d
zj>8H3$MvzV(bXIzw@KP>{EIx|zo;YXdW?0Y$7#tLTRDSOf_Umq4keeH%1lIyQ%Ay@
zE^s@`p>ELjUh=c2<^BHhRD>|4cy-L3un39R+h=}8oIk2W?l*@FUGSF5(kQ$l5XH=F
zuAcE8HPlC@Mlh#-wN6<??Mr6JoJjYLz}MKDR<Yp00_ZphcS(h9d7eL1iwO%$KVc-L
ztlkxTHb-3@`uW*pb^1Ex;=6?g3<@14=bKFMsTY81?XO|_YV8(|BGvj9A^=C%tR-7A
z(fLv)nG!bp%1sT!KC5rYEn$Q)yIlBT_4)hhALL%jF-M!~6y7`LZ|-~3LmpwYROogD
ze}*bhNSvb(jFQZPG?Edcj;CH*EH>hd=_{0M+sA*umrj7+L-gQ41Ngq8FxpJ%iR$Ax
zjsPQNY_^{hsR&1>#T4Ar+WQJm-!+2ASQS^oegg2OK(r1**sB+uiJrLOL!$py<O|^g
z^#6y@_dguEf5q5<*`{;&qpzUW&i~TwmTkQM2EX%i-Jjt&c%)f6&5)<fED+UZeJuw)
zLkhs3T3Z8cfK7mhIS#)^+>n)FnHEP<B5(9S`!M!6lE2)Q2$s6|fAvF{N6Yt|SEwAz
z2P^~l=Fp!XkasO1x!5WfOs#j%*`wJa4eLF$^a64!W1vcD#&0|qypLn)IxV4PRD%7x
z99h`#(rHr{BsOt%q;8`yW08Bn1k_5Bj+g7TyV`d6JiHevsSSwEEt`TtAk6)!^k<Y!
zyMJ>TbTB#_gl`g!Sy76AQN2I3RM{eF$c4)4F;z|}3rQHPnsb6EN0=)q_2$kYH)Ap|
zj>28@fJAzH5ppE|Pu|J&Hf*J8sf(4rF+P=Aos`l_N43Wz8-Fc$@e334A-cClEF)^(
z+2J-lk_mZ{!Pez%Gt%9yvX4P9f0G;^%p1IzqpC{){5c%kD4}*UF(8U(l)dP-hiE6a
zL)qj;L!C!Hoyk<TC{Ne*cWQKOZ!zp=D%DHB%RXTKbI8|`SP@67_3`hF3%4Qo+TtOu
z`6^tM2_>a%(};!dC@0FTl=bPTf1r-bwo)<$YFY29jO%|se!OI?6?3Di@e3rZJSP^*
zCx+&Ii``jfSb!sKvPQ2V^gw@-n(%mQvsV>9Pu7(pBE5`w15rT(EN;lrsi*pQp(7uB
zf(XhG3)F!eqpofprtw))>$y2PXw?<dKHoWH1~a8<H{W9V#>_@xTAl_Ho1OK8wE$0x
z|1YP_znfhkoc?#e`p0jMb=&qpKC4jU76urf+uM8FIWSPoS{QxxGqn{zax<U=?Pr&z
z;li>0YLKQMhseGl9sT|1GWm7wLSVfAt7+@MU%UVKA_-sQ=7tcA5(4?{!0>R%KW}yu
z^b|p;D6bxjA8BJ@AYR_>3TpGOEF6>v6n{<~e62tc)C$-Xk$XKEq9&lWK=5a6L5wEu
zs3u1S3SW(lJ|hIt3`cueNa%sF71HH!e-jeh9CiSOi|pf_{C35?QYXCn^H<H(@k`RC
z!pKcf?b`5XL%tU}(S1aK1KipdPS0I#en3@HmOv)vI^_mqdjVreQ+ypwp?7jGYp`?W
z5lVZKK-mQNEkGAOp+80#^<C+^Co*7(-rZk@4o#sAQz-^HK9Dd#5|9W_$?H<wt2)g5
zy8DZ3ou+y*0rv*dIG^cAe>o7QR+Sa39n7>;oq!*dCd@2kVe|6y4>}q5J5?1$Og2xZ
zli}m}3}ks_*3xj=O!Rfz4>jAalMIQ{!c?6kID8D{MD4Oh8=h(IEhDNFPmaDqDy(R?
zI*G5oA!KDCS!c#47Wk^o&K%sbZc!KTaC1h!x4)tTMBMiQpJe|n5%-vf%bG5(E3c9>
zDC(Ro5Vn|uw|I!KzsNYR@W8;L_(b_rRlWR0BiWiS4I~otk}#DUrB*x&Nxh`&Rjres
z4%RK_p^Nb)3*K03E30AXa6fUUCnF!|KE|C$2hfC~<Z`epbaRyNyI0kCqa@|05^6pa
z485$hlY*?(HtLe%3o}(MUPkv(Ynt2~WC(~|uQ2?KXyfclDR+`FSYfaz(^kLLD|A^k
zbwu;Z$bf#%q{;cS>BN|MHjN2+V-?#K4gCg4zgqKfE^|yEW_B1?0}vpd6J&|s3VI(Z
z;7>`AQW%}`o|@4?RVYd>uSfuy5+${gmD6X9jCT82uU+HkkkJUxv*zN{x`VRMpZqbo
zn#`R{#eOwwBzrO~$ESqeGFb>UPnn}ZXCW{(r<CXUUFJnWUU|LPsVPk08kJ;qBh(@X
zRzf|Q;@&vp!8lgz5YF)Z!881Ki);vE2_vp}Z@OAvka^X5VZBNUdV01?%nNxfJ$Gq&
z4j|?ox6F_kzZgGcR~qIu4URv+CQCgRnF6K{d7k!H%ZknIn5oMEV0SPdHWPJJYvZ}F
zT%5SSFgKU2WPPR?RHll6{yyxw*A{2usL1Gy7n$EGaQ>RuPoSJpJLQCxA%FDcZL3W%
zl8Rom5*x#GnQVO`Po`;uyt|Y!E?0xI>v=2CFsdZIEHb=|SbEJVUv~SwJ^vzH``Y7`
zs-oICCB#`WJ+^BE$Wqten6NUxl5vAFj>xz$Sh-hUL0+R9o64gQzWgkqT@oribWhUG
zpb97AnKu_SiV;mRJn+g84JXff1Q@q0LG?3$b8E;2IJY84oZHH<BhGEjQi&$u+%ohl
z<`iBwErPYIxy-Af+)%pEs*;s;X9PJBcZzS1j)hpkoPAcXCPaTYs9^tiwJI$w4GkUO
z@D=VKS&ANWV99TRwQ74@D2KE<KW~<OmrLW3NOiq@d!uBf3c;qxAm}(la`=M;)O!^@
zadBglCmGf*9&J5C-DYSa#!C}$<FT%9a8SnwD<0Z__81SFGDO$2@JgP0XBpOjt{2#U
zhrT~DFd;1xGvBDnK)MASN)i4{8WR^5mY?DsWDvo=*BQYXP`%#)lxm}`?(*~F_5P0d
zWdDjnx&*j1KyB~{tmJ@w1C(B*eHmE+*Vhl9DuZksL{IntNey$v!=XccC@XtbTX^Eq
zDMY9bJ0jlqlFrSHvL)g&1`^uh<}Kmn`j_rY_nv=R+5(07+ZKl_yxW|wmGS%K>P8hl
z%Of}nhjw9+Wlp>6?FCzl@M%y516DO1iP`icpLOp!k95qZtrX2O#vI}hzx&bMbhFi4
zA8pF-7m>e*HjCg(L3VO~RrPj=Iiu59a-nV}Dktp6>8X~8aIx}w|F&m`k_an5I;bq-
z-2&Pudn5nuMI_9Gv9}Bb8b5Q-UVOWsGJGc!ovA^-ES9W4v$Tq|bxa2S5W$*Sw*a&x
z)Uch<mU~1S={pR9F@t>86|%KUVomk_ISfmr3qRcOYi-+obZ)wEUcphWM{jRu`n&A0
zaKUbWx4!R6Ml}h>ed!eh$Qtc4?s=7DLt+y%LRJ$`J||rVUJ@*)lZJtp#O+E_>PoHg
zOS#3T9nQ3kwref$gD=V=E)!a5G?WIXP5^`JXzbro2m4WW4I=vGAhS*MjcNQCIk#WU
zpL!6gX^Kmg?}07m>jYLzv>`-@&fKD(;C`!(*?<aF8~m*d)afVHvrn6CX~GF_F$QS(
zt&wwC_;Fl`w~uLV2+3y?EugOPu#$GuPp*~T#l?m?PQZ5}EtV2&J|}MyEqN>yR=#-z
z`l^HL1((Wy7&2AX5&QeU5!Gd2|IYv=|G<+#{|!J1?q=y?;d>pc=mjxCaJWe@3ZvcA
z)opf>8O!ZUE`6<WE_R>GPC0!KJs1>QcqM+%NI9eA<SpBAPH#d@7xrIO6gutG1Kof6
z_4u)O+2le}A6RR>M77^!uZMGuvd_bFDw3&cYZ&yBHeMAkPL<I`2&%?yVELFp%Rj)q
zY{+qQ;m5TbOYgJ9M?Eyj@#Q6(g>>kiX1Sz9GOd!rRhdkA{!9r_9x-vZdpFFE?THt7
zzI>9RQ{K9b_@Z9}d)4-x&)I$smlCRPC%+cv6Q|9s(hU1Y9(mH<-u7CsfaVtjT_BCj
zYAE*f#pP8X(J(YnsE-Qh@@su)*fEYi(r1ttbzEakTLZp0RgRd@GNYW=vV=U(_}<sJ
zc1|P~#dqkuosZO244dP<6d$I8fC6ct{|!LOzu-|;GhOb()+)WRPri!Nrpw@WgSF4N
z;fo(gy}#nt==IE%Vv+z!rNDNsR1%UYMP73vS_yh^EHI%LVI{|2_{nTQNq*RSH7^sR
z8MPs*W>94&?T#FHBZ?;KBLlXSDNjUf_~Gey7txjvi`>z?o3O-8(&mw#Bq=V3cS+&*
z@04TCxj))hrhPfG=IdAe$fOo38X4oU%o1B?oQodGshm0Ri7gcHVyA^ngOb_qOpW*q
z5Z;nV#(a{{NO&8#qHtRu6DDBMdwme$uzd#|fp3Ct;g+k(hR-|48}ZbNRv=-+cCZ{g
zBW&7vX{l){sRY}wJI~I1_nnYC$;(z((r+~40x-v|8KkMtBe@<~d3h_vTY9^NCWE`7
zOS7Kbf`;vN?Cx!TkpA9Gg&J2)MF6jTn=CR*9>16t25}bU?f*Z3Nh~HZZPp{HbMHA3
zwmV$KZ><n9fD0|17V01ptG!u=G%brb9gZ?b^ETe}!ba??6DTU_IwnNB!ohf6We{Zn
z_akZbu8i3Tr`|3LbqTe)oE#mPFAsYb-{`<>bf89A^BJnXGIF8fgD34%`S;Yg**#Y*
z=lu`gEtVao7H7tTrE|H%@^+C9I&he8<f6tf<nI*sX<d%~won-Axp)>~A>~Nc++{6e
z|GaC&eLC9ez?7yObuwA?WtQ{(s`r@MbhbGmM@d^_Z_W5RIUZBF4*ewJZC-bY)8obr
zQ_K=<)igSPENNrRb7{pmEFxGHbopTPs#w0$_|SuA*;-w=ZAAnvBffH{dCy7K<2pM8
ze6EU=C8-}XUFVjdM?bWX&6}3F0Hify1CEaQx|FQ(oTAQ#Q%U9`y{XgU9FP42PT!vF
zEg;kP?HT*yjox0fTe6sdM`o<!yj}I;bTBfj-3-fjav%*WVOxi(?!g<l{Ad0xwBkqp
zEznN`m*05L|B5mB??6mG1@l{4GF*=Tz;fF{0KW~6BKbS0UtS`;R7pGF@uHMse4<>A
z;7>#dd)q4}{1N1;59`ckLXN$jejq57f@QQ@(K(HtKM$K6lEv#5gD_#9Tb^f2ib~pz
zfvVO75$(eSj_M2CfOWepCRU!R7J`=nnwUHTs&YrM^Kqp_W*r>z@p$7rJdpV;f>_Du
zt@e3@V<_eC|CIJTm<j}a#B2DbX=0*|O15b&LdseQafz1#dV_SC>R+$hR()W!3CHI?
z?}`Af@yAyIUZ%F+zxyB9735>ehm42+)3(S%OZ?flzgqQ4A)i}sMf-7ud0KZ2HiD3X
zEDKb511M`VT6@3eo5Jpurg0KPH5)X(!9}DkqWbu2RV>F$s@l4sb`qDS&cpzVTin5>
zdWUk(o9rV`Cx3gaC)b3`Xix97-WbN^3p+2LGnuP)!niY{3^(umCw-RF;Ou|=i7cEA
zrgAW>!e(PZz9lws7ysyY=iyzxm8e%hSk)4XS*>>~Ie+nymbG3>LtOFv)=4NX8}5mT
zQ_HZUSuB=C2ex0)zmEY*kGl(7scOkaLsYq&!|jHG{<<GC17~}2J;7@qUxHC8CHjaf
zPwY$f5RK@K;)p2D>Bv=gHkkDA4l?};P<>phD?PzB!{qtKpDe0fNb3qH4HhQi^SRew
zMs`u)t^kG3?H1qi3T?y_f8zB9NzMh~or;9jiovXlI*;2Nm*DisgExvYR|U&F>bBsE
zj<*sXaX;y4aGZtjEM?gsH$nt<Y~lp^j|{rLpL=k9b1AR%Lv`m2-udc)^w{~TaI9YO
zYldL7;K~zMqf(%hV%$*UHX8ea?y8M8RMYMnlDnpwjLY~^%)Be`wK~KBjSd*kSNx&d
zz77jBDGy0d;Z|Scd1fcxIukKt;g(hArROmDX1-eaA{%Dk`z$;*&6HgzD!B4h*79Ao
zJrgr?N)#sI#uZgIo!$^LEl1b)pYm{Fa55?-Hs$V;K2M7x2b}cwVx_5LuEL}*6p^X5
zJX=1a?60U@@+2FYWb1k+T}Wmw<BQC&&6@6=y?ev0_S<L^18%th^eph^T=n!-f3~Vp
zNTMVIPBt9Ip6ym)uvXV%WWS;lAC|jZAn^q|t?ZX2Tt9KA&c<5oK4WA=&QhmI&S&6K
zmMow`+$}C67bj*?^2P?D+c{OVH6<)(?S5lHV~Jq#z{wWhGATrZ!{*DEYMJ4ZfT5=Y
z71Qvk{AvSAk@e@691Ry$sDq#sr}D>4{6$ttW`-xZRYrQUUsE?MeW*-lpGbJKsKt?D
z-b26O(7v@i<WKm(H{GN}Xy8X?Aipk*+oxWG8tJ)rLyeSgBnh$)7gfv8@KhOZaQrMW
zl^i10o8B9(tM2h(?5%b&Oi6c0?Qlmi74vql;ew(IxToTgbd<jj|5H1ZJpJ3nB2BP;
z+llk<x7AgOxS1B54OjIiwdlTRfwuu0(5JiZ(t3}Njd<AozJ#OdP?7j4LpwrS(f0Qo
z6LgPE3xcjQL5l5{IC(TCF}Gd?(sy$Q`tY4j*8L-XI8IuX;SNFes`#})Jk)!k97{o)
zvHW5pJ<ZmBNnd}ns^41Q8Ry%^lmumpH{`>59T619?)R#s-v?~*wS~KQR5wQt%_@&C
z7tRtd5&FI4xY+iiHJeqTmvsU@Y67!MVdlJ`C>CD{$rYu`tokyb%I;!{$ao(&`2^3Z
zV|;hH{Q1}lUd+)=Ih`Y>@aJK7bH0ejaC`KO7&IintSlx+1f8y%^$~or`Mb|HasQrj
zsssxmD@TUL^~bc6o_vq3V|;ZQF7taY-3Yk$Bjf9<YMNIOn9KCT&jh5}l^1pp=CsU#
zxj!w9lnOYc8P<ts0`&Rqh%1c{=OUS)L1Jyga&d~~H!~yHY@37U_a2S?K`@27dBx%S
zhtA$5l*FV=k8?4$CC=k!0nH3u+O(#db9Xm!AN_DYb3XL>_8>C1<2ur`T>b&-)8K6R
zhd%_1bii;aL-f9Ao5VGv(?+B9k6yN>!)j|rN1=1YAlK1gTLFX+!={sc+MeI(x=I_J
z+4ZZJ+O7FMF(^af<({ZnlFRP?t)7R*s9J+w6=+VZ=N1a))VY7robP<PS^TX4<kxVQ
zE6+IV$^A8m0J2qvyHTjcRb6r-Q!B+xv16)R7=}0%brl-H46Qy0lyyxB9(~|sbfwOo
zOM;-{1UfT7dLPpo-A1}?@&HbGvCYh*h=avVp9b}*ezuSMiBbC`Nwu?zdb!1bKO&f$
z#Y(O~W^;`@P(Rf*GUn$<tmC58xJB_VuKC|aR?z=9obF$tl^tQbssz5!wQ*RT_on7>
zwuvF^N_5R<e|Myd<XV7Qd1G>Hb!V*aQ=1R>$Se4IZAu#1j1@(qpelIItcn+f<3>+?
zyu!V&jtEn1##isOZ;=Jb=ud->J!mjC^N3(K{lXsm4+a%-?03RaN{KQvG)H9mdUEnK
zu0Cp-kF1IwZOLYmNSrBhN^#NZGPOu|Ff<jFRr#i3si3!wU%#vstQA{>{uiYAkyI7d
zl~-~<kj)=C+d;<8%;n<%N^i(jsfuAKY9`f@r^_!d$p)Qq8<$g$GJaEC{KNHW4kWMG
z<1+JRw3)C_;8l!%M|6DkL;6+Ijev8XT7+9A0u<bM%TA1xW_N4yd8+krNF!Y(jC-Er
z59gL2Rh5*{yYU^p-*-aE=)pv$SXnAsvgOHczT#j9m6-9ot?V3Z%r<>T<Wwi)a@SLd
z?)K>Pn>oJSz9cjDlt}XGDA?*8&u9I{>}Nv=3eG!)pBpI7_3AeEp2u=cphuO87j*Mv
z&?*OC_a|Bc**Q@r^^}yT)GT#>LcyuGR$Z2F48S93R%9&&k6^|$g(<;Rf6YdF#I`*$
zX(JxufM*ImxjuA7Cc>{_OJrhm&nr2<YLkjf|4<_$&@T3gcO@cin)<-_07;#Zd5vo&
zgj08YE2xt1>b-_@wr}QMTxhs8f}Wq^VeXY)%Y3%UtyFFC(m-dtF|L#^By;+$i3)ZM
z0JXFV4Um$KCE}-PWt#QVifesOcE9XONYEs{aTJ}6iar*LB}6h@E;6mdxiv&IEj6q<
z<LkkIcV@7rQ}s<u>0$He8N^FDX27r^;sWaS`XcU2lQ~CVRp3bZ+;00<`9{3+3l}Kl
zl$Dn+@*|XaZGoIMp%h@N0MlV07<Byq|0?i|0(h6(#H6<^9ZCu>O6o9Ir6Pi7o&TxE
zwFwZc+4z>$5m5CV4I;>wAF3Li>ggS+>;3-Vd(R{QY`wx|cs=gAyZapuc6$f(OETxC
zjB%xK<=v3P76YaWr;eJSf^W()@uZmddROgcRxmGZ3Yb|JKsCq2-PE2%xWIg_GkKlU
zvseCBO4XU@Bm7tQ8T63)Mm?@%;7(;b(tQ*>8u}!;>T)RGZP^I6fJ~1!EoqHaMw?O1
zWPPgm;>Bg8?ek=<jSuKx;G^Dh<!MJxzJrf9oTS<!Z?b;Z2X2TOLzY;ASD-~EhgyxJ
zmyHGvXcMX-u?cYfh$mNPzrj(h`mV@-F$P_K__s0WkuNCpr!nZphv*yVp_LFk$K@lg
zGRSi;ot$Huc~;!1p_2<lnaREjUn*%48^S|fYXa5<UO-28#2r~voa3Ga978|vJNM|U
zys;f&sF{hWcDLjbQcJbb5I8O3ul?jE?ES(>yaeUKmgF%Ag?^e-cE~&TL-1W+<^ag(
zqM{g@h-4rdYq}wk;obog2&GA5p(}JdM0r?cwcuK_0!Nx}B%O=worxknl@g4JwKhcd
zJ%96TC_dbEG-i$t^}B~W7VkegEHm;S(Kt&p4G$e((UX$V&r3f;Q7i2gnBU}@>ePr>
z4=XBcplN}24z%lE*f4lUw~F6TAY16&IJNdvt748puT1d8vJqPV%hXMg)cTTb)yMNQ
zjZeki`G^+AR;J9W-gw}QkhK5+MliRXqV7LPRR?uHjyD=)Beh!*HLcGAs597o&Fo4h
z)IYr8;(jf+!ILT}rDHMIbHhy<U>+>V(yCr&S7$-mF@rLnn5SZ$P~4hPRZ@1{3>Clc
z%Y!=ea0m!c`eISJB1*$~)k7~9Lam}2Xl2yNH=T>k@oXVf_-RSLckwdeN^v$yfvs5-
zts4{fD^xqO?%91CJ;jk6HyBAzdnr)W6=&|Fei{3_pu5SV^Kc6vO?V;mU$%!(Zj#jc
zibd<T9%JDNTX$Bl(-8_66r16GAX(Mzd!JuV7T{1Qb1eDL+@zMop54)4GkaeG<t}z*
z&Gv<@j{Jx~pkD2aY6KxcENjldYtGAockHO@<G;VnzSdD<mla0T_1$p+zN0X2lR8nx
zx%`n3UMo*eIJkbYc<7j80^vy}0!j+x=AC}O`GY|Ogq^K02v*jau2Z+GmroK3Og_KI
zzV^hn@rjAkBZ6`oVigB+)PZqqGjoo@Q<w4rwoKxl91Bv9x0ak`?L(VMr8@X9>qV!l
zJ{x?xXIs==-`t3KsyoF;oa6F9cFtRyFy|>4f>^CD_M>gA2pW=4h);8Sat#^pucDkF
z1LM5?78^4@u@mI>z%AZJL~+ddRI<$PzZkm?KW4eJ;kT2bcIMxQ4qa9+Kyl{Z)n@oG
zY!!Fq?UeL$T^A{jl|S?)?U+>>&#QJbB~)6?M*g^%q5)iD?}(kxJHG=u7<^9llrGJ2
z`5YAV{Yveuy3)Xc`C>|kNu9BsFpnG{Hlu>)gsh)jJUeg;#Bwfo{z7vVTqm3#<L3<N
z(;@%NnV~_gu(&*A$VN;qj(KqCa+-7PLq8Oud|LH1=XvLpeo@2e$;=-wz$vJa@M+1$
z;7ghxOnyx|KTkkyuX;IKyvmsfKRZT;oDqKF;m>-X1Ci~36qn#qvk1GzN<UQ^5#b-a
zeGJ{ST+#={_fg26o@e}gfp6yEPEN8_L6P|RKC-Qq9V_$xtzmnS6nhQk-rQpd^@rL@
zb}=!sFApoRl)NOG8#1t)S8*~BnI+y3T<Hn30VT=aWFd7C=D-_;nEG)y*&HxS=A8NO
zJ96B_gh!Fn_aG1WM3l#pgxpv->nAQebGv6`zd`8KoH)SAe2xuwor+y>w!Qy1$G&WZ
zDvNAI3u|>$bn_6y`J-|HG|$Q>-+2oiU)GU9qF!`WU!au@KB4rZsx><J3bP|yJ|B=_
zQLGjL0G^o}*D61_=pRtrjMPZAkb?yp+*eN3juw_wRoXJh`>+s%ods=!&MS^iwR}20
zgAUn~NppWBS=nA!XQuqV>6hQ7(i6d~RN}g?qt4xE?nN=D5E=XY*%o5k-7r2mwxnJx
z|2gJ6?_6*A3OP&Fy=>eq@+L>If~Z<QO}5UI*b&tI^=uy>(Xi5(Ykdzk%Ze*%)@f+}
z1d{I{-W)QVl_QYxP>CeCe6)r^^A=P_m;m~Vs_n{oaMaxus9diCd=MpmQaqM1MimQW
z?~nA`0EGkCNokZ{IuUIQ9O0~wx*Xsf_{Doh0r)9F-&c-AUHWPdO7~r&p6CL#mXQjF
zrUPK{^zIBk8AiH|ZftB!8B~=%w>d~FW`nj`%kidvG^W!XHSgcMZU6(k@E-$==TDqC
zVuURuV5>KImTStkaJKP#Z9HO!Y`(~fkOdepykolhf+`X{QrR#BKk>&=?FRz5f52d=
z*_z&7KCqgWMSBW9CoVF81IHWFj@s3gCdMH~(i11@@r6O45C~)kZ|KJ#?vfc?5Pr4b
zUbC~8h}7R3z}pCh0Jk;^{K1;wK6=GgZ)->K(C7)Z@xx@b<uBVX*Ox>mLh<L|OfN29
zUr%fY2VKBh(?NI}KK?QNBC(smYYPA5K_CJgP|=A{DG4+`(Y%A#_aBbV$Gas0AI~E@
zxg$RgUu1dNM$U5WTJU}LYhr_#v&UYbZs{Yq8s|MC*(mOQ#w#aIoWqBi;AQM}O^j9l
zsKEbi7Y1mi4`z;*xQ|9b$o;jw2}`_YmDs%#C$8h~pmJ6C>P28qekw6KU@QM_u`pn<
zYe=TVIHOhX*-c9VL91dhptyMSw}j|8Xt_K}Y;VNIem3fGcWpxUrJS5Z7t-bVhL3xq
z5R|%5@b)Ek|3`%FK42e|F#<ENqYwV+Nde&^G9nXqw|ViOO3j(I&T)La%DgxlI=fzF
zix#Z}{V_3M3#No88wo$3q&G2#_V<o-VC5O0m67im5M6V<TD?HLEW1M>?toW#*@GJZ
zE<!o+#XneWVtIA-KF~tNUwtA!5_Kd_GCiHXKYsGWeY|$Tk;*sF3IcYrcMe{a?E?kh
zVjjF=5Z+ZZ9RE7$4_wp%kzs3ah3B;Bt!?QKv6Mo6`Mba$M3o`I8SVa~Vi(PgRJO2z
z5JKr3Cqod=(pgR>A_CGGPZA)q(?d>*Ap|o7*w9pXH#_hysyC{<zzepOXA2QN+<2u}
zv)vYaXuX*cfcHu}g^0<Bz8d(s_8Y<XV=_kU?A(r(jm^PiDWiz}-pPl}QpyH&>+6LE
zh=L-TGZO%op@68%r9`+D-h^!bbQL7Kv%#@LctH)gIeZcam$`L}t8F)4fFq1x_E*zZ
z!fEWh{l^JRZ5Jktu|Q$$3|=FDsKFq5*`d-Ca~tUUx)I;iAl49Zc{`G@d-|7atPSG^
z*9JT$Z=m9D-Fk7SZzb@{4Omgy+!sc66;zsv&a3?2bqEnT;dXWhOYb;xLPo)JTA*#P
z(x`q4y8xg-$4y$xv*;_Yn47hn?-{WXZ3JwQ3=Ohsz8ZBJrL<N<vI)8(`zC^XoTE1o
z-|}gp^BcnZ&8F~9VdpOPl15<yjxh#8MCc;WcBVz$MQK)z=?*E;rw+KHbC^G;WwGX7
z70e3YFVJ?DackXpUn`m&1*5FJRZE9-+Pb5VT9dsa(fygl)_py7%B%VS_~1Pg#Pq+A
zCxvyP&P|x|p9D~yFURpQFJ1vQ9}OKFr>u98)m^lLRLRcGi&R!ub?*i!ZQRg#9Y#%K
zKdK}XbcK1;U8C!JK%15YZ?-F9jyU4o7Ov5^ZR0((W~Zl_>iGNNzWJQW*5~%XK0j;=
zT-_r{V|}yinJa46kv3mCxp@YCqX|@x8;?ao`EVb@Tzb~Gf$IhIi|qv*=uq#>8zzar
ze)xoeepYXh^3yZN2bL1%zR!_Nrkz8Nvjb*g4Mncm=RX<kf8Lj$ac-B2tB&WRx2bh9
zEXOjEQ(B)8a=mKdIr*a!tDbRl!f``sF_xVEtpqdGQ+qFLUG&lBU-hiAQWUYj3kQOv
zs?en?yf+<*u+K5#DQ4c8SU707V$Xc82G7>t=FYryj4DmB>v+M$Be{UqgC8?N2htc3
z^iph-ZG-dBtXfwet6r+-<!itpBM4s{{|yb^J&x{S;KQC%7I%%@cOrsKKj^XDv5$-`
z4Fc-nGyZD>X#piK6lgAlXmkg6EWU-1Z26k=v$6Tol~NI_%&!-BfrkCh$Mgy-eWp+`
z+5+HO*!Y}{JUqoYVzF>HDNZz}TPrc<ZI{CL46BgbVwtQ5_Jr1Y`R}mzvt$9s7+JcI
zB_tIEl;kX?@_;PLwH9Xe!4KbD0if&WBXC=S_bLm^-!jNox-&;EVswx?|5_vIY9q03
zoL-?Pi^ha?AT@@wtJl0Le6iGtGVq2G$+jr~fe^nuA;BZDmh8Wt<C<}^9`}VX5U!)p
z_d?!KBAM!`;V%#Q_J;7obY_G|xfDXO{L*c(^Y>9Ipc6b^Ub?N)Lj@3IcE`F2?T$_!
zOT!h#XHEz`^zc}qI{yUVF7d+2h^36%h~<o1;2$+rdd_@tb#=Al?587jrm*B1fw_63
zT10#v-S5Z$DRsgfsJDUKg0K4*nWiA}^#(*skqk82|I>bHLG;LvfCEU*jx*g>{$)wH
z>fiBZ1sbz!+P$X3OWa+cop6l`R{<Q>k{gz_;{Eg+Z92?=m{V_fpGC&N;@k8)zrOdt
zbn=vKmLd}`VcTZ|bFtR!xj7st0Wqr;7Fl&A=n>lW`;1&+PO1Hexr-<tfR_|Ff`(N+
z`%z^U6h@~$I6iEWEUd`Wcu%858IGL!+A{Hq8Hp{8OGcPX{xT_4brZKYJ>7vv@8UJv
zDpX_ww!JyS@RRZjWgIeow#lk3aQbPS2b~#GdDeQ9vXpvh=X9+Y7TU>aE&`?oJ25e{
z245z8!aF%TF>5N;XHe6bPy8F-c`9e;zB5tCZ+&C2R<)zm!`X8!PtUm4OZvn6B9GW#
zCJz2+(@Pw|j%SRy&ZV(=UFly-Cnq+#(kT4f8S@`i_T~L$pi(`5)w@o!_|~${$PWua
z_h#ZS$YfEr3v3NzEvh*(GMd$e`n9<%q~uw(<y=wWf`RY6#IpLBl$i?On}e5VbgY^l
z3;*V~@wdX9kOSx8p1mg$E5=$peXAZf%%o^}R2OAkqjt*dUvJ$}xytO@CxVtT4KvKu
zL>i1O^a7JtA$rTq{B-DR>7>?a3NL9VE8oWXuMGxU(YfGw!AEl-dyC1>SA0{O2-8Xc
zMOTgov;DaEdjrwpFG<g!OeSUKkg)R_;Et8bqtB?-P>^3Hnfr3pzWXYgIrGvzq9G<d
zrpkZZb{#HxCFs#^_u%98YlW(4UIinU&k$CVJBjp6t2&?Hz+fIW;uco_2K)85FKpw4
z1K&L?#$N0e_~+R17YVKxE}&K8ddUP#ZsSv;%M(EfQLTMmMV0xxdQk>a)=d$HWDA$w
zq~a4n<FeB_m@`8+svNyJtaYEu{IU|k1bh9cH2Sr^`b@$tVGlDkv;&0hiQ;t!6*!d(
z{%+Aaul$v`6M%GuzJ+>)1rN7Z01bsJl4h#osvG44?`CQLs|_5fly|2Pe`E?F;xie+
zKVo)(2Ks5mNW(rC2&Ra@-`gv|i4Oes2YphF=tdx-pxpQF!04!crQ`UK#`Vubp7jqr
zkQ5Y8{wHBTK@Oc3BVOi+HiIt^=R$y!^lB6dtZ_UQ0X&O;C^7yrZV)V9Ys#OLk+Eav
zog>6Y0!H{qpeYncWL7gAdTohj1j4w0Woa@NxB)!DII!Urt-JQG{2f%R)!`bydnI8P
zUo^%{wc3WKLqW?G+7xKqV;#lC;q~VOD$%-Afi<dgDZq=09M#AZr*7My)`&at@Xv`g
zvGe5@za&1OrB{?gvyau;C7ab}$!8OAsh+Rm8qAy~r3ZFjc2`}Tve<wy!q3BGdd$=1
zpQ{b(r)IXn?X<M7Cd1uQRWtqJ@v1ea$shhcH1#S6FPKI@HRv<<`<Vv!1#%j0Zx$xT
zPHFWjxGDA%!4u{z!el+&U^Voh`t2<Jj{Nrg*J#{e!W%1gpP9liSoMzKT-Lhx>JGoF
ze%!2@(eqoc5+$nr{Ph(FxS<&%5Kw}32_3yJ__t=ExgFs@fz{W>Vsy5#QJZ79_zyE1
zt3Hckvu#L|z)OLjJX?pLS!NqQR~M~{Ku&JctoF<a`D~%n%oN?khY=<g15c->8hk3g
zBsHtQ6(7uHE2Tah4i<VWtSHK&*3eeSfyAnR9+J-><JNbSBBxn-X@Uhx(tkxTdSDi8
z?F)NQg&g$4GJhNQ7!f|%h0?zKI(){f*Q$%-o8yCy<nmx@icY=;H@QjOx~jXCMQV{f
zMe~-Hv7B}hUd&I=(A$c%Sk4$&k8s&rj6UaseS>4tt~f8PGukW~YJkXLEp&S9w_yOq
z{&TB<3Sw&9ki6$X)Sz}6``m^_pJ@(`d~pW_6R@S=4SOyROo<rOU5e5xNMY>MDg|2g
zd2H~DuN)NPV{;42PN9oYZduN#MMsYDAa!5IFvD>3FlK@Dzb;=ugT(sxq}Fe&abD4T
zj_Qz|yur7f8Hb4HWD*y2n`1&l<nxR24p;M4lvs1WspPYjMh{j<a!Yj13@fx#Yzo_D
z=_tZ#qw$yK*s1qjp9PM?KPOW<50XtTc}6QLB-1vl5ZIJlQE`iZF{3Av8iAz{G4ZvK
z9<9=L9M)76Qfb>5R5#h}yD{OAmj9MvLQJ3}BVJR{;#Qp_WWv{}>JrMGW)T1+w<r?U
z`+K`Fo_;20N)v9Vqy-Z>1JBu?;Y&9GnzKP-^m{v3tyxc&t|W)on|!j?m(G`kzV2bv
zzS9_99WC?gEMOML)MGZ|St_k4lm|NEVsjeQRk+-SC=~P93Zt7bl!3}Cy}bBH!&^(k
ziCLw)f%{qMTg|WuN!@FECl)+@2vh&*zVW5Roq?&F0TG(X`Tw*_MP6@EHelS9_^sdl
zuVVrItK~61m^k_iL~S1RSsuW<{eBwZQgs#NCzk=D)BaC?$6o`CB#-8ay^*@TFrWqn
zcnv>Kw%I%^#oH2KQfH}^Xoo^cnId7ax}bCX#-^FF+S2{agIg?@k^CT2iCom1On7Y2
z^~O_>?3W;*+X0OTd3Ws#?pY)rSU?ERhFaawXh*C{M$f|TiZ0iWDxkU_;LP$)9BfDp
zO}G<+$94GF*;2ey#l|;s<D+0BO9ccQ5m=So{f)a*@I`Jb7b*x?`TP|p?kvK2yA)nq
zY$a>B1NT`ohO&XCm($9KQRj5^3oahNopRV$Hy!{R4>U27Gxuv`;ceLdEZ>h!0=qht
zqukjMj8&<=p&zGbJ_}#hG7c1?hx2(ccREp0Wmpxkud;%J;AbL7-e-DHJ*I!;<bGv2
zUp@^>(e>nXay2#r)$196bo+n_eE2B$UG!$2jVoV*h_P>TQEwtM2&5B-vec#H*tsOD
znB?21N^?x&{696?-x{s(bGYE+I=?B57K-Y5JJ|qRDewWo##2(H+0ri&+<)9``&lzc
ziMB((5WbG|KZ|zo6&A{>-2OZjswCNyWZ1`vA_Kxzqu(#E^TE{op(+P8yLoAYfOl^M
z)VNdpuE%Mse8G8jm(#zcSPSJo_|zo&OQMO-_MJQ!1j}}QtdKY(mcQif;o7=q;ZrQh
zc5o!w@1VzfGww-wkgoq=J{<Wb=HV4Z3+`pd*4M!{Cue0ZU$~5#c#u$0W|Pp;&DesQ
zpa@Wg(j@}Ek^k})AgoSb2R34Qi`Ol$V2J7zM9`W3py#SgbiTcDlc94aURs`NU6|K>
z7G7A9yf}I<yW~d|xOrBC<}#uEZ!h9Rfc#y6e#?7N1W-2qxu#!XW1^cBUS&(raUn^A
z7vKtfUu5O@hv~ARX{W51;7*nSRWyaG`mBl@p)HL>d5^9>io<f6FN2-7ZKBel^d^%-
z!=>Hq5>0Dh6_^vQ{We}X&6zKoxrOlm1gHd8`&HVw;3NglgE52WK~~^-&ER=9p;sC2
zDcnUL8rAdMUl;Y|%pNV;ixfj5W+T>MBFsrgc%F)0iR~$;i_WDYDmh0^S<a;^Bs|aQ
zor-sr0?!lbsghWdE2Y;Hxf<e9$13P4s>a%toao?rFlO*P$O=5KncjLHArlglkf<w@
zoTwj@oTwCk@BiQ4{{-1_9Co^>mtM}2ODws>lED>rX2i?_OT}}@7h{JZ@=0%m7{6c;
z_uaX84l~RNzKJ0jZ(!a#rU{xf33>zyYKdl31Y3{@3JtJ<J^)FfNwwsre9&t73@=(O
zh(JFEfqt1;Sy`D`RoSP`sq-hZzAt_up32I9m8VYy)TgY|XtPwktU{Fx0XPio!9247
z0DS*RL_t)wL;=81e@oP#ohbi(39!KPASv*?FnAszqXo~KOXkb-<ewv(Kk3BtASv*?
zFnAszqXo}{eZlhpCJvq#2G3JjU)bJTS@H@A2?fs^AOElK7h074)&C45O6sq;zLlNH
zo5?0Qs?1fZ%6??w(YH*?%D)*Fu2bq(Ry1|8DcE)FDa{@{e-DxZ&kNH<&pR{N+}pda
zlDl1<=gIQ>8~swblam{|w>OLd0JP{UQE;)<pb_riA<&iED54xZNnjvh%dQU}VA
zaxpTcxzkz3WSui)lBHfc{iw#-fhxB<_4^P6>Nwq+DVRFe1f19N1D*#-f#-$kp6B&f
z_VzY=>*}@ef2z#M#`Zj`j<TQ8q-QkGtGptAR&^P&T4n6E$9ub7Q$0Md4U8sPFRe0#
zkfrRfY)wY43W`d8b#p8SC{C1nmDJY>PVeD|EeEXYd)DB2kQ8`cn9g~g-1;i(NS)^m
zm9i?ylI_89t7L+yzM^S+UZ$JV+)bQ$@Vr*2usiw6e@Dqur8UVyg?6u^l3(2%*E?K6
zeVy9r=`)@KR`fk<@H|KgJTFW)_w!0-V|ku>2AXe=8I=(ggiEQmrDv2Cs^qwr+NIMC
z<z}0#Z(HEfj(OB;b!D|GI`_L$h2<-<s|A`@R+EK=u32+auk*@k{z1>HnyU4DS*3P~
z@=oSDe|TOyNI4Q}WO<b?QLi0>)+A5LRz)Shx;eJS5>)qEU#D(*viuK@9u+l<v(<gi
z8axk@0?!Ncjh8<W>vLjZ<H<Ka8z(2uuK%z9_@TK4&UJEMF)~-kjVpN~mgf~-qMlI}
zI#S_zh4iR~`B~Xe7?PZTqc~MsS+o*`wOy&#e^pmho|SBFJj|R8S1UZPYS++iD_<9D
zQaP4f6FtMS2j~4b*EQe4^V&kl(8EWMT3VGEQ(2FK)|Bg)RY|@y4dj6quzH6p2-K;Z
zUQuWb<h-6A@H|KgJTJ_@e{s#eb&Zoheeq+jWS*m3&8Ug;lAe^jLUB}bM{(`P-McEO
zWs*o<!Pg^EE)HdHRmPKdRV7t5U717giYjMS#OPG1ntP?j^K47YBiky!w8t$+k5zIz
zJ<5L9HMha@T0`29XHH6+3bJ!0Bg-1*R8_KS6uvd4=L!7jJ!>paB5PYpnN=x`Fgv%a
cQ~}&56eUNvq8eU@?f?J)07*qoM6N<$f*2SP!2kdN

diff --git a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png
index c6e1215e4de188a6e4009a1db9ff594254661d39..8a01ad0dffb9aea12a951667fc57971f7bb5670b 100644
GIT binary patch
literal 14617
zcmb_@1yq#L*7ks;bPWhnDxffwbT^0~9YYVGbR%6#iijxPrF0G54bmx{0@5Yj@V{f-
z`_;Yw|E+&5U9*^(^PauW+56egjtN#$kiof4ej5Y=;mAIbQ~`mIJ3%0%=NQPqJ0&;T
zkAN2>M->@yP+|Ywb>I&aQ?X}aAW(4_)}<jT@HeL26D>y&2)7mSAF0DO`#A{2TPQ0j
zrsk@@oirV$z8bf3W%@n5NB5l2zFkjdqgu3EN_#twVE7$lh4iOPJcq4fZ4M2cV*hmR
zIGd^Uw%O0?cPQv4V%uJGlNrCuxkVhghsn^U*H5gJY!MRw7%2u~*XN==@80M_X+b?!
zSZ`4@uNanH-mrUx>!F;xI%&B(bu@?uNG2+Q4*_0M+1+o04ZMy<$wx{W8mL&nz$ZaD
z*x-|$*^B3Um5v7-rKP2$CIczSXLPwk0*<S_0rB;`R|)gpbu~5QEcbw~cRa)duXLSU
zj2AWtova)b-Gns?UUxRc+<=a<8T7A?=Mz0Qj@FH1iuCI|PHd`DfnAft&_jGKJeQL~
zY_E=jMKq&>&xcP8E_SLXzuv5V$yz7@&iAF?11Q;jLB6Z~rH<o=36g&6rmNnU*X1s)
z?ZC;df!yGyl>?gcxk_Vi0!QR*uVx#scPbYMZ-GGa{It-ST9@7JYMv@h_S;FxXUkJl
z@s0h!#u3jjz`I^mKm3R;BJbOzSFacGWa8z0G2!}7r~_}MIy_`O?$?X+{_*W~;|TC|
zqIWo8mz^0m$Cb||t<RiJzkC_zIiB`u<Sl8;m#e_eUI-VP2^5-mI5~W6DOaJlb94Cd
z#n;7`PAr^(3(7q26VLBi?=k8IW#6~GT3hL(xPFU}j*T07xl&1e)7O<1NotdMrO6Ym
zkaRq^iyK}z6BRV9)O>H+Fd2J9%{isV01_<vO}kKN<vq2)kyLh3mn@f_%Dm5ZEpV8J
zns-4Um~U~j(ed!1YLT~$n_>Ny<JGs0;de>oo=8S-a@ug~ucoK5-BS$i@<F<1wr`V!
z=Lh0}r8ykGp6t$_kWvEcRoptOlJ*3beG|F_69%45#pk(_&>U&&#MMLb@B3QU@tYC_
zTPoHI`mh_Vk8s_AJk4^bq+7Yf=TkHc;yLcgUZ8j;HnmovhH;x~JuOo%xY7<8BueVq
zc_rML(2dIT@yOf$KCN52Z9Sg{Wt-INUYCG?i#Ig-S)B!XxO-i#tda6Bg8ZGe?nmyh
zO*GD!I_D1u*2);s%kNlo5<>LdF0z=Im=<yo$Mz5}E^BC|tIVO<on%IBhUx>W{)5-8
zowIuItO{WtBI&*l6LgmOMxGz}=wqe~o#S`Eu3&1W`UON-6T7wJx|p}hvB<!IJN+P7
z*3fX>Kf|}|Th6$*Z#MA7>|phro9;n$Vzq-4TnWjj36@6Tc!78Do#G)5Si|Pvx_IPs
z(41d;FqTN8*M)P{2EsDldK|25<vTR<n}@mFb|HWFDdYm@{Jqr3n_Vce^TVzA(fLj+
zM!$fn`k^OqSI3p_NdhjHQs^L1teO?P%JXOuF!#d8;<T2<Ltdd#D<=;e_$U;-oj5q7
z&upCFc3-Gh@OT70W30newFL06qEJE>aWk%_joG8H!N<HiV>^tJclmU4GUYb*j6F<P
z`%js0K_Ir~30QGm-R0t>UpH2OBs{wgb3s?@YAz>=BB35PJi|X8MsVQIRM8>3f^qPD
zF9RRa?HoJN_yk*e<Gs`yN)5NZAI*zF42>s4MIt}`Sl41+QA3U0-nRa=(vu@BbZcb+
z7gw9(!`WJwD-wh{Fe^CQOr6_Or;dn<GgQevD=pMw3D?KYXx@XG<#ZDp5NpyOw)d^s
zuV=S!wBai<PI{L9ReyloYQy;klTQ*72t=QN55YdZ&$~MBc24RM#g+d0s4Z{a+j7TA
z9|Z~YYUcwwR_pos`ApP$qgVaB$dkaQhgahb9t*?Mp8;fEBbJ4;3A+CH)*3eN;kfdE
zH3T~!0YHe`@;tg%^a_Be@xkU6$JKtyr4RthZnkC=^?8r-G4B)%8(ePL-W+y{<bEmM
z+*K4h0FKUfpq`IMq&3J2Fl3%bcwnjn|BKQAVI6Jl$F!f+&%<thG~X9FQ{sBBmvU`m
z@8)(kSMRZ~52*1ntOhouEuYJFn*lJ8L2?WLOF@HVC|JOY8MZGX9B`sFBO(X69}M_D
zC{zq#kFUPaK!F!g<KKAvdszZ{h{wrJK{+-xq(#>98(ti+Pz^0)K;-7~%2LymwZ9Gk
z+x0kuil;Y6DWum2X(wt+6HdU*Y;A1;C+~SYX^KZBh%rt8V7y!;N{E2Vj;?m>Mf(})
z&3Rjjh__YPdBQjA!IZko-RtjW6g(z}0491n?=X}ekZNdZwxS|H7MmXmnZ2Bin<Vl%
z>bd!RNqCfjxV+7;9o|=6<#t+t7Bymokaq+P4%b;e$KBM72%HY!Nv_|Yqtgffy1bB#
zghq}WajpC0D)c&b^MD>T5*T2Y-8nDIW8xD==`_uOn*-C7+5Pc503elMHZSgvh9E$$
zn?U)#`{JnWfNotA);-`XQLW%mJv}e4^H>0l%WtNJ$0;b3d&a3$QH?)Nj~*HhIUo?)
z;O=CRw$0Z3$-Z$`!w+<~@i#BO7f{dExwRVD1ILZ|1uZ1Z`>GjF(Oc1NA+rQbg>!NE
zae2rz1cJYIEa}W3m!;4VeWhu=GsLX9+S@#a8j|Hxd@>xR<<pKZRx%2R39Ew0-bQ5<
zsZH(!=;7LVYfdGdm2T(#_dR!d0>B?RDxU22Cg~U${DIgtgb%TK=vTv7b8)~sCZeuU
z4;t7OY)MXaFdBrSWwTf*nJAXTGoox5CckXa+isoQoa<Lx7n^cKO-js6XI`x9WSM$b
zS5$xt`9Yv2|NTM0{RaAyHCQG>!eI;gx9y8q$@myp*d1)A=Mww^E@<!Feqd}}`xIMC
z^N7(0ZfnC&@xpSe{%u{m0^zRy=jN7tl70WAXT3@dPgC5Nw^Iu9^ZoM>2$ClFa<xB+
z$5erlbW5t=%bIskaanF|`J1A3Y-fv1JYo7?2+B7#q0bH^K3g&*G0`vhp=|;C=QZl*
zL<q~SX_DC7+ys<Y1te?x>T*&hEF9(H!Ya7}@0J(h*`@cDT4zij?v38=F3Z*-b&C@!
z!~{p>9cB=bdV60SZ`+L`PMG*)rLQ^;Ntm3;O|R*Wot^F#L?m|)rtEgmw7U&I<H=*K
zAX7&R;dR?)^je?UGQUQgio75<6#IA`Dhq!YTXwiBFNA`nNi=O8s(nwSK)byQHR=0~
zcyUJ6Dnw!;2z;zs`*h%^Y3U~(|3Nw<z?a)g(SciKB!TGizERw%SCm;!Gc1J>bhn7|
zH7bK~hdJ@-Y@Hs6iIsJdQ$pHo^NG==={OFvsgp0~WE!uV{u&rM9#yYy9b1!(miz}#
zxKe1}+JOF9Yo&?e9zO<v6i5^hY#!S=-u<z#$otN+_p!ku!dIH(B4?q0SxTUbNY&*`
z<7L3(_I@+9=EZe`t)$w=eFikQK(F2dh-mEn1^J933ul8hOk}_RQcJjt0^wLx5Nsf}
z1HiY4Wh<D6O^B0vbH+NKP<@G;1Kbb46d^>g@%sA|K;*n#_dRZTR-ryVZw~gd?N9XF
zZAB#-Y2iZnJsMqe3oO~x=Wr9xWYt7L_w)=aD_KftgLKs(F)o4o<6?i3z=8_!z?Z@M
zFoJ5Yi({3G(}g`I>4neFJg?7IXEFdsV=0w|n=yo4ewX+JkOB~>;Pt;py?+UogZTvo
z0eEX@Yarn4Jb!!>JKaGCk&*ibm;elDfdhTSfK<Xv#p%4INJB%T#YF_vG>8x3q=yO~
zZMcjWh|8F%9Cc5N&_O|>e!%-ESR;=JAfQw&3^2Jb>P94hyMquEESzR!r>B4zW?<id
zK-g=3Ismviv6{st;ABr7zZ%%eQ)`4~x8DOEQi^y;NZN=5e8R_CcJyvT@!k=s%yC{c
z#l=be<wOqarPy3RJPF_z@d2<jS}1mg{th%zxTLQ5<;F{^NgpTUrA_gkQ9egeI9c`I
z-Hjd|9jd$u#R6arD~rVxLaHs<FM6N&?^6z$6K-)g9J^2!cEJ{Qc>D{y$A!0;?(-a9
z_;?iw^}CmjOZFDW^?k<i@n|iGVhHOF7|i@BtyK?fuS2Awc`<HWm@*()_<ZL?|GMye
zAtaa1px{U0Zh>A!ttSn$NMo^K&sP0y`@B}-j#^T4I9r6jAnjcCN5}&S%nd2T$wXUw
zb{M@pXJx%k0+uso=vTZs6K$j?oaatc=zC4AZ&j?)oc=s8+{LO>wJi9jX4AY-&zGAg
zp9XtOSFfjwWk&D})E<%0xZ{AejM!c*s^d9r-eWE8;A(DZ#0ZyT@!ybwgI<{|2!YAx
zjE7Rt>Wm5WOL=u&Ed#9BbFsnpdR`sKM+|>&W=)lw-M>=OKLK4>apIVaz)D!j)~j=e
z^Rt%Nysc8R(bp4bs`t+)(n8HJz+OyPC}Zo}_I1h&B>|dU6pRt6G}_<2-Y-&y@S57g
z)E?i;CH;HeW$MDvY-!H?zZaBVa1Z)U@~?#qX%Il9@BI};G>P!<(o}_Dz~cMF;eZ(`
zWl1750``}O^Lnl{A^a&Di{EQO6Y(T`-+(WdAM}vd2m$z9sHFzM05JiV`CqdK;GsWB
zN5IPQ_Vj|^d!(A?tBaG?KR$6u@Ob3Wo=oR2>%X?*--tXdUH>=s|KF?jjvLzh%%`5+
z3(A#_`L*KQfd02@7~_F2ikNfaTY0z}t`|GKM;(lB8e)JvCP1XK);%Wa`F)G^5p%u4
z#`Ea`4DN60jiG5Q+KPlXJ?qAt7JA<RQuNcqmKu%i&pRC!OD>8m=F5LZ<iX~96r01n
zKgJrmyuZKQC`-d}Er&p}gJxP=)jmlx{=SQ^zA@tY2h0W@ki?qAVqLR4bAGBPZw+7g
zGulrU%r=2@_@VyMhu5mg?aH4J!3*J}=EBg4yWed6Sd(h#{Q^8Tbe)5A-NU>XeT*A#
z#!se}@-=xs{F86(2dJEcH|T5I-i}u2JL?F4W<$xD_fqHSioAPP(TZbW{9BwzX0-}B
zx2XK5+ja2P&z1X)O%(=7n@dI-SFBlK>>6W&ER!Yc!W8%j0bWp`hY+kEo*jguVVPn!
zQ`ISB-gH7brouSi&D^(+tJnNkV^Zg#{G;<5bSEkxJb+O=ct%vcex^=!GBm=o|9q|`
zXF}94E!Xlzk?i8&c}e6p?QTK*Shv#)V{6SS40TeO3Wke;v67BBD=|+xrn%1_qt>&#
zOQio;Cf8j^WM#W2jjyjNCxw#*?&S}okSKUuoA<uEb>W$vz?gQbW<^~0c@@$moqno4
z;YH4FpF#-5Ll!l+f-MPLxzE%6V8%&_Ih_-O5Bj}OEhqcj>liG&$($dcq}<0T;SkGT
zZliyDi1SkAjYE;E_Ns+O^%-VqF;yHcF|HaB<g<^?S&73*Za!<d#PphlZ$YNx*olT!
zYL(Ja`CFE}Esfs%lMg3jSEM5-SRy(sI+>Y-S#)8_nfP3W>hSD`zc=s=$XtNY>a{)8
zR!GXza?295y6(fyoG^ND_u)}XRpHbtrQp>&>SLsr`rX2J1#&(6-_GqXE{b!FGj3@F
z<d(#h3VpA4x<M71EAIR})!y5lGyzV*-pckQi3<%^9(@t|=C@mOUadT{)Le9~cl)x=
z+)*KO(Ah`NNQ~vdRPg}!c|DtZR(T5i1CTxU<*m6Xs2`y=#*}!J%Eb&k@@Q|(pAfZA
ztFe5c5MwLP%0Q52wPJ;rUTHG*7N+cB-+di(q_AcFj;8RjPP;Yzv}j4(#y{>!`b>xR
zYtXiRnW!nDKApx#6x1P=<<vQ>rNs8v%FD?NYTCA@3YT+J*7_^8`+Pm_2XYG*jND4l
zhnCo-IhM<$PggNHVs>b?DlN2q*h{|(Lj4PQP3QFY8m-2=LylJTt`GEfTx5-G-P0I*
z;(uD^FW0d8sKP3l&GT=9rpYuKmOmQ7{|*Haa3u%QTfDxy_+P_ds=0!^(Ba@nuwA&y
zSM{fjM>>iZE*S7~Aiqjg%#Rw2U+?s5Ke|<W9-9fZHl20)=FVICeDjc}G-F<d6UF&a
zee|>)ETjTS2@lZWymexFM6DoU%+<P)TUUQR>uTB|?tY>esrHO#0S?%EAn-Z!bi5F*
z8#bFX1~@({D(Z(=2WS@N<t5~Ka^mZxzhu22$H%2VU4(O@W1tWZnVBpU?|GFx(~HYP
z>yK6*J$1|$hMdX=tc?qaxw+QF5)t%9O=DRz=pQ&alIhHM<FgDwNAlR2bowSbbn~=!
z|NY#Cqkrpp=tLmf=Uy#8_F7|+rkhQ2UAeJ@K3#!=?cOO5S4oHKm#m8)+cL1%E%=Hj
zJ}F?Wf{b6o(%739i+$YZSziyfZD#O*&oRMsHcN(_qNdqttpd+Et8!T;Ss3!-7-gW@
zc>`$E$10lr=+EVXAN3mEjpQ1a*D05n+z}{=uzJ=LoTH~Io!)!5$CtdM&n^52BGiw}
zru~~ronwK=s?#GdDOBInUlrxbC8Vy~WpSxuN|sW7&{P`<d2f{#4wf6!7P212eG!`B
z`Hs(lN8D3Uw;dcJ%k(4$?iWEa+7J423&FZXlT-|vTllozp0F?H?3d-{J!ctL=7<vI
zl(BVI8=(*nI}3NS<&_V5ZaVrk^XM$cLUEvUy;t+1{V<@ku5C;pxAe7ky0g?Pd$C_(
zctjEY@HF~JYSnkI={{Cojhe@26UNtO6}R@^zIFFYIrYzGsUR!C%*`s8O4H{T!aGQc
z-IsV~dM+GxSD<jKn{0&8f?<OgCjXm39uYvw?8(!kFgePs1EE@@%L;ERw0YFuPlPac
zGd<;wBQPPFZIAZ!jW^G8Hk&q%dbnSOnbl@Vb6fy63Vy>ZFTL_$nyqSi`7Pa7Br7fy
ztUiDA5DrTN+k8s3&}^4yGpJia(8zO*9jl#AWmkIr$tV}zlH>TC$89FVZ~0x04xSDi
zGs}8$i*1*ACrWJ(j-lS3q|t*25iMaGWr$AMz9}6qz+eL-?xj5fYcqG{+v1n;JSN55
z==Ka5Z-=YX+`qy2>Qq^8P}+$XC`KG2BTnA+`&xHj+e!?J`BEiwOn<Cjnx7Q+SVmk!
zX+UC{0S<38fPzXtneh+%g_V{gyA6jged0Yoc*s;N!wfU<2q1w!X%r%?h1pzr6W6fu
zh?qCGti0M<4n$oK+3}WGd)hl3Z*x2qR38Jc`hIg%f6Ti{a%^S7Vct4FXJ@(G^~p2s
zEzA&iEG%Wu<9!6N=?7+q<l%D3PX$|+R(+_6C_k~N!X8fcQK8<;zQi|xqvu=F+))6#
zX|jco{`rgRx|!%n50b^Wnn&+lSchQ?`QuVZd(xrL)7~oG<DubMSFcv*^HW{dcCTt=
z9iE1c>d#D9{FT~N|KcUF`$3W%5ea0Z2h2{rrgOd*_?n*!-P^Ue{pmz0*SGLHhnw_g
zcBBO9izbWWak-Vbtzzri$16cr*c;~gd<8YHB7Tv>-Qq#{DGx{_!7(}H@jTayMKr$}
zr;jm{OYtz;TmI^95T#qjaz`3HEn<cRQe1-BS;ZzK<u!A?zoY>GIIaw)eB@s{RZxFv
ziG<$Q7<U2IdB^A{rK@QzYR1`|4%cW$b0^oaVgN311mK+VGqwRx3S8S@IF)(w8xMoB
z?IEp#9upUOU-9DZ+vak#P^)t)tQ>tmsUr=nX%;;ub54nUrIIt~r(7&v+CK>n(dlNU
z77hHpS=c95{?=oaoEApR+v#-0>IAq}yBQqz{fkZ6Y<^@+>e%2kcI+6PP(0?8te4E}
zf*QyC6)VUJzVz(SD!g)txBGHx)j$RD*JbM3xCpPcjIBJfmQ~}H&k}&7r>oF+N(h=g
z;!FUs2&RtJ6H3x!_D9u8T1K<CVl;~XKnIGz{F#HPp@djJ(!ZTU`x$hR@fi9&>7F5U
z#9Vs&IVb}3_X|12=vY_8!dx5g%-S=jZ!#PuxO;KC?5uO#V)~6KvJ~1r(qYmtB(XI2
zQJ%llnq<?$V@vz(&!IQ(1CHj`Hpg6NWfz-@M>QG7Am{g5h9lf&U_Oge%b(qGU&kuY
zk}7JHyisV3|Kxe^6{asDyGvEbL1hhic*{8`z0a_2HU<2w;Q`5asT#rLY1IAqi}~T*
zbDvuS(6utD{aSHzv~I(YX%M+cwyH&|2juCZzoU6T>5@u>i;Xp=a5CxozN-ysr@&Lw
zP_@Gvp|{7~<tiKF$P?Fql#Vehjo1Cl5vxTsBdAF!)x6g{wt=Fwy~1TxOa9tA6-mx&
z`k#B2&VDqvRM6|Fc@(;199be+`2Z0HQBXvB84MIB{CBVS3}>9jM<Rc?TlT!T*0Jn~
ziwU{sL54mN@$E<g9gAI4x@6V!gLywz9u;ZRcTpgD0mHnYe1!+!?#^qnxrwlS%73Ev
z87(FHL8<$2HIBWfy6{6irlhRr#7&a_s;>DbGx=K%jn7=H<YDI0%Q)0&JSy`E0_k8O
z;%=J{L?Sfqy&&}Pgk81WLcsETU1O5}s?TcugaGHY-qWIG?z<D|)*vAL2EDpwJLcw6
z-^~0OXJf`s%x@}mS1?Qm1He26mVN>ArL<Z-6((U4RJYy{_y(*1>|)p3&iZ=xgka;1
z@MRS>M@heB9kb`7tS^=q<qO`MJ+cu20@LbdcLpO8CKu@a2UEvXrm0qxL7eE#;-wW8
z$6o?^!WvJh#3_fiwyaKfc9AUg`==Jgnvy-7DS4F+8;1+)K2@IIU4VPvub{<#<TwWF
z-I>7qaZ`gf9)4uPF|J@KP<l*7^)XRoHpKOT{UeDQZ3W12_SY7^CMaMRK#u5k{nh|E
zjU_t;wy@1jC4K8<AUS`XgtTAYM)<ZvNqmlje?ZN-72KNDY1vb>A~Lq+?iVpF$G$Rk
zfynKK`vP5KWr?vRJ~q#y<BYYGBr5n6OOi7>v_R570b5j0mAbiwU-RW-L*wqD&o}B$
z=0u#7J7xcfghL;h)rO6_wDS;gFuyo5j9q3&`ps@|-h>gmIqEv0vt3F0)SV{RUq)=X
zAq3@RklPc^6jV>vaEj_(=C{Zse6zCF_x`QB#2UN7<6WGf^$%P5?o(yLBI?`gZrn*{
z7LBnDcF{2t?lMl?N^&EG7;G%R_(QxqE*N#bq+v~$jmq`8p?Zu(*oZtGexI|bzOu6I
z526(O(RQ!|x7ZP&?1)^}s$m0>s(1Ff{QT-i<Bll3JAT^Y+mcDh?=XSNkOvA7PEE4V
z)$fbn${B~Hg?_~^kdIBX=4k8AWpPm{8?DK4Xw$b+)>kg+ddHTq#!~T}XaqrYrm6BI
zKXyFhrPIGvY+H^mCuwE)_%Xv|U^6qTCL|6QmItKr^gwN?8eV9D%VJ}dUnrQP4UVBY
z>pEJ>yQbOQ&~pw?JX(@*61&;36`A~$ZFxt2U4ld2BzBYi|4T%V@2WPof4Qt-bRc(d
zytf{G#<2ohgMAEjGB-K3D(>=DvmvvFD`6e|Sc}*8>KW-s;6Va$`vGwz708Q)=C!M+
z6!iM502{wXli2vgp8rmX&O3$NO?6CP*wKAFD?3wT{xKrFiUGiJjE0qPOK`J;^f}ya
zVE0y3k=KL=W{BLi!MtTyss2KM33mkd<u;C=Jk>H*hA<G6%<CUPMZCX=L|Zu|L_D5}
z4(E%QD?jt>S5oEN-&kNLIxMSP>@_E6Qn;tHII+JuM)h+iAdsJ~jqS>$om?N?TyJcH
zfjn5DIlFEXi=n4?fIO|N@bXI_bLk0VTLG@>-CcbQ^dlCsI@LPm`&!xeB0F)^Mtk}M
zqGox!R`Yk61)gbl?{**702?*XH+U28_H}l@RC}T2fk=1JCciWrNxEOQp8(p*a=ka`
zrZE=A7i)ermHa2Vlj$4zyVX0dc~(&-L|A8*2-}D{2a}p5ws~)O$SHh{4qvF>E#P%5
z{*uRN{-~?u7?Bj>l!W@Va};^;-=_4u;wef_3KMahzW1}v71tH_*wABROiJG*%n~T~
z#6(?~z3|FmpOy~7U^+`Ys;8sKrk=Z)drB3LO=ppu3sYA9eJZYD0ht-Q#UH#)MjYWk
z6hGp{`*7qjRght_%KwV~*==5-jGITeM3X_rGEoCsLzap}l@)km^BHX2fhP@>i`@I=
zTMyjqmnlOwe#;5)gR-N(gs}r(E&ihJeShmPZVmVZG`~cAD%>^AY5DZ~9JwL1vpkDs
zQ~jkuR_^%}%<x2m67syrGj@ld{lUVqZZt&+a01V)Ta&-U&8BM=Ul@F7zGqWZlP`qe
z4u}ft^g^Zh81B@P>!+5<sI0cK@SkNi-1XE7muvaNQeHMf6Qvy{HSMCl>DecpdwOSy
zFY3=S-fXUrcF<61uiND%AFqV_)700oG`r61u75UcS*+018YBN>mD_uK;QNty;9P=d
zCG;%+1I>sK_;$da1`Im@1z%sOaiA+okLJ6vzGXoRnb?5vyfL1fv0FnjqeWDHePKgf
zdn!*zXbC1*qqJyti7{IV6-R$eO@in_KuzHQC=Dwt;eea#TI0Ak-mSI$gIhc--XC_e
zS{e!FRoO`u<=68~5I9^f+0rfVXhQnKEx1C@0B$jBRyO36VJyd5F`95*2H$^9#WRso
z<;<6pEJ2g0+Swiv1<}gd?97^f&i=|8?`H<2_qEF4Ho?waJgJ1%s$vo5c+X(v)&ImS
zmeIB7sr;CGC(4<;%s>%nzZXu-8!HnsB+4-*n#aU@9$GIfH9U#waI6)bQ|7n)oIbv-
zT&7tVrP2s)Iu3%RRRcZJ!!5c9X8eseCaWtgE;m&euf=1%%<MZb%PXt|wzKPi)dvfH
z0oKndvX6E5@Hb+RV?h{Tx>&1Xw81+&v$doRM;$@M(|W3^Et>_*F?Z|=SWWd=-fkJ*
zg(>=u;{i<*-8)^$Jz0=DsBGqlj2so(p{}sy$=`88ayf<9`;du{q&n+_81j=-gwvvA
zSaz8|Az?fFkKNJ#!Xo}{Q#Ibe;O6<Sh|kh^(G0ZXfewK@eh@CD`{9txK(Y`;KT^eQ
zAY!a6E@$~%?<}!41SydoZcG9L2uwgNg8t3u=;&&Sk2f$GGk^MpN4^CLg<?>G?g##t
zv>F2((YL=}B1?uRa{1#ur2tUVkZF0P3^3hab>KDJkdTl8p_4>eGN3Cf=)46rLp1~1
z7{A&LQs{AUag(K{1HejLN`B&aP&|Oz2!a_58`1)kk|IWP`fR-qzIR2WVWwgtVy4vQ
zOA~8j<Ly+7EiH7?KE*-0(KqQBV9M30a?5!K2rFw4{i_8aRBMw$@(U_v$cv~AW}gQs
zvgFt1QB;-N>5+^C!`Pn^K$`6KzjpzTPN;i~94ZQ61T&P(Akko}Rjcxg%vW`HEHIEe
zo`3zsRC(SFjv#?dRZ#n)x&rNDgiJC%hcX7<XD`f<$uIzK(Q9sThwrIv&K#KDu75!;
z1E0{9g|E5rHXB9WgTDHn5u-l^*xO?I88<2!Q2)+UZ*Dm+=16n>7P<0n#$`6i?@4w{
z=umRZ3QsTg@qE5ebOE)<hGpH`RyhsXJ{98Up`*>|FFh6t1C6gveX+qAN0~!b0>X*k
zX{~Canejb(D)@WpZigCGQQu=)CZWi}0H*>MHc{`vGl`65@+T#AH+60RnhpsO0u|B}
zSMp^P8H#Iig2DpjdTGNH$%42<nJfvA2c`;|AG6%0L<BLxESy!xpP?h2&efw+=Ue9!
z$KhD%JkjG5Sh2b~Cy$>|$C!O(?xLOa-m<5Vgul8ctdn0jWoz`xdosFtalSFthnG8B
z)z-jD4vtaecly=Lb%FQXOAkKCdJpRN^48L8_3aP3kMBNo=~avXMfSvbJxDMhP0*`W
z9i^&NQ!iq9vi>Qrj#zqeYDMnQIoN$BoGhJXc0vmNN<|@A@T|brizyLw*jj;TC%POc
zhUxmOlq<@l@v!Pz$ikoWP0%Le#KcD{XP|0Jm2UNMh34De=EecLx6@py%~9udQ95f{
zgu801i&()sD;bU_r|CBA<&56cyfg+f;@pW^7uH4w<XdoNzxF5QeI5`(<I?VwySD0Z
zyTUs?{_7Ti&<D@x!;KHjncg~i%&4f>*U*@2P3SCVe8_T0o?}(U(;<`?$)Kpk04ucv
z1`bRBP%41j0sk?VgAYoZJ+JScFD6}iex;}}RcN-*z*EXTG+Jv(FP(rA;z`2iH~U$4
z2v5;hN<W1dYqGq}l4uV}W3=|T_uIDihVKNedW?9a)?(8fi}H3fz(8saU4e69!~nAa
z6By6re5Dqj$N9hDPbkZ$EE`L>Fk5M}cg>IV9{Xf@P9n5Z$+3vN&bV&V{#NVLZLkeV
z$}La&H_zod&W>(D3Qkz4#-G{HzNwGWe=F}ScdmTs5NuHyIoe5kE@IYu4=PH6f<=an
zF!>bY*X}ACi+)|_Uh5&`L@d6jYGUwL%|A)<v=R;qmX~4%$3GSX!isUYJmGMT=Z$^S
z%mk3s+rFsSzn~k@M#`muHo<=9rT>>7I=U@vK&<!_Z!UA$t2O8Ai2Dt(fcC62&?&{o
zhrrk{z=OAw-L_SUAi_0A7k0Ryr9c>xA0VR!kl~q8{L}-r4A~b|bo$rksU!gKP61;p
zXu!-$!7CWjAos5$HA6+gdR6gDJ5eT}TT_PfQ+Q-;q-Nw)>pz<TZ7geG<-gwI9Vb+`
zre)seHH-b;@cFs>=?*m@0&o(@+Rab=0?uSD>1DF-^SfPlPfcn6(}%!LX_<hV?TP<X
zKr|a@=)&soAqb)IEr2dA87m4FLQwyB;5fekd8Kx98(Ij*%Id|G*yx*F&Y5NYs;c7R
zs?X#C4}DSJk@_NZ4~Sy6spirbY0$20Wgrcocc?=kq}4rNDWZGOCRbW0LS3>u2wW`p
z?vdxz%MOAS*X(~55vp;>o3~=uYBtinp#A$zUJCB0vFg<UVs|WZRrrLYESwA$ff7Rh
zM{YLd<`yAUmwal24+`taJLqLz+H%hH#CVCri3FaS{r3y<US4OM;c)m}@mPkv*z5>9
zCofw35gwpYN{niM5QPB2D}9!)W)+mw3j6qN4$GF4$i?+mm94tzgAW5QXiHS|{R@C9
z{x9`ai!SrdUZ0+<+SGZvW!PI=!|mP^zH3Veb)lKuxvM~?Z=$d>L2iA>F=X=~c`z&4
zT8*o5MuJU5#BigeOWeVs`~&YOQ~ZJ~+%A|lf#VVQMM?d>!#V;9o$c?G)~|;ya~&ho
zkB`->eC?o{dMW4dq=MR`F6z(0O<aVHkKlEnm1i{H3r4+ndoAH|tSS9tt#UCBxjt`y
zkA<()@@1EJ*F&KPF}>&(X_sn3Dh#WK1nku;+_er_>M?n_`g$LRWi(xK+ROW5*0u?c
zs_57y^=g=b7TzxniCBG%ylE6#D6y6;_R9LVBdG=2N*9vl^Bk_{bia0zXTiS0(lpD4
z2bM}@55MEqGI7ZY7UWWML%$0U>umow5By%&Aud!D%B{NU99*om9AWhb@iqeXRgaz|
zeQ$c+U$Pi}T$PdQ?j$x`0<Wx*qf}fLtT#xfs(28XEm!&CkNUBxJhs{~ggnzYb0$_E
zWp^z3hF+BukZTp~M_@QQa6I|?mZNPh{LI6pugxq1Mhhn7n0VGr()Z&5RE-qCylxgv
z^?J(z>^T+&7QG7H(G2_-(Y)|VIkno1ZrDebdal3w49?%y5-<xRx`h>4Ys+F7XRpSu
zqf1Av!|xMTxUP9vHQ)b+<1<!9EeTVNGznyea8IjY0Oe!LEoD4--CV7!E>Cp;&9R32
zqsNna>oP+<bh)!C8ux=DFR85q0Qc8NzzF@ZBSfk7sh%gBRwJvIva$FdgBFF0*5?4t
z2HQOOM0#duVyydGS`N{|gN)3)Nbk+c<l|j9I^qF9@rwtC8nT5wX?viMS)m1oYiL_$
z-p2!v<85si#~YO=IgP*GT<8ri_&VPk?M*#|Kap{$ZPWU?x$+la0sd}X1T);Sw#XfO
zW?5HZK*3V9`}Nwox|g6o6^q%XVGIqc(Nv-&+PaS_NO0$uccY3wGZ#R`+N}FB-4f$q
zfmpRu*^tPoRaL4N5RD{M9Y<*+j)7yrT)s_9g$f|XPmn1K^$p-+HMQQOfei@N;@*9D
zZeXrCH>BhB-VWMGFpVD=$!E!C;<AN)>Z9jp+2vjuXPH%=q~(DZ_M|^$M@lffDw0-@
znE~uEV!lx4@=JRRu8eIWNZst0R<l?AN)kaXoo06GdL?=a8XW5H;Yyk*I2GF&g^75b
z(S)k8t-KE{3*#y*f=Xsxo-<6wM-!>mX1<e*<BLY+dY*9bU{lLIF#`p_FW--7At48v
z@)e*pTp+^Y%wI{c?ZXU{nE2!1?8|1uH@P)snDMwS+K3*?G?JT?RQ*~fn9;oWdBNyc
zjcuhdXm>~KeV6-fCvECh#j$0+FEIspwUoE>@eoo=lS4o-kTfMEF(Sj2S~ZzbF|X$7
ziUTF0x#M_fA|q8#dl<_acM{n8@`<yCkhOM7O78KYU_!rVxq-X^Z;zZ+{U?5kY&r|g
zEv%nl3j`W6`~MFenKEjGc*m4yp_pJM15c8EB-jivnqaoXDak}+Vm6IkT$0<9L~LDd
zlY6(AR3}n1((3X3Uiz94<}(y7K<~kd4o2ng_CyN7<Dy$S%x#1OI<fD1Wh)HrdU{Bh
zH0KdV`!g((nZpM&S2~mWDEV#=v@zB0<I0TbbEpSS$ZIRt^t?*ZJTI`7-6+Mh$U0hr
zSOitDDE&BkS$rt}j^j-fvUwwIzkWlyH66660*H!(+|t)8&nBp1b%zx5X`rHVzr!e5
zA@#(l!9U(1f;ewY?9B%)O`4`$?f0;@z8l2(WkdfdxYiLP|LaKm&%qq_x!K6tn)%Y4
z{*{fL{q@s-3amiXZSU^xma~P#o&hCN`3elcj6~s2>{D#CF3Ebt?5Q1cG9##iAJtx>
zTe?fuTJ4;a(o19h_7*fLI2jTSS_m1<?R8qq4=L$-_EvyHf1q0m`pF?)EBW1nmc@NQ
z-XgsN89s0|ISA~;-r$r_<ktA(84rD>*mmvcL&s;yFeI6{XRj5LDM}2Tp9EUU_0_(l
zn&x%7_Z}h(;#+@d*uvIAd7+?}Il!D=hw~@)E1_VmHV%y!?A1iHy*AD(Qpndjl=9DD
zIH+pAZY%GRJ-Um`t`|sc6TB221u-&pt4=oi%NvwXLVS^GC5Bem=5`cA=ncYe@88p-
z8rVj5ld;#3EgnY?$hoy6x8`VFA}@j#l$2+Z!wirpfE%$p3su7#04nf2&5Lbvl5h+c
zY%#bd31^c;?=P4TaCuw0G>q|WW{S{Lkac)@Z-(WAOJqN}a=nf1I<(SeS^LqEr8V<U
z!V*$!*$K0^vo|)jf0WEkp{mq)4+<4e#W$hWp0O7%U^b;nL9_^jfoev)>UQ-8?MP8M
z(BDSzo-ZuE?GJ)s3+y(vmKIN4>&urP-xQQD_x4DA6nb}SOZLY(t*=xKm&*#nGyZ+C
zOg=oa^>6kPKlu|`En|8UP`zAuyuxalsD*`tCLlTH@2bo`J$(7)e2;^v(rWg6@6*P}
zcw|8~`nj~)BVVZ|)K??+N$9Jm4dN(2ZgF(Km6WphVJ`bPk0ELLL#QJEzAV$&(;m68
zI{>#dL-kqoZC_X)&~K<4u2RrH|L&90aL;EeJ-s{q)zRr0#{%a}1h2(RecP1W4iuwA
zR$iE`vx-JBR5!PCrPwiW&WJ7-5#})vJkI!L)A%T&SWL+Aa8`nWHBb6;*?I`6*6X8F
z9jtM6TU*wEiDLE~Vuh=E{5UEju{6Tbw=g7Qf5b%zfQ>cXh~Xy;C}~Yob@v;c#NcL8
zKv)AB_=C4y!`dg*2~l-(-#F{5z#K(8!6+dbz#P}FrNA9qgCY6lF(hwbwC?EGU~iH$
zst`8J=5!H&dcON}1r(?c`e&t<&i4YiED!cI#XnDWkUl#URlKI^oq`dN-*V%mg&qR)
zYd|;RC#;C${1p!N(>t2Te$h;tk<>qeVSq8X5G3{gVF`fNJ2TZB0z9VPBgilP<unTe
zcdu#x5PN`igPK79j;Q<A-<*EL1RKoW@F(7CsseZ|kdma5#Htw*D*)A-f4BU9OeGNL
z<K^Xrlgcpz<m8^4c<8@#48#Y=iy1%rTLjMr^erCf{Mker7`-;Vy2Nl2qt`*qg8q{-
zr_^s2KAR)@X@5A-4-x!U*{{DUF26E_Z$31E5t+X#DM(8JfGITHh+;E5Lkt=G$q!!N
zye3nK|2_EmD<QbK#h%EC(`*E#)T<^bT>f$yC(ddS_lE{u;<ecg19PAYWt@%0_Ld7Z
z0uA1tPTQ%LB0n>W2i@JH#&;|LJo=T3T%#NDngh*vrIJdfu`ue<ZIqBP;O_r}G-L|L
z@1@9b3#ko`V#YqYbRC!bEx)K>_Yqotx7TQg)kbLwG#l0_lyCm1db&hCP5ow|?s)y7
zB%DkmZrPOe4V1)2>OnB=@mS1qbNXTf2D#`T5pEW!4*?1;1visKRDf>slIM&KLuU1Y
zfL8Fn0xl;o3HyuT3F|lTTutAc3>D0WiKB#k`R*;$Htiz|$8QugT4#llRgddJW@^ZO
z=UK6y7~sCHFTVS*1r;fI?5p`={F2b;A<d&|a95zhmf~}LW`{h;fr5qjVr!?ge=N5D
z@^l-`yiptqmdh?J8kSbHB#uu=IzGg;vE9z%0o1M*84W<z2)t&aCzB8H@x7@HPCJcc
zj_I*m0naM`z;OG;B3)RyU&S~o7KN6>z7Bb|4?rjj^=d1CLguLYnT`;s9!L$lf`B>R
z3|hbTmX;PoiIVhy7juyGmmt}y<n++H0?zN$kR<+owb{2l2B>7U5h-p>mIi5x!kz#}
z0#qQCvN%QIv2k&3rwc(TUdNMmxNInY9<#v&g|M*f0Cf#ufPTDC59=AI6`-lV_NMX+
z2qp%)ud~I*9l$?vB2gm1ruTtyoITQciR}CCOD)UiFm?_OpzKFQ^yqKd4=G|Gh}s~<
z=fumOKb=Wa1ZohL@+iEts_JycaX{$uM=MZ2{LX^<4i}htY<f@%{PySaU?4#d*y24f
zlg$i)_~X7B0y2A0tSC^VdzK88zfO1>_CjT-y&?sXbP&Hrfg$s~T>H>PWIB+HvkKAy
m7%wn6`uhheIK{<#H%Qf?I#08+KkWkVgJh)?Bn!o1zW)c_+7Xuk

literal 14550
zcmb_@cU+Ufwry0JgpLHHiYN$#B1loHARq#Q)BpmZ_ue~#h!_!--lQnfA#{*tsM3|*
z1nD*O8ru5;>bd3Icka9I{-OCLWWL$6XU|$|?>z}sc`QdvNJ|I;fr#ZFK2QaLE`9@n
zE|?Hp1U@M`)nNx-E;y^oNrCda=of)EIOg}2?t?&u;ou`fT;Tm>hlkqEAP`9d_TPmT
z`%DuMNZ4Bb!F_cPeRR@jxW;_k+yTE+t0}i{XvI`M%g)nlv)A)>I|wXgsdPU+>BYah
z3(LEjlLwP}lAtJrcA2v4*?t{HVWT)DN%#78bKf(ytH};hW3!4EX0ysN*(n_^KeMjw
z#S9$QEUO$M-Ow7|$9`VwxjVjV?n4Mwv2K0u!F=0gz%UT;eI)RIK=T4SY^=`TpUO&G
zR~JkT27yu<)bSABd#k=*)<-K9_=}5+=gqs5;ty_S|EO{{?+lKw;XO{6@GB}RqTs#`
z0!g;qx(u0X-NPTuujStx0NWph*NN^fjBA~Mb~4!v4tFOKJuqR5A7cviE4=sYDpG)1
zlkVdq{11%|euC{!cQz!nqC+t~dj_Yg!^3K)^UdayMSy!<f^NWQSVV6hw^7Qub0$0p
zS~NHJKSGu6)i(i-T>yC^_se;rm9kX^UcTsSw?F+^cd}YONpT4TQoP3u8>@0(OR5yA
z)VfUwm_EC-lwH>aOdO#^09o_Da~d@59mQgoQn^?#m_eG=Y$h;6k$`Mq-0tAn?a+(!
z+h0$u>jS<{`I;EwzB=Y<J@>q*f!KAS88axfJ6vGEIIcBtQx~t#q4k<w17mKCjpanC
z%qaJs|I+$<OUEzwsA(J4GwDK<{o=|zsPd)zCd>U@w&sZan=XJrtTc2`zpYW_lexy;
zHn31nZO$@+P1$qJ9baB+wN2VG6aEg(tBhyGQPrK!LoIX7foqV_y(K*Ph_7#O=2JX(
z)>_@k&vq@IeNGY(h!-^kzwPaaSsbkWSdG-*t@K+rwrqY(TnoD0sBRQ8euB2etLf$;
zWuh=$bqgkx*KEKCe~hbK#3yCkM_|Wi+3?$$iz-+ClI823bB-vR<Iu-_STmq$#sg`5
z38yRQ8h$V}qQ=v0@ERuSsf35<$r`f_y({scOKoT}%$Lt<Usmm{;1@2cKq)1!%th5H
zu0#;%J8oI!1iq(2<uAOVaUQ!HH<Y*Ygv<+qDsH_!$VWObkvA@1sVr@07Wdo_exJ4S
z_B*%r^BxAg!<fU4HyR@jdk;IFx7LKo1~%oa9l3aV-hJu{#OY<z1W#Jq4~m@BxmqZt
zCiI1aDH#gk*JD3%y{(qFgbe$LLiLK8Ihv{CjGeL=%rXwdZ9h2R-h&Ab%f8cEaflJD
zo^iqfq8rp&R$5x>KHtSbovRTVBj+tBn;<b*&dyvo(-D;u6ii5V2@m`;cGN$XZ9>u#
ziF8WX3r}Yi+h&BmNj^P5kCr!R;DbQ1Dq{&k=H^l00eSCgwTfOiz22DpcXw!-tWQfC
zQrhq||3p?_<tnrhja`Q>Kile9<uuPd5a{bCqoAhQ9O~LrjC&M0p*A9H)jIc19oxJ1
zVTa9}gw(<gcfbh#6JGy{$;m1k@5HtdPgv#+*cJC%=m|zdmI)Hs;#lsc#XR+G@{xd^
zsxtjgF>k|W14pcjn(+|n>FF_D^eXzdZUoBADiO@LE$uzd8yi}2eG9$Whl7Y^ds-;=
zm`^U2Eu1G9{-ms-@kGXmSJfRVwSsK3enAS65Z$N=_diapoBAF8dutOC{*y`iCn^tj
z!1%ULMBF{xcKd!-xgS$u{Q$Q?@{Uz|POpzjsJg*ayfRY5tfoo)9emafnK}=biGUCr
zeh%MQpKNGf>+Y}Zy-1vvVQ|=WfG}U1s9P)G2Rvdz85oT6!<kQaPd;d3G!3(Wiye%V
zPkitWq6UyOMPvq5k1Q(_bT`G=Pb}<_zE7p_J>6ORP`6K#1;E5T844&7DU<loLd4!g
z{9RQ0^-Ie<;bLA#N8LOIHD5We0r4o{f?OY~bZ*(7Iv94A5IKyXRu(sxlFiwsmN*=h
z5IYLbc3i<6Ms(M@%zYJcw(r!7pOhB707^-S#0Q6a)*m0tC-ZP~$G`o-aopm+zy2fH
z=M!y9ez#vavZTaiZM??e0C3h9IX$EW7pn$MFeUKLg7_@hEQkWJEN}-81(*t=4T1vz
z01Eq!yw_mB8%bj_DDaYUn*aj5e5W}d_Bt%6sm6OxQy18h$xj07A&S62j-V!L1D_34
zX-+Y<*?64ya$g6JZu%*vd+YSz*CDWmdm`ReZf?8B;d2tFM_VDJOfQxRfM?!(6xfs`
z;?CXGeLOX$;O~3Xoh<xC_gHCNa6wuBz}?^JQy3jT2DMRxb<MECyq2bBJuVhwiSEIm
z<3~Riho}8_+D|_nQS78+H;=AY&i{C^)Il4t>C1fz=xg#?uhk6y-6bXtEKD~EC0A{p
z$ml~ZfC5(E;v<?8>iDyyv{`6XS#=#I06%<@CV;rFjr)4<-q_=iO&#ny-kMLI*c`kH
z0>O(eqoy|d!4v++Rc+)?SiCk%?Yo}}cZ08EVZ{as)7JJh#$*CuT)H+gHMqR|L}8Fo
z3)lGFX#Y0z4<{@@1K^yYW4AJT*fz~pw~g;P_|jz`&GfU{v*GU{0RnuIRM|(_bMi$I
zgpv5LZ!-OdIRZ+yu=~J`4FKb&XkRVc)gN41^Bt%;T!gt_;rvvT_Fwci<583VA~cHH
z4mg<G3z&wi@|!kKzp=b&zp4-ndB-m(zt)wcr>na~%>b-Ob=d9n<an!iJ`%i}HUgit
z!+WkJKLw^d(R@}H{A<)W&IQv`Sah3PU1!nly={lxX0!Nd|6ZFdLM$PxgK=tHa7=mP
zp1@Xne}BJ2Kj3lJNL#>pVj|v;D&ahj0)xHT8*6IeGl><A-)d~V?MWc3Aun&eeO-#?
zxNV}>pL2v7uUxc=%q!gE*o274S9`z10~c$4qjVFzEq%b@yVURQ_ocd;J|Bxs&x_Dq
zNh0>0i7MPfh{VGYhm_>DnCf;^@(Ay{;P5*)A52qU{+i|WaF*j_D4c_vtK9|p5<I)(
znzPM@4Re=gw$|3xz}hu{;f=lSdnMxHQSR<M59W|<ief@*tbsC%9BDlr(df34OkHZv
zII;Z8kf@yP^yztjzr$Vh`SPyp&2?7BT@a_`^wj%$)xqKEF;pUZ1OCKw>+2f&?LmA$
zweD+<AeqE!x2Redx7{oLT7Z{X8R?*Shc3AQP%7$R+&?o02IqvL%VfFUC2QtQ%>+Jn
za!(yn9dnLmUXcbLX6dDyV==~@NAd6vix!rYZ1==n0vI`x5W-F0$hJ40@p1Dz@(Gf_
z)G#G+;uaX+lJ@2M@_X-7uIZSBkwB(|G+$l%`2MO_9}r4w(+2(v1;T(2ag2kS8bV0T
zxf7XweT1?;6o+Ltn{AsHoJ@`uvw1S$0O21%40(|tWKZvRDAz__^@$u0!IX^2Sx!D_
zHZTWZyp<IP+~Ccm?{{KwA{A$3ekU8gajr||c-~$BNy>c-3cf92{Ol;K7jGw~h0%Af
z=c;%s9rj!?0#L{(TH&)(kFXcdAfg~nIX&Q+NT@vG{sWbwbtl^+fQ<9^nDV~lQ-RBe
zJ@>$ldz^msr0lB~z#e<No2YvD2S98slbX+)VQCM+mMkr{L_Mz`AD1BbZVCvJNmbw=
zyM%7S$t!&ica0ABCkr`cCqF6qY&21ir30(rF20YnU<*H)VfpBQ#lE~}|6T0+FCg=K
zZhrm?(gnN)kdXbj&;GjM{wh9*hBh$RY<FrqwfC^!fLhu@)phBpAUY<d!CeCM^*b5#
z4l7Lbc*MQWKuXR+b!SOL;wB6v83cTe1MXudhk{bH2_UqAxJ!`$`hJJvfQeBTT^|7u
zYyk-jegS`W?<Nq}cfcqqX(Y`f=U#&XWhT|I%%<zWLyEBvL8SIcBZu5=pY+pzDLmPU
z3E9hvraRoN-P~{GIlez098U${eta-Il^I5quD=RPyjNXP>#?bBGwkl_d%P^w-hbCw
z5=m3}cXp#&JKL%+!@vNlk!En4L#cEgbV;&Y`TLY@u7pbib-V5i`K|EDRiWqkZG++~
zoGe1S2L-i*jOI1N*4O8TI?Q@r)YVK5v_;6xN?AysEwju7xj)S`3g1{+P7agmruSU)
zF7VMhUYF^AU!dtRxHrH(swe(7I(cFUX}YT)T+wg%YWgSQ4lGt)>I0d5-$TgzRGgjb
zSZ}mLYK?E-JC2Dtc?=AXQsvQY^hq(G47E>C$(Z{}%2Ni*f<NJtZWR%nVIPsi`ZAh}
z9x7hDbNFN-ir@JZz3_1<geN<akgNs|0lgi|w~-z4#r0jx@N_(U(g3IRCbiVgnS<9E
z!NhBY3(A+q3keFe={c%PrOIeD@DLUGwZ_jdl>hJvdjd_p?)Cc4OUZ0D-meJ+nKH}8
zP26dFa#PlXGU0`j-cXgge{5N86z;|4?OoyVOo!q6oEhRMc@;9QO>w!6H!_LE!n_=D
z7y1!EsCG&rf%qBWV1lZ%&}#k-i65HeP}ws-oJEC24grLP{I4k~k3;_sRmpgO1O=Ee
z!z>6OnQDLLXNA$<t2u3o=w|N2O}cl=iS;M}O3K*p8}~(*P(Yck|0D(R0^tc9ng6MH
z_<Mk)oB>o_zuyA-`3n_<KUu{Df&<3To)BDJiri;0IgfaMK?c`HN5d}vB<3ZPDE`IL
zWa*%DpX>CK#Xr&hcy6h1%tLv8rs50n5x#>Ejm}iMWdnatk7TRLLi;sNAdBf?n$fFi
ze_X^^>aiKgy<l*RHpih`&z@*jq0VCqJ)PaYO<T(C0B9oY(Tv}iC=_<}V0Rq$)dC1V
zI>&hqz5st0=4xr?VLbttaFTHy`Hoku1A+EQuTC0fKVkWE;4D!J%mW9}`C^QZ^}1jj
zB}8keEbk^HpHx)E%A6fMLY)CBrQmg%l{uC9<IkSmVS?I_te2yxmGvV~^<u8vRnpuw
zE#gsih28!;HM_#gR3s*5{FV(9;||udtsi|-`)WQF#0(?^Hbpp}6q-cn;&*cVjDCMN
zVtg^@ATjl`(Ir!Gl&!q}%^Xz`o)zB3ydxeYT5BFt5vy_9zG(b9N+4XJ%%-9n?<`P;
z>rqAz?zyf${fMg9mO|p&tJh2LwHNNP5VPz()HPev_>_NjP5+80pK!FdX{t%;E0ya)
zDjGaOYwB*(H<F8M%N;lbRbZJ*I>XlQg-dForrzJYb3T_k=?%k1sko*3o8F;YPl`)d
z99ebA3|e0aS(=#M%Pz_#|BZq=#Q5M@+uKYpQ+{3Plue4iBvCzNbkl~lFu7Vk!CHLm
zO(|p{%Jy@SxSgb1D78gmqu-Kuaqkq~E3k$>=i%E1ip8?x;77Y}_XdusKT-2*YU(9s
zpU&1xyK#t0W@L9{+-RpgKPNF#cZln*q>XWY7^sZbu=A_8$(8$jDfm)94tQ}wvo?3E
zhGSU){ax@&JUnMHai@lg?iRPYZ(dqEM->(Sve-<G>nW}Ps=hnAJvu9^(X!PzlKp`a
zj0(!p_Im<&s--aOA@%K7(Q5Nnn&a%GaRqUxE4r_rUrN`f8PuR7<Jb`W*oFz5P#6v|
zmW%4v{-LY?^l9dtPVmoc6%9e>vXJWX)w+}x5lEbRRcvJi<>*wzGlr;w>%~v_vcLRw
zSp4USYD@H^v3#L!;hNc@T?@v_;RnG+hW1U-jn8taW!Fk}DIreita48(vF@zw+FyIB
zZuV}An|DnMJYvrl<(}8E*b}yxe&c#%XCnIk_JE=;In;{h@$hNUc&Jzyd839|PDQ5)
z-9te&y@8j%IimBHKc@-it=JpLf?|D6BL`NFWYhO~8)CsLdu;3Zqh)kQ=!9-nXS<J<
zxVg5yANy0KCOks0X_%p)Yu=I6qNw3qkJyc6O{HZXGq-qr#CNLsj#18&7_^RO;dphs
ze{K6QxBQ9{kGiQg<saDU#78KpE(H_pu>K{)e+~{d!|-R{ul*VJU$AW0Wk|^5HUEtn
zX9Cyz8C|EZ0MH}`@OG@$*PA>=LDXaYn$O-P5D~z}01W>3vnDL?-Ra!OvK{^WCL|&<
zK3^4+H{ml<Cmqlk3{2r`lvgsKD8~rRUz-?ixzl7NvfOn%*bsM9H={0&>sUOE8L6;X
zI`-mHLJ4tz7uMfQ&EuaxTm39)wmvMK+{B2ZC!*WwCyBm%pPI9_MXq}b-mo4XSaJMj
z9B>;jAIifMLV6Ex0S{2YlT~%pxm&dM;L}L8>C)p7hq|5FPp$PyXlM!1LTl%W!zC#T
z73(Zp(yd#d_#k*{T&2Uon!mtlgRvIbQsBw#SbFUVL7V`Ox$VX^c(<6y-Wm_az*1}c
zhpz7%2Us2XDA|k1yVksB?ko8F1^K8_lbYd<(%zA-+?o)%8}rJ0*BRxXw!O`drbLJ>
zl{k>_LIB*SgfgCHkRDMGC{^qGIoBq`C((k8vX@+5(B7+-mJP~TdXIK0iqCR-9{dGk
zgS6#wo%N9{i;S(OZ@#bX+*zU_5{a&55osMLp-&#UYkH%tqY#?OJetU+-Q6<{1${h|
zIVq2`>fnY+ocH38w`VPSPP4z1T#hGk*Wr(nyfb>iQ%0s{;Twd*vd|>2zgH8jG5~99
ziDhwTY20hnuqli!33RzEBCP!cO#~PHEz)+VpotOb9!zQ<IFxg~JeqT25Kz1Pz<JwD
zPNs%=JJz3XjW}fS?MklKNQt<F271v`FzI0M#28brt#7o<&_686^`z?h*NSWBG`z$H
zyW-Q1NpnVd{CXFxp_eVD`VY%c%05rksdb5lan5YxN%|0S@J9I{^)tV3vfLX6EjLpl
ztIMU7u7td-zf~iK05T#>{G;vp)e%AI+}tH6HW}T#1P-~CCde$+&4dnu;?Pwi1@Ze>
z=arxfA6@Yrd#*MmKz67JE_~1kVP$cCZ%Z?_>D2Uo5hO?lNZI<Jrp5k(K`qiu*}f{)
z)r-4~&_}+U?t<<!w?rumR@y}9wY@vluNv`N$|O}`Jk!k&qd$o!q`2uwbfvjjEME+^
zdCMLBA=DACQ1u#GsBw5%6Nd(jm9<k@2Lc+-aKq!}sM!ql_WG%h5|w^7O@GPQZRI7m
z#m9T}KrO=S8CI`~dYK%U8Eqk`OE*TN5gDDR@2Kl^%RPz{!%|(}3-IU_fa-DP*_Q8D
zI5?kp3A^5%HcK_#rz6TLZ9(>g5I`EvWK>abP*Y2}p9Eo2a@8G6RQ+7Q%IpizMZ~I~
z^unW#o_M?6k&v1gByyn+qwk%#L+CA799J@FZ(mWmIrF4eMFz=>Z{70vP^?A%75_KL
zUFAicv>%$g0%da-9|xX6qOLIP^+UFaN?vVLeVpm~<26iuEWdIoBhN9PzrJ1jN)6$L
z;?FBBRn(S9hk@m^0FRHdMJh74-qF2H*v=lyPDEw7aEXmgP%ql%TJfyfw*R%dxWHeK
zux4kqDU=YhWQvF--R3&>XpsCvjVr^n4y{BO*9e~q1i=$We#cbBe%=1b6c;Y<Eoni#
zojU`GntEU5&q;3&X2FUUgR~KN6GP(G;`tnd?*IJqt$oE&3HkOyeYPkh^I2iKSB~jq
z3UVNjma(rFR{Tmw&))3Z8UR}qb}^?K+5{gcvwOLNw9wM~$ZZE$idpV2BIZ{=zf
zKKsxN8NCctkxGH1L%FBRJn*7H_j;~eJloVbwXL^{=5o<+QfP`wZjsc8DglJ9wnZv?
z5dNg5zrIXi@DXk2ThT}x(SgjRi;w?u4bI6IO9(+O%gFQsq6=B0o{fAI7-%7Hqw)OG
zsP~4;nO^R=*8GSnNXCMwVODcmx_zEqPk|^rs^(2zWk5uVJP~A7nhTMvfA`jEF;|nz
zL5tm-36mH5A;*jLgIL~0tfeP+AuN%kkZkf&JsgD26uz03vbh%65T$8ed7nPvRV=H?
z<*z1ZY8;OWWu)*bM#_qS{p*R^Rp{p9cf8Q0J0IQn0^|eEk}QtErs%$*pkP13WLj6*
z5~E)9X-_3Homq%UMOk09!hB(vTFdme_c(7O9>@HeBk}!`YZIG`AFJ~FJU9Ed)MM<o
zU9GEEZ#e!MTFRlchWL^jF1Cu=AtfBqPO4%dl8PB`5p0~=4>AlopNNxx#kr5o6I3$#
z0%N2iFH}kYnByH^RYtHHyeHheuE*GozUV3Es3~u1-!oYs1nmt+8HV&had|KNhPTp5
zG008F`pS~}VaKdik@7Merf!6br)W8Nh9SLJmc#2Oqm1{g4*QPv1sh*L5LY5%COq~w
zL!GfS(bf5s<}^V_I)%)PNoUMaDvxXQu?PoG&+LZJKHN|@f-750OYAwO6jUaT1MbAu
z6EA#e1d0<4?x*{_c2&++k34EhXZcR^N@qLTW!{OszO*90j!6v)j^$(-b{7A3XFgaX
z91M2?3YC&zq<Aj<pr^x|HO|;-rr0N%H#k&-loj4<i!F}55U%B5ip-DdQsX0pr~O~b
zntwBszr3!bwlSIz{hye6N+LS78B5ie!`LjN(j<XnmmHg<6SK1I!<R3<a;FbE(UI8n
z2!fWF0n_|xyc6QHU3+N@(1S19mk&$)b-A6N^Djst5(-LD^=rd#b4_)NTbRQyGy|#D
z7LW_=iC4QV){v4dy%fiMV&X6AvaaSjQhOXWxNF^TJP;GX3U)6m{?3=eCRE%&Optm%
zFTG5x<0Hs|1b}E)*PYI-m}HMd-{<$zhKGmOe@<K)s7@?x3JMV0TN$gXTkucU^OUpS
zxm#~|ENdf8qdJ$1iv3y0^sDX*-r)NkGycKH)*{8bjEwIRC4M42ZaA__f6;ji-OcQ+
zzxx#i5S1cQ*m3oh!NpYW%>N&bF7mfiijFhZR*^2dt6cOUy+s=&dzQ3H>ZviI>hEc}
z@EIDn{rGgM;c7{FhheqEjN_R_*`>`_ue^S|<5KT2YSqcf$Qwz`EsPAmEw?KBaxFAx
z$mq5u?jnVoLs8nu)vq4stZKa^1`}pe*bx6Ls_{Y7HL7Fwp4DfHmval9Z(eyxFWf#g
z8K)!ZWggbvDY5kR%O2_7vbncaaNM#TTwL8aAd+4DOef7vCcyFhBn|dCBX8|T@5syt
zZhU0{=X_E3{`3#af|B<uGP%oWiY{kkZPULeM!Ln2yeX|@ju8*17s+2~qv@ltVq3Zb
zR|HO&E(<JCUqD1Gg_fN5VGSPGHt~gpX+4o`0<)&3Yh^@Q-hfgR%dQb(^VNGLv**JP
z+zW3er<jdoGmPxQZoU$=t7qS!ed(JM47+Xwj(B&sRglQev(l*51(ZOHlH$MpmsNdz
zO%K@ni;(*Z%K1#X8~C1DYef+=xeOv{V2qakVJoAIUOW5|Q@kNx!_#n7T3@-7xwG7x
zdj5^J{OX2xrGtu5%z_b`eU&-MT3%)L@=L{+tul6|p;jSf+$!Jj7L69;Xw1ntaeMrv
z6Km{b0tzJoLg->Zu(X#`Bp6hiFeTenx{S~hF+ht7xjTuHxdey8+lW6BL#$F68THh1
z?Bg*WTdbh3vRJqU>Pw~bx?6({S?yQL3Aq|3;17N8yoe&tZd_Aiv2Pn`HwP&6N`K!{
z!kN|wPE7AO+|W6|96eMGp!tDs%4R94H;<v=kKakLzQuV`%=-;X*h?SzV39yhTxy(g
zY~0FPewV$$mOYMtQLiSl`>NF|S$#24v%n9#nu&LnjGN?56zFyRevYtUh5I)M3500^
zb9`(2r0!(Gpr*GTKH0%e6XotZX%cs!%@R2f_3x@v;K`J6+#vT?LRL4x8qX;zpJjVh
zdS(>Su^j+eqiKe`!hv3#{+?#y@L=O$_*BhR?YKADQ0s84Xt;JJ8kDQIPdGDpvYR&)
zu9|e<U%w?RGphExhIP3?;Wcl;AW0Hwxv_Imr}{t(@i*>`i(wH%%D(okmLsZs)q6Em
z=G+4w8aKIaY7a1C)9CwU4oHvPoo?CGOZG=|rTj5d-D71BabM~O$(T8PRvh~9r_PnS
zVLB_WqitZ-QTBtm{*kyj@Jzg=kiFXS_aUs(q460UF!jh%Ic(L5Y}`22a?u<5Df#LS
zJ@iOz1|WYk*Cq(dWUwXj<#IMLK~zP-6VsY;!|R6*E18>jIla)9Qv<uq3sqNShu6pV
zG{<CXqmyp%<X0O%(fe&DKqO_gp1ofBybALg+8>bUAI*diI)sMiLtP4<l6?B)F<llS
zaOG~FY0azEWpxb$I_S!Hc2Mw26lt$mTI`Ln5A9CUf`A9IY=?S<i*@gCx}AdgV2x;v
znBP_dK*@Qe`EBWfH@&^OaMfmHtR}^k2Z-u!W`@39{d)}aP?FcruSOmcMh#eRxd~A?
z{Yh4*z8o~&ei@>9Z!9~brt${!L!JT!UdBD|dzP`t3baOasqC3ofahELylEns4GOk;
z5Rn@S{x5XK49UKa;sO~~0tdo>2#`awL!YI1-K)|e0GHisC!T@{3ekIkbbu(AMqY!t
zC{<rkm3fG>o7@I{>;CGwVQ7Yx2igWi2?9>R0Z<Rl*uX=;$0rr(TxDJUjkt(}c`k~U
zIWBq7v%9NYOX5a#GGJV^-SS6_e*vxHb8!*h>;s4kyE`KbUwR7DsYjQHeRW`-eBpE}
z%1^5j)w`L=df8{DS|3H{_PWmW+9PScMu%WEO-jDy7*8;P`<sxoPQ$UGWQbC2W9HU>
zkQSRkP|9!=#B60OPW(=QJdjYH4P03(ycJ5>l}^=FqM#&>DO-0m_|!gKsdsJdR+50~
zkLBH4Bb<YevJAlRWoaP&u5>o{+D&VP5V$@lc6Oeu@_+hVlDR{?q+<HHj&50!o4P(Q
z`d}SZU&gAd?w#*Ju%mE65rl)FP%MMtE)eal{sd28rW=OPU0LjtI|I?}L=^)u{J<rK
zU0xC-8)`X(1Y(r`+N66{E&BDv*gM#hcrkaHgUwAmY5I`R4~=gYNfr8Ptk;_mf)y3w
ztz>~cr89Rv5ytue-vv5=zq_OVSw{TJrfO$Ffxp)|<#X5VO#<!EdUpv$GT<JB&q`rS
zSK?jDt_y--Agbo-XU+Xi#wmGf!d0lZN8&i!+uMQ4DeKFqs3>ZE55vKHy@~y1A;tRG
z<YZC?5X%dAD!>C9{+O>k&%QS<&kD_7hD3Ds^t_j+2^Zb`wu>GG+@eq)@C0x$Rwq6{
zE|7r1;BJZ2YIzzFw-sTpZ3_!r3!sm2-fxh>kBf^N2DBP566od7#GjQ1fZYU2%RjUs
z5XkPz@K&e2-&SKNW$NXW%h=$OS$6Sq_4VBeuv*c^hjb`^m+60*MgU=$A1Sq-aDsAi
z1+xZB0$i;_4b9Cf8>1~?(jA6}D0dcA=Fn9L`0G*ig~D$?B8Pr;m}(3K9-UClcQFj$
zm=Z1+jX`zE_mE<{H{qXiwjof>=;X}|xoG>HC@xk`Sc$C!4tPB`H+N;Ycs~4OA-oo|
zl=B^j7dUQ8Re`}f@ae39N}eR{?PyDSl#%gGRNBNO4&n(=?s*?$;OE)$h5-zo8@&RT
z1n@``7rflk^?d4?T0FnggsVHr^;CU9S#SO75<4@bLGdoE3`kK6HaJLlv~LP1Jb5di
ziI3<(2UpR)DK*|Yqa4{{^uELU5agszndA!B=n`+ttvjzK{a)rqYS|=ShXok<`S}66
zX9A{){o9cEIjoR(88V(YRwyvCV4n8#mamk-)W&cYnlNg7ea11C*LB#0`L6SqSEBu#
zm`Qo0Ln^A2ttm~mtUYgFz<jW!EaoX$O<{Gj{@0n2FEN&wiU)Ld@+7Uh#^Iya0&%Zw
z3>%p?`B7flZjUB{oSw)WHx%Aa@|l;?4V3X<XiS!E0Jr>DTMi8NBS+DGqN5?rwF;Se
zKPg#h>=%!d^0aG(W%%gJ&`MiU_HIRbwwLSuM@)LN>AVz!f(B{j3VqYjjbyHi&D?>w
zkxtl+^Ig`R#7SYowt6;(6a2mQG3P0)>xq#<po~>B$%aiuU&(6@uJ0W2ruO-kCShtw
zL*#c(yv2;o6PVH}vPw0gu{RrI7$j3GR@gnx{UltMLb@-Vu8IJn()2;hdtZ#4CV=ZI
zRQ8eexbZuh1dWp!kK({!=S~=_qE;1Pv_0QD`UGX&C%L23(b-G=xbp4w;~YG}qETDh
zexY7N?`hJwe-6nY12}*KS8P3)?{M)uKM*Urfx&`OEXx`vZ)$kimi>!*++@IeHF05~
z`Qv*0w?}TkW^%q=U16Pl<>x^G-Nbx?eapY8pYW0tnLS==j%PopO5I43_2o)h2L=AF
zTc}mJ`c-I8dJE87QNNE2Kw$%)0!qQwegoP&{K<4Dpmcmpj-TyKgK_$HF{55@!GdF5
z61n+9EqQlN%??@(q(ja={V)FeH+1iH6)?dqYuq;~?3}>&SMs)1O^S4T!qZ|D)T`2S
zWl4UV-ZzGzE@oeYeT4(k3XP!$_eH2uGbs+NDH!y{I*>zC2m^76@UY}E6liq~w&2Z?
z1QZ1R48TEfWljbKCovz|j@toU2n{kQocDJs3b-5>brJ6z$+2yv|IQ!d+qbmL4SPN3
z=C#6FYjy{k97qzrVec%tO9TYKF9ZSZ&|C*PfN}7Rjl78vXAq4L4wwdj(~^sUxRRsi
z>qwyjx-TQZjTK<>3wgk>?}7vnUI2P6aB;u^W#=xH<OI^Z65_MfUDUaNx|m{nZv1yb
z0IF?)k!O=hB0&~(|7r^OC)Csw)yWCiB@|3OI51G}eoFS|VY0N)4rLwwyHX54fSgxT
zOAE+d|NfBxLLdNiXkSyGFF;BOaMLtU=>?2_rUJCwzIrgju!dgi1NytX`UH^ggsg(F
zL_vuOY=KQZeUf|dS@6zIuuT8ZeR3$gnhc6vd#;URd)@}7FzO3~xIpqz^mN|AayI-D
zIW(ROb+H+Y!Y;S|+x}E~u>P`8=Y!s0pj6D+u6)o7$Z<?3B!UXsT*~y<s^DTnHOr*K
zo<%A9`^JFC0xnBlvUv~x@%*nv9Iy)WB`k{du>b5m4k%N$ZvBmefopA^pIoE5>O3re
zcEIb*(1kYWA##Ih4SM||6|3m9Yj(8&^4S$kw42g)mQ6RvGX}!)eYkY5mBpalVim5?
zHaSQ<&}>5>um16c2d3X&K!WV_WF<_Cn@1?WlNi$VB=DU_@dn9_(WHjU4ecGR47wk~
z{8&fA8YwY-#bMcVG2R4o^K6QGg4z!s=R+tmykz)AFGIL*n>e#Jr74za>2vEP>oJXT
za~qcl{l!8ptAB%qLTW$=@L&VT`(z^?GdYwZC;+=rDEZ)mZ^Q&G?2eNV$1WBNJ++mP
znTZnGx2~oGICvn*6`7nZw=|O|ew}r&$xLgtWXVaRKL@OeSy<vOttdO7sL@MfEWhz0
zQ=#1Q?+Q1glsicq<tvO+pK<{$rld{d5D&qz2uqEwi3Dp}?ddBvG|=r=nix+X!O#z5
zhVJRCp&1%G4R{Ej5Tl%b^1#@{Jy_;^=?}A|G49)fIX>?@2_anq#&NuQH7b7Dj9C%%
zu^rl)PkR{4)inyZAL>AMHQlqOvl27*6#5#@5L!^_&+;j^=aiOJr_8EQqpxkl1&z7b
zXpv{g=SN}q*bdK9$MMCGE}#EeejJT01+-Dh2(L=MGVSUI9K@0lbCu@sY<9LgIu12D
z+nC-So%0_NPY6gD&fQFj(PhrTUvV^oKXcmayb0xh^T-^LGh?hUzxG4m_!Z;c=vBuT
zE~zf%Mlyq$fx)`h#oPDduBm!lTe=WE=uI8I%vw&?IR1!7hP8_G_?B1YgHqi#tC_d&
zPd|44IRmIhzc;v6uq*^A>+)VYkCh@&G(10IK)YK=fDF2A8x`972^TS~Hd>~{K+480
zpqIX_TX#_6A0j3R;E*Izvc?i9Q<;DBOK|5aZ3+x7?a|?9@I+SB`kOQLUdch{itHJX
znn(Y~x(`t;06SQ~l2Wp?#swSOtErXR>6|rLJbjaQ?b}V?IN<47IBt~+!uG}J-j~`~
z?+VX2)}5bjGOI_r>@e88z&PZDJ>#sg<G0){9}z4vs%>%gdql$UB;NDyDFdpbj8jkk
zG2|8uw&gScA-%XeR_uIwl6D&9Hp@`cKTi;{Lsv*__%N;*&)BWSFW_{E_Nl@^Lg!PF
zJaos1x5opg6BnMTca7;pi&l3Fhdw?A&(}zwuRfFAHtB!01#=T??&~|Srxh+uCg6Zo
z2S9nQ|CGRCA%zT7rbS$)Q+vaDT#&7hkh18If$gFcGrZMO??b$?NqrAd7|;>3?I$q}
zOZRzw*GWjqNBL<J1R>A)Fa{YELDk=d0f-<EK<bMiJa`|f{;u|`z1y={n<d#fCftKh
zuuT*>dpGqyI;rpjwykl8Sd!MR><p#lEw%m+AIy8>{LvDhc@k%DmW@A2BJQIo<=h3>
z?VLAW3;!?lWJXBO;Dz+G83!@Tvvx*pKmp``r#sWuFN9tF85IJARFZY~pVn_8SNVR;
zNBJ%5zQ@=Ej#wTGBSup5z*l_4^q^vt(?mw;k|Xvni(?8bbT31YvsnHNdspX4S%$}|
zwN1$huoJ~^>U^<$=)Oz+_mc)31i;~^dy^ikmGfAM&CB9)>7Q~oPcT-9{5J`l#u5qB
z(<Aneznnq`gv?E!JyL+j&qyEGXCqI~10b2{JOYwIR^8`oC(PGik(1)nMf--)*RK7h
z)fC|N%SSy_z2A`Ap(@GwhNj}lAQuP#rSJ$#&$j}D<xY2U$3l(`(3=m;-TbdKoJ=}P
z3wDsSI@o5##B>?cWxQ#5m!AAmPfblQgX^_`AGk=-&hqHb(Nn=eNKUm3g#HXIp6LiR
zwuW4PE`z9j>F(+t+cAxINIA&O*6&P{ZT0@{ET&M_=GtAmvq-=JKc~Hdx-JcK7L9bX
zy}i1kj1Xk_DawW|j*oG_b-!X>s@|u*+R0=;TB$bkCcCl)Xf^}!Xtd&G<!1|&^RlE4
z;YGzaa~W^-r2scX$k{_FcOOoVRrY<h{m4S&gUy6JWh@?MW@e2gG`VMwJ>lD{I9D65
z^`!9-m%z)*V8lkraBLuk3U$5ZOW}r*;Y?~116$un3A*ItS#O|8=f$QrrxnNETveHp
zQe0bgiqER!IXch)nmgh~U~pr_8aA1p9#2E~J+<zQn?+prrokVI__a@!%AA`0*~;Ft
z3U=$yq7j8T*9o6Wlu>XSpExxy_J4;XrA?GxQd1Rk>FXGXxOp8!=jn>LJxIdD7g6m<
zPQ2uhK|Vz8=8TOTxB!Ly2OtUFkGT)kXYeExk-U*BT;Ws@T`oSwTq~f5Xo2fL71)%z
z*lkc*Jy!Af>Cv`-@|WxWD`{zMX#qR?3K<QS6>N@;72ctxF=K^fCK0hd@VAclKhRdH
zzw0!fC#q?Bqz+sYeN7HTZeYvlAlnj~agf*UH*b99r<!38EgPtLiY_j1l+P99jF0OR
z78)C?vL|A^nfb&T1Ep?e0~dRM>OHVU?$GA^&0Fv_Wdf;ZrJizr%RpU+15j_Tu@SS*
z2)N(|VTC$5y86@Cxq!D^1du%764UumV0T9VAh+h>BtuDUlh8nqI5x!~h7^G^{(yX-
z`Llh3gbx#|5Y2!h%NdxPEqMO0IGiVb;n{~HvDi}7^*eZ*7E;IsWq@m0&NVSM(*DeF
z5gY#4+W=<-mx+~?XNHkM$*ffV--ZB4j;+YJ*>xRd;w}(S7d$1NIF<&e6Ub;JIf2s)
z3b^nu6+0lfj47e368rZOFMS09^c){z)eWya2BqNsQQ7|!$!=t8YfF{FKUU){<g-kQ
z|8J0Ex4wyTKL1)Dxl*^j%?;f@lK^+c%*>AgJh{)Ri@nQv1}W$E>@&Tb{A784Pwrf_
zuS<|M$oHNXOaeBr?)>F{?M1}r^FqkE%Kv&QNyMfkjXb-Fawg25oj#*^9RK^`=6PCh
zdg*rJ9b%Lbj6u7WDt{J}-W#mn$M;9=|CzYKa-#=>0fheQJ|O)2FXbP9t;b;M({6EU
zg`1x3;#qR==j+m~<M}Y)9F<c-b$~SU-_ImGECR6<t^m6020C)%H%GNdBV&e}k9Hz^
zn@{Vx$lMbPi;g1g9~=XX=CfqwSGd28|26SLjQK}0z)sWX<eF<n8WmLUZUAD?AQ~U>
z>hQV+=#RxmA^zVb=;^MY(#XXG>gG-gyu8ALx!l|tyoe#KB6q*5{1L+YCX3_S_NNnP
z&3AGrZN%XYnf>Wal+@AY%XHw5#*Dsmp~JG#t@8)NH<@8~*yzA*LBR@Cw{LIzw@7^x
ze9wiarG}a+Y+>}C45qHXEZGh0CGbTe7CLexKC)<g${-(vDFt+_CWHoRqD>)i#Pv!F
z`Rf?cko69ZLKD)^1mY@+;~<z#KT1mO`}$0>AQ*-dc!{iA=Cq_g+=>j15!ECe(x-;n
zn6$RqTc(@{_#i9X&?9dcL^L&L>~}!hgs6+GKrXcu`GN?twY62{hSq_7o4z4waBfJ-
zW6M~$<MzT6Ra~OWf4+(bh8Xzn^hYR*R|3B`)4%YH83_9sY?$<bP)25EbMNFBJpm>K
zx^37@5?Bv#X{7*Oh(scRU%fGixIL|M<GOQ!2ngx(xxI)Wtg1kX%N)2(DHqO2tOQa5
zPGM^c4uVbJiz)TZ0?-d!4r=P?=ve((rSwVIV;ydB5$F{HYiIIxI_~ji0?vY7C1!F&
z=ScBgVsLQqe6s%uV8w8uF}^!H+y(m!5Y{;0r#nD_5j7JEko_9)0~<d-aTm~QJfJo5
z6$kjSozZ4vzFt-BMwq?m?vU}!<soeS6h!$AxY?=nLD+dtQ5b&+iv8$sne^q(&M9dP
XeqJaGE|?4W93(IE_(8rDJn;VjgLLig

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 6c82e08937..17ab0d9a6c 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1405,7 +1405,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <tbody>
 <tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
 <li>Display/DisablePerProcessDpiForApps</li>
 <li>Display/EnablePerProcessDpi</li>
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index d4124e950a..229109756e 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -65,9 +65,9 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.
+Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.
 
-This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. In next major update, the MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
 The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that:
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index d05d2cedb0..1a7ca48cee 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -237,7 +237,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
+Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
 
 After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
 
@@ -282,7 +282,7 @@ After the max delay is reached, the download will resume using HTTP, either down
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
+Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
 
 After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers.
 
@@ -447,7 +447,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
+Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
 
 When set, the Group ID will be assigned automatically from the selected source.
 
@@ -1050,7 +1050,7 @@ The default value is 20.
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
 
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
@@ -1106,7 +1106,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
 
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
@@ -1151,7 +1151,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Set this policy to restrict peer selection via selected option. 
+Added in Windows 10, version 1803. Set this policy to restrict peer selection via selected option. 
 Options available are: 1=Subnet mask (more options will be added in a future release).
 
 Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
@@ -1203,7 +1203,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
  
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
@@ -1256,7 +1256,7 @@ This policy allows an IT Admin to define the following:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
  
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 6606c038b3..933c3fa2e8 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -81,7 +81,7 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
 
 <!--/Description-->
 <!--/Policy-->
@@ -125,7 +125,7 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
+Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
 
 <!--/Description-->
 <!--/Policy-->
@@ -169,7 +169,7 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart.
+Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
 
 <!--/Description-->
 <!--/Policy-->
@@ -213,7 +213,7 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Enable/disable kiosk browser's home button.
+Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 
 <!--/Description-->
 <!--/Policy-->
@@ -257,7 +257,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back).
+Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
 
 <!--/Description-->
 <!--/Policy-->
@@ -301,7 +301,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  
+Added in Windows 10, version 1803. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  
 
 The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
 
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 616c8eb992..3081faa8a5 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -154,7 +154,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow..
+Added in Windows 10, version 1803. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow..
 
 <!--/Description-->
 <!--SupportedValues-->
@@ -585,7 +585,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Don't search the web or display web results in Search.
+Added in Windows 10, version 1803. Don't search the web or display web results in Search.
 
 This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
 If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index fa48adfe0d..dd8bc02aab 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -408,7 +408,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Configures the use of passwords for Windows features.
+Added in Windows 10, version 1803. Configures the use of passwords for Windows features.
 
 > [!Note]
 > This policy is only supported in Windows 10 S.
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index f45d4b3ddc..c0cc5dd7cf 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -853,7 +853,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
+Added in Windows 10, version 1803. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
 
 <!--/Description-->
 <!--SupportedValues-->
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 7071a57f68..97ddbf6bd4 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -80,7 +80,7 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
@@ -123,7 +123,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
@@ -166,7 +166,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
@@ -209,7 +209,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
@@ -252,7 +252,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
@@ -295,7 +295,7 @@ Added in Windows 10, next major update. This setting determines whether the serv
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
+Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
 <!--/Policy-->
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index e55edde857..88a19a26c4 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -65,7 +65,7 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
+Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
 
 <!--/Description-->
 <!--/Policy-->
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index ef51165474..18075100b2 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -627,7 +627,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. 
+Added in Windows 10, version 1803. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. 
 
 The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. 
 But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard. 
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 47a34b96dd..d8a6cbbf3c 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -821,7 +821,7 @@ The following list shows the supported values:
 
 <!--/SupportedSKUs-->
 <!--Description-->
-Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
 
 <!--/Description-->
 <!--/Policy-->
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 65c25b116e..56be2210b2 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -832,7 +832,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
+Added in Windows 10, version 1803. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
 
 <!--/Description-->
 <!--SupportedValues-->
@@ -882,7 +882,7 @@ Valid values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
+Added in Windows 10, version 1803. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
 
 <!--/Description-->
 <!--SupportedValues-->
@@ -932,7 +932,7 @@ Valid values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
+Added in Windows 10, version 1803. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
 
 <!--/Description-->
 <!--SupportedValues-->
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 5f2c4def03..27677b6c69 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -49,16 +49,16 @@ Supported operation is Exec.
 Added in Windows 10, version 1709.  Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
 
 <a href="" id="automaticredeployment"></a>**AutomaticRedeployment**  
-Added in Windows 10, next major update. Node for the Automatic Redeployment operation.
+Added in Windows 10, version 1803. Node for the Automatic Redeployment operation.
 
 <a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment**  
-Added in Windows 10, next major update. Exec on this node triggers Automatic Redeployment operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
+Added in Windows 10, version 1803. Exec on this node triggers Automatic Redeployment operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
 
 <a href="" id="lasterror"></a>**AutomaticRedeployment/LastError**  
-Added in Windows 10, next major update. Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
+Added in Windows 10, version 1803. Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
 
 <a href="" id="status"></a>**AutomaticRedeployment/Status**  
-Added in Windows 10, next major update. Status value indicating current state of an Automatic Redeployment operation. 
+Added in Windows 10, version 1803. Status value indicating current state of an Automatic Redeployment operation. 
 
 Supported values:  
 
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index 7d411543b5..215cc85669 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, next major update.
+The XML below is the DDF for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index 0b6de467ab..d2a2fc6fef 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -15,7 +15,7 @@ ms.date: 02/01/2018
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, next major update.
+The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1803.
 
 The following diagram shows the UEFI CSP in tree format.
 
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 01af9b2577..5e471e50ba 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -76,7 +76,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="failedupdates-failed-update-guid-revisionnumber"></a>**FailedUpdates/*Failed Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in the Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 
@@ -91,7 +91,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="installedupdates-installed-update-guid-revisionnumber"></a>**InstalledUpdates/*Installed Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 
@@ -135,7 +135,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="pendingrebootupdates-pending-reboot-update-guid-revisionnumber"></a>**PendingRebootUpdates/*Pending Reboot Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 

From 16760cda84bff00f447ace196ddd4c0ea254a6df Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Mon, 26 Feb 2018 22:10:49 +0000
Subject: [PATCH 037/119] Merged PR 6025: Fix broken link

---
 .../configure-windows-diagnostic-data-in-your-organization.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
index 6a85eb7c57..9529995ecb 100644
--- a/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/configuration/configure-windows-diagnostic-data-in-your-organization.md
@@ -278,7 +278,7 @@ Windows Analytics Device Health reports are powered by diagnostic data not inclu
 
 In Windows 10, version 1709, we introduce the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
 
-- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/eventname) topic.
+- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
 
 - **Some crash dump types.** All crash dump types, except for heap and full dumps.
 

From d7d58fde4318847339211dff37a4a6e2efa5167d Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 26 Feb 2018 22:35:35 +0000
Subject: [PATCH 038/119] Merged PR 6028: Update CSP - added new settings

---
 .../mdm/images/provisioning-csp-update.png    |  Bin 29242 -> 35583 bytes
 ...ew-in-windows-mdm-enrollment-management.md |   10 +
 windows/client-management/mdm/update-csp.md   |   40 +-
 .../client-management/mdm/update-ddf-file.md  | 1133 +++++++++--------
 4 files changed, 673 insertions(+), 510 deletions(-)

diff --git a/windows/client-management/mdm/images/provisioning-csp-update.png b/windows/client-management/mdm/images/provisioning-csp-update.png
index d98b7fcea15edef9a182955137855564d588f107..e88466a1138353c125d9ab5a122c4116491e6580 100644
GIT binary patch
literal 35583
zcmcG02Q-{fxAsVrkPtyc7=#2Ni0DR%5+!<X(R=TslZI#`qIW^`&JaCH^xnJZZ4kZl
zpGo=d_uX~>b-(+s`)4gH$~)&h=e&FGv!7=_`}LER7QKaa9}5D3+!7ZPmWMztX+t2F
zQP(el-|X&6KLY<@*vpFwLh`yuSHKTfj0L0wAdtdf>{H#V;O84QVrupf2u=g~3!~XO
z!vF&D4-*#_P;}N>uO7FDHor;F<ZlS}jBEBp^@L8lQV!ty%Zj#Cj*SlH8Hw4m_8W<5
ziCZCt?Ifg33(YjgI)}cSl}Y744iuKJ(h<PB{WydGw+rLC0L2Tz+3yrrU+W05a#7sE
zdWYf6UQCxw$CADJBaXW)t8FttyG2PYT20Nd?T8t>409DsPUkHY0|K!qpn^bNOJzYf
zCo9Xoe&yuiWt7hiQu_P=UxCdwC9gxP#_b@l;vEDct9l1TTgB;UwQaC|m>>gRCmo~P
z9ys?c-8{kWqhKQS6r9N52<G#0M~SU>jI58B4NhKxyuPG2z7>0vT_3=N%WK+so_chO
z`k^mMPwu(3Fn@epQIQJ<rlo{gSy;sJ^6#DdIpvfm7_^&{pBY$e7Y`09IeKA0k~oFo
zRW@4_<5XVeQd_C<r?WkCf**4zFd$gIMROcGDr#(SD!r>m-y=iMrLI9<CsV9{EiHvt
zz>AR9)tO2g!}OK8^<8P53cEV*I}HzaG0Utbx2-uK5Q0ml&H0R)hv_N&WsAE_qrBR+
z{QMLbZpJngD<8E!F|V&Mkorty(A+fDF_Mm0n<Iz5B6y^gW}YR>hD&ua%5K;EWEa1Z
z&@%z{vt{IPB`E0D1>!Q~`MJyUjxl}Y%K-jj=BJv8B*c4H7cKAkQX)&jOHua%pZ3KL
zhLbMM#&b!TYPEK-TWcK33|c=qX%cNHaK8efy^H%nO`~IS$YP4qZtzQLGRb!d%xUA&
z-f(t7ZJl>|NaNt0t{+ypF=aL-l1%-0uo~O>QEY9mOe-!3WIh2iPb=2LZT^KhyY;;z
zEoRoBfp_~Ny(Qk~*PiXhJ&DT`&vji$`<Uz$Yfr^e0mZM}zWaf#)^AG2;{DF$3Z^qb
zxw<F2J_HJy`WI|`_ZN*Z$+P2$70O5<5WDWndQw!%>|kEB@;YOmx>W7N>#pQ0@g`nf
z?BSVrlXhDtJ`%T{UF+u$=?%9?ZrkHl@4%ybvod$Hl)=z7TdDVRVH@fLG;!=g7U=^_
z53AvFX#X6{w^Y5@<z1tD62ri*(`O&H7gdf46XAO)Op@#-cgXtITHfOf8Ipd#uUkM8
zr0}vgTW7pC;K@KLeXLvCu6}%;ILu!$TgkB<1441YV`F7>JUEk{o5{m_Ll6r}rHGeX
zk-B;_|B9J-S&Cs@AiM;d>P@C+GRDI(xh9e-FNUDA;Z&#^>=J|^02A1{=g#uZkVV3M
z4MnYi7#S0BjiXWX=BJukuqKg=8y(sF<Vs@5l+qrs3MW$M5^g!UKO4hgJ;mc-7R(lF
z9+GgKkka6GE>4OwBeN&BAR%=$)g&UJTJgecWrh6Hg070Z*sAaicwn$BQPjjxMc+DY
zSwnA|++&%w&N)+e)<D(x0Je&X1qkG$8=0!McK!gL#D$A!CnB?5K!#x`7~bM+`EEGt
z&FcLT=CEWHH7k-?#WP_X#3-}rd!KKt>wc={q6^Z|8PcMtuNU*y5fKps449DD6I5O*
zU86e+`8Tc0sCS+FriB(C9g#k$rN@LM*@(gNa&qD_5bE}>PZndCf?HRvWAb~L>*`L`
zP6GG5J}|v}c-+=eNnUFpwU&BTWpn7~m&tq=0fBrM9F_ZdH0r0~<7FYWks6QU{JFg1
z7iw;9zIqopg1`sV*P0qWm(nKk=NpQRS#lY+hK4UDK@6qE34vZEAt51ROn|8${RC!K
zyy)8Jo^bSYrcP!$CMv7Y40r;q57fhIx<(VmLQQ(qP6cbc)Dm-il0d$B(r&qVHs9<<
zUfOm-wk6}Q;+x3lU?yXDN-*tn86s<P2enK^>aw-1qKBc_NxbRhzF4Ro@3r?WY^?j%
zY$CyuQJVEsRe4QKo)smC0-=hq#Rz=u>AP_Elg77Wm=MS^>j)kM^6eTh49JL%C<vA$
zsOunNzWa}ec?*680x75in*d?|r;Ag^z!Dc$k)y3ETdTq^&M14`3r?tx+?2JaF1*LO
zZ_Me>YH3!T4(4i<4M0JBtpB9bT<NqaEjcKyC^}8%V!PBc1jQsnp5J@nwKM18b(F$;
zv5<do9<DSs&9gJpFspU8-GZ3uCs%By2Ue%(gb#sWeXwi}P%%OTLtAIa^XO#J;pnr1
zTci9Z{viyAtn9Dw>J9>~b?`+s+i<7_o<wUQOJZ(bUe*aVc!&>*=74EjI6L^VeGi2f
z&3#MxkLXICr|G%b?^Q(Y)aTiVWoPF)QQHb^f*=*DqN2i|?QslFfShRF;lE+_mC<Ia
zSB<B~AJa*Nb|)md8ah|9r8_ZIF0CCbVcw6lNSGbjD!&{Y7?e0QGV*hi6U41V%*GsE
z<?LO%nGqJ4(Ml<d%fSqne-2Eag6wv2X;fwIXjQgt55k(%Wxsw{J4*ux0x4g5lRaz%
zHmx_Nvogj9KEZBhY-Qk}Q=wJML{*w%HZF=u)UZuFiAWCDW}GEjedM~Nt1C0zw!!(+
z#4$PfPrPi55y`R00i%z0AOtmE`d?<TFTJG1rkxmaJ>A?Bnqt2r>}sFC1bcURRd#p>
zEH?|u{3qNz<>IZeH_2v;bz+MhV^)l}7C_PyA;#pNEp%q(@y-b=+m9BPKV7%W8qE6b
z(c53)lBFqMggiK0=T;vLBGjQwV}2DRLugk@meF=%oick##n@$mT}EZPf?ZRBOi8aU
z5brl{PVmY96{PswyR$ZnpZlH@5eZqlXhUzpJM&>}j;Uq~dmjx%H`hWcpj5Zqcw^0n
z61+Fnu7bnF<IqKv_zMUB*oiz6zWb0yKW{%-IegMigKhWW{ei?xVUe3_=J}TIVknPY
zDoH%2@E}R5yE9G;tbs>HNCNN;a1cb*S;F9*v5@IvEQl=U_C5!9n~~_b2qxq?o*bOu
z=K&N(c3wjT{M`@rwXkptoWr%e=LbUsGDR<P?t9+{mNIyD74mxa_Gs_YY<TpXzNi-G
z>3d*_i#ro<L~-KBSh#q*vcR2_M&JY!)oxCDS@2};<NcNZJ&Y1yjzg&F=~L%v?Q@fE
zucNhUFT?Nyj&AqEg0CvIJVpB8Kp)(~;;#j^f_D7kq9VJ!u^d&15)IuTPvJ=lOYqt1
zY5Pg7><O2yyW~W6KxA!&<66Y;oJM{<N<-S+Lt|uX9Ut3_90Ez|{~!7Lzgs-;!)
z%uVeaF}me`h8X?CqJ?+xYT^huc$Um1NRo_>=sS%vD=@JXecx%G<I}Fsx!q9b#$yfA
zR5v^)jR||(rQl#_^kG%orak6szPC`qb8;^-zB7TTbG^veqwk-azZ=``pN1X28lbrX
z=@BYOF>rK5?z=1?gFW>+dsAzVe1j9>qwdcIi(P)cS%<J2q#dBWOFuLqx&1NHHzAHk
zL;vax2=6u6Q0<}JCnf!ao&A<+t*_3~9_kPXZ=EA-s>0D6?B|fft4{-T2W#Pz%DS)>
zXJ4tM!x6li5JHHn-x@sbuxe}!reylz`0NOylE;_Xu+(je3|?gry4#JIWx10WcH9Ah
zR0Q|KUukKPL17kBjX_j_&v>Uf#7iPPM+z7CV!K+$w%iUjGG%ZeN$s4L&HS&bPdAn&
zhMr8&ro0P~#~l~h7)UoSOmUGYM;%tqS$A}Lr0{V;UNg>>KxxvOop3CXMl;ulqoQ}x
z&utn4J}ykOEPr#TX4I}2`VJp?xc-qgnk4ha@T#|bg%%s$qX&;;f%|50Ov>B{H%zTP
zt1l0UUR;mzys-jpYD(H%U3y8JRTYu+s<tVt>RHtp>ge%aD+a_NdUn)y_mn}m+4w+n
zilcnMNIEe7e6+4PM~#!$E<!~@WaVbNnVE_|i{10F2h&2#{Z~XnrnZA$df%f_j~g{o
zikPIUTwd6J%wDWN%Sqxui|dWOT#!AYChuc5@hxq;eujoR&204nIBuSOFP_Vrv#&=$
zTbDBx7*35y_tXcc!$WIm=#aV9CgFE)!25Al9IHl{7#gs~`~*`*%<#fP+dBC;koxtU
zB=8KHfdr3;lFzQ`*R6CE@Dde4cq6+6_Di7!Id^f|b+p7?2<K6=)LmcB&1jqz4=B}>
zkd;Uga)mNw!UG%i8LK)%4#RV$$IA2@aMpEG$K<l-9&v{71gIphv9N&@O<FoQ+ZQ-T
z`%lMa>e`KaJ8C6#&j$5!BKmNUI?YMpL*ceq49YGOh?h&A2EMKB(*=pwplw2Op=rYi
z@sLR?W#eh>D(=(Wa$;K*2*mYGKfG$cb5PsM;z_!^{<y@$l7I=Z<K+0PPzPEgQLhJt
z&flL!k7&l_t8O~xdM6Q$`t9FWj#DQoR=HEtv3m`lJF}NF6vm2LzQtFf-%%$nG}sp?
zaB%h=z!C;VfBQ?2-An1~UqK*9<~HlB_bZGP*18lRh9No3Bh<2t?=kj3O>az&@OYC<
zs_xLL^xBV;CxH(blqk#CVE09l)X!ETKTdsiIubaG_P=kh%75RoPxg!+>rN%%jiVg6
zo};6ZhaCi>*<=dCQa{(^y0JB=M|f;%L#xty!g*wi16gLy8{gWPtZZ&ZsM^~G)FCv3
zRc8adYks@M8l1r0!*FpjSmP*&3tph_v{N~kuN_^T%EthCo$wmEFzp2V)XimC++3d8
zrG>tM|NIp7{x}0{+f{g2PJX_OWKcElb{TN$<5+Dk9*TjMM80dUr`|yc^{{FHOxh}>
z0%)v0CPjR+*xqE#Z*_Tr|CJ&+F66m&9pakP=2U!CmY<7Sj(X#j$-Yh6ZgJ15gPGjg
z3)q%+HqXVD^`UiewQCXF-Oe@6x&Z?nh463hY$L7n{BNkIs<XnO=dUKnx3rPkq^Be`
z1qI)xZLhqpc?WH8s%d>>>(%Hr$OnOx;J}}dfV3#dqd<T38#vz9!3Ebq%49;0Qe_8_
z^ZAKRbI}`+PK{y0B5r}?s)ui+&;mr$*ZXw{!^_~XE5ZFQh7iF;0cclRQsS_GiZ*gj
zQ991n`Q5|t(RQ#fC7El_{k|a#Q?lU`BO_7O@CAqU`SZ|P7enV0#N}XhFXMNd;qgKm
z=+Fyx2_Rh38;>r-B7!zXx2CGykgaXjh_f?=6Y?S>@mXi|8D%pcJ}R-QhCz#-okJ^v
z<Kl3=b*z~mb{NIRaOcjVQ?oWd$BwtF9s~=$;>m)!wzjtP!4PA<CsW#r)Vy5)v%1a9
za_vn(2#CSTxviR!NMt`g&EXv?(`TC=$1+}D;cC3R5bvvC8i?_&zVLv}z#5&-*M{97
zpz&!IW5GUc>`l~_u(hP`^E*_)<xf*y@;--rzXGoB8k1urHK&2?TXKT1xp#a9qMWkJ
z6lF6P$1}4?+>VaXcQTpLG0JOYcer?L-QGRvvM8o|n5tY(PA)V4j^HBh&P9fN_wDD*
zV9QgA|F|TNPNzq7v0F`zvuMYU@X11<BYy{xdW!Fdo87TaR9}qDVzLvHW~3-p+(htA
zzvj@G?Ir8EY<!~{-12wzf%xA5+YpbOYgAnKZje#6*KRtrx8fj@iGS%IR~j@?NMw*}
zmeYEC<GvL^W>cE7f9DrR4w`vzx_Dl?gLUiIXZ4ZlNTceU8-seDQW7oll8y3lQzzeS
z<fZ9xan|p$IIEH=<IBl2cT>{8f4Lu_=2>F(<<8rByuv1_k3pm9kz)EQm#up2>mMBD
zW9BzX$a1-K$k7zm(-t+DJfNlboeK9Iur!_B)@c77EF>^!>A<tSiMYuA%0G_DRL$vt
z>^$Xf@ZwbCGVOF7P44{Bge4i)?v(pk=h9hf_=)fQLo&&&DJz|tj5OQ34Z3nFa?oo0
zTCeuE&-&blPMTUGP0{y1e$Z=a^TNnld~Mj-kC++N5^uEdL-w735ikiRt!nmcvX`$f
zy#-!_iEp<)5^|b8xr9hK9*Nm|_FdI+CI8j}oYkq_?0h0#Il);hwk>5;8z!OJ>>y+S
zP4Ti;301hA8MIubWq_My)b^TW*Mh8X(A<R6vO_>`BkaQAqa3fvfq-xVs|91e7@67A
z7L?0eOEFQ+xjb(e<SH<okJ!T(1JO?=G8JVsinV-NZm3I*3WSNxTjX`_&47E7!3^@3
zl4Cx1P-eSO_WFK44v9D6D>zYPW}ADI75(hTHQrcXhrRpvrAh4Xb@u3%kj;OSEcc1L
zOA7AAzP-^RVQ+80>UV{fVg&ELTy7BZWRA3Hwn>8ZBBnj8vz>%|+v#13p2j`FNM9wc
zKsBqpODT;g+Vx}xnNX3zB;&b{Q{g!gRcVq4*22>5&|V+2n;liGqfccI7bB<5ruetA
zNjR)Bny)9l))6&n1nv*=sG-K;mw_(Yk60sUx^#?&jgCs}9L0*g<3@${n#{WxR*iAH
z*EW4Z;xp`4u2thR*a;X#Q<I91fxU}!rL7s0xL<tNTIaZy|I)gjWp26G-5o3EIqQvW
zjm|%*%AdQvKU}I+y`qY*jooXc#b9>4uMI&Q7MHR=P7n9>-3<@g^l_HDcyf!bS#jy$
zDaCwhbd#8>l!$`oJB;)L)LCU6j8zj~DCipgP5JQDpwSOi-MUbHi!n&4pXD0$2}gQs
zyEPvShetjB#}f22K%ORzF{h8RX%b;SKd_xSKD3iBjR?QhZXa8J>+3l2>29vKx69s5
z3<7-A^;n8DF6L3Ser+1P8o`Mwp0dXiuPaHmtTPL@`T@{h#kfREJ%YzBAZZ_JY`*TX
z$IRTc)=1s<Yp6<MVwm$z@N`x>W>SHU=m_b>8J*X0ltoN6&BYO5?^eq(XrGPX#poFt
z8Uk8wnD5w+jpWYkQZz0(pZsXEHvE0xYv^aSq2XbWR@#C5@d>40xRZ!BC$H!Bcr5fJ
zI~n4E2@^D*sBp}N8=-_9ch^IRKoaN3C37*%agmRE5umiJs0H<Oy=a{d9HfiPd-ZCr
z8!A-(4e`-CJUkqrJdpLpclNA^Z;@^|U*srlD0X#9GBGgZ=I3WOUrG|z5q<sS)z@>H
zEz%m!MyDi57}$}IS5enxtqQ1~-%VTE@L&3Q!DlD6e)%~V6r%Qn>k2K$2p$DCk1u2a
zz<h%@OSh9I(4+h$y%Yw({>Q5cLa*%r-Y@!Q|7R4w8XE~7-`aCj#Te#mJ8*Ut6<FJe
z^Z3rzn$_M?R#uMq%$X5<s|^Q!rA06uMSH=jn){3!9z{S&(~MwZWX!_FeF;c|Uw<2-
z)ayc?QxLRTPC;Evt*oRyoMp|>Gc8DotwU_Q24la5PTqt&VE$UhvQa?_3_ZD1E0m8j
zPH<dh=6>;8XaFH<83(<H*&77ipPlaydMdvv)6cc5)f%-VT;v?-g`$VFvlPvY`;)2z
zd}cW>t%)<<7T;Dv+ue!O5p_auM@uo(se3qm3A>0|LLKJ6WzM~u;|Kk`gudteFajJd
zeH`+1{m7BtDnonNBK_Z?&70pub7?co_z*p4FAwQ`W4hNQZ{aJ|hvWCDJS4^@S1Y6T
zLQy&NStSc+lB<N9TGnIP<8h`qlIYP1#8@8byaNMimdU*Y!CK0YFoiPcpXGS*ZwEQ!
zcx|6A5c%enhA!d0I`_iyG?J>b6jm2tApY|HNp_~@<E|EBQ(yNRD`s0}*QP%8fxH`f
z{~vkxyVZp)g%;M*6fPde!Xjyd<q`!aia)bX7<GHW;~U@R<$2*%WHb{fm#=g-DXVCv
z;nqtxcn6gR?OSs$oPO&=Sc32Ul6?ZDB28yK+nHt9Y$GPZR-IU)kUd%Y7CMOmtY&6$
z@`BIxJeVl&BC|8DylPjQpUX_DE_yEabl#uNA7t6`I`4#h{0-#S@8xzUd&ek-aowpc
z8Wb->MLC#Vn7I9Z*vI0czjJE;XM`p>dH<SIqc2^Rz5=Vb48O8W6JMhL)-*LQIsekN
zuAdQ6x}7CL%rMtSpFgI?mE<q^O@2S}-_ufwe0BSG$~<=8ejF~z>xlV#!n>h3W4)jJ
z6TiXb?~OURtx9B<fZ4r$KiILUKp5g#bnS;5holbEqZj$YR!$QL%E#$eu;07JzjE3Q
zqi$A7Qd&;0d!UE;XF4N=s(+RM&VA+IR_fVD5Bt>hcf$YW6_lt$@x5gbwNr1qY#wTi
z^x^?a<yX_xjOT`Naq&v~e*!Q$^S8tNS1jAVpzePZG5&>;v&E12tdar4fqcANkkUCe
zHa0suJHP8ZsPBM!x*~N-!UqZ&O+h4UYip}J0D)nSFze~-&#iJ4r#H)N92pFwj}+~^
z2i2|ZLNYa8vnt_R3fR~?tM4!%%UmOJg%uU*Cso@gGM+~rzPK7YY%3m(=}!+=G(b*S
z7^aeV8}b~t4)F=ZuI?uOGl1K3xng!XKw3V#+jwIOmuQa*1G0;SqOI+rP5Xi7`_ha)
z`F`j&M0FUu6W@Wj-h}7KNC)pIHSsI~Xuk~@mDT=BkmVZySTqH#VM?EM#UR`gCwKNv
zb}lRHnwf>4?6p~C7sNYMHAowS0DLL{hb%vm9=Fxk*S9#`wZ|kYT%7F)`IK#L`moB9
z$|)IZeS~?c6geeqXWgt#>gqnblXX1upHTaHDj@@52ZG^XbcK{0W_Pfm`3n{kr>{E$
zY86l~4Kd#1;zr&&%~CsS!I*g-_WuAz@Y54pd4gF6{K2&$gKX3B*6^}m9LB8Qz?;@J
zmV_7@g)@%0HrNLX3=)_g><)jXxH6V>+V$hP>Xeoi@suZEIgaPSge136oWR5C5f@t*
zXUE?^XIn0Ywi(Bt2_PQAUV2Lo4_Nu*HCT3Y2+Vxzc%?&BJ)xqx11AU%CouHQ(tU>$
zib)ESXp{Zoz=r9>2=-r3FDvagGUkEdAf|7_QDP!8@vBwP215m2JIQ-e&OX)yrMY)!
z7_5istY<p2K67iow=2{2b*;x3Hx?(!a`OKkZ7J7@^TJ(z(9ho$u)-CRa??3D?hfnq
zd;G}getiA-volUxxmK|dlc9-5gt`=yyir8;FKCUAX_5HIGGjaA7qTv%M3IhhbMfZ=
zn$X<tFf_eOs)lDbl?}Tr^lOHDz<W<K+x2^mbiw1y%l!eYdIhd5>-YBilN!P>Xhv;W
zj#{lavilvtxp_Ph*uw~U&SW!&u(zK+-8duxREjivaY|W+nU3gAfQx#`aJZK5))%eA
zX9~wp>^=?a7OX+HNz$C6p8XKUq`9ROfXdQ`Pk3!}NJvPmhF%7gg!DKX6VaGA=c;{;
ze>ft?_1L+eQ^C|kv~c}D!R7NY<`pGlSKrplIBTLrQLKvPT7g(8hUVj3n!L!S={3k}
zt(g+&RpV}%>StAxF&`udrV+}zTlK;Akmtd+lL&fxdYY`1p;xbx!|D(+>t4$a>kqL-
zf&J!<%l-5<kDNZ)P0S%KfAaVp^dRxLbE2MY&lI@N6%;L(o9F6!NG+1u@RRT9;>fg@
zhoOjvGz3z83HFkmot^O&&jBbYCX8KtWP^ozzHq;*H~8T`MiP@w^9Sq2{Di!CcaRoy
z7S-Y%T*UVhH5%7pD?yftMtXHDE!P3dj2NVANauHUn*Ra{3{zYsNY$gGH%kepXIj6Y
z@*l=78(Ao!!nke83F#3n(7yzdEl^*KiH(JEu<&y6YUP~H{Un+_|8Swca1{J?d^RBf
zmd^*Ol;>~$|3c>FLg?mHb>&UzdZv1Bkjb<I>`WVo_S`|gmq>M9KDYr0g|<)Av(p<d
zKmCtrI0K=@MuXi!M0R#IcxE@K&OycDS50D@!1gJq;~t&+X)94nYu57RC){~0{~8Q^
zfI3|7`~qT~2b$~Wzq1W^-Tj19<1MCiP!-+#3Lzi`=(ob48EiXQCdzHG!8g}5<m1ze
zpS{J%Zu%-iZ#(ob94K@eiU@?3qzMYnx)>fdCnm<rcHep)f<~xw@K+idFka73N&q|8
zo;&~8CTIMevNjj>+QJfe`NMbe*>E~KCTm$ZZ_~^CD}r`#`iQnIgY}VWw}XMpS7apt
zHL;unRZ&(3rI*~5d<hU9hf^%*s?--eJ**6Nnc&^So87o0q9g_mHofK<MAWqGnPb$g
zJ*g|I2gbHWu}XE)HeRT0E1bUW>;{>{SUjw2v`^7nH-zx|>UuQU8<|s{FJY==_of>_
zUsFLs*Hm`8%Fg=t#WYIe52aX5J-*PRVKhA&Mz`5$GAx3Gnk+kh@kHfw51>bS)nG$i
zfoGs#J~S~LU&6>09x;tiZAvwRB4!<u42@8!n7V3I!P45Ax)fnwvOR;Yx$9q%eg1o0
z*@IbZYmN-9pF$PNFBrGFeza6k`~BQYI!ox$FuE!wh?%;d^2r7+q(A#4nWKEwtaRzU
z9hYK$V*tC)JoCw@u+bu=yz+jt#Z*KmW9`o9PHW!x7q;b)7igklI!=q=!1(0H7j%La
zt>TmKE`QV*vsXc=VfSn*E)VPMi1$v^?eNV&8==O28Ce>29QM^_nfi8-hREc>S*Rw@
zs;qkViZQ`tOl0)4MT%I4%)Rzudh>;qcPn~RWG-8)NVPrLO9Z!p&Fsgk9cxeVGFi!;
zjP8%ylY0$O!H$dJ1S=0#(#3A3eKYXrRvN?VCJ;A(7AJm9Je|tfi#9cPiO3Kf(N*s@
zD(AD)XfV~sxnpl^6QD@5=%((XRcq($)rUDcc?#?r6a(aOA3evYLp+*a?c8L1b)kS+
zWRorrv+Q)$d|9tDmnxR*GC`n9OW4VnAVyj1BhP%|cO*`|fYN1ixhtjq=6#<ld;4C<
zIDo>%a&-~WL*lRU&ZCgqB?54+O+*zd2S<8>7#it+#v2?PL32ygHH?jM3upIszUF)^
z5%X7;$lR$xLtvy}17fTHi`vu7rQMJK?k2;uATIx^=WAUiDQwr$G}TuvdsiJePGruF
zOf&WQ9k6@c3aD6<Rcf)G$96Wfm}*L$*+~yS!ejij`$ehmnM9fZzreg%M_(W#!>Ikp
z%YG&G?o8vrGb#$p4)v<S6%Nr#6?OXy;kK9}o_k*Sk<&r$$}o`DWRX$*p6zVng&v-c
zlzV(I`#bY3WzAKOltM9oEe3y|v6n4G;vX|=p7|0qyk71fDo_(`QWeeW4-$?ShKsM1
z&$Jl2R5i++Qagtn(B$aflp*=XUbr62P{9w6A86mS@U&gt^6SoCCH@6T?-v#pGP8Rg
zgMy%Hf1*MNoY_PCzVXlgvb%Q=?So~3KE<Lwh-4Ty?l_+9tUPRFO}6jp6VlJ50H?+k
zFQuQ)q!{Ol_e9^z7ZIQ1L0){8$)*Aa%4#nL?Gu1^jrH|Y_FW8@dX&xS9tsD`&b5rx
z#d@78^Kw95T!RTJp!rnk;Mx=0U{5Np$FJa|&Wbtr<*350p{_Ih+zXEmMb72p@LP5U
zHZELe!tp#-c1*6vR-(lp!Bd|D$0MjDgYYkuzF!5~?u!*ooaQPStUH~Yp-DVFo2nfx
z>!)*i2x{&`iRXY+r8`GHtZH$}5IjQT+MuAISPtv1&Q8tfY921$4ILa$xCoDLH%>xv
z8?+S^WM})eRaI|asLOX>`3+jX+MLPEa=F_sXZ;1B04TPhG36!rA2>UL_Z!6m;Pwl=
z{@WJ_Vy=I^>8<DCq3L1w8;WupiZYLb6A+ZD#2?t%p$;b|;*NhN4WKchLk|KCV5xrt
z*c&izFaa<L2bMn&>%W1qI?YxF2kvL*r>~Wwvj0F(+Cu1@f1kuPqs5KkHQl?$rQU;M
zxbXL<Xe|7r1iE<>=g?OKlL$s9b|!qp`sgn-zQ;e{SwJ=a8z<l6FY%Zz4S~%_47Y70
zb?vJ^a>rjoh7YEhAIm9mElX|EXd@bb!)u%Q38^j8bKhytM^{Fr6Zmb8jL8EpK#fto
z*oK^nkTB-4WHPjxBm2z~&zJAnt=#rhDW35eMnbT$@uM5RZ|<$xy!723P<Q#8o=3xO
z7i}@#CsAJ`cJE|Xx5SKH>Mi~8tz?XlWN4VWkct3;2J#o3tJA1jO7^kV=ynNT>025K
zHeSW$(7~}@jVCc{Vp4I>-dy@ZQGI7Ras&?x0=D$+?O10V?Rht4p{vwY0zohQWe4gI
zvXEa)fj;VES(pW?_*;@Xy_Z_Fp6I$T*PoePMP(qe7Lsb$Zaj0&&5EO;7xpf6$_<~C
zj|RdMt-+XgE7pGqg|HDss=%M`bwoMd{f4y|unOWoSbU_n^UnkNhOoN!3-$f;gXT7A
zmdO$YRL&#s7Psc<dISRfym}tP@^W)MY&UjVS8V0OK6v$H{0I4Q9ddL9KxY7-fAcJV
zNgA-Iav-Nr1AN3UM&{qXz#C`G7W~8UZvcX_<M}@p+J<OvZwJgvEo}SFV_}^5djxM4
z$;ra*gXaJ~5K^n7lyqG{PgE35fBctA`)_QR)1bMx?z`(*P2`F?DntJdYx5%zikY^y
z2Oz@KJ}|`aNv)%eBQ*Jvt8N#Qqnz|-FKxaf>}EL8B)z^UEianFk<NumHTV&xy7toH
zL;Kpl-(e|?c@n7AJw&I~X#>k}H@5l4)S><7Nx9oBYNIWWr`mYC`Q*GW#@jyZn?~J<
zQuIi2Pmh*!i7m1P@tA&q^v?sU&zsw+m>FxmIPYFMciq%hE4G<>_LOCbt0)tw2im5N
z^VMMYwI@3q|BV0j5Fa|lk$;RMQIN8qoBJ$xRIbs@n?7{y#lt^-N3_0N&M=BdxG%Jh
ztbq?uV(-w4{jnIth@30qK<pwzChwV>@lBX(_O~8{D_cY4xgN7ov%A-=JHM^yEzDeW
zrT7rm{gc=1N7oPRP%UJ%|0lhinEh+WA`P-V6m9hyQJZi;`{~s`9|*Np1_plpUn#MF
z+iF3CbGAc$jj{*PY`KvF?r;Td3euytAm(+H%2EIZZ@?Gx3z`i4tN_3A+8xLv0SouP
z7GTrS+K9q}f+SB-VuCk7+PF6(kcl?<<uGVuWF&vCWR>ktd-)G282f`OnS51UPpcN*
zFf^FK9u_{84jrtJlJ@D<MSDK*IjVF%BFzv%;p;_?Ff13Ik9om3<8lcW#c7dRUb5L#
z8a#)`kB~G@gIX+_E)Q>}u(aSsX}Ue)8;h#^8>op<w2HewA{Z(Vl6MCCQmu>3#1W4{
zhV&(kqSvr}td%>^=Y#Z%e52v9AM*v3YodQPUA-)YiIOXl<Wh)zZF2-e?`fjqa(g@d
z%`uwNTR*#(l*YDQdxr8-O`EbWDm*KCxMCf`IRguxW@I|j27i~PDpfptuY0^S)SaP(
z=Qbl-iSg&yU>Ii}c+K0nX7>~KA)(0K8!#~o61<YzgCz+4!Fny9vJV&GyrWCwso4dW
zE$`XUn~+)g5;9fSEC>u%^4x>ZS*IqE2dle$nEYX&iKgX1{EAjy&*=OSBE8#baxOy`
z#@F+)8GqdDitzyMBSq}Cfr|{~ZFjj&5lz2~AY7sRdrER&k~xl&2R7s^uu6=mT_YEl
z>t`IXf2}&|-79YAN<P~TI+T@qNecg-XvXL(0-CHx$|gt8KaD7-g!J94s{i?6x+7;K
zgMO=aOE;>sf!9mlIbdSv+<YkX!<{!uw7uEtPC}&qK0Q~_k8oS3IZ--yDu1})iKJ!`
z9V^jF)Jd^@p&frvu+=Bc;{9(1;zLt<t<})nBiKZEe-$?c$Jt|kWRHW09@{OsW#|wx
z+1l3`dNrT>td7?tAxBQdub~Gk$a2&qpw^7w`?h)1){OJ5+3!s~{l}ZXC}Nkwx%DrJ
z$CYl8jTeue-6&dvS7~cceTn4M7kx~se~!SKpV-*?vDWaJ{yvcpeRreTgV_ufnPLCW
zQMdCGO<pH|S{Q56e1zMu_FZ&MB4RZK7uP#ptmN9ITpEF=UGL8g$&LEE(4qe$3<g)_
ziTC43eKb=bJ8qQ={Y)fWzX4J)3heT-l(IzyCe6V<DdnD3ez?UbzX5BQw}4Q75uEjN
zcY*ut$i#c@5?7mi?$ohsH2yCGeX@#_rQly2X|Wm<MB_O)t=nW@bPm32o~InonGh_{
zpSn%ooc9$EJn}izsisF?N1X9~+}Y1V;_QOf#_61EX<HMw#b~pr_wdyPhPEOdLJAFN
zO4;A0h$I$0Ekfi|4$6{Yi4a<o#M7HZ8Hw6!DD}h2y6Bk{*qD8?CLdLg2mT4`KRa_b
z&m%_$q94>FPJ)rTqTQs6SdSUGtUDh%ePJJvkj_OIJz2qB3y56JC_UeyG+%ut{V8t9
zo?>xv{ayr#R3O?Ulrtl(9by^&@~J(sO4djM#;hvGRBCDBX)Im*++4#anYZ)(R=U{N
zmxFEKc`EQg#))8+TQEUvkac<Xjc%$bDb!Xw_a);HYcU5A3cHHI`yRluaEMBr5}>8}
z&Y1E{<bN-Y-)svR>v?D(tf&#Csnw%syi6ncBkD(nqJ*l{U6FLFF2s38iF5~+)<y2P
zZGS$@tPat03FME7Ah|oAeWJ>8l}_I8)v}U=T$mT_2c}O^->R0EEQb(gF2=6(D0`Pk
zp0O-w!=?aX?{I)$WH9tI+Oqjgn-Qr8E7j12;M%eyD(oqlo@~C3#KPc;p|%F?+ev2`
zp1Ts4CxDag;-ge^2&~qZ+m%i^>I&pCN3c$5!k4YHr|;#pjj=iaL<Tv#0=rAkFe+y+
z{V>Wz;O>z~n2Q&M+L<!@MZxo-kInVou@3Q+CJcm;=T4-AA(&LG3(>xNx+jeiuONSJ
zP*MsH%(=rUZ6BZZ@G%`y-~Z)p<VWP&rruJMBqZ`aW~1w#|87@F!wj)uxr|-@Bh0^_
zJ2YaGm8FPl;UJ4icq=sxk3l5sr_H|2+mkQ$5kb8s6;stiMWt+o5av)~f)wJ{OmjUa
zd!1C5N!o=lY{~uLZ6UqP3bu6#T4qB%1-KtPa=+aV=e(z&E3Y<+UYqd9R)5=j^l?<Q
zIU;O69Zt1SYA8WlYrxyIPAjXFqF?lUvw3>xyRpR6MsA%-#zN!lxv&I@o9HS4V6F8^
zy)P9O6(#dkrF|^z)tp~HdH*F@($ZWsJUChZlIi0Y6!a2$r41!_FXhv?Afi_9xDGYn
z$=-zglUDWLVA20c1>0-@7_|uA0jA)$8*|e(dw_P|B}AFnuMOn_7}jJK-dor}2@tQa
zEB=L#in%_3M!gRqyF{paV4Bakc=_Cq->LYN@dJpqescbHmv6SKmix4%C-v|N(8{Fq
zkw9Kg0m0k!)T`qXxC0un6;Yr0A3l*D;xod#0r9|qy<8+(LMZO@0vYVk6{%yAEx!*h
z<~#X4v-xNM#rOug1|%T7%Fsn6Gd?Q5NPq(w&R_6CUc&*!2sSL-PXVp9iwP6=L`z%;
zS<*S!*$0fTL3%u1mCb#jCz>YqsEa|IB>ZO8k41|AYFgoaTR1EW2Z^WKpgge30?1K5
z>2b93BGJ$}eXOWNT~ZWv&pOs{<ftI!FtEvtFd`Vz!xC3I*Voqv)F*}1vqqmr5mM|o
zvytw}o+Hc>Ww}cx3k~CC*4cjraP}<yzhGv4=fh&$7>j$#=10N{$T_B9)K}*t`oFY0
zC$o~<%ujs4?MkweTac71B<9_c99}yxToe&`XVypWse5)FUx$%zq?pWxi$!(A`z&@=
zJg>^b!A6d-E2x9jTC_Lzo@HN)0=MM-=h#Gql@A15>|I=zTQluLf0MpIhj!ljNVgd=
z@8xmOo<4O!Vt&_(Isz($Y_ap2ihSGaj{nfAaz(xVv&}f4oUE>n5##MZt&QwF7nlfD
zBy_c2V%cV=*HxU@xb2oHUoGeEVdIk0-falPffzM{0rTnVnG$-L4|FIB3j(uESSdG{
zvhEI+ty3N!z;n0nPUXZ<9b9|j)DIg7<y4O@u}z!!xCm;nNs&K|kW|*npp+(&id#kG
z7s6nnFCKa5SY@Fnnwv)CqSdaoKF(a-ASD_r+bm%d@t&m5-5H2gtKV<7neJ5D-5-%-
zQsny(@X%s>c8vLhlGP~la!&whR;eqCDA|7KkS=~oxHw5V*}4xac@5CSyZZIRQH?SV
zth%C7_k0R(PCKt<U4!pR6NuCL?>F_W^{B6UbBFP<#LYY23v(7d^LY$qC$mhQDX}#R
z(L`E^dM01~GlunLvBH#zpVO3W!h~VgiuOQl1>LL^A^{oof!e)>w^_ngm<vr0a%=qg
zw^PgFA4AiEhAJ}VZPO+{F4kLLhP);NlE<q@r&4yjek*(KzS9peA-qkFFz!>07HoY{
zPi!v8F4^!pEl{2Usb$>EnOU8}O_+c8f~w;oaI4={qY=67&eOq$#9I|KEmgm&_CRy5
z9ch)(eFKuDq9f`Z^_D*uVQ{h~+7|>$60Sx2TV))Pe<Y^*jX=@_<UBo@yn0%tMrM8O
zRXn@%KUZ+6)0;uh&|k;3w3@1Vytq)PZs>sec|zm42Sgy>+rHI#ogZ90dvI<ZzQjLk
z72w9WaXL`mimvW;Uxp-+>ogkx)c{C;ttY-RtFWFggtnup@~pF2ijC5*OS4_s-9UBd
z1<26C?h}S}P-+JfUG@KwWbD6Jo$WRuK*s`riva-vt7YHbxJ^{KDDYffeFLF|qUqdm
z1c%i`)M1rtg{v7@9MBD^)r!Y`4F$B%2je7l5<v8KCZ_vr1417V;k0+LkSzL}iHCzs
zIJ{P8osVZNKmno$FvR5KFiO%^>yN(A&{syH4m(ek3S|$`iqh7Q+x+z*`k{$iG+duq
z(cJGXm?uyPp5bq*7C(5P+{m8*;-HqAn%sYo;c*&YOD_hjb6h@tZ2aALfsbyySV0qC
zzes33=ucC}`OGt1wNQ!&rY<0Ifa>HP1cTr%T8U=f48k_3v{^}cxpaN&m_Uoi3fHNh
zJ=M&Y8P2Ikq`L7sJ&h+tKWVGUiZ2NdUh4t5k_bRipsWCBF(9}xQfF0e|J^lpdwPlo
ztwAdfk*nm<{q~qmq2KIGnbKD!-&YN-g%uOawd3bYK;YPc1_!_j?A=4FR=_k&n$4$Q
zo$WPCjejXGG0LHkf;o=2#P{4jhU15HWuQv2@G;}$S=c%Ut<R=!*&&TtLwwp@la-mW
zbiuC5e%UAH|AFCs4RF$c1<=dd2cp^>zx?VF6ZA+*Uc4h?+4Tfmk8XZd3Sv{M{qDul
zlHG1Y)8AJS%h3vYB!JOoCOrHl!~!c*h34}({lGIHGG~e@Y!nogY_@BittJdi12V3M
zbJfeCYY+CuWFPLniR(P8hrOfP5hy=*?QvGRw{QBS^b?HvQ__f-erDvyG5h0!YC$G}
zh2KQ_U**}Ll>~ldB5y74{%ZZD3mWfBXwf8$=5FKJiWq1SU|T?vOsdu>4iJ!wi)jen
zk`xsc>TY%JuVDU8|Hh9`$oTzug4?Br7v^;X(z`7J>YF4fpZ%2soGxvd7>lo!&k%Q-
zOA_0E?2Pzv>`_36>3bh1?eft=2$YD)>&suUS@{wF*~xUr@~8GV#JF5neO=CaXUk`2
z!G)I0SFxkjBmSSlgI4%BvufjRmP&C54>7|E=Lv+#3;d~_UHq3#epBj>a!poaQSTZj
z9#1Sjn&CTKx)s|_|H-%S+Gt^w%kB|<apa)T4N!)lO6}X?$R5jq5<OqO#%0@H&KEUp
z`9eHISfL!QxXCiIFMOv(NW`Tc)d*L*t-zv{9J5UjQ*!CXmpzLJ4I)Dn;J*WNblRUR
z@TnfKbB3|Eba``R%Q~RPUD<5wHC`WiD{_$dfg18T!z7Q0In8d=nBr-*%%qa|Z$cet
z%1q)JJKu`)rsHTR1>`YXcF4^S5+5|)%VK`I)Az|bKrNkRMwIOHvW}>jq18t0G}Nmh
zW^YXFDO-T0z5sp~s-9Rtm(^oU`WEhsSpo@qM@4Np?{U}92_SD4vo!Clj;XtD*sV)1
zrDDp<!JXm~WU4<jd+W*Z(hJnoeHwq(C%7(X4H=7X;_~Y|ub~gZaW2>)mLlv#0e!c|
zIyR)1W60d`O&(3vOH|tp42dUS6v$Y@Og3m%m7|6Hbt&#Yf1=AqY>8abt`{2+H;4>N
zQ1F57Q{!gVmoSrr9I)i*=L??+GSd}85uN14UK%k~rxs|bE8vb-nSXQZ4;H_A9WJYx
zZ%|S8F~)rSkbplZcP@`f07YF7QvFp-+XgkK(lq`he79+dw;#Nu3vJ$msp{g_RF^xX
z7Inv9#0Q_5g&iJ&DAh!L<WCib0kmd2pehRpd8k*jKWi5VbLXScGRmOK!~U|Y0Vqm*
zpQuOb56(zmj48<{RIwZjuJ2%({nm(WOjW~}m0%8L-9T5N&O&9&4wAC@Agb<!9B8e>
z!faEMkE=4oA27c|UtM+<!CCS9MConw1-a$Ck!Rs%^~HK(?O{4qzWM^fpqr+$@v;r*
zId!bEn^|K*A4mzfuK{oK02}0dAf}gDPbb)iC$68U^Z3%F84uRzKVf9_$NYgl9DfCP
z08E*1Gzq(Byw|+sPav|4Xn+pB{@=*Re`wDBjsV!5;o;#yCgXQ+3x1{RrT3<`zeVUG
zp`TRmrMH?*Qqwdn-$ldY_@cS(?d|k%KMovEX{->BX6pA8gT7@q1j%qy*HRkbVKn18
zD_@4m2Uc6|;?{VIueWL<hb2|WZZs_4w7X(7tmPNXzPN#At$GAtWL$gY%l-tEf*+;E
z<T94)7&IK9(GRn}h)){~ej-))aX0g&lt6NO1Txg|-YvX%f340uWL>N7K}#@tDuDH6
zwG`DBwqxYDLb>D_%%G8c#Gly{8L4uwM8<;TM`Cw&$--VzuBLc@pvr~gnZsv$_7ytY
zd%C)^3Tv`t0r4Uhna4L8cDr*E<+3UF>p#N@{}4zqNc{{9x0vCDALL?mfluzhKaQ|d
znmoudg*In-SKqY8yP$U~>Mj#k(Zw8lI<MTrGl4^|<?7M?F3ZW~DXM8&On{#ZxqZ8`
zuC)UD4|xO@7+XgbzZ{EZqi8*n9t6{r4qordAb**0H!Sl)E_ePYIVPy$&IJj%j}~)Q
z^2-<2+b=RFQ$`3(Iwf}*JA1tw*0}$!+E~<UHCVQ|oK{*<BBy8j&BMZ65vni5&fYV4
zwb5#Yaw@Z4a}7^pecjHRe%>u#IvdWR!FzNmTQ*q*x#7b}aO-m{x;~=QOgi6JH@@em
zudM6TANIdO;{X9B1-47UoJ_j%Cb~kB#;8UZ6X4KsHd?M)p4cSH(VC~`rc?CL+`4dn
z03pxWbP6SGDW9CH8}=1aVP(9jlHfNe*eC~74}?O@548AuAuk@aBZDemlKBh=1P?_%
z85AWa!-9pF+`6JJ^HwMB##uXGM;a8(hdy9}S5@yScsXr;I;<6@7JyG84%XT$cRv-4
z<GBhxL@}bpkpGGK8NuUztI7o*4g%9A`Cn&#e#;?w&dv=z`YdQ<PLCzBQ~!4vpDsV|
zi=X593H+?|cSF|ak1j`Ebn`Cl9+e$A^L<==sv>6F>S9h^PLKSoWoPEdsxR)Ps$Hch
zirh;iQd5Yu{WM>aaG9CIy18J&MDJ#U1zG9KYWI|Ji@$<D->Dqe>@PNQ3%OKmwrz*X
z*JDjA8T7@youwq5N=-$*-WS_f7wJ39cvhK#QX`tq2<`Ih&Wbr+{~mhRvE`?~X%0o7
zP*Et(sGQ^1r0N}10ki@3(e>!>#T)J_hyfq!2UN*p^{DN)Y1~5mx|f=-h<;J8H!FI|
z?Pw3*75(C<r~LESdJ+-qIVpz?e}5NEWTd`>?-Ci;#XOb`c{wkbukN3GDkR_@(s*U@
z1;2GMT(KS2uc4dRUOC^ZynfFUH|s-<mSoi_<*3~Gp<66}(T}q$)vFDs#3vc%xjd&=
zF~)*dMQd5V3H*Z_dfYbF8<~A*{Z=<czL4-xhOT#7xt94=IMQ^P5<tCUw2m;QFl8}L
z>}l`YC)+`^JLk`fj&m)}b>HMX2=>P2SmA!rqfW<ow#i9Hi7R5##)7-nu<sYic@<5J
z0JWj1+4?=TM>cVb+*0E5ie}9O;S^>M%&!KeSoS_QH)q57u(wLM5^w6;z|v-yIIo2!
zjDK-atOx%-<rDdr@{#&CDW7N-G=T>syWvK)^rCH+?Gdt`t*(LNa!FYt%?59#f@^aF
zx+8QxIDUg`>UAqOKjy6j^}l7BdPMl@``Zs63-jelvKoqZvsVOEc_bDnhGkl=XKc$k
zNK!C-xo%)6-T{vq68y3Eup3W7Q?UD3Rc}x85?B}U12Nj$;2c~HeJ2k#_wU;t{zWMH
zPZZDprO{c^2<X0bb#<+*Hh?G!w1S0NEzK_EH%@B3dR67LnQ(j)0y)NnvyP06d_C^8
za7+emSI6V}`8A*>P9mBx$yE~W00VMCp^0_gL=?9gjB(?lzP{>M415d&9*BmnBp@x7
z@hk_t%=p3C)fJV-GxF12hM5+0=VbRaNKzR9sjANq2&gCMG#QeVIwqWH0U1WQxA`hQ
z&_zA~2zM`>xKOpw$hhwStpd25?s))`l))v?CP`nQe>NT~Axd|W;}ShjL#2;teZHmf
zTSGSd=T#B%IdVC~;Ey01NquJP&(DPoscv+Hc{;At^Fz<d*`NoUzuT90gLZ#2FKXV;
zq)OI>|4J`UT#R?UfetLI`z9pmgws;A+$JZXh<et!f*~Pclvyi%L1HZw`hB)W{v>dL
z3bK0>s3_-}f(~R(+hRV<nW{Yy_(l69dt#tQ>=HW{0Nh6RcPElUo=4h_A^wWzyyseZ
zCOJl*<_rmYIISOorg%oJ^Ot}7(Lfvdug+TR<`k)enz(DA6nXLtl&%HXGH=xucwTh<
zc&)-h*BgWB9im@<E|vdKSsMBr-x9ydP%CDcVWkfg*c<AJ+Yv*4yOW*G_?4ytF7j|3
z%lJ4lmA?}i+<M8ve{M}DEV<A|S~QW^|An75{)!(7{j2>I-+Ie6Ve#-FjGG-D-bICL
zSK`~b-#G7v9-Af`S946qf1dh;Netwe&hl33>YnhQg=5jozqzflbxt|c#mFW#EI%y^
zk$mDW>_7pKxlLh9;w>JgtnQIp#0A-`I=31aDn(?Zz~|1)A3f&PsQyx`b_>%q@sT4>
zD+dF^U%Cn1y9q?9;8iBSy0fvHL$huR5!&S)Xx$N^7TbQW-7KLGqgJu%L#PWe!Q&~^
z#b0(u;N(uG3XB<xlgrFXNwkCHR60KPAG;4aXSP9(3bX+{nONel#99T}hDj2BKEx}X
zG+2*PA0>UQ+-VW}ghY*oGm~gkqrf%b0OhE+m!@skMiG>)JjfoJ2=DLPUhG}U@7Sha
zfFy~6rdOc;Amc_h$9T{6rkzluGFrbCgv{Kr?i|R0?zP!L#I>O%n5Ku11BWdSpY@xQ
zaX-#Ac7YEznkVQrn|y3iYEKQO2}GIU!+=+4X=y3{eLz5esE=$*s}<?GBl8xz;B(<4
zOP!VEkR0RIwzcLweLDILks1CSvM6FEP!=P%Tl!|T-UJKR*C0GwLc(>Bm@N|(F)o)q
zFA$@${>YTal!M_h@CgHp(~`rg0UAt5k6~PCijJ;sLT%T~cLJ|2N<OM{vS*OpJAj0W
zpaQJwk$tmE=^VCiVpLRCCN6LWny*%(bwG0m2n<iO?oWIaouJIxA6cCCqsyRww4CKf
z&DMa0V%>?w5M!bm+D#lnfY(y|6GbH>6X))DXlnkJ`m7Cv6)0?n*bH<YzJ^i_4Gn>I
zki-l`4S=75UXQk$-LOw14#8U`@DDDE$Na$CQCbsoF1_}A1GQ|_TWCWqtO^_EC=)|r
zufA4!%zypLze&bx6;4Dsn=srJ=y%dh1Vo~>I?alW^@ioIQJEcnCsgOz``A|lUO-xI
z0CEKt`|8et=&8y&c*(^YU~B&8jg0?SRw`&}WNRo_1N2X+<adHti;rm!q|nZgyLa!R
zY4U^{=+={V5fyaY+8_La4Mb&tp#g0qE5Cbc9^ov8&#cd49Ih9t$P6J=Xy}IXyR${F
zB!Q%~sFxS!$>O!Qd)Vs5eY^u23JuOiAJ5tW)sq8wZ9@X+JLkUBb_I0dfkwurrX~O+
zHxr!!VTgSiNhPkb6Cf0vnB(D&?iBL9mh=NXAfTzhizWEUCUrY~-mBtWINv9ReV_p9
zEbup5m{xT4F6eI6*r9mfhxe9%UQDY{@CLd;vl#wLO^r(qiZuFmYM^7Z0ch(tBXIS;
zRo4E}6ym77;dFCl-KkHuAOHIFKUgbK=1#xXu9))}nX+8arReG9Nl_CYQNrC>ax2tE
z?hgf(n`*0`JN<J0=jz_m0G9C_EI0_$e(y~6KLS1PSJ3?bw^I>Xg2r6SBf93Z=8qZF
zXe9fkC)w?2;?DNgOHv0-(=5Z@2Yh;)i5il)pI&~PdoeDUw;xE|XA>JoyZ0nlD=dNt
zho6~QNg){TcN671_-Vsn`zE5sK*~Kgm2K_4=~(7*cCC@t<+MT56+*rG7s#wa>b0^%
zYit)n;tjaEx>IpTw;2r@Jcs^~ZYDv^jhjGpWClFcqZr3VN)bt<9oKC2RzRAjS~LBw
z)@&;h;rfX7PS>7Y+CKK?O+*Lg!f`ggC9J$COM$o-k;S}xCOpSXq$_tv@xG~~L%4f%
zX3ERj5}kX!9ww}%QU;5fZeMSQg*RZB=gTNqYp#KJZFG0Wa{Qga&vn|3Zh(f(SoD#F
zrJmp95?wrWGge@C0!w-BM<Ea*JID_lh9rv$c6U5{_^y{K(4RPdYP!8Q$MrZPvFK-b
zyegok@*0VWHkW7p+VDjOO-hD5Mhq-s8T$9!zNiefk>I2)papY4QRYgEfpr}i+-98W
z?SpixOy%sMuwnW6o8}!=pA`k;TTInsk<}x|A>k=5+OVuz=bPYe+1%nj*T-VsGFuS5
zsHG)bC&yTPTwfQJ@~P7EOeBTPiGxI=BYt}t<JpaaHvW8VH7x|442eP0zsfxg^=I~1
zFC2g10`PCiZwWAD$Xuu!=VrUOTGw3Ngyov(OUjruWQuEI9o)<?yGG39L(&AkBn4sg
z*ZVIdJDvSlsVn=`uckj0B^<P7RkwHQFKops?U3IH_q;%>KaDzp9IzI=4B~gkr6Ap)
zUmLmyxmc^e*LYs`#j}WO1|_YU%cAyCY*Oufdr0Y?^o`GrZR$`jj;!brb~a|1y3osF
zoq=LhUF|7Y)@H+^eyED>1c!b`)3;=d<%5ToAJuk1n#K6!r<Xhs9^=VJ$C050h%tLH
z2=*P30K#aUp}Tz7u~IVCUQ!x0i^b`UrXp4W>VV}IWu=T$4h2u?x~7gH&8F1eX8)AN
zi<5)B7|XaHI8=cv71&7<mF9JFPC_GpAP})eE-<E3H2<e)MRNn)cqwKGL|1@*$x+K6
zH7U+5R}I^#VK;XRMY8Xm6jv$FGGtYm^|LY0VJ-k(tJ?(jrAXV@^Le?z!&hHS&#t8J
zry&1NYhN7~RkyZ{g(3oy3OJN>h)4-TDBTTG0)li2$k3ojNR5O@Do99o2@=vRIWP<*
zNW(~jlHVFcpXd9&^Pcmb^E>~}?7jBdYp=N1bzj%Dc!{0qh<1qe=VYE}RLCPAJDAZ_
z9bl)1jR$^cVO(|7ZoQts_srIKlsZB5>yziPciPz9td7OO;)Vf<BC$Zf@zVfPztXVM
z#%^|eXlV!|eaz<4+Q7V76N)tXGe$l6JFT}bqt@l}-fmvP`6+N95*Ekkr^Rm0Y&cBM
zV6-tGM2SKUtp-P`fvz4{5~&khz4xddUWjv=P&{O{WW<;tyvtiBm1aHzXr=QYdvfW1
z`L>7C%X4n%)TBX?0>C8Ana56U1CPC2<SPWEj~FK^oQSK0fCLXrjrOKHWwpXoC;&dz
z3FJtXaf<*%x2N)|t(jCZh&;#u5(Ld@BLgb;jYHzP?9e1#?brtdm+!HBhWAqJf~o(G
zM<vWGS2yonCLFBzFm9g;9|fU657EOmRu?7=iJ$wF#9yuG4^k1dP{4xi%-=Y8-Z?EG
z<m4uc{?v*>#k=EUbzB0#NkfSEgJvh!sXb72tk=JYE~h%j-^dl%<NSL>yg%5NpeaV>
z&iTbl<V4FgJ8Swku2Zwd{@=A<7@=_E$?gOLTY)z#KVtt6X{8^{TY<D`X?MA3jQmES
z^&5dxHmbe>^!vMl$t3E+%aA_|NefazU>0-2jY0My5fcSKH{kXO7>{&?h2ksZxD*=e
zY2G&M*MeQd!zDbuuoeQOmn?uU`bFPhZ>>psh$L|nY2B(T8I{B{Io(x$?|HU9t9no`
z8$tX<*6mTU--^Sdy_%3|ffbFTf&Jqz@&22M$OJ_1OP?Z4VwPN$Oli15(2<bECH3;7
z%G!k8Q;s0A=$K$y;2`1fK@(l^TOpsX8$G*PKGmz7c{+D{f_%og^v_yZ*JH!380KVK
zAU3E@>nLV3El~Y=7^3O<b5V*1ef<_Wy3C~hRIhjj%1F}TZ}j6KUq5EkU-aaZ-|`HS
zC${S0wB_i7{<yfC8%(k|s#Ww0WBF*)I)f}w=;qHc{j2R5c1p;Rgu%b4$2>P5W_o9e
zvjJwRKIl9DO2hgWVGq#ks(}lPb{^e%*~<}8Cau@VVm%W9)`215kzBeTOiE7zXwrDw
z?WaV!WXKtsz!QA!-=#PIj|6E9RW(0f>FwLZL@Fl9c8o38UnD@_Uvre^j^QGxy{vXQ
z;5d>Byoq@{V92B%T*#UBt23HC?Lq&PC0l5MUkr4&UR7qKF#gj{2`FIC<0|*J-D3e+
zRLg&k4&nqt8LjUb>wSvFz)vTZy&a_oXj4^~(JE%J;tCj`lMsl07jqjB0eaUI>v4hx
zKaXi}NAp(vkPPni03PNWWLA_=F;y^hb=qnmHM~jgi`j4NihZ?wJo2Wg?@)9!B)@;4
z1C8%B*A{t58LJftm;(q}1m9g%4PzdS=rXHfwmfmw>+b}Ys_Wg<16ZxTgbkjOt$uZf
z>L=Q$^|s0cv2gTE*KB%ClJ{f9dPT+~Gv3=_^8xq7RC%+KdM_8l>(W9(8K6aFgg1Ei
zUi(Kldy-}aY^dDMb{$>Nzu(9MjUUa9pQv;;aEr?h;?h9hS{ye!l{@>RU&J&yA+rwV
zcaNDc?1Og%X#!oOYWj{7@v`6LY%^mLbs^o_{nSI(I1#G0hx3v{gQkh}0(tZIy1GZX
z*!knHV*uJbHO|QeKE2<J*$o7`&U-aQ`+n`+K`jj3dv)iPj{1|RJ}t=!D;9kXw-fqx
zEolRzu3o3M8m$5Gz*}2XANAD1y@HkN4?j{DQ2YkSN+wIPKX`krr%6KYR2x&Uz1#|4
zNfU=@KyF#B3PEjJ*YMK}M1Efk1-zcJ_p)s-Gt2K9>J0vuSy&~2C~J#=PwgfLFDy4V
zb+(>TxJpf=`}cp%BPYzHQ_fjEy!rA8fwxz=(4^>85{%(t{nJY^DI2YvOZOwiW@eD<
z{udajnLz*YlDedpOY@%D#>OU786Tr;{||+_T!0IUXl`x>928&&3AAaX!Q$wy*dK#m
z-X&Ezd<*z-1Hp6|tCtR_^1#w9vkvxi07Y^KtQFwo0&Exu_ZSZ8docN_ri`7AwH<({
z$a%uWqV5u5-2r<;;OZ!-3L#Z1Wz<(2yQFwo8f<_xy;`uax}QTB05oRY4h*IW^qkmO
zq=B)-m&!QK!9YB$-t$ORz*)LQMn3dfuH$uu^wCa3v(wThHWu>Aigul=>0CwY@kG3W
z>`ywa@M_}=&lvyGG4i1DetTyPmz)m!IhL9#j$hKo8L$fPt(?K?2X~zMUk)r_NaF6X
zAbI}HVn>1^yroK1)aZf5E#O6mT3b5V!I)K9OS=_x;ReOnL{c54PJvAxz=X1TsIX`t
z07^Q|$)9IU=~;ajEJ)vmj{=gfXLV4)j~|0*pq8y>`ba!z`Ixy}(?*fnz6~Hf3j;im
z1>g|B^6xlK`2yDn6o#RXWAHg5uR!hW@K-Dz13w0K4vs7)EG(J}08w$ayR)7_*<Go9
z!sIOAX~Y>Hew8~Hoq(%oZ=2C!PKRfaA!AQf#*3dmTC_dIz%R=_ET6JZy!%Fg%Au+y
z#%%0Oa<q?(#A~J`e&?C~vip^=n1<hRxiS{kz03ZkCw^6RBR-~+GinJx(QPxE7lCV`
zNALo7?by)v)z{X+8yS|o+nsxTX}SFC4DaV0)M<mdO}(}|G^*&;<PW;DnN~jpFm>LH
zxvtosufaAPnAcxOj~;YCZn0e_@MjyxSa5|BN?o&_$ZT3mm&URP06t$&4g$2HFjnR7
zvOn;!9B<(dQ%^P7_Ea0|?z)8GjJqmZ@b=;BT$Z)4E9G5sjc*qe>XEV<_D(0iA;+d%
zsPQfGwR*-R8Qc4vm69}rTp`JC_Ub5sQfEhZePIRA$|ODTR`Zzz1UwgV{Agiwe#d^#
zjQ3??gg8@{tGZ7WB+t!oR8dn#LpotWkz7Kap&+l^#>&_=e#uz(GJblr{d9w?Y)96B
zeMqP?Z5C{B$rVS5zGpgmVJ~!Jqc=)@o)OV_9xL2;z|ckEzyUwvM<}NWtDHP2ml5?|
z!(YO=LB}9z&y)wss@#^Uh|ihJS<b;>T5fXpI=New(KeZA8GpmpsPUBo|1uM`#}zov
z6L&XO{0r(dPCf|`0t3VZSo_*{zoTo1ZO!eKZnT{V&`o<#x}CI^C|FtvX%2Yw7MOLW
z=2PHt&Mw2>J$u0zKi}UGW=pzS)esYBaQr^1U+Jy8o&wapaZTwO)E?DrCCjz&%Yi2f
z3yY`05_*f1^A(8x%#<TO^TXV3j|Z;LKh=pfZhf+|%i3w{ECZFaa#CiRs!S1l1F2!G
z#qJN_=U2lGe1y};9ZoGS$}&4OyRgetB}IrvA=3RHT4pF!a?qhPJtn^_B?(Ve%U)x%
zm(;jEuE~*vP+H^9!!l9_KvuG#YWuw5lR+(A1NKF-n;(8Sg`e)|lZ3JE34)atU@-tQ
zC<GR_O}aFwVs<I8+5!VZFe&DUcwjwys$Y@%b+d%H;L0&FUdkyvjX&^$eC^7QSJEzt
z$4j|;gJ-ZP01B5RLIvH_5t%HARBHCf5G*e$dN1OP^(??hy1k=A&U9L1TG=I>Xa;Eg
z)eaAM>O5~?#b1Q7HVpzZ1QFmW01&vQcs*H%n<CwZOg@{y4j_{dOZP04f}Oo9L^3T_
z*^qqV2;;<=RnF|TQFkPr(^Q6W3k94)4v|*i0COOTkJW|+D<urM!j%MsvYNo+8Mm$A
zs8068v8y&A^wryhII^Uhh8E|a*#PjS2w0n(xO@>{VdedIyu1EC$gA%hbmEhXJ;*G8
zagruzpjw9_Np=RFc+)IZYuhmZ{+?OQyqEvW&<n(30G|TBWCs<k1|X%N=_mR_64efH
z#;eMG01gxe{;%mfBVfZfJTx>ofZh85BZG~E0FozINGKrC1At!X5#OMNv;z^QI{@nk
zzA@F+v=3iMKK=z{fjDqTq~M@Yx<_|_oEFl<O)cV?R=i3ud@CoA0C+c^AX>qiCbq>5
zkr7*WJd}?%f%i1x=A~W&%%eU+fceb^#)whT!0#y($mRg84WWLi*XfrY_t<%{WvT}|
z&oZatH^8OLeVf|_fb#cpg?tu|Ypm$H@i+eXqN?=JVGP?$Q(wSHh@)cP#UJNuSVp)D
zw~e)BKBSe$K=t`n(eS6%@Dc!mea<#A-94CdMk)Kg*tWK3%p0<27*f>xMZKDyM|9Bq
zvh+0&hGW%WB)njKIPKbux!8Ri(~2LW$IblNBe-*ynChwHjFC!8Lt*oKU_%ujb)VSs
z2@VeaP<~Ao&x5+{QD%(ym)k(`yUgeil*89PV08PpVnL3m)*<cZsyZ)6|5DexNF{RB
z5YtbJv%~Gf(TknEeveAs(TYR%4lL}Pb?V1=uUc-W00B0TVGk1H082~Il*y20(a~nn
ziM$b3;Q+}l*<L-*A2_(pd*U|oLGiQRqsdPmi^Rrn^E-BzjdPR}^B9fXdNjN+q{kFy
zF&;1<iPK7xlEh|kYad6B$kPN*oUva!XO|VNvT;391X2^F{fK0B&hHpIGP*H=h9Ija
zr=Ett8!#4~zqR0POPt-psE)B)k2S}VfV%ne{qne?r4!w*S<awE$$L@UoJxbqp$9TY
z`UPeaZFmz3R$bZId70Eo1B#{F%jf42DX#`7l?QF7Rn)&Q7$+)OCun`=B~Z4Nde^LL
zMLAsN%5+t^Bd8iZQxq52#YJyW?898y6ngYtJNkt<9`=aBsUwi^7?v=`<8AVR{mcD<
z2;gyToo#j1XBsz3XbQ#cvGAhzyrXymJT*&yh+v2zuN+|#rk;}|q*3`yp6s5h!Lo|3
zTgq9@naq?D*NAf}-}qav8koIU<|SC1=WPk!TcnR}>!|lq7mnq$48tW5DZqYV!}{A>
zH;^(p5HkgAOb!!xt>=|p?t1fP2;Oekz42jKMUrk$!}?3-gdf|yo$XHO2ge$3C)-9x
zZq(hHMUhga4V7-E#k040QXybr)G!M7`($q5@nlkBi<n`8Z9m-Gz~o9+lG0Tjj8a;>
z<Kla2U>G*H0i0d|+MRv!U}>53=mMxN8BU}irB!?%lYU8Uxmo{m1xo9cfRfjDC8}(P
zTd8nO(G}LbF-o-tjt!!c)Enk1bS>fZ*Ec0vwkZO)^1HaS#T8#xds=s)RKlK<pS!fG
z_u@WZ42T<b^+|{>F7N`dOn{&J5P(HPHqk@_bdMs*sP9(_Snd($Co0^Gd5H*(kKf)?
ztiX#-Zl=iKt7F2~BwM;uI7kFb$Gq77MZar{uIQDCAKS}#l)6lERS&}O<4k0#A9GK9
z&V`b#SaqW*Z(-P9;O!heSK7uuxgbt@_sz88($Z4k%$+;JDuAN5XihSCktx{ct1P87
zGIfwMry~%C?>FmyxK%zu$1*hZQdp^x3`d-Fd;VertxgqUc{%FHY_^@BRWRfwjPBT7
zI%Sl|Io7qHTB5?ZiqVtoZ6C!8k-^gEZu}g%CZUQL;kE5p`&Vu`>Y2F{lRgLF@Vj>o
z0B5>~4+Y$U-}{M4qnb;Lp}(`2t%R6dt3^{o!@<`KdmSe&k()zoLDn(8t=i*)r0YG!
z9Zgx=+s@nUXSc`zhwN%+Yfx4ZSTY}V>sKml2^O(ik+Ag8eMH>2yZwohKR@RpVKQ)$
zLi+u3J=FV|F5p+1;3De1xXi}AM0g(f?f{K8i0dyE)3C{?{iybte(S_-n0Yeco&afy
zvDtXudqZF{w&^zYd&&xMIDmj*f_PyV*5Nszb^&YPgBE3oVA(tX+<Y*&xs?;EPt9(D
zcWK5?Q6n)5uxS9f5&vtzL+oeBjd0?^o24y#dwT%!?&($l2_H?!+%;;2komRG>o{cu
zwlrz3+bDJeKYa|VWo^1wbNz+^uof#Lz?ua)_5Y%9_3wBYz(F*vmxjZ{Xti~9)qV?A
zfjZI6&F$$*;Wj^;jNRs`uihzK_75Gx{z6y&F5-3grM9l^v-zE_ra47^!hN9S?0IAZ
z<&cW7v8>60R!4v{hz@qwo8zCVoQXz@+5>Dyxmbg?fyvwPFM5+5imUFl1QljzM>_JU
zt&wg`O(G>ZUbd`ivw>v*gYIVX?PA?vNEDkrHAG*-ADlOkFsjNH(Kv+7NfD6IdrN|G
zb`XMh`V_+(@!Ls_UQzPs$I7PPyQh@%SU%n?TDe{&@kX9-uci1rvBqs%{)h5+N$f_M
zF0+CJa~3iAZ0)>miHVA#KtJ`X+|<2mvQX#1Qwj5w=xQbNyGEs1(Zk_mj8D-khP>V<
zs1QY#1c0|>3(1UWK6<+Bhe+8gx05`c$k&``O3=)cz`vu~BPD8?q4f!Zds?%GJV?|E
zbBdP9o}S#OW}mz&X97|+XHoLqaQ~xI8?X6Oc<uc&LzgS~%`+q<toJFfH*$%~ZBP7r
zR^LEA6>FFNzRCtRxI#x6U|7n%vcSPZiR?R=P9hsoscG02T&aerE00f|LV(OKAhS~a
z9x@EK5&HSpG$E^_iWuQQ$?I&+lmfIbQRTP;G&n7>D)q0A8EN;+c<b*X?SG+U{)b%#
zkP$)3HoJ_K<Yjs~!{6ZBGc-y6T?7tvD&c?%p+Zw_+dz7<7RzGYiuU%~Re;XZ1|+-8
zREwZfq%o^fkIr5Cx0J3JdLSrZ!9_BdXuHTZK&9`6UipIH9a#<esM_{y27wQsIn<)#
zeI;TzteKW?Q_u;L*2F)wei7C9J%YOE1jj4^Pi6c;7wJ?<dsSf9!)Ao2`&ib$wz|3@
z*~@qo>)6vEoulBQEm|(#ta`6tIRp1?i7ZfJUc!A5uN%0by~1NGk5In;!N=|}RF@RY
zl4Zc`0FVQv%~M6nTl^>rGu$5HA3aZNXrp^{G066&FIh_bkVCF6vU81Wy{?#P-!tJU
zDJ&UJ-0nhmBf4-peYip>(>>;5quoIm$<{YjHi9C`#N1DRl^I~c?V3jH#T|bfbvd1Y
zXJ);roT8q5TO0@BduLlTJ6gz4qvRKZv6oFsQzL6Zv6i{agCyZ>UR=;bx<J(v*M~p=
z2WB`y%IzZFhNQilgEqH<i4jC>rJgjhHaUGVme>Z5T$}98v}^{We@y<k-8DD$u8yl(
z^1ItH@3O2!&}Y`y3z~VKXz?Y*7l7R)V3KlOtbDo#JM7}hDO^^i);pK`Ur@CEjS8uG
zjcPdK7ZXy!3wG-iKeZk@#ZLvwQc2)kKGGK)?RH()wx@bY!*Cm;&5g^hIt=DySU0OE
zyc|~Mxu@FhX!|WcGH_~pI(3^te!DL)utAAl_uTWLD4Of$V#mb<C6<90t#(@o#GdnT
zaB}?9Q{hyaPj;>DUT!f4YA~pn@=L#QhW`tVEv5g3#!3T`>h~&)NcH9}Y-`B#a@o@;
z($c+G5WO7&ay-*V&rShZ?>XccxwFOgR|996GCU=c=<9fzrg`xza?2_t0U2;X`zI5x
z-v`I%Tzu6oS*}xA=ISN(6H})j&F^)N1xmfUwF3@j4m+p1M%AY6wayK=+Fhb2(Tv)|
z$)j2RAz#&|T}-S;S+AO^taDwb^+ALcGr@(_;EJ#>q&x~Gsg-%zi*NPjqhqq-uZttT
zM^4!8w26E^gL$DlY<Vx%J+G!H?v>9}^G1zDqf|Hr$^_$!(nNDP4YE^Fdp#k!S)F%f
z9d&!2$0k&mXxs5{1w7&-&`UR{?X#WB+{ZJ;bgQWZy~)FGMFQ5Ou^c_$Yf_YJyQTF=
z-A-AM9G+}`ilyamiqgb{{zidJ4f`#B6&a}ipX9Fv*8eZ?>h%Hl5AX`}g8i)eUlSm`
zKB)g8K+-wBf50KBdh{O4ke=(g+dr1So&c|$k^fxrdIMNqY{hlK=)HpWkQ-r~57sBo
zH%g@&v#lj*q}1hkn|x%o9_W<>WZNxZ6P=s+iUZOu5Mh*ZL1%_ib?)%_<88f>gT}Ku
z;#9cT?E0O9lgl*p_a+@QB&b4rUz<}61)_;L9WJk2>NN+zZi+}bwuBbWjf_eq^+=Lv
z6qh8!OWiiz``;||czRK~Vdso%+$G)3QB!N7#bZpB4<2CPTx=k<T{5wjNKU?YH^N?s
zNBBZQEt&@+*{aZd;o)++8D1Fjj6ir{6Ov2%+f6oYNet(A?+PGm4z><moqY7(o}J)A
zlNUXTMOq4Ti-&ubj(DR8%}&`_YmI3m1%Fvnj6VGL9oJbZIP}DRGAwi1Nk7k~fJ9wz
z7d<M!C8Fm`J9K8$IY?L!lCiadkt6pQwHix$*(A`|rhaN0-NliYj6)5<S*ayk&-beZ
z-_v^2WD{t~ao#|A;|3RkVJr6)gVrQw93~OID&77xEAuW@gpV2eAFEzZD3Jj9^!}iA
zL1wx$&S{C|3>Fh0<QWr<)vj`0Dk=sR>oZ#)-Q}=8%NC{za}!}s)q<k9Z_<Ki{=*-t
z5-|!>=LmrI?yFqaG57w=%B}+}(T$`%%oMtQE3r00$szi$i6Z0jo8dcbjv8Ur3$2AF
z4{kjkZG#{(2;Gir#K&E@0qVYD(GwbEIRKw?w+1Jl7$%O)*@i6E7DF?K<}omI0)f=0
zH~EG#HgAK0kW%{OAqq@r<QP#N0U^w0nj+PD@yNev1(^!uz@OneU9qtw(4|$Z7tvAr
z&zlXf0~j3hW90LZX`DHdoJ?rb#GxRo>zrJ;+jBeNL~?0?4MZc4mRxyE7z|#@M44<V
zPdU>?(V#v;UJ#AQS+faV*{|3ON^;o*g)_f{NcZ4Ey?>6?cJ4FApt?kF#P6+71m?wY
zamm8Am|V(o%+RlAUki6$bi8aJAAG$g4uFlj$(0LMRb-q+Ig;n#1T41QOiC0FO_p3k
ztz|32n~FwuI||4{CCE@NNTC?jX^%eYNXN9vx)J3L;SrEM!wNQU1vWiRs3P@|z5Tip
zvz8_s!6IzZ8HKzoF$R&&kT%9Xk|e8Cvu(3$!4W?`t<y3P+zElyT)!6i!GNQ_My_s#
zCJcRjAg^L{VaR{?aTMk~rcvu}3Q<n``P#VkSKO>Eio?oMMSpf^h6HERFxeH*$G;>-
zGk@Fu8pQgL)WMcMsEH~xCb{uPI1x6>r|!qnacg2kt&EXR3fxVk(P;)L+#kT~h-K(f
zYTnXBkL*iuYs}(%@0<7`+CvS!KyFM7?I4b0d*>>v`<~QR28Y2IS^{arm4)aX7;Lw|
z6UL*`{(QJ@5KlG}v1VrJC{5O@jzn`sTRUr1))nGv(sB^-5hCJ$R+%_Xm-otFfqsB9
zu`5@Grxh_w=6oM5it~sh0Ve#&zIWurHx<9u#Hg<`>gPSNd)%TPk{F+A)i=1hc%RH2
zZ`LM%X(4}ufnIHdV|h9I5`n*ySG7b_)P3#myH}~zP&AU2v_EFn7g$j%Vkz-ByV=)Z
zB(haZ2^YW{!b;7h#7_G;J(v&w^$*X$SqXqTrZpk7Cj>kH<VFVi$847X7Y-3o&q^8F
z?~w>jU<v|F@V`H!>DR^JfQYK9sw?45dwW$Uqc^eK#I{-xI5uBpOVW4+K+^PgL|9LV
zGSF>?g>*q9?S_SCpHN{&o8M`J%YfAE$?*ICez?$qN$6BzpgJ$+KW8Heowh>D1XH+v
z>|7U@;74TDwb{x!a3<1I-~xo@NC4WXWukQ>im8*aG^U*kSrm8rEaW~t<uXX<XhmL~
zid9^0@`WVeoIbrq**7V);sc;AAUPkJMy)C4S|zC1?$<uI>{C|UV!Uh`h=*o&zv?VO
zTu1D5$Qn2k6DW=T@<ORWF#c@n+{rO;>Px!-62T0XZ`>7r5MW+5jG;ww|13)_)%B`k
z<P&l`FMZK$E@eBV2&RxTmvgK5iy3TdW!6mzW~^Oad$&Z<PI|5!y6dqPz+tkRTfVKe
z_+WS#)Ex}^$((VF&FW<%>3uzW3Ae(WQLZxG-dC)XV{l#5yu3ai?e6bma*v_bu2TsJ
z?9<zp5)jW{<v;v*l)<O|j6cUwJhwEInRW!GkUK;Rbsr6~maf_Sn#p&?$8YEw1s>EY
zx&{f^xe4CkM-`ZacSPD-<n)~vElXinq8_&vMu+mG^uIHePE{UJRxkpF$>q56x`xm>
z25<vrj@}V@1DUm(xnjxgVY(<?VPaMG`1u9Ft-6mE@7R#Mwcjlg*%VBm?qZsGGv(!5
zB<AZLN_ADWV712dVer8Q-jj`r*OoS<k+T))Dj3mqD7*8D76&fIoAZ*JXwJ9av6<bC
z>#fx4-k%tJ;@2n3_GuR8I`KMZ+4^)mJiS{BC>Z1>5Ei0Z3J%LZzv7`Y^VDs1-rPE^
zs9+*Et8DYoeD|NOG9V`rdl9Dy!#6Iv`Rp6W@c{-b3*&vU>9`u0q%Z^4S9+yU!272m
z{9m4G_G`razL;istkz4<_RQAR3^a3<yTbx2?Ye%=&$sS!$ps3Eie9T8llxNyKCUxu
zgqr7jiGdLUI2ojm6kG&gl<n8|>VAIzv^wFjTH~{Ce~jL(J3fpta1TnS-@;z8P!92X
z3Di?}pwRs>ryd;Xql0--Lw$XXbSz-FjT)e%r9*O6yevyCOns7en_*dIfeOr7WH^NN
zaDn+xtF<1B=`ly$bwBwFYIfpT&n__k{@33Ku+{c=&_HBuVv>C+SsW~cy6i5n?xE!p
zr@5W<7ZuCqaB_sMvb12kYN5&V*toc#o1({?^Y1*A*qJp6?~R_^pyDl9mYv`9ZEuhv
zM@$G=)Na(;u--4vi6i~xOK>Yi^0{AErTy6@)ZpAVZe@G{327S~e0`PPUgtevkbozv
zT!F^V$>YLo?jVbjfg<tf>qXJ84=#dZQBMA)K&dXV8o51CgABl(%r#~aFFZ6&IfD)@
z{ImJH;oW)0PE;$}`nCJtKLt{IU%xMw05XiJ^T*7L1;;;*y=@Pd3a<PV6=mMJLgiCJ
zkvk#eu}F5M>5W;dO7O(+9X#9sHnG&&p`Zt}nL3wwgN<6nUeLVv0;B)^qJ3Ua*N7`4
zZV=f^utDL2`7jLo*Ut2>TxV4&u#s%n-s{md40e61uo!R)oL$pL=zCC4;Qe`+hL*dz
zB-Lo8qd2x2)icU8mnTr9-8TfEaKEK54eNzZ=-w7fZ1_I*iXTf>KhZzbRp?;(`84J$
zoBQmTABaHOq-fDdmX2NFoDM5AQgu~&(#{O++GY6V&HZp>(T(ce2@lbODFOukJ+|NN
zM==*A$iseJL%zghV;F)5b@%G<uHMsSGVqrvDjxM~HU+FF`4`$EN{WhEkY^w2;X9?;
z$=a~3H=$Ei-BEGM#rK_|`BXxTk_(S=4}^5~a;Xw^@vHg;AJj;~G^!96wLTlQ_ODF^
zQi~j{HCkOvwgfW;2N4|*!8e^FxGUUupYP8P=V5+VFx8@$0FXV-$|Z6TNR`UG1jJTg
z6bV=eXiGo?T+wDMy!jZ!h9|waNWn-Nlab4i6q6`4i35(1XELbc)1lVJL{D#H9PqDx
z_9&y&62K_|Fg!y2Y%@4O0o&C=e+HaW)&OU!o!eFRCB_s%5Ef!2{RG7R<X_)AfB~%p
zxPRw_cy9SZ>RG_^o&~l@7TyHvD8DOfy&u7fm4SH_6~(oB_*W88xzFO?=#YeoXMdG`
z9_p+9&kF4a%F?~*QIHrRisU#(PaLZ#tMS+WDsV9wa+rUq{SA1BCD|pg`~OvT#0))>
z&=L2fnvo!WYU4PmoUD>Bgtp?OO7y_D&~K~(Q;{OXN_^h1`Fw7}#4OUWrnb71l^s-n
zh745Lp%ET~Pcc0F21uLSy~;D&KkDegIAAsezg|6JW7J`_-<j)f_dPY4Z7^WU1oP<o
z;EHnj{4kr!9#25{w3~YG5Ya!%B}=OF#_JK$_&{3tG(wk;{I4>KM;*Q^)OgRuYPud}
zsOLO4Nn=U99N@9FTNDv4wtJq^omYph6CeOQnVdbOD=jtY(J#H5g0=9G;(FtIorZN!
zI*L<yWjt=PAR6WbE}y<tL74YV#t%u=J|lZ&2IL#x>O=M($Arif(AP+Wu``!NJeE$?
zuh9MYR-5@I6i1nLzf#1R<$e6aX<P-~(gVog`Z)O#hg*12$%63p@-LdFt>Jdmo69R3
z%{qd%pm#XTkZ&W2Tmj_o8~3{O+=B!npCGIsigjF)Yyg^;B75HjfyH-QU>9`q9exyu
zgEblBCTcskDm`<D$K3K;clPUGDO^~ngek|MjXgO73#|011)34BUnE4c^`^J-9@WaF
zN`KIoI*y#Bvu?=Cm^})H2&ekZa^yoKJu7q?HnS~@w|c0mU3l37aciG6a=!Wr6=|b~
z&N&oWTsUp|;!#x=`h$+7m#+iM5Bl}#qTf80F7Q-`QlK__h_=XDZiH6&;nmCvK#|+{
zKW%46%63b2lUQDa;<YS~gu76^_|;)#euC)Qn)B;U_EhY`!p5ydO3m*-+gtaQ`T}5A
zs?(#}Bn={?8sdq@-vVRu8=>W>kofC2No1)Wd)}6-q1|)aBszVSu|g9u&w_;lVd#yl
z%r_I}@%CEdKn8iz6ThH}Mk983C(G=}z-h0v87CceMJa6w*h2FW{`J$}`tHB#=rX`!
z^@#^!Z`{$3C#h_E|8Ii?QhM{=(djVykH+PHG}zNhU_x8X6(G`MNJAV{cpQrhi$4UW
zxR_}M{I}(CGYzpdNAUF0pJ}9B9P~c&lgWb~oNo|r4z4^8jT8c7>m3+dgex)|S642%
z1z_eJ6Iv&mN&~|QQ&KVkB;m#tFaZF!(NAWGOp+2OE&o~xc*hOd>c^W#t$==ZGL5|+
zgWFOT0VVfh90V$|kq@f!t5oD&WD#bT!91=>7-}GR{bA0nSl3E}X%`0hFE?=GuLs9N
z)eVJRZ5FF?tAKwTLP$_m92(4+lDE*&y2{jMQ0G+ODJSa8eN#F24cO?maf3N%1GT_!
zY`53GACot^5>0!&8)1FyDrA>h%g_#gN9)@F9QuYZL!FtREQ6m1%9Y)`!hAa{`bml+
znpsd)?R8!xbg&1}(AN0SOGrSL6a7PWbgY&`l<CREl?A#U>iDv`EZD|IM2?m$_08>M
zT2i_g!#&?Fy|u+<ZqCI!+!`bmCQq3UCCmb~f=22lG7yhC5)gwC{4P^o3ZSqT<%GT(
z<IgFLq_3?{`qw`A<N&zZsICSyqPk8e%s@%XVy|!E8N~J=l^kucs4{75HiLIdh<d7<
z_2dINEHA^=h-9r9m8sryR29NP>7Z8xcj@-4!Q3*Y^u1~6wvcnwO=W6j%rx8sdiP5`
z*wz*?Tj`CP!sd6SqT+@!9&mKSEt!bczmP8UZtBc%6lj7o1MciS$g8G`TtOPmEPiX3
zKJ5+;U2wYE=VGtDg-Cz8P7+eMOJ=o2rWgT_xYuUV5i`W?eqM5=js@*;CQ~e32!p|n
zyUqichvT0<TqX#u{rLy1^zvK4=@)9mtOQ)j;M}~^HSauhjs;n?{AXc`1SH^-Pv{Gg
zr8+I*5{%yM&&?4tv|mOXTszMZ*pO>M8S(HL`mGKpqK*meuwhRlzMveYcCxpZXD?YY
zS}*S+xCc$$A4@O32#{K+f^gOx8R3pMS$7&xdmcujqR!7-=9$apJQ&2@(AcT0KErkg
z{~WYR#vFYq+^Ok&R(VxWY-)v#Wu_l?g9U=2eOvEoY;JyMZ;3)~(=ulTY^#<1_7?{E
z7t6gBdS{^+GH=FJrwr5*l^V6Nuhwyt!nsGKOOaa3OeRZxqaL@lA|=^<zl1&^e*H7o
zNvH9PJ1MdcvwTYe?|yS5dvAPx635B;`eDOY%F{uCDd)NouX=f=2qefd8D-s7VC&_F
z*hfA!XA9`>qBMFoWK@t%q>G0MCVgM7y^~IU+i{OFu?ZE1<_An}Or$_Nr&)&J@O<Q#
zFvb2|=RRaD<L8q%O3<{J<+r>GtYVwb9*A17cLMyM_mWb&Gc8}El;Tz*pIFV9=+%|;
z^RKViyFCecsikPMOiGcAr(~3<-2a%9?^lKWV_zY(V!{XP??SAdig-Deqg+w69*oy6
zR*z#pw6th0zOQjJy%t7uS5+)XVwom=zLe04LwM^jGYq*glzJ4gMp9fnWO;dx<*~`P
z(4n??-~o$iyM=N{%_6cXDU^e2;ge+`(cT6=&w`vd8~%lF5o(6X@R!Fp=TrE)8Bqpu
zJ!Xf4j!vQr@&^S6)D8-0NzKPzub$THWLUVi%+<qB;-jXn?D8rxn~mtGPyEq=lp^lU
zrQ%v{GB5IZN{vTovO$qwU4(KG@R&<{s{*!uJ6YXch><n2x~#hv-e_*Ia``Imv&$qy
zGP&a*ygVrpurxh(uK8^i@uha&xv$NQ4zD0~5l_vhD=li1Qw{UGkDWPD+PEJ1!Ci^+
zJv#xVMYL!2M7c$Q#%v6A*^&5T$y8H6zPkjgTYKc{JrkF}Oag*4F@-NyIk-sf5@{Y`
z4?U_PUe%@d3(urgCX#coY;T)|HL0>5cspDEV30ce;Jz~|n@iXs7aW_|6&2^93%&oe
zA8Yd?&5H2P&|(s(*g4Rf{9|bmWOu{DO$O|m;C8>(j!R9&r5E^(rTIY^2Us6ypbx=m
ze{&35^~q$)N;n;QfcWnH!0)lV{gJ}O-vQ;nu>!tKfQ|9$74&@3@vrGDn#JT!G#5Ni
z0~!`MgcHKkg8aY2J6m(~N0-H_DyD7jR%7W9;uWM*wV@R8aUQqMx;Il8;_VTo&6fDl
zYW;d&$M*CaZ<?Y`Fqg@2tt{Z);|?cL^8(qFJS8^SQj@62<uFLXcPC7E=d~1B!EsC4
zIpL@7-gQtUFrn)8<+^}<Vb9)9euQjWoMB0Gj{q!KBn@!cDAzZphOrWCkNM;};h=G5
z>nMqiqQg&a)z*LAF>|~C<JoN#W>Hl19I|^hu49OaGU<@2w_Z)JUhxquqqr*-e<$1M
zV{23<9g&)azma$Wqx|Eaz>XDrd$!Vd{G)0qQQxa4(KiYM=kgW~=a=ePfC8HaU7x10
ziCg1D{!P|~%AOM3qh^;{N0~exhmQ^AlOmTvFYc_pu?X&Enl3!f$T)wWdxZWo8#mr-
z<SX{ABeEi8-xj*A?;3&G{uOBI(wvcfqC9u1&+uD!*7|s@BRdi??iRU`U+7KU(iA5x
z2dY%_^*F|q*k4Dy^<#=YJa5n0Z3PP|xPj>1a8YS>F=u`^bHC+F%B~Soa7*j17-5Oq
z21~AOPCSfqK-3qG4Yl)qEyK)YNnqdFE2F(M%y*Ci!R@Ply!DND$EDh_M*R~3Ufw6H
zx=MN*^F-N{F!pRamqFlX9U|oOWGFt(F=hqE6Z!GTI`{G{r4yDJZ%)$<*^f(Qw`fiM
z=%#4UB}o4JTQ+0FJxym3ww~dSh*n?3U{|ObytJDH32(aqQ$l-nw#}=)8!q2I$f@XQ
zwC7WO?<AJEI9;>U^lGnsbfaolbSd`1hX*AE_2N5-uNvSC<SLo=$y~WCi&CT3Ho7XM
zX+&2f2~=0G6c&YTnbe&9?a?H00erPkF}}h^n$V4dO7>W7QKInM2S17+&*|mXCMUU+
zR-sv$*P$tLu<a*??`Q<Wk=8Gr2PqRqhM@LKl?oI|Ie<%ZjRo*Ob8T_j*%ji3gc<y1
zgRB`J5|pdH9%Y|$L-6SAnG+0Ynwbh<^)O5Y7*cJzc!uv7<x)iwhc#JDG<mH>I#TAf
zZRB4fg4)50Q_R>kr)?>Dp32i?XGT609<y(RTYBl5D1Gv4nO_3lvXa3@(!6!c_B%7B
z`Q76v_Ek=YY1mc=e_85#;bZpu_K&*iWkw{*!+mA<s#1kMSxxi4+EXBZY;)V7C!$?r
zhNVHQTTg1UW%oWbWGrk_imjM`1<CJshia@?lK9P2`A7+hDu%0(TC#Qlcr$P!ElL<q
z;2iqrTZ)S*QYm+f(?&i{V%|6aVtVjX@K1y;;FaUpqbxGv61=4Ka)fK`jTW6()Yr7k
z4-yYv)*W2Fn5si>WgMzP?-ssZ&%7OwNj1a39H}(VtNe+esDyq}%9;9X%C@QW3rIpk
zNo*FLGCko@QEcl$z!}--Qi>1hU93_CB4(4m$u$l%OFXmsX4`(7TX<mVY%VepJCLoD
zk17l0k&s`e-<+kl1d!j!CWr(DABUF~>`WI08MUr};8O1-mi-`|t#oW`PFxQkIo)o6
zz~Zm{>Hi|ezZCBCCtm(<ZM*-C@E%f{I!Q`9(qK;;_-jl3ud4h%y<cnX?;ZHlyQgh7
zGX~;!&H3OFfgCYII%!ilU@y9X$+Jd&7=f3aBtQn$4d40<2R4e6`xCo^`1b}do#7c|
zl+RdNuy24H$~TN2i*r8&=$ZXK@JCWjQiNxJ+hx*oH);ik*VOHxtbgGwAx5oNf?Q%}
zN!}Kx>fg<$8lz;hch`W_iH`K!LWBLkVKBqh+I=PTIUYbDiZDj0=7tZ-D%Ll3ZWGn9
z=@8X;^N=u*Jp!rnpY|+Xlk`c<BCL55JcPEh?q3?Ww6-ok-TwO8d&x}dowi~VG{!3?
z-i8WHu#u~;#_&G^r=z+;r^RxJ&)N%W&y98_P$yC_Q&kIjBI48T%&!~vXfvRh+Tjy^
zR3t}Ft$1Uz!Ym)!Tfibk_V?q1U;|2}SrADkx!__=$H2Wx-Ro{2b6zoRX{~u{rq}!P
zi^w+|${N0hu|6#O)*}oW3BWhk1a6l-R#c1IT%9PBN4-k?$UBp3t2{8_%gJY*(aCPQ
z6BE%AjGvy=w$jVWwLiRHD#)V*VQ`*Fc=*xW`2L`|XW}E>I?)X=_I()Nc*(cAgU&jk
zqaWWu#hn4!P4d-5uAD6L&xT=L)skTm?C&#I`M5W*uTiz+5DRuunKONV75HdYDP0~W
z5e80UCPbwK!W81))?|q$4t@G-2QgS{&67@?)3`RM2p94a(%p(^N~m!2*=kUf?su$u
z)H-b7fyXNba7>F31Fr}0#99;op_SD<$E^`V%&wyDx?GV7DoCQ*$)9Kg@Wjg3bT53G
zpiT8bbS%@h!||lv2~oKP7xr$w>8n1s%k*-Ebrp61@M7<+RBGGF+K1?KrDtG%<qHG5
zxt9mG&{=J*`*0QYD?}#!*VtEq3E>KJq$gcmp>oi7f{~f7qBW8ak||m(SqW5b8?G}C
z)zT8bSWgTcMofg=UR5&(aMqWut^<I*x^8y!BSh|bV5)70EPA$%wjhn{9$<miZuQFp
zh|&j`AAi_6g93X}JtJvOB$o-QBK0;nBj;z5=<b-)L7V7Pz=yPb4yiF}4Fx9HU<_dJ
zN`DHSJ7WAm!b^sXD2=j#CBA(-UhB1w>AwKcR3<(16dXta?vjOCBH#@nuSAbNu1#AP
z)U@PiEU<!4a26T~>raFDUpk&OJes{I`s4Xp3Q`4t;b6xN>d~*nSN08z93Rj)7}%Xy
zUdlV^?iK(zuzs4tU_0IXlO%ABeav}iXR)xrd9wc~OD0=$bbQXok?*C#eeD=<0hX+!
Ll0?3kk?;Qjcbz+r

literal 29242
zcmb@ucUV(jx9=Nl{15>Z0cnC%1p(<L6crGVrbrFF*MPJjT}1>0q)Af(sPx_vgiu5f
zDbhP3p!61cuXhIZ-TORypR?b4?)}5Z2UuAvYpyxR9N*9QjurAyO@Zt@-FXNELZ+lB
zrvZVSQiniJi~Vy7{06oewE_Mka@A0{2PtT0m;*nYvA(N%7Xm4cAU!ZW3w|bfqNwKz
zfsoe|{t<n5%Cdk!oI8}{?rJ_Y!dLHmF!mwK6Kg~LQ~gc+R$x{3#a;<>A2_9^-366K
zB1PD$s-ANcn%dgXjS4+~qQnq$6;<a^enojzzQm0;+VXm<?#?Ts=D3fa@lm}lxx&%y
zi-xFNyJg>;_H;F+Ox})CY0~+{VU&G}1ga*&V{WUO4g$F|T8Dr@BK?aPA&|+G`)GX_
ztkQR;zoB<<XX?C=Y2Gc~-pP%IuV23o55KE?0gfd93g7-&7tr$5w#a9`TCi|Y=I}=@
zXUeGeB%flyA{4D`kR_@n<Nb8DK5D*m<45n_US;Jw2&5D4fQ36a1PebHo3-X+^zY`H
zP1~&M+di;y-%$@Goi8~Bxue7HP+nOHs}W-9zoCui;9nc*`mP?nF}kzI?e0tjN%cO1
z);Bh0Vq`K?ig%E%UTH0?txo6Vhd|s&EHQ0uZ6VxR+V0q>qwXk~F=MwvLGXvOmKco3
zj2B;(Q|uf^b{yI+JwV&MWNzgO^maY<+W0DGi}|PVG0LU%bC739g<(f?^G`y4kFHqe
zs))ANRSfqVL>w%;IH?cvR<m14^u)@LRXie1)adw;=P)oMGYI8_C8=m>eUcdIFj)Rl
zGBlpCB(ZbpIQrso@{>X_2xL*R8xa~Bst`n>d$v-~E5okzbU;C55}CP9>gzY%QTQs_
zbCo5pqSup*llyK>mHk+BMsHuZm3u@si8F~$j(;PgN6S~C!vKLGuGwO^jn!&~$_KbQ
z!&!CYA6%}yp2W6uP!#Z?jJ8rOnpD6$xwV=Y<=FnUU7%cL22DwubD^N1ppphWSHx9Y
zOp9)I+xG-B9A$#6wh#V#@=eH4k9Yr!x3Y+uRyqd~@%VOKX~WQSS{&kotT^fC9PeOh
zHQa?6FSp~0@Q(pQvntu`Mr3dMP2ywgWtn(ytxR}8Ah^0>!*sLQX^yCS-Ejtu(TeBm
zy~E~qnq!_%Qw``3n>T(D-Md~uj-#ZNZI;!<j4FhR%TBTRCXb@i?^p}pJSU|6JY;a`
z)AIpqYinF6IRpazvEAR_e?Lc7+tx9u@^T?h+J<$+tF!V+?g>6O_lb=M?VkkKDlfB6
zK(*rSFWSEvZ8b^Oa8V=1BGfECaXj+;{OOM9-W;qP2R-C7!1!qyx<ep?dNt)06?)lm
z`Q0P8ufJGDUeEC_;)<RZko=X+GK`4pGaGJqypWXENWyW^4oYjiw&ZP_TGkKW&V8QZ
zzm8{g?<0bkSUcA`>Wq3g#A_j0%|pM3z+y<+Y`6uz;WO6n2N3Rpy-AZBDWno|!)p5f
zaF}6aXU32zG^fr&p7AonMa8978|SR^=kw(IeT_*z))42GGryq^Tb|YlHx&p*Bh6Wb
zYhZMh7z>QdTemQYN5S}c>nx~}qrL1LItF{>FqQY#W3xVAXwY)Xpu*qM@>}&R1X5J5
zh~>F;i{aW{XHGjz2rJJ!z@Vio^O|{rVL_^Kqqpx1qGmFw-35E`10ClRJ0$+Am5rEE
zPeL#X{h0SH$)1}dh9*Mh5$(hb9s;R+Rfat9?d<zC^G4dSZ+1^kW?NagTfCm)oH538
z|CRSQFa$GEXiA@T9C9q>I8f`;f>}XxcY;v+!vn#42j(wimd-;u<=^5(L`8Ec)8o}8
zEw${rJ;^D2S8yYuOYUHC6{I?FM#?-DMSKW%YG>n_)H!|p1m9Rz*#JTV`zb6*TwL7C
z6(gzLGOZG&Dj%06{9Gbm?>8`lOQwTr%-T=;TGPRm&xTg1tqo@{r*LnN)wn)3)P_K2
zxzPAC@87>4^YO5DbJ&?(d0xJk>_4{?qkVJP%kRk!-!XbyLED_J<ak4H8R;qi)X}G;
zMSXw>k`{CkTai~-$j8g8)}f-+s2uxtb>8~1y6=wVac6=Tl8z&z(Q&LIa0UYDzMqEg
z{?VcC&+6cTAFa(D0HK`hKgCTZ2Vw|hml#U~xpVYC|2jnx3wLyse!B8=cr%ysv3abW
z-XTkq+e(c3)N-?=pQAyw8gZYprE~t$X!ZVV7pwavA_z0%ODy=YVr|d{#Lwl8+9Gf}
z9gMysdzQzzHVX3NDSxSrvAo8DnJG&35c^GRsS}w_hpL+TPf5tL4HK-RudlC9$=>eD
zcfM=>Uvs8G>~-GL`&BiB8Ovz}`<dalBHaA^{Orz(eP)eQpW|gd1-@&a5#}&M12Dwb
zp5qDYvaus`#i`s%A|=UtzY$OC9s**r@(sexyit$S>w_z(g>M|$I@eXVgNI7>7QZx#
zT&P~D(aLy?w6o3Cmaq}d5CE6|DCFmCZeCyA3uf`UA~wIUFyal_G8Em))q{N-;EKwx
zNN(h5i($lu_}tzZZo`U>a1&xfL>X>;e7x(|Y3=8uHH!)O@e3F!Pw<>$SEK(<(DzBn
zPbW4?2?t#1M6k@X9CCAWFUb=_o-y7ZE)dWjZcZt%x4}rAZUuo@>M?3KE^Lsz63@7Z
z+{RkFVM9KRATE_Za_S=9ruW#pIs5Aa1r7C%5fzw(KL-mmiXW__GZOJHU%#F7va*7w
zXFC><pDtF_!bvy&oDSKjM@Gead-oO~n-oqLcC@$u4!sG>%}k}a<a+6z`aQjfno5J*
z?06T`OrA}aWQ%z^K{X3TUIh`FH`pYPJ>$=a!<@=_Fe;^K&Ttw>sIt>u>rax*7)7kD
zZ;}n?@KzD}G-Q^=aIX@%dgT$Fqn}koEu*5Main}co*{fUsH_T&om+8-g0RyaxZLb^
zI62pLIG(h8eJ0m_RC#>?;eyP3<8uF>QsnxkBo6Uh8yVFmJf-$(x%mt@Z8rjXu#OOT
zpyOCJ6JrOTQB-a;2tTV3OWp!^Pi2)aJXX1RJ88_=TV;OpN>>M_`qxS12ra{rAM?h(
z;!m-dW<TI1j1>!<Q?YHi`Ns$Rj#MI;S_(tF!v3eP2cajNn8B9JXbC0qA9I9$9V<T#
zQ9S(|f93$cW>G)JOAJvYd4)f-u&^)@)7KFsGuoW;rPX*;>~QhP=Ex$>sm~IGg90;b
z`_zB85OSvfH|v0eunZ)<HWUq2!BiIcg{E})Usqp6G>6~XT<>EhKhJ}a&t6FKocNY;
z7_QozrUOKYa7Ao-VoJ)<{lTT-YJZ(VA_#=;1&Eo<$0kq+q)BEF%*{0l@L--D1pFJn
z=6#7mp#lQ~o99AWbd?S-s|?aMPA=0SQ&MI;!cW~PF@Xkzhljr}cM8)C0`YSP>>RtL
z3eY6q?+84|v_7malY@2Lp#oM-F2y-Ws$h}fmzI_Xwg=<H0fl<(32y98n^H0oA_p`3
zq4N_&kXeXBX2SavDg8Nf{`j2WbR++{rh&0h4W`SGI|fBa3tL-|$8o{^%i=zZd#-kV
z{VKKjhzQbf3fsJ_L`#cdj=Q8C#eOqnM<-YpQJ9yPMR5U=>RV)pZ;6j_+QOr_9Ik2b
z!22E$=QpZF?>ys~>5Ea1FfRCg*lR~jUtiycmQ*c$dU@>wLN<j<{+i$-A!e<PsYzF=
zw1!62bah;le3~jP0(mBKvl3rmSi7foOsZ`Pzi1kqUExT5DAG-aMM+t;4*BmThGg?^
z7860rl)B(LwA`pw--Lkb^^%cgTHOLwt%a=&p4}3hs{#|BmV$_gNG~Tbq?0@ljXXGd
zJ0Gc~MW1GE)z33^^osI&?a=eO<ZPI#^kiNL{5Uep@S`Onm1`th^g)OOPVTK{nq(YU
z$u^Zv_as^snK0p{rv>w|yn8%y6uP3shv|L=!Pza_<EVvYeu;po$I8me^Yy18HbE-G
zOW#<_1Mz;sLLL@o#W6{hLeSg8*0H^_O*#2-Zrwz2>AlJ~zoup=;9aUUtjRkrcFQgq
zWuKXlTNm`sYj@GLB(26t%L`%y+e_=7xy09g*$m2oDmQ3`lMdRc8A-YwANjgdLLg<b
z9PsUd+Qduf1<8GKLviO{FSRsSKV37g<g>iw(eMe4B7Wa}ezY~q(2I$4OZHxE0D@)g
zBAQEXrU>EsBLhvEXkAaVxkFdlaamYv=E~?<2Vsz+-r`-$)q*gSCzj#VBm8&_Q1$ju
z>u;>oqOdY5tza%XeD}UsNSPt?Wmi*+_6EEIS$74Vj@(9_wHpCr;v5Z`)Jvi^3=01`
zOb#)tAHc&7Dh-h-FSJ6l&zlQVqH@Wwo(i_Iw3(e|r~$0n+)y~fZ6DA1h#r$W72INJ
zQz%2-$)dJBF>#%x8S5WJ%-6t!OBFEkB5dSZWFc_YOJme7tc#&WIqHK264(k-#tzE3
z#D>=0is(&-K3JA`RDex{)VFMuIF#q8Ue;Qm#+<HA(C1D)qJ7dA+b1sUkOPD9e_WSJ
zoU*fZb$#sX0)gNkx?yoOt_wiL=mw&sx1zs=SfADF%*;{y7T-nc(aSqzHmoLG*|Dc$
z`ndqb@pG>^;`;SImU3Y%tv5>6;^Wx8jc4uH?Y)k-y-9~hbq@6z^EIq|?(r;aU};pZ
zO{MJ(LLkFwvuOK$kL;HXT7iAD8FdAk?5Ec!J+dKpIIrLkFA5!v_NNk4^iU|I2?kC<
z3WdyGbl^NT^4#rKR5q?Ar9fjxfvU2%SR^R0y)WQ|#8{<kQeHv^QmssfN~X!sJ+az*
zXCV^A*qd@vRHVT=>e6s6{qAqUXSV}ez8w1Rm+nPEAmcCar@$WG$fqOCbo4oVj8YZN
zX@)%9U$4zFpffZy)MBE5+#xoBzW3gq<}y#OTg%>VuOj43dOy@77X4S(ujTS{@5&!5
z`+iE%YHR`7R!~a8>1SzQ5WjBm@PJXYH?zAHx|<tO_*yqyuQ^=bcs1r6BvNdUHz+ui
z^`jBUn9!~4AXt7mg`K(x@+Fh!c$a@b*ev>j5I+MlCtVW^10k;7Dl#M|<WSV$lY|IM
z>JTpr#ObrM=+^6hJ|4-4#!XL8U%nEi5OFO#f{B?Ge758?nsRfgF~5*&BK>tL?Aomq
zmcW)Ln@I<=+_9_8^9Ki#{`NH86yPjaJLoU*M?dAN_rdKj9@Ke6$5bKa_k-GNp&Hds
z*0(_XC3BC5q)~t?qdO4g%Oh8kDbKcZd8YmJT$-I=x=^ECBlLBQ^=0o1yh{^e(9zX(
zJv5gRWJOpm*OxoLoZ4jH)gi<!pbj2~TR#;1eQ-IBFLf`4R+Yxq#Kuy&k3rJTfm2^D
z$E8ryfRqX59v;~lOf@>Y(@7A^-jHr0@GYB%!Ffw1MfQM5&HEU)u%Xgt_gE{JKgwaO
zi6o;($?tb=)Jt|Ik{k?~Qa{3@rrP)Cq6}>6meo1$8GBUz)abQbDR|U+664h}thbdF
zzFA=-Oa*g@4M|G=TxB$Ey`{@|j}X2)GAERzJvLT<&FlGbP-qZ_x*6n4Mi1sW$;jLL
zrsL)1c^UJtu?336FI6;t_}dqJw+Wl2P3+$bvOy_L+WiodqvKu*8TNf_y1U8bU30iZ
z?@mFK1|i&K86mHHXxYhS!9UU8i8mNwi~VP4kyaN?qk^}~{&sX72EUSB8K>=%pYA*G
zYVyzif&GX1EO@BVsd#D{nh0{HqVsxrJ2|&&IoKvS&*xtGuzt|SSMmryS`hG&WgqV+
zdWoH6{Z>gpp{_OU<b8VWxTl5Ack=GaPMW@%W9!t|cu60|P@;Tf|HamM+?_nd^|qp+
z`9*P)qK7d^--s5&`I54gEv#Dl3p}$txa#<@nn8N|`rIxb#lb31?(1*C+EL+D(KhiN
zBEF_iB|_{xJeof)#yZTTTbHC}I#bsx)jhn+<a^P>r`1lN+oFHH`iuV~O2^wS8@&8^
z+i!k!eeI9m<gscfJ5BQrS#3zhF{E^#n`U6QT}6=$%<_XaCu@UW?#UkNhI@TqI`X;t
z{lc`OjuO-yiBY-;S9@no?^)h_A>uv*Xz1AYyv^tGVXMgacMesGWM^jFSri^hv2u)<
zSh&U)XvpS1a^2FHxworML@WFP!6-MWbXY$HjmFTalzaji#m-@3<TWr`^bCw>XgH&M
zoDZ=;tD<srF;QoAVomrSTqu#SM_~)UJ;J+V7B{s!d*UCP+*G)*C)6wEaxuRKYo3!Z
z{N(aRSi+Nls5ZmO2W0v8+lC^n3}lA?aWTudbyz-)x4Yfku2B%T(?+-yqtN)#;XWtd
zwUQiNZ+>bfwHID?ysYoaMMtM<Hnv{FAFaC6>LL#l@Y7s8ib#AKPuZ0DU>;qV!(w+(
zH16ww&#x$}K5Z+3Va@Q6L?_j2vo|Ytu}-2u`BZ7}<etnDs7=H0@UWtL6PE?PA!~xG
z<~hS9uUJ^_@FToky!N4G`j!@K%oSlIgYh@oPG=Giwu?s@G0BA*+}4|3vA!()>l~}X
zQjT$WV4Gg3AphYQWpZN!8u8hidfiTJ-3gB`e}9;nl9)jExct(c^Is61FISuG4rIJi
zwKRBg7%&tg=SH~lsD`o-{_!<yPwaht)wgevNepDSGJa5Kx-S@XsrG$X#>zR$H`j)C
zJ)V`?=Wu1vsWiS%vkQ4wddU-cDBU<xMzVMb+b@scQww#f%?FbHiK*#boGj!f1bdf~
zntF+`b|*xu^>WCqlKzrHQ*XPN3KAy|Bgvx%AlD?uB1vpdVeh(v$bKT9yCmN1HWhgO
zKFS-AFaPbOq~Ad$U^=g$z$oj2q{oJHZk9Xs#Ht}FK3jE~qpCW}xEP~>8yV5`ptvIe
zZt}8!P3@quM0DAT;^^9Zb7pJ&{hhkgiXZ~REFJw2MLu?8#fI9?SsU794u5@*ZT)m0
zC!R*>KnyP`E7PRIJOy!RT=JvBt-1EMZ+xBIUuZF=Q9BUhueS^#ot$(UTg;H#U0)WQ
zlKc?IbJnjD<0Fn16;h72{FAtrsGepX2ZCA2m`xsTTp;PQ^AN`Z$v%U<tI{Chgg_u%
zyv)q(@)A7fR;ZkrlCM@+plCP;3XBOEbQinDDF@<<luNSDE<DFW%)a{m6M4Oe@s7%8
z3L=3s=+nU@+t=^B`htM)|B^n_ba9ZJnPVgfLVF5J)G)a$gJEB)$58AZc|W`G41Bnx
zeEZdB3Yz#`j0l7l0uBMYl*K=U(>oCVK5KLduCcN4vPBSK8&W41I18?zq=Ck)O-=5$
zB-X9nj1JMvq1tS|n?bmwQVRlz{e5*A^FuPm=wVH+LEab>=(B|2_YdU&(Q$~+H^GE~
z9nkCr{xz*b{3F8mE;8f~zzduwd~-CnRgvL+uru=4A)3=*!#T0!u<)DY=++yA+sH;E
zH5K6?E<385p2FfmLfmYtug9wzvejEf^ZR5B{i5h@2MiF{*%e`ViC_B>W=HQv8A#2b
zvlqZ!1$~=xccxszSAQ__xU+_)Uqr?qMMfv&^y5|a-(h(T>kzbO!6003LoXyIx@-M%
z61%kap7H8pqK5iE-_ZVwy}Vrl(1%n@z4V(i;Vl{(YOU2$c4b*XG4Hz5B5;jE&l9K7
zJw`1`YFdZcuTLL7o?TXC8}DT###&whS0^4o_#eKvA9q~5&9|X;ywT*Bn})ckH`N!d
z_TXE|Td$k)SH+m^;<>2|snpavWHs)Ayjk==@@Bc}>Z2<H;c#m;^=iE#&fAW?*_8kM
z9vbrF<xj`zBQKSvocujTxUyGI@?_uDEI7U{Lo;w&z%G9Dd&psL*K#VdNhj|YtlU-C
zn^awZ2fO=NpmJ_P4hgGXyfMi8iSVpcIu7?IJzB@57jJXk=RG{=rO1z_gSNM*6g+)l
z!<}<GU3kzkOP-?}QMY$fS5avyLC_hhAK(y=|Eh*x!r%IR7T%cI0sQ>Il{^=fblTjM
zEJOHUJM;m4i&!9at}n)c1~Jd};^d*v3MdWpHZW+&)ai6d5{oI{skQC}xvw}+jY*nA
zSz%B}{JJaqf_M%u51-3Ld~v22N_gfCoW^th%-_$G47W$Wr0+1&fDC&G&MSj!y@FNk
z;C?LEUx}(I=J@H=8)41LE}kjx$ms};3V!Ut@O!SrD;>??zfN$q*}3(Y&=mikgR=sI
zy!yYVfg6~hf2M2Y54E8;Y?OaKSBDrne=_c=ttJ?UvnLO?)AA*L6uSQU;<aYE-&5Fd
z8dKr)az#<w1;3~DXMOywLHxgCX-p0SFWCq00`A!74*0<p2b!<-K@^3CwJ=(4Ev{Iw
z220GdHCtng*FY)aaDTfmhzJsSX0YAF-QC^HZc$}!5TN3!rw1epe7=#4O*Q72(RuHq
z$#1d~@!V#pOzEqTXYF4QM5P|J)emV0JB;a+6$nvQ7Y{Pt$G(yf2;(#Sl>w&?hU%w3
zD?UZ&3&*>Of<(~UYnpWPI?&N)u}Td&YFX_$rEKiG_zM3jXYc#InxG=|1+ixDPQ!IN
zZ@xQ8Fx{MjNm`TXD&)?-31)a_ss$8O&@Bt?Gd~RoYuYYM1y!cS%~(bURT@9d@s0p)
zuhCD<P(qkR<jZjZ#1wn?WlHVrIitFBY;D<!0N=VBq~@UG@8JC@Bn^vTsiqmN_4ZKn
zb$~$N8g5vC532jNtF&~XO3-)B3Hae_f?b3Rcp^sYx4ixUCm{2JH%kO4mxp9SUoJB2
z3Df2+AV3ESNGjubI0j&hC?KmfpeipfCs`(WRna=$ghQ*=N9#sC`^2EPdn)k_HYb?v
zs5ro=e3ocoI<>a9gNk2kPOZ?lqWrtl@+}~q530l=4XiQf{pKj_SA>j|m%dG5OqKU^
zW37>-ZEP<&r4=;$Wp<7it*Mwlb~R{VP*8AT=$?~DUtc9&&YE3ZJXNBo?%6NO0)kFX
zmlMw9i2qbi43fq^RRAFgVs`9ksj|p$X2@f<CFBF8wi5of2FX!L2DMmy1jp@qCOfQl
z;7a6rx1H03QpN{f9fvhbf;gr`{}#tUnZHOT0g>;HgTMh>ssG*)%KLa!sld<s*asxF
z*^C)Rk^&kR-kp6vsJ1XC*V0__Xa;RBW-|K{Un-}nwG?aZ40B^dy!*pB98W=>A#Q98
z;QI##6u4>fqlZoBzfHjEwpHKTL;1A5tMOI*NX2^3T<#vkkr>%IkZ2{~-!-d{WAoHo
zf0uM}{yYI_-Hyd3>hV~4jvc4171X+`=L=$*roPN3f*47(5N`%l@Lc8>{`P01%GUAT
zCL7N#QIfmc4QisAK13JeLcgbEg~j%MKL_dL0CT8(%y)f3MkH?l&e4Eq;UA5uPSlXa
zhQJ5Z{VtGXQ&;2<wGZYpvP=}<zh2|HPjOY+wAO#+Tzv-Dfa_iJqP)dh07*X~EapFW
zhLg!kJIM7=S-=ph7d}K9!B3P*`Pva$Cpw1PJ=`_cMF}f32jKlYr>%`~RT<K^A<wqz
z5No12DhAop+Yz6wMiG1|Pje*sONxs>{Q2wUT}fA;8)W_@&vgmdx4utC8bG~2i|I9(
zj`LI9d>scra?oj^o~2GsyWRg71BKdNhadvw0dN@+O<ErU9UfwbCJm_h`h)r<pjeV$
z&ODR*f)Fud=NFfHR1o)uoN34A=ce&SZ5dF%LoMsaYoig;hxvU8M^!z?FFyYa3X*2X
zH(*G~TO&;+V!m5sC}yTq{Q0vO6zV<EuLHLDp%!CbA1wo>T>irfKy*L<Bqb$XIM8E)
zDAEBz)bQ=nBR-&pu~V1-zp3EABDzU!*wNC`lH_#@p+rjo(Kyk#a14;KySuv~*~Jgi
zT?$5Ibfx8ACq@A!mgj@t>m#PPmi7KLGl<~~CHZKKw?~1H-)iTs$M(!tVRej1$?{+U
z0MfJchbjjPK{A!3w&$=@k?<0N?55G-1X<-VL6$}<1n&%VJlR|XLbexwDpCMQiy?AC
zomZ1D{%DRu25rZ1-476oo$RPldSm}|N4jT1K=%XDtd=+bkkOX?Fr5`-npsQq&w8KX
zT@=UB7~h#`&Y4m4Yr5+nE^$`@MOyQU*!DEIx&^$vrbZgZNX`C(%Wh7o<Huq@sLUFA
zyMekYDm$kyK@sgVd8QN}<5TLi9LvYq_aDkw)M;$TWJNeP39gV<W`|-{J*y2=uNCpR
z<MH1Sb`;ADNMieQFY{o5`buG?Fj?3eci$6%y!dqByW?29(%zrd=lw^S=Ha=_rvR1J
zLpeaZ3(6#AK+@&-VPheR?gpa}y=?on{(L2vSlVH1R<J=ht%8#IH>pQq+kJjuCv3q(
z%X_8HM4lq(_D%%ghaeDYU&khw@$tl>Q(6OUnI{+d%X(X`!wcn*qE{DMUUJ4cV%wF!
zr{smj_rm}6$v?H_KnL&3ygYjEaMm8J)u&xyUE56GhdQQ`EF(RFjeA(XKOzywd|-E`
z=6`2Eg_3Yl#3bePjLW^3-ATd;Ma5J!#UOFw@8i>luw!wWTvYD#zm@yZytysZIaZ?M
zgR71V-BVnS8TPV1Oh7GMJKV9F{3Tn%gv6Jzi_UK2n<R1e;f>CeYfm~>QpD{1^k_nc
zsf1lNXulOrW5W_k<E@m94)F^})YfdXgA=Ik9<Zn?QV@i%;WC+r=YZ#^xU;9V!;JPX
z=5Fq8(Yqf+1KIYWOI_L~8COq*CQS71H!`-tWD>Vxtw|(yPTvoAKraZEqv(XK`P_Lo
zc%$eVe0aG!77$y7>Kkn3QiJ3t0Aqn(e|(%Rny<j$d-edMO@)2)(nnbN_4TaQj7T3P
z8}yTgi#y%%FU8f6P8KZfOCB-SU2Ky|>~<EVhA9>KeOco4j1J<q0llr=$kP66!p(T~
zbl4~mNTTd_%IgrF!C(b#g!@@(6~lw|P`In^dWe7Y8_wh=Hc2?5-{%VDcNG~P&V9_I
z7IE45A<r}czuzVv>=V!*+ht|1qT+2I6)(R~T0P|9pktYr=g9i($}@cGC3<@L^!cW(
zW19+X<YALQ{)39VF0Za_8vea*P6t}H9uo#W7nFsqY<wickj#S~_1>l^>%17R-XxTm
zYY*QWM1EO4j`AjH3&QD$r|J;jr0?6I-VvO5D($QTv1-Df;uw#z7)-u@Jnwbyx|I1P
zO34;VVmodsoeM@Uj#|!?bZ!Up!}H(yT7<bLOW^L@Rx}9>j-qcjKo69E&aVAOZE|yU
z|7uSUN0EX9#+9@n0>`<A=S+^Fp}^Jp8~@d;h!uq;4LV!W9{)6FBk5I5_m2%UcxEjV
zs7*Uqm}84rd#$psX-liDwsBxz+_9gI6al2b8q_G=d}h-p)M4`ZSNX5WM`!HzeUUN1
z@aH=+65>NDySBDAujaX(+^IC@qZuZngoJAov>a(566UkK6qS&!0udXCQn^WxiZNZ=
z`w7B(7I`-bIzU9%*f=GD4*FQ))p~FWSha_1KRWK`){nLMesa9>Y~wjT6@E?H=SGq!
ztm3KL&KFR@qY*it7<BSq!K~LV`nTHgX*S6Cf)x*VE#>iLjcwvPTy=<xl#g&A)vzZ0
z(W+1oy8pyx{*9NRA~>*@j40Ca-xHoM_b)Qb612q=rc=M=<^QZ+mFA@l0J5!pMOp&!
z&k{M2CT#9ZYAWHrUQ50U<vcOH85-GHe<kS)^aS4x%fA}N1Y>sYx9FmD(E0Iy)|}Wk
z3`x20woTpe?B8iUGlw|Zu-auKE;(^1AJzu8+iSJ@Gj)g}Rl+S?8Abrrw^UF!x+@o$
znQ{X;UH@A(p27Al&r1%Hqe)Kmvreu3aumo?k7V1s?-q89+BN&H%`tFeRJAs%b4o?u
zNvl;R1^w2&&B<eiG~1>#yE6WVQ(!Mn*3!VxXETfm`Q3xhNH%X&P2I?;dA}$Ky*;}{
z;w4gstVSmPzNhh`n&M4RCFx4<Q}WxGa{{>*uGjv)QxqNPtt_6O4!N5u+3{xed&Aez
z0mySe+P>sWwBxrfSQom~^7KK>S67(9u_<)W_C$vxeX?bmFL;{i(cBd2BF5IKfm$CB
z>hlP3<?2SiwXiJ4Dc*e+hfL%R_CG@T3^u#ku41~z?d6PAqb7L_<BP^h>-Xsa8qcqz
zNw0;!i<xu$qvxB8@rnWe=jZUBwEwpYe<c54LBgL)vE9Xj=YAM*&WJPdkLu-6!UchS
zr8JUpdS<4NlQ@yUIR0;@+J6Bh|K%hxX-oBeeOjB)Y-ZA1yu3MoXPw6O^;#+k{a@wx
ztO*J~<_!G1@j>&$e?g4@=0?t7sRaKh?f-U`YFxpRZM6^B>8oYrxO<2G0UIi>O);RF
z2M6Ww(rRmy3b#&M88IE~yM?aGz|3!se*`HrM_>`sV6ct+!Z3c2T!5IsYMlEK8O06f
z)ujgCk|5^rW+YdKRYlH4$mX(VX4c}}jh67v^pF3r7y>@2@i)0Y5)?AI?Bx%S?Y;7C
zJ#t&}afV};mCcVa>}P!wOfZ#WI``lrMP;qoNQZ_D+K_WNxa?ye{5(!&>p0q|7
zXCf@gsof2E#SDtq7quKNMFy`oX>#C0CI8T$^VZPsTEEb)nltu!hbScVP=ehr)8C9p
z;|x~GX}7Xll1(_npD)A|Y8^X`Ra>^&=`j4!H^jSXT>od~r7_z>=Q8)K!;V~)I|4^(
zwvrqL+1V>99fv7fyYE&E6eBmXus0}g9clb!PUp>_X1|3yAYK1cfcWnwCdu$pkL$9(
z(2B%gz0XewSTNYTz{R4^pR=UJo38w4^!8t7)c*~?``1Z899(-}Uvjoq{MO&NXtZax
zCwfS^ob*{mAPT;d-|35~Eyt+C_g{+i_n4LAIoNw_2y{^C1sdxy`}*o@3zlLBPK%Xl
z8%8z<sAq{)(5TNoe}07IcyYN?j?P-TS6|CR^6Nc{=fqFD+GKu{fA8x0ht^TnBku7;
z;79WpzOiXi@$9h{SWPBL>L_m7KDZ={PQRoyVk;zff$P3-P(KG}CazJg_&4S2slgi*
zHw`=dbGP3m2!{#qy4FA2(qy~whC-^pUMi)>b{jidjNnwIS354>?Aax^70{d&I=Ek$
zDUv#(<3U%Pz89p@BUSEqKR@*8lsf7rVSGV=u*D+$^vYY&MvFK`)9~k12SoQG$X4E5
z#Faf?sNDUufu}x>XC0cc7kDf4OoXgrigC$lpV6tNdY@moa%7HT!ci`Dnc|JhMZW47
zVPJ0p2$V_?KdhG9^!(aJTWWHUaLZo7_3fZ*xxbK)#;Cg6>>nRLR%l*7D@9Mneq<~|
zR&CxXk9yrT8KC4XSA4URT(B!h$a+S-kp1^?op)Jps2|?Z%XRkd$-s|jTuaR<wISD%
zH~geE#{S{Eosh=c=RLE_&J==B5xNHlwSIKdzmB*)J~@^9OdSj?a$e#&mHX(U2dd!J
zAeG7oTEb1+7U9%62GDlGG9H{xFh*FYTVp?Rs1hL>zAe&>@mLILj{E$nk9`weI$wOO
z5eG-fI##kvmUOw@u@NQfnqBM{{@}DPcG@$78rLjkm7Lf0@Iy~0T{zsc)6qkV^WD?{
zWFd2c;o+Erij>^}^$FJv#b4t+YVh6N9mgen#UilqzPQmo{qyF~n-@P_BPJ`+hDvTB
zQjGWMMfbStI~}FX3VYNCUVga1WSwO4;$zHId!uZidOhtod3t5^eCf8wZh&Ih=`+KM
zr<{_vc3dFqpPvv$OT!xTQa)NG=_b#4&Rsg*{$X-7@=HxP0SGHq<CBCFy_&M)v`Yf|
zkF!gamkNH~85(Dt+U$KrM%&}WBm;#OAo7tr26&C{UYzG)VW+jM^WQT(pnoW|mq~uk
z>B(qt_UmMO&h{4hqM?d#6O86{Z3IsRIe6sLyY=N8ELWil?Qb}D*m?wm9xq5`pTVW6
z9dPmOe^%zTWEQ^{d|Fb5*1V<h3rhj4x7Z~f-ttqokX`I{3t}2QpF!b>)TvQ*59Zgx
zbIsK^{@uTrF5nKw<{y}bx!FO#pP4@2D4epyW39?+{D3Sg=rxR~<BrC;P2=6i-l)w)
z$|1dY`-C!~a?g)&9KsLd9L!I){^U5Tsod!TJ>Orf+8Lu_Ej+>JmE@kxagVmVWk1N~
z`@BSy^pibev|=M->B91lrMLJOqDzf)ukf!)(Whqxn*G!>xTdzo?}rXsKK&{bNqLh>
z_})GAWAo9zWPT0@=<#{E8eaz;1Mmdmhmw~yqUbu)%;elK-qv#k8N9NbjzXqSz0<i4
z9837c-0jh>*6Czsh$oFsV+hq+$IP=>DjEmkPRq+>NX*l<exYQT=BaXV+}F1gXm663
zaBeovJx_fU66Tk9ZSA{(m(CJ=0CBXf`+9bvqO&~W&sRhazFG7^j3U;)XX_vE?%zmC
zY0@@NkSS%nkdNAzc~WpV>#-s`OMvqyRMx@~KGULcAli^{H+OK&hl6UyF?Z}|-mrv_
zBhW1nLy-G%!-v#d6`8|K>aOg_mWlhXXdP1XdX(SUirha4jCG6u3WafT?=27BJXLts
z=DeWCLJuO_shMGr`~>QzSECF~NILZ1VT8UZu4d6>JUvr)sU+UxNf8fu=NlCHRu+Aq
zZ8vcbV&D2Lp7+-$E0FVbS{50iyQgDR)Ndx=Ipr^AQ@JW)=xysovX$7f_NrgM?HZjs
zbW-ksdLmGqo@S`du7&RJ)o_K_3bnOEQ_pXoM)}6Yrm9R*vTrTNj@oT?7I_2@zygH1
zi%Zqurf@=v<3?+W8QV~=avc|FmK#3erMj7m!}ul!E)<L+PW1^7a?)=&kH8Hr(7ir+
zjA+a~1@yT$SH-zO?#f$QSt&s}Wa{kv$k!#G1^)r_%@aRf{#pc;kJs`e*&<1Ezmn{8
z>*kPJ_nV7itj(^y+1wTuzP#>-rRV-_^Vff|ieVIiqM@dy?&TwW!D#B|=VxoH<O|?X
z^K-ldaBBcJ6yVrM?rk7uR)9~s`OOqyG{mi$K#0sGW)rfmDB!5OfEN6`xfvcc9|)Mu
z)72eH?}&r5a}Tx{v76ds>$0(RK(t_ibWI^Uv3Ps~MXM?9iP|Ic4q%olf6X_iO#pGg
zVY|8M{x52M>Yiqw=)Ru?u##+6d9BT@rC)kU3}JkMXEQcH?qtdw3=){OC%$+4J7=q8
z_nBvEUl6E2UVAOw=$t>^&0b<a7^MMWY;3%5dtf$P!#Q<=TolG^g!{U+^W8e_7TH25
zu5yEtu1}hmDIBi)7gM*j`)xN@c;pQa3&EAM+Str6d*%}=P)0N*!G|L1=$ro6HP*<P
zTZr7N(b9d-fyTomJD2;nLMlx$V)baI;-iAUm@^Pf_!1Sck{mnk5W_M3-^Z=lL!&;l
zFw3}*LspxL@Ozodq`%ywo1w>u8kbS7?0mW0W$$xw_K*7rDW<X&!lZM7L+Y1EKN?uX
zl9KO+B0djXRs6;@c17vwOf`T=InD@^40miuSA#>n)ir*T!85~8AG^~u*gJ_^Kllzr
zX4VM<Zc4-Z?aYyxV&v8anADGF*A2C`;B>8s8ZHZr{`d6TLjF&)%Lg=tE#hn8DNPHV
z0DF_j{>I)f5?hJfp9fwT^g*k!Ow&5w9c}@xSipkjIUv7XXoOm(+-A?G@^35vrn?;U
zs~=k~DkvP$<mQNkvtJ)08g`YL3)xMS%E2jDKR>WJMOu0G5Uw8#Yz5lh^y&g_iBQTo
zzE8xxloI-hS)TU|BGI5Q$t)6hREhgjYd;y7M`+5ZO`PWw8cl!foo+HmCQem{%uP3z
z4*Q`jSFAk6pd0$SZ_-n1k_u+HWs%S8T3|$4y-`N6iMRG?gc*lr_idj;_t0zk7SaUx
zJDebJj3w0R4yQ}b@O(>Bg^XJ7GoByX9CpcGWu)EO4Kk`bQBX**!Us6#Uz`C(Ex)GR
z1gZ*o_56ar*h2C-w5!?`MfTvWmz}hou-Cg@F@6FJ6BlMtV&1sZtmhmgv3GJGt@pA7
z*<nv0vsZTB-+2VI{E64ZzDKAWIr1cBxcLm@TbbTpZ_G!e+dX7NN|3<|oHDQaG($(W
zhQkeE{!|{*rs_1T=fd9QZ)SX*p>@9tYcD(=T*rHiWkrxdQdJ4e`%gW`&YsB3O9JN!
z*5_35BR_s2NW(d7AD9qNGu(b~6`oa$bJzy{?Cqtt?B6C!<m49eJ;7C!Q{<^`<*?mh
zZM3(R%RT?;6eRd8`mu_d`W5x3v`vNQj!ezG!mJY@o!19>@8qq3l6$q=fl}_z=z_^_
z6Y31LJIyHio-A^LMT{2I(~AU*BqTR}9rbkRev4n!1@){AU@MLLexHVVDf^G7^dG>i
z0m=qmIp7Wr9opXyvG&^!>`RCRRiHP<1wT4EO4Ck1J5z^<a&U0CWl8DmEY};FS6ow5
zAPs>$n*^S&1{Bf@cx4B9<Nr4<uD|^H-!*|Dz90Y}1Jk^e9DK7ho5bWq7n#E#3Z@+I
zQ_Q&EARBZqy-P~Ip`#4^j6Omul}+F#BR@{%*UaG5k5%S$f5UHgzq*@g^aOWTGr~-Y
z^XL(P<D0-}n_t@{`<mdit?oJg3i^`3@Xs3&DKY_6=@5hmo;yv@nsoHYNlW712=Gv>
zs<&4ke(NJS(xe2|hZ92=SRAuE7ybK?LMOfm${zE7C^Ud1C%CylYmp@X+FD3vUgdp7
z8$aO{iUCKJTnsU@Fu~}QhcECE-?bVu%KexwE+ts14?v1LmM6_RNBeyaEIh<w|GwJo
z5Y-Z=jZy-;r~ikUk?^rpyta-`5LbXU&%$juT^9Z~uIU918IxrnI0#mb6p2sdI-1I`
zwaBKqK0CkvWcuQ)P^xh|Xl_Y=lx%%32Rt&s5ezYYo5&-YJXpW!uwZ0-9AkyG$xz|W
z9)dKA{01mM%5pMv2@2$IIvtM@xd>Y^u!K`>%i(LXUx`cjn1H<#cc0)|nTk9^Fz8l;
zx@vBudz=W_WV)roe8j}Cw-C+s_mL#!x#`sV<-5y}-6b=F=B%>i;rpJs%e!;5{CA&~
z5$XUMXnj3BU<EDD(f!_afsLBwV^s@#;QAHb8>seZ`9{wojsfm@eq^xmn58>{KHi&n
zx(adVoV04w&eWrOA&|n1O)l|y9Lw0f$)>Iz1Re4zvVLYUBP40^S=~KV#FkW!VI1|S
z-w$A{%oWhq_P9(i_7G<5XKBXi7QFYd#9pG-H;HgZW}VA97Q`A|abi-B>x{<q1=JEn
z9-uErU+wXDR*V1KAgEoW9m*gVk(9RS!<Uc);P((^2qG>kiaxo^C*qRpR<}b)o-uK5
zX?gB1i_3}?u;IbMhrbE3_++7U&Gh-g`h$aYK540K`rMc9SM{{2xfV5bjoE7MS=jb-
zp(ypmOG+QrR9ElS-*LhctY1Iw-Wqz^1ss7S`pGPV3lvv{ONJb)Z%$bDCRO)VJpA0E
z)a3r8V}XfxENX;GxVb?<gAt~$|M>4UOO^e-c6SEGx!e;Xh^@&})CUnTssg@Qzx?<>
z-G0YHBWz2Q**_0T(K<{$SVY6m<~#TMd|fYMrHoYIVkBNIk8LimrCt7yYaTX{qmx()
z0^H%%hL2)Ycu(MafFkJTIoFz*ce!70gUg`&XQwa6M=G}uNvVj?tLb`g=17#79($<k
zGKyl`v|y1ESiQ{964+o<RF5|9#r9R<8Rj({?Lb394nO~TexNaRsk%V6CfB^$DMg||
za+XWSw`q<g%OB`kuRh2h6rpDDOQ$AZp$l-ygLaQm1wXvy+iT?eZNh0G-0R~xepcZ;
z#-)u7s~ZYi5#1Y<!Y-c#-!1dowZoD^&K?_NVbF~sr}A42+Yj`;_lsHmCmpNOme_vN
zcwhl2O!gV(vRM73rR&PiX<x0KjXaef>s?-A&(r=@QEI%WpWn>KUj>eZj;P+w6L@}W
zL#pn~{J2L<m$vzm{?&iZkvLr9cWEd)?3(25yDDtWy5_a#yBPZsd&7zyeOOW9ir`ZY
zb&@gqTN65|>;TK$60TyDbXh+z>~j>l^Nj4q1+8;BIy!xS{%m&Q3w^gikubyR-k}o`
zFS@^FwCkb)==&VOF}8$zzwfhSo||-O0eUw$1@v@D8%Uir5}hVWJMBQ+R)H|z1N~Pf
z1gX<wEU`ATfAC60k#UgxU1>#y=WdJGSJrS=ZTHOkUQRxTv6W7c?lb5BZBUH^n15AR
z^71=ih@&k?KI|EPQE3R#I0yLpXa8eAPlpYVosNke=4maSPhj$`X|=m)LP$b^p&z)0
zRaL@QQ4)%RgXF{JuCA^i*>&;ysF9t-y-g9PP9^An19`L%k?Ft3XRhu20ZiMRuvp;Z
zXffsr+6cfiOM^}xW%;QEZ;A%hoqAd0?18|S#sMTJ-YrvSPs5Ry-ri1G1CSH!&H&^Z
z8fbH8@NbAfK8b*Ji<Dq90@f`a@W+4u0L4zkSUawI<C{?PgPMc+jJ-*Tbf@iY#CA43
zrL)lswur{1S<vwSx7m1PDqfE0(Ep9<64Wiwf+hBWyst~!C4n8IGV;r4q@-S{tW(Wl
zLchYb)j@1c)i>qMoY)Tx_cEd`xSX5rR0|CinGqp;XT^TR$5*er6gj#p@h@T5u+{nl
zp-Nd?unh%+wkC1Ug2?%vw=Az5^jV!VyDsu)UF~Cly-!L)FpQZ(pNW}ZzGhfrE6k!$
zLl<A<O_5_fh&Ltkx?-bxW*M2h@`AjjGkccGtIhFh??jT0oE9?I8M`gAI&F8tjnv_H
zDhii`%#=4N5;MFV55r(It1T&Z3qTy5oK_3FYl-8<dKG(kyc9mCy+Zttl*kw8J-427
z1q;&=-R1fR#&0ZA3Y#AuL577U<2*js;ytQ%x0b&5&bnmEgkdf{uaOaJxm&fN)_)F=
z8uGz{BHJzmOrCrr)#)7gl8^d5$SPzubjg;(_6i~$jo$C2NIXd9n;o*bv3k5`JIffr
zo1+!R!K5<G`dallA|XUNO&sd)g(nRCGkkZ{d(Lb9jUBLX?E8L)nYcBG7E<0di))@P
ze~*_$O8ZmP#|ugK{Uf{+hKjo$jvsIK+@{zzuAukDOmWZDTFHdiT+$7{T%GGK+)!Y0
zo(JIl@yN^ALkkypuJ*dC$67|;2b7|<11>S&-lONK6R@a!Pfl<Mfx-;C?V!2W_W3M_
zw4sw3`d?Y;Rf%6BdM<{yI~r2%p(6w%w{5zRBj(f1bYxT#Wcgi#am09pj{8SFKe8e}
ziFTsRw#MF1jZR={UJSZ2wDfCSeI!1GZ#4X76}%j$4WBctW?x3foZ_E%?qs${)tftQ
z@1km*Kh+9cz)!PoNgTSVUTs-%2JNdiB=nXXBsF)0k{%h96<g#=d;7=B1j|A1q=vJt
zOxs5A5#NrmKLt3aEFC<)NHID@FkSu^n{j=hF18L$Ian@FSQwxI$yznznoCZ4>|*Ms
z|NLS!hFk0*`l*7a6v|Y#aRd9kqy0^;p*^Rx4yLzwG~@;K#GO991&*NZb63KTvIFYq
zlSIvOKF$n>l)7AUKsd4v@{$F|8hRJhBOt3!;M<GKwU@U|gT(!u_m*S4qvsOqvp179
zUpQ)T`o+fkj<ClIL^51&AWBXN<F_<7xunB0uUpY7V)-O*;4;HiOQ@^9dk=AWJNH<I
z1lS)Cu^Xo5e~MW_PRDqejq`)1M}=bsC>Sj4@mM;^52`SGX`FuhyZbe7=^j#0p`??a
zr(Kw@UCZ3ETM*<dDdiowZENeeE{CneA0Q?!niBxyqbR4bt0G2!3KgDnvjZ~HKFTBE
zjMIUmeEv_KzzQ?-74%VJxwQUW6M2Mk(Pynu89Au-K*+}P9+@I}0l<NtS|c(YXsVn=
z)kOc`Bc&~G0j-<mG@`Ix-g?T6=Shm$S(h%CAnDc%w!-*LvAa6VYj|@EXw-mI{@C(~
zf8G0xgNpSd76(=K5O$}PaQ;M6kLA|-<q;EJm#trlgmS|#mIes=?W67Y+@U;!1)m8R
zBPJC;@-3!3W3~6=<<D(%)ENxrIOPNfgX`j59oQUv?^^3dq|9_T#>EMPUa$SGA!pnX
z_%FgW*MP8?DK$sO$f)6#JcjheWTNsLZ~I$8ufpuN{eK$lcP;-6>MSKEkTc)~Y;GBD
zk4@ik3g!>cE}q&|;cCZe*VgHw+-*icwH8tdNS`*W7&#qz=W5-Hn=3&!u17y}_jnAJ
z9G@><-`*wVp5qPlDAUy57%P5!#)!1@iq%qoCSGGK+K_<TfR*rpvOVU@<>XQ!58KyK
z<B#}MR{wdyYQeYs(?p*kmC>GY@sVgwPZ~uAeyigK*6^!B8{1!MgyKw0){uOD=IBYM
z+XTFFt9#?}qG0S4S$_FDDWQ2pQ^*caBdMzhZ%IJkTfM(m3pFlxMNaP5uf0~NHg0fk
z@vM`6tT)PC-M9F`bopW->YTl{nKg3w>u?FlpAoR##Av4FA(po+sS7Y(SQ5<vlN5)}
z@6P4!Q9~N*#fZVB^Nd4uVrG*+K$NQdF}Z<~d84*rTm|Y74^TPM6&#A*vyRS2n4SEO
zs&ISnSmPJIr)(JmIhm9npkvBd&$KJ9F}Tm4r`1bQHaz}uGBft}_Wl>g@xR%3_+Qb}
z6Ch~ZwwG`KB!RxV67vdRTV7mToS)Cxy9$9^K7}2Ue7XW!u;>bs_whsJz!&KUyxL7~
zrrK(%naHZ7HEHw0VnMF)n27{(=er5!8894yu0~MMH<CD-9A)*tTbTfyimO1=f__dE
zN_cY>uqp`pF)*RW@r4umk8>BJd8dJejfoZmeB)`-Y>;PQ5{KyC3C?MW<_!eyh=Gb0
zCV<F#70yB~k~-)Bij`-?TkW-Go7*1!R_=h?!p+CV*VoY31axx+;O+hzeZDR|0evgz
zX|Ij&S<q_&x&!m?CsMyrW%+}gMy9KV%C~_%VE!~{+)Me0Rm-~y>;Qy@YOX?Uv_2cu
z3bQ8-uSGcys##<SG^uky?l^#U#=_c)&90vd+NSyH*as`!<InxdsrRhEAm9;0_Xq>z
zW%b}Mz0%@~HI`m|tEIa@iSa3anmU#rcytzp0}j)czOJ@5)y-zm$S4ay29voqFHB2V
z2)2u`>|xcW)fWJ+Nh8s0qVi%iY6Ls6aRF9VU)}hH_Gl-A^Bz<|Ej7?wR??zIm>)K%
z4{X}o^wzhqdYs+HA}Q)P`Ssy?;P&bewLW!661X(~^j~VonseQKYh`(AXsO?3?zAd}
z(LC8CU+ae95!(G@QG4SV(9rDbIp|weXUU|_wx@(EyImsvZsDG>&aap};H>mv;e}}e
zld1R0&*yt9pa<<kC*e&YbhlDU9@yF3Vn0K1IpDjO#%bV|)WpPlVRlGjA8PvNmx>e3
zR4ujs)Wx!VjPTNvsp-GWUm^_Kh*9y6-qK^4q4ewe=mP8(<KrJs&Ps%3w}f8O!ytoP
z?pjjh?gO9{4yPHdkjL5*OBC-v?Siq~M{ihFUwEJ98#lZA(x@y8z=dE{FpB<x4?qV<
z_J<J7d$acxL~@4Vy}p^V``<<Mu<{5I&Qy272(tK~#R+6@2t%8`VPC}J1+(ys+NoeA
zx@DNVJ%=FvqrCh<&&x5EbN_*;x(NO*EtE8D*Rc)(a~54R`&_5jQ)UOPE={^Ks57vr
zL|3yqabZD5(v5tZky5xs5+l(dF8LKv#}@9vLn*~1<C4XJ=GIXL;No|S=sm0&uu1j-
zPFs{?=X)#a<)E75XZ1;o7vv8p=AS5BcVwD*PftI{TT+_vW${iQy|&;>zr0LdnRn5L
zH}&xI`GHcf3*<K$-(u??{fZG9L&X&B${Cgw5njU5(3|kL-w-^eyWlke+NL~qDp8rY
zPVB$&wNHs5{Gi45jM+Elell%1k43jV1~dyARvU~fv=T9k3>Iw7c76IaKa^3+RSHom
z#P1wkIq62+?HT`?9c7gJHTvyj4{7be9#;P^gc<?wX1Ok@{nWM<G|OjL*F5~)S8Vu9
z_gA<kA6R4qT%Xgp3B9`?T7G)C0xCufNj+VJtOKM3Sb;iX_s4)A4j9|Y=AE?H>N}2G
z!MhC70cQf9>=59=bjxsaFtZDju_1;iJ;&eE)zho+ozb?e(#+NbEmVMnm&7vp2<(d1
zR+tHA$guWZcdp|$Pp2=h@!DDWuy-2*iH2Z>O@XoKru|79q6Kkrkv4cI3bQTn-Z{fF
z|Nrev#Gmvf0zWnY_Y(ZV94!77>{r5zqxa_sZxZqI6b0=mCq0E<T|u*+VZocNaK9~}
zjzCigtJ&eD(;6=cR`l(jW6%Z$pbmHm#3}_dp%wA+Z&)>+vJ$KOiMah}0)&ygVTJR_
z;8h#!M?@Rn`a%dzix^1S1;UZ_2!EKt=ZCaSOJfJD&`AHi`iNFa)&m|=MNYu7*c>tG
z>4XkX!rMNyMDOJV%m3{?bcbl1KA}}=2akO%7Eh`3DTSUiUUT<>kmY`&ALC`CQMiBE
zxHf>t0byTJp6LkXdgKce7wP)js0a@cZw4xMtQwl>$o$NWfOTG=|ISPvdu}W|>i5eY
z_V8J9o3>NBGS{8#iacsWptrM7LTV>%ibna<*1*=$SEq(5qmoGc9ODD%>8FW$$&Qzr
zz()#B_&zz&D|gv5Hx3nxzBQg{sjx(=yOmo}!x)<-ozFneHmRy)`j&j2C%gxCymg$<
ztYhAIy<1mR?TTj{V(e|)$;)hRW&Le8Jb8l&K-1P^N!`iv2W5+jhmZ8RBXA%0$~K#L
zCsk3u!Ijh5U0yQ-JONxWujP6?Hvi2gz|dM^Vq;@nr~GnXqiEY$%%ZM8$TZ*;Qy+XG
zz_l+H-YzRxLH#J=r`*9X4|gH<^9c0z3~C`_xD3D2o}+Gi2b(*c8bSHvy8+u-l1JvL
z?EIQL*svt64gK|uO9nyrUF}&oXR7x}g@=YxincxrtaYPkS0mCMpz?kr3zuMf3@c?Q
zW5#l~Xr_Y1-bdskB}1Yt7lwai^=md%&Uy#zagV<>ske9_Vy04C<Bg3%;-pPo|7mn)
znAnWaO=!8BH{)IRa6D|iwNmlLR;QluyL@-XcR%un1Yot=Ue@{5zbuB;Dq!P5ZP%p$
zeO&WD*n7uaMZUfl)jWngjMe%&{5mh;KKmy7uZ6pDhWY2A#qKOnVs`^<uFUK@niZNW
zZAvu;?Z5KMG@g0yy+&7>WAfLOFmdkPZv2=Hdb-uhHP`jSMx{y<$_4m2<D3*w3aSED
z1jlHacp5R7*<9uEUf-$n0%2hr;r_mEvmV+c_S~?*e7=4^#&~({e#=5?tVEQ&%ni)2
zk*|sqw4}7pxS?>z2*Y|o{j$Jj4kbV87h7jE!vkmwG*CP@)&JAbJHGers)(YgE6({F
z3x$LWI-WFVq6y8J<Sfqqfv>@Rg&3LoqMCFq4exXJ-{X82lUKt1y?20RG@(-G|7q>a
z<Dp(3Jx-fLrDQ8vvWIXKStdFW$yyjY$-a(kBZNej>`P?dvKw1wER#g`o$O=DE)3Z-
zw)>2wbMC$8o_p`__4{{t@%?`1nP<Mw=XrnLUvY?q>rm9a_6`GPWfO>n%wyHFQjyH1
z)|H)>t@9l(U@JP8`&vPkRj79YC*T)jID}_x+3}1m5k5SR$YIU#LXsoG&iE5w$tUs0
zEef1TQ>EG!!JKBIXr@7`J!$=kc^nUAsKE6Fre3&Amt~HKwWC_n5z6?{mKo1vu6o|s
zLdS<{dRk8IYnkhAAbHmOHOzYOHS?QRhc<>fcnA}~D?w}S#@^^!XLd%}yKo2XoN9&T
z9+@&NB$CRcbHYA0`wht=(tmju6wZ9xV2Ne)(0R!nXvFOxM{~i!LgQEW?(f)qED`>O
z?XenTxOw+0`N!Qe9}s9#?pAqSyUJibL8}ukH7JOnWA)w%9{n(zmHE3HFSdsT=WZXw
zb~J?r1<#((O5}uuW=d<BzT&XNW8nZDPkj)4NHl{Z1i_Yb*&3)DB5b9q^~GFnJQKV8
z0y~YpI!Av(nh4}m9m|{96zm(R4f@jn6J2@We(g0LDg|FGpf&lK)7-0j2B4pbh&2RI
zRcPU(b%?2-g<yKH?w!vJ_N?cbRPmjg&3$b9TsomNIlj%fu~?E4S-VdqA2#aie#Z6p
zpPE};4d5pDIN7?01YbZ4+GYE|65#9Jpv9VRx>b2$f9dYdPNjOFWHa#PxC6kLx#ujn
z`TSO*FAloj9k)SR1$yJz0a2W%jZKSJ)EIPJ_cqnK=TmNqY2cfRn@`1YU^m`I9Taf|
z$3}ENwbNg_dXTh0URoX|8U#i7KH*8!$p)%}xP<hY*1z-%60cBbHy5ehu7?dL45G5<
z!ae1V(kdW0`U#P_^5$X!Zt|M)QO<L;oF=kV>p$WsUt&qXW(mHJNL!%u^ayV|iQ=+6
zTp`<Be~;ZbcLOjt4jPNtLYHabLmoqj;)RvtvpkeQpMd}s%h79k5KE$?L=MQUc#$*F
zV6UUC`Pj%a7oE|sO4s6(lIA($am+H3=3(Isal$tX!P>rT$zLsKzXGbHOz&c)#%*>p
zoGmtSV1h#)DSMi;P#8NhmOwLXaO>jH@h*z)DB6&-y%kN2E0!^DQr=|wDme6H0SJH8
zyu$;Pp_ReflZ{dLh$?m5qmRJ6@sNeV#Y%>4Yt@JHPIHy88Q#ufq~=M?Rxls57-j~_
z75Ks>>5JjEqImXO!_U&OJFM{)sAlz}tMM7`fU={R5^vqlBR4~*KPhR}{`C{a^03jI
zloGTBI(;;pBP`9jx#p0MP5y>D8@%h=^&%`f>ep4DQ{Mb=3IytSH0>lR$KO5{$9M{H
z8gozPFxq^5{^(dhl6FLb5@INCA75#7^>H$C%E}Q`a~}V}$Q2N%b_|0u-op@nCI!oM
z5T5<JhT5;eN<0`e8XnDE$FuBm^A=bv`+`9T>_3KF;?IxA-~TqMKEwY!KOVY)TLs$q
zeK5@NNL12C|A`>yNLYln^~cO-9cFX1aUa;(w8n!}0epi1i{|kVCJguHMkz0m%Zveu
zHO8t0l<B&)3g{Mu@NcDAu}(G9L$<aE=hxvc&Kp2xN${^~6vTgEQ@$YF(<KA%z%3yn
zhjgkuifSQE^I7Mw-b^1AgJPqV(4a%o!{d<an37a0^vI#NyfL|$P%_nhPVdK=nZS41
zv%-)^Z~gT?*j+t(gQ}3ji=MY0uu(x;?ryp+f0*FaWJT6?-)&rL8S8dd<h&=CMPAv|
zEVdXXdqq0v;y6LOV%@tUz5?GIDu>)5qu855y%xlz0Y&j;i1P2AS~G90mFe{5plBIf
z!Esag%T8BJDRFpHf}#TcZwsyK#C+DSDxLmXF_mjJDVs&O{^;@i#1-kLq&+To^L&(;
z9TQ~U_I!Bc^limr1g6bekd!a|Dg7b?<<>^v(}^P#G+Z&q9rtrw)FPRRnHYhM>j|iw
zwdr+=`ORpEbBQ5^E@%Ee?(=tsex@s!vRiTU100ys)<c0`&mR#`VY>-(&?ancAQiIt
zhnLwkb|o-bds$}G#r6FYXBC^s)oL+!(|%lv+`B|AyLyT3s;6>^F~m`I@R~7^$<BsV
z-`YG}vp~lNk2bO0!<6~6Tgy*mNwPkR{mLyT3`0l#K2R!do03=p#bixIeP?uU0n}@W
z4rXiAfFmV;MtoEZ#RYb)lA7)HAw{c)@6un}t@sS<@bh~>P933Up4cMFe{8(wjV6$t
zrYNfJPs=`>TmJ=B)L$bTadj;%Ep>GOJ>Xk=`E{O_e5wiWXkrr+-PdMAagPX-`v1lp
z_2kZ;*ZO?>LpFS$3vAj5+wTpJ&6R<~2T%GCp8Vr6D93@Xs<dT)U^Ov*s}S}bujHKV
z|B<-Fn;m?GfP@&O+|t^ffLJSh*KAaylwWCo|3%H*moqQNJ+Lf?#U*@bk{!mPC@j#m
zol$#wJ@n)sRiNGKq9j$v<LkbsRU0~aWBkc2{jE<$MJZy>39eu2&x21jH-cR&&9^q_
zV||oWdxFQ*ph}OqoHBf_2u~a>H&d=xo%|#8din7tw>*U~0K2odqJhu^QX}`MH_ZcN
zJPV|VG!tXhSY12;-c!}GF{q%+wHnx6!rw@`$DDMuV;;;vKqAqJp9v3E-y|u%y7_cS
z7M72vtV%%2@`-jK-kRwni&ftn3|K!|1z!mT9>K(fXeEZb1QgyW7@&_M*%g!ffZFh#
zdl$fcNwelM$^v%6lG+fM5T@p4r>E1)PZA_u1|5i%ZDpXa6tFkwRUL-6#mI?@ubnN<
zAs=Wp6Qq9CHYkg1KV_r?kz5<ADy+*h#USri{E!gGtVe#sb-Ogg1q<m+lo)GMEnRnv
z@-@A1*Lt!g4N?Kea&8?p&|(P)-rNHQsFme>ylcvSv!O<xeXID+rrT%%lw^38QX4iu
zHDb{hF%hW)Z8F+VYMApWm3-1;q)eRb)4VrFmS!)J^ajTs9TcDylVEvaNRRf?x&jjJ
zI>>omD@6ejY^_b@7*%-*FQ4+~`|_<dhMJTAm|bEcxPAtdYClv~@>oWxxUD%gw9_{X
z&gEa&5w}!RdYnESCFOBDp;^Pn6n%r$ixx&}v1U_D=I9)x(=EGAmQuo%Em|WIsKul}
z=L(E2cm>s#@e~J*JErY`VcIdLe5oJ$5VN~E;pmliNdvQsljBmnS<yf;50R?nnCb-F
zZt2ENCE|Mwh-b02qUudT_2$hnROuO6ISRK%@-jErU^&))LJn(2p@k#T@3F;V3LnWE
zKL~M`lX{+uROII7&Wa@_ctiN4#G((Le42j{-pe?cC(U}wbtfAUWqYL+p1s&y!L87~
z#Ear?twF`#y>i7##M%MsZf@e;8CCmE_o@ZDpy8<m?wnftatRs18!3=JWd=ln(DOa?
zykxc2O!s2uMpF9K?2v?xUXyAqb2U4R-}x_0_s(HXO9;g1*7RX%lbwA`N8XqVqM&h`
zQy@L61L={&TthQ(kw$ylm6xwdRcLTOl^Qy%hl#lnTt5d8I#3(L_vm%c4?o{4z*MYY
z>k*wreARF_0Y{N$E2Jz$a&jz)e#h>#>kW*sPpOfpx$}pUP<NV00@~D4KKo0Zi<NY{
zxKm4y@4GC`A+{vUGJ;BPFb$&NpLD*8x->X_8Oi-fanIlxv;s6;tC90+J@pp|UMJ6@
z{Bb&*X1=IPw)zkGukuMIy!tUgL{JOFR^%@nRtFDCw|-{6$d@0cq5|JH!;kG(-w2bW
z^&nfDO~4)^Ug_M2^%Bi$R#!4agIFyvKnF}|$_#f1D2OfDoz`YMpRM0;Ut_N)W8iUL
zBuZ+~gVc6)h5hu|$9LhgSsL%vRPTzfw;cGa3J8;)gTNVdewUly0#hLAu4pHVKbdSf
zP=rcObzL8gKJn;TL40e4i{0D8F1@X87ZY84jB#VSw%uie&JAOJL({EuUkPMnzzhI7
z$z#0qz)yA7#LVpbM!Xili!@q}I=qFZWj6C%d*)mOKf#KZi6_YS-%K_2!(|C<!1;%k
z2NIw_2SWmdf&aOBAO+1(ubO7yv2vjX8biQc<>%+;#GX6IuLi_0h`c<|`T~S#rQ`Hl
zl|7_mSPux+2k`n71nKD3#ztM8clj7W7`{LY>bt<A$g6T@BhjrcTiJ`{EeL?zfT<;t
zUFvx?v7hHbF?Vq=@Ovut1z&x`x9sAV+MC%EX!7<#D+Mkz0^1cR=x)OnV?k=7&gvI}
zZ3Z!vcaDk1*u7VW4AT+!p?|*tJ_8nLsyu-!jx&rLhdtMnUeF50+Y_LE@Y{I%CYbDp
zI@elSVBqGg8=1j7T&c?azUSc{E?5*)eUld@@$LmYm2@n+y?34o@hHdXaQbi5Tl#oc
z1sTy$Fnz~D%T834h>K_@X7l?UMunbH7cR3BcSs@6ASkHiNJxv{&5vZ?0y^mjIbY^?
z)K9SB4O_&6Fd&jaSXXx=zERY7-TNRB*YGB*j(GWA?q%SDE3v_j+$tE-w6SJ9KO*j{
zjNBYi(wraNGm6OJo4DxIIi8RiFX#Z4eygkFtAw)@;H^6l!W<B$ieKKTnwBU%VBz>;
zR=CikV*F5yK0uevTP}5Yb3}jtc2qW~O|rU#qDCTq)<^zik1A&-6v2a2?=AcGHZv}(
z{_Y?1LFn0p;G1=i{zxT$%&<X4oriFK_nhKqO~^)4KPkt2WQDjc%@>jRcZ62z``S16
zXz#Dt^^`Q*e2l#4uKqQIxVU=}`DTz(%%?!{0mJ(|K3_YV9rv#dZF`a-=<b;wy|BO!
z;I^PiU1K;Dudx8>5x(x*;^X;*jt&<Ob)}Kafx)0qq}FJ!+V3!|>RbNIbp<2-?Drz7
zYn#omv-Rb!A6LygXTG<vU%qXhO*V6hPa%WuYR@9=V&Y)H9e*Un?UBBnBK9y}a$(Gv
z-7UvxyWd=!7xR8l-NO0kJ8ZxO-WhTMImZhVHhbW)VRT=`Tv2;YH@(grUJ2Re%30(0
z)oR%BqJD%{+Fl>dU$B+n%D-n8xm)2Nfv%q`oX%RmkeIEl_nO*%|6?zh`5&caHE5hR
zv0-9QnznAMa*sVfl3yl!H=oa^L6JRI626faOH=jYy7@<&rBxuQiabW61c3<iNQsrP
zs$J%~wANsv`rRz#NB$Y%sV+5tUtN(_k$H+o8vaQ0%Mr#E?iTeptZ}iE$P}hT`lm{(
z-S^YO9o{JL&8A|eE1s9IHBvFpmXdgVO>+Rfwn}5?yJP<mk4Y7iF^T==s^<9+6)BUJ
zvS|5|^fUZoV^dR8nQbN1ImJMuO4iWfYjHC5qYss+^v>-Pmt1<g1ZQs2#B3X$)Zm^`
z2F~o^Xr%^LTO|{SuwuSs3!~iSX}^F?3n0t7Iin{pz_NnXvg=JZmuq?V(tQ{>zh2{G
zbl@31e21@v0ZF<ovU_Ezjvw)j-O}b8GFGyKJE=(M4D4dgd8qmN9yh~$)N}6MJ4k0b
z5$HfBwWBQM-lIWqaWma73Wc`ywk@_iaj)F-==H14gQn_C(~6H4T`|$`rCilD_rXwW
zFWOFz>V<Jn0^%~mq=uMK1T0sX?<bQ@)p7nY*7+uevP9eYvFoeT(E&HA+(e-c%8|A7
zl{!lduDKt4vmm{`qKc`Y$pl?XoL|l`{I0x|PrYo69i!$H^7n-^ZSInuiekO|`<kXO
zF;A@u^e2Z<ssNE|_G5B8o|w`4cd@rUMD;PHVIw9KqK(tXL}Czra3_&npuaPF)oMZ(
zY$ZP)zeNYi$wj9dfd%7w@N&*g#w#Eo8#{8EHa!wy?j=vQ@DHe0cctR2=XEP8c&0e)
zOArrg!o(I97R(0J0BbUWrl_zze-TC9<2Pv%I;e{G9qf(Id6l0f6gdNgTtiQ?!^p-$
z@8FeoYCOR(OUq2Hi%A9rbj3B`OKkP^Tr?28n?YH@B)h-!<!nzgs|pdAW0RnO=;Vr$
za^d~h&J=8^3?^&iLsP{I6A~6uz*=1tm<51Xllm42r9deF4_sYWeBC;_zK6?ru%Q*m
zA~o{eee6ev4|7j4&_AT5u{x9xvXG!Wg>rLqTiV(b6cl||R9dt@^7Fu|8Fm)4dld91
zfr=U+zdJYO`c?5k4^>oOt$ZmkU^$;B_>M2f{_6zQe`T<Izzug{Vd1HPvCh;7$7ujy
zrvU%z^vM>SE2!VSH3#fe2nYU1fItvDi~tWSyKj5Hzx@{Ukijnh0Y3Ckp~rv9ukIgj
z2CFI`$!Y^m9af-y<offhh>_7jRwbZ0ih|}e+gb;sEg<X+kfR)B5(DR^?=Qr@iYzB9
zpkq0A5XO)XC}7eAkAB0j6>giwkB<Ws&zcaOsemcnaR|P+OND)w&sU)0g{_7x;R7eU
zMYh!{1KD6^5l&5n%jg*Km8;1jKMry7unBwX0i{<VEoUpf-W4qx<;?P{DT-e@Gr&_j
zP1A76yRWMFKlK4}6by^eBj)XJUH7Rwj$%c@G*4LOx`~g3T0Slp_Lcv%UisC8g;?Lf
z-b;z72j7T2i)kaGZub5^hhOcX#A<)G$>vnN26a^bIKxa>pbc09=(15AMQB4vaI?QJ
zGvq@zUDJ@3n21Y;Dv|rKd0)r)W%h*asdT^<e_ZT(NRBZRjc-`hbjI*tUdIm(#~!C%
z4by$tk2(%T%QSC)oJ$p=S`N0dvzn<jALYSVHS4z>)yheQi{p*YIwkE(@&aS4c!3AD
zg*U-0lqmZ_dfUrJ4A07+Cl&{`Oua-mmBp2On%CpzCSE{{m@$4ry^nV#*N{<tOeN$c
z@zQ^}u+ar{13|w+wSSH>{~9{|3e^}jFcpr|l#F-6{Eq$%7_FaTx21jyHe?0nIcOrS
zAqk$|I%P#f03rCdgtotuw0=^N^#7SR{8YBjFdoUK(b%!>GZ$_V6jHUB;t*1RootMu
zb6&;P7mKa<){lJ3(rt{IgK|j-d&x0hnLO8$98X1U)n<hc|G=r##NY5{(r66zlU#2U
zkjR`W97a1-yz|OVk#w)=35W}yA;}Vx=g@CJ30!idIZx*K=5cE>va!*uewpszT)8YY
zQSn?<8nNdY8#EUSTpS;@f1%O2A{;ofoLui*I%6k-b;Ce<7vGzG`M!^G6B%Wc_a=$=
z9-Uq9J`=G$r@)L-*$*)*pXqJSbRf&$$wC3X2n3$s&m!ZW^kRz;)Gm$>)D84byT9x(
zIQfzJzM$2&a@gK=S9I<El=Q|{%(<xxN%9gfC!cMMTYaqclABy0k0b6&=~c4XZO>HN
z8rdbogL4IuV=R?b26Xa|3piu^K^nRCg=|X%_kfL*C6e#c$gKUW)XA+^34z|1_VW|H
zNBCw_G;2*)s@{vH^i!DnM9)gZd|1usqd%H|%v#|vjth@^H28h8Q}Q~qm%=&>1ZX&#
zKAWv=mik1~9hG1~QSmLhvqbBY?ViO(xG$AQ&-G5Urkcb8NqWc4gFnSXSLQVS6x(%B
zgbl;yIxkd47-?ZcVqwI=mi%-V2jwOBMbHlNvly|qKSoj|9c_c7*)8}%1-MwsK#RT@
zqtoMOye04%_g#pnTkxuKFij;Le(nSzX`)<S)??a5`H^CgVyf=}gMZV7P5U>~g>Ni3
zpDnX5Hn&qR)l!V0FnOw4&T7_;Xsq5g@dAbkf5yKeSE{4PmA0_RqTK=fi2g8l&HOL;
z;qxQ<kT*WQ;{E@t$%<Dhj(-F4_OF!*WR3<tTi-h|`}0KbhgN*+iZ?~=gpecQG9B`B
zHTf$=!RSe)GhxhLLZ4T|`O+=V-5Af7q~mfNNIw^}uKDU@s-+1m2ZsCB>okQ?@wu$r
zlNTmtd1TNSf95`Qcb%l)Ca(usOp)<v+f;IBBl1IfC~w-CZV5?5u*o$JPaGKC6@$1I
zzlGdp0XfYW%$-gY3{p8PRP)Z;snlI%5+mpxcx*NJ<nn_-ZCbU)wf`w7rOnqCBTRFs
zj{B{zwWf9@iVYm%r5S`y{iWP$83#K80ht#KE8d|fht*+zYH35dL#B_>=M>+av1Lk2
zk&<qJo42?O-m3Gmnt9^U@T+R-H_%q_>IgfmfXHt0|0~$xZ$s1eXO)96i)3t9)uc)P
zw&6;$wyr&kX%E9r1}m3r>ugZ9DH`VRwImLZdiM_QG6?m#twDY=uH^y@w_J`L>>MZN
z=3=!q-t2o{zGX_OmC*ive8_73Y8+I{r%oPh(;gO6DKTcG#9m}K-koswy*+c`Q}$@}
z)FM>_y=`J;LD-_w^9Qm<lKXTJ$!|yk`KQw`*Fm0j?t$apY;iH_?2R#DS-Yt8%N+FU
z)fB<kgv2*iNJ&w(goA~>RrC(2BJw!BLD+sk(J<?aZaF-ScR)A-ij||5T>9GuB6-1)
zbPHa2-UDv1!#QU_A{FKn=R2zZ@pqF6CWyLx^soQ+(*e@=@YCHJ`OmwzC22F_sPTAW
zMHjvayFt3FX;EOz3h&M0&gG89Q=K4heydt3E7@ee343BZR-RK5|A)i*jm9&sw2oTT
z(cA(I7CzX#j!=XLvsBx!qAnC8ywNc{{t>>cB^f)|yTMs`YWq}|2#KOtWP~NV*@NHW
zLMMgix+!lKiA9y~9UNP9&;HOw!CQ?o;0Ew$r|AFmOq2g^Z3MI&>&xG|xla(3C3T?C
z?)!VvM$f^`-9@hPx{D<~<&O!jZG)`zP+_$ox<U;U*@E7sqTPWf2nL8SPa&6pA1&lo
z0Ue5&5rq4~C;$E>W}+E$ErHMhk9#gr3<D-Wme_*lIYDrM7|c6DQ}RUdLhLjZL%cNv
zO(~osm0)Mk57QcHNboQcNDrOriZC4|>(qz5jPt<48{pH<nfTfj*jKdlZ_*W+b(jY@
zG(vN=(R9fOGwSO!jF+Yom;(1Ccr*dZYfjt?tNA>*%4J|rP=63M0|tie8Pt3S9Cu65
z+K5?Adhd&%jqjGWLNBb0C7Wx!NbAS%9lFM5o|z}-wOXWhpSj2|a(8jL`P2SxD;DD+
zKI$v&Z)c}Cc8-ahNue2x0;ECh%e|kyLhCbD^!RIX(+tf(U%u7t)8}S8iR#d0-x?^4
z<)x!9YSLDzww$4|SXZJP_niuYB3%cb2NOyLbjo3b*9Rfm=LDb#>q7Kt^1MW)?ijf^
z{^!A=t9&D}HCKt_V_gwL2_tfbsjjbE?XK|Zw3jI>wb|7R*87#Rwc<}n3PjF=mAf*z
z*h`IH8J=u)&Y*K;sAJM!cg<hp%2&lfbF;Bh^p_$Qq|wFMT<FIwHLe<W(|$axD~u<f
z2)v)A;_rw^87+#cL*;zUSS{*ITg`un7vRQKg}1aN7&hs1s!?)gd)}x~kbR^sVZ}ZX
z@XeRKe67#on%ub!!?@=sdlfkh!)*K2QQ^y@(z8SN#q)aF`V}Bq;okx}4@ZcD9wZ|S
zmv-yD=M8idYbeT&(~TU{NFL1<hKtOU;u?$)*Q|kCVz#VVY+>tt<|dYX3o%~cBRL7E
zsR(RbnvygT)Z9pTW1}fKpeuL1Q>IK6mqxiGalb_M6O1|mH<w>>8RZ`rJW9VTRXt7R
zhCq$N5!&Ge__Of94i?6*(#q9xBxz18d=5w@(J=Rf-Q#d<s<5;tjp)%>?;M_xk$i9e
zXroWIva<R5rm?@T^3X2a(F?~RDX&y~wVE_BI4{!Jnq~HiEdpK*XL{QA{?}LzqTmGI
zjwWFL{DJu40Q&-G!7qgV@g=EFD?uS#KEQPqd?{@Vz;WJrY>Gi35UnTfUxQt6NG14V
zgQFN&_mi#xkn;ciG!xLM213ALv}4bb--(WkzdpVh9jJ*C@$k$aTFHdA;241ThcS7K
zcaH#EXdkS!^x+4zKgbIxmH+;wC@TydFi-W|2OF$doh*QV9r#bb0+SG!6LdH&XC5{y
zTCiOPn>M3%E82FVfm$eFej|W`WeW|)?32x8->W)(FlitUXAvD5s|-!h*e;F?`OSnM
zt4wX#Cv$id9LV^s2;270MY|!&^y7E8RO-F$F)r^-WCD~aQ~jib^?(MG>^_5yFT}U(
zQ-rcDX18MF+sHLH26?lpF|ed7$1>p@1@Lc#VHdoe;S;N6pOf3(7Inppo59<%JQhm_
z*0;Bylvjh!eXIbiLzQ!zI!4mLu7^_neKeN#s_;md=jGnq*7k)^jE5h#YM3m}tht{#
z$7(lo*0HY#Ke9r{kUBGDsBQjT)Q3t+$zm5?2f(zh);-38<)lMzkU-rgdcaeQc)>`%
z-92pJ+pxp&;XDitWRJF$$n^@iUe%8}i;WDy#$h{<@nWSVYO&rBiTSe*-q_+cg#|)1
z+2MtqtCVGZB&$P%!0vbrwB41FqERqwDT?Pyr_E5124KU&R7r6qN>=vp+I`<AK4o^z
zWokyMM8~k?8KaZ4U8RsoLbHn*z$1jB66;WQr?P^=FoRu>;%e!HaYsj{hwkoI&=T%(
zs(l-hc>UyScn*1(?@HiEYas2@>^XIrI&}x(mDOO|`g2#b=civRrQQAV?R}c3E#|Iu
z4SL@E@PB6&=$MZWwwXup^*S-_r8dNYl;U74t??Jfqk@X3qR@vQ%Yyg>@Cct(r-_Zj
zPx?O$K(Nzz=E43t2vvv+nP9+*9l{P6YQVK?y!@>On+&5MXb^ji0#DSVI0f9DfAhqz
ecunj+5gS#yhIGD^2k<x$Jd{+ppC_*O>OTO+u;{4(

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 17ab0d9a6c..a55bdccdcb 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1590,6 +1590,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
 <td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Update CSP](update-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
+<ul>
+<li>Rollback</li>
+<li>Rollback/FeatureUpdate</li>
+<li>Rollback/QualityUpdateStatus</li>
+<li>Rollback/FeatureUpdateStatus</li>
+</ul>
+</td></tr>
 </tbody>
 </table>
 
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 5e471e50ba..67de432346 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 02/23/2018
 ---
 
 # Update CSP
@@ -76,7 +76,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="failedupdates-failed-update-guid-revisionnumber"></a>**FailedUpdates/*Failed Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in the Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 
@@ -91,7 +91,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="installedupdates-installed-update-guid-revisionnumber"></a>**InstalledUpdates/*Installed Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 
@@ -135,7 +135,7 @@ The following diagram shows the Update configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operation is Get.
 
 <a href="" id="pendingrebootupdates-pending-reboot-update-guid-revisionnumber"></a>**PendingRebootUpdates/*Pending Reboot Update Guid*/RevisionNumber**  
-<p style="margin-left: 20px">Added in Windows 10, version 1803. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
+<p style="margin-left: 20px">Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update.
 
 <p style="margin-left: 20px">Supported operation is Get.
 
@@ -149,6 +149,38 @@ The following diagram shows the Update configuration service provider in tree fo
 
 <p style="margin-left: 20px">Supported operation is Get.
 
+<a href="" id="rollback"></a>**Rollback**  
+Added in Windows 10, version 1803. Node for the rollback operations.
+
+<a href="" id="rollback-qualityupdate"></a>**Rollback/QualityUpdate**  
+Added in Windows 10, version 1803. Roll back latest Quality Update, if the machine meets the following conditions:  
+
+-  Condition 1: Device must be Windows Update for Business Connected
+-  Condition 2: Device must be in a Paused State
+-  Condition 3: Device must have the Latest Quality Update installed on the device (Current State)
+            
+If the conditions are not true, the device will not Roll Back the Latest Quality Update.
+
+<a href="" id="rollback-featureupdate"></a>**Rollback/FeatureUpdate**  
+Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions:  
+
+-  Condition 1: Device must be Windows Update for Business Connnected
+-  Condition 2: Device must be in Paused State
+-  Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
+-  Condition 4: Machine should be within the uninstall period  
+
+> [!Note]  
+> This only works for Semi Annual Channel Targeted devices.
+
+If the conditions are not true, the device will not Roll Back the Latest Feature Update.
+          
+
+<a href="" id="rollback-qualityupdatestatus"></a>**Rollback/QualityUpdateStatus**  
+Added in Windows 10, version 1803. Returns the result of last RollBack QualityUpdate operation. 
+
+<a href="" id="rollback-featureupdatestatus"></a>**Rollback/FeatureUpdateStatus**  
+Added in Windows 10, version 1803. Returns the result of last RollBack FeatureUpdate operation.
+
 ## Related topics
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 00056f6fc8..b628189e10 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 02/23/2018
 ---
 
 # Update DDF file
@@ -16,522 +16,643 @@ This topic shows the OMA DM device description framework (DDF) for the **Update*
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-    "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-    [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
-    <VerDTD>1.2</VerDTD>
+  <VerDTD>1.2</VerDTD>
+  <Node>
+    <NodeName>Update</NodeName>
+    <Path>./Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME>com.microsoft/1.1/MDM/Update</MIME>
+      </DFType>
+    </DFProperties>
     <Node>
-        <NodeName>Update</NodeName>
-        <Path>./Vendor/MSFT</Path>
+      <NodeName>ApprovedUpdates</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+        </AccessType>
+        <Description>Approve of specific updates to be installed on a device and accept the EULA associated with the update on behalf of the end-user</Description>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFTitle>Approved Updates</DFTitle>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
         <DFProperties>
-            <AccessType>
-                <Get />
-            </AccessType>
-            <DFFormat>
-                <node />
-            </DFFormat>
-            <Occurrence>
-                <One />
-            </Occurrence>
-            <Scope>
-                <Permanent />
-            </Scope>
-            <DFType>
-                <DDFName></DDFName>
-            </DFType>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>UpdateID field of the UpdateIdentity  is used to display relevant update metadata to IT and approved updates to be installed on the device</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Approved Update Guid</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
         </DFProperties>
         <Node>
-            <NodeName>ApprovedUpdates</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Add />
-                    <Delete />
-                    <Get />
-                </AccessType>
-                <Description>Approve of specific updates to be installed on a device and accept the EULA associated with the update on behalf of the end-user</Description>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFTitle>Approved Updates</DFTitle>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
-            <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <Description>UpdateID field of the UpdateIdentity  is used to display relevant update metadata to IT and approved updates to be installed on the device</Description>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFTitle>Approved Update Guid</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>ApprovedTime</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DefaultValue>0</DefaultValue>
-                        <Description>The time updates get approved</Description>
-                        <DFFormat>
-                            <time />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>The time update get approved</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>FailedUpdates</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <Description>Approved updates that failed to install on a device</Description>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFTitle>Failed Updates</DFTitle>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
-            <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <Description>UpdateID field of the UpdateIdentity GUID that represent an update that failed to install</Description>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <CaseSense>
-                        <CIS />
-                    </CaseSense>
-                    <DFTitle>Failed Update Guid</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>HResult</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DefaultValue>0</DefaultValue>
-                        <Description>Update failure error code</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>HResult</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>Status</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>Update failure status</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <CaseSense>
-                            <CIS />
-                        </CaseSense>
-                        <DFTitle>Failed update status</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>RevisionNumber</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>The revision number of the update</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>Update's revision number</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>InstalledUpdates</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <Description>Updates that are installed on the device</Description>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFTitle>Installed Updates</DFTitle>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
-            <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <Description>UpdateIDs that represent the updates installed on a device</Description>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFTitle>Installed Update Guid</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>RevisionNumber</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>The revision number of the update</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>Update's revision number</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>InstallableUpdates</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <Description>Updates that are applicable and not yet installed on the device</Description>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFTitle>Installable Updates</DFTitle>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
-            <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <Description>UpdateIDs that represent the updates applicable and not installed on a device</Description>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFTitle>Installable Update Guid</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>Type</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>
-                            The UpdateClassification value of the update
-                            Values:
-                            0 = None
-                            1 = Security
-                            2 = Critical
-                        </Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>Type of update</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>RevisionNumber</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>The revision number of the update</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>Update's revision number</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>PendingRebootUpdates</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
-            </DFProperties>
-            <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <Description>Devices in the pending reboot state</Description>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <CaseSense>
-                        <CIS />
-                    </CaseSense>
-                    <DFTitle>Pending Reboot Update Guid</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>InstalledTime</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>The time the update installed.</Description>
-                        <DFFormat>
-                            <time />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>InstalledTime</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>RevisionNumber</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>The revision number of the update</Description>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>Update's revision number</DFTitle>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>LastSuccessfulScanTime</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DefaultValue>0</DefaultValue>
-                <Description>Last success scan time.</Description>
-                <DFFormat>
-                    <time />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <CaseSense>
-                    <CIS />
-                </CaseSense>
-                <DFTitle>LastSuccessfulScanTime</DFTitle>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
-        </Node>
-        <Node>
-            <NodeName>DeferUpgrade</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DefaultValue>0</DefaultValue>
-                <Description>Defer upgrades till the next upgrade period (at least a few months). </Description>
-                <DFFormat>
-                    <bool />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <CaseSense>
-                    <CIS />
-                </CaseSense>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>ApprovedTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>The time updates get approved</Description>
+            <DFFormat>
+              <time />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>The time update get approved</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
         </Node>
+      </Node>
     </Node>
+    <Node>
+      <NodeName>FailedUpdates</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <Description>Approved updates that failed to install on a device</Description>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFTitle>Failed Updates</DFTitle>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>UpdateID field of the UpdateIdentity GUID that represent an update that failed to install</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <CaseSense>
+            <CIS />
+          </CaseSense>
+          <DFTitle>Failed Update Guid</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>HResult</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Update failure error code</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>HResult</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>Status</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Update failure status</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <CaseSense>
+              <CIS />
+            </CaseSense>
+            <DFTitle>Failed update status</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RevisionNumber</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>The revision number of the update</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>Update's revision number</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </Node>
+    <Node>
+      <NodeName>InstalledUpdates</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <Description>Updates that are installed on the device</Description>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFTitle>Installed Updates</DFTitle>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>UpdateIDs that represent the updates installed on a device</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Installed Update Guid</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RevisionNumber</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>The revision number of the update</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>Update's revision number</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </Node>
+    <Node>
+      <NodeName>InstallableUpdates</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <Description>Updates that are applicable and not yet installed on the device</Description>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFTitle>Installable Updates</DFTitle>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>UpdateIDs that represent the updates applicable and not installed on a device</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Installable Update Guid</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>Type</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>
+              The UpdateClassification value of the update
+              Values:
+              0 = None
+              1 = Security
+              2 = Critical
+            </Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>Type of update</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RevisionNumber</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>The revision number of the update</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>Update's revision number</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </Node>
+    <Node>
+      <NodeName>PendingRebootUpdates</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName></NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Devices in the pending reboot state</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrMore />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <CaseSense>
+            <CIS />
+          </CaseSense>
+          <DFTitle>Pending Reboot Update Guid</DFTitle>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>InstalledTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>The time the update installed.</Description>
+            <DFFormat>
+              <time />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>InstalledTime</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RevisionNumber</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>The revision number of the update</Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>Update's revision number</DFTitle>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+    </Node>
+    <Node>
+      <NodeName>LastSuccessfulScanTime</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DefaultValue>0</DefaultValue>
+        <Description>Last success scan time.</Description>
+        <DFFormat>
+          <time />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <DFTitle>LastSuccessfulScanTime</DFTitle>
+        <DFType>
+          <MIME>text/plain</MIME>
+        </DFType>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>DeferUpgrade</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DefaultValue>0</DefaultValue>
+        <Description>Defer upgrades till the next upgrade period (at least a few months). </Description>
+        <DFFormat>
+          <bool />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <DFType>
+          <MIME>text/plain</MIME>
+        </DFType>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>Rollback</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName></DDFName>
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName>QualityUpdate</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Exec />
+          </AccessType>
+          <Description>
+            Roll back Latest Quality Update, if the machine meets the following conditions:
+            Condition 1: Device must be WUfB Connected
+            Condition 2: Device must be in a Paused State
+            Condition 3: Device must have the Latest Quality Update installed on the device (Current State)
+            If the conditions are not true, the device will not Roll Back the Latest Quality Update.
+          </Description>
+          <DFFormat>
+            <null />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFTitle>QualityUpdate</DFTitle>
+          <DFType>
+            <MIME>text/plain</MIME>
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>FeatureUpdate</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Exec />
+          </AccessType>
+          <Description>
+            Roll Back Latest Feature Update, if the machine meets the following conditions:
+            Condition 1: Device must be WUfB Connnected
+            Condition 2: Device must be in Paused State
+            Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
+            Condition 4: Machine should be within the uninstall period
+            If the conditions are not true, the device will not Roll Back the Latest Feature Update.
+          </Description>
+          <DFFormat>
+            <null />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFTitle>FeatureUpdate</DFTitle>
+          <DFType>
+            <MIME>text/plain</MIME>
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>QualityUpdateStatus</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Returns the result of last RollBack QualityUpdate opearation. </Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFTitle>QualityUpdateStatus</DFTitle>
+          <DFType>
+            <MIME>text/plain</MIME>
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>FeatureUpdateStatus</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Returns the result of last RollBack FeatureUpdate opearation.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFTitle>FeatureUpdateStatus</DFTitle>
+          <DFType>
+            <MIME>text/plain</MIME>
+          </DFType>
+        </DFProperties>
+      </Node>
+    </Node>
+  </Node>
 </MgmtTree>
 ```
 

From bb35e048ca21d5625261d0b4788a6147e5429d96 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 26 Feb 2018 23:23:46 +0000
Subject: [PATCH 039/119] Merged PR 6031: Experience policies in Policy CSP -
 updated SKU suppport information

---
 .../mdm/policy-csp-experience.md              | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 162e0d9065..fbdad3f72a 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 02/26/2018
 ---
 
 # Policy CSP - Experience
@@ -561,7 +561,7 @@ The following list shows the supported values:
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -672,11 +672,11 @@ The following list shows the supported values:
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
@@ -781,12 +781,12 @@ The following list shows the supported values:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
@@ -795,7 +795,7 @@ The following list shows the supported values:
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
 > [!div class = "checklist"]
-> * User
+> * Device
 
 <hr/>
 
@@ -838,11 +838,11 @@ The following list shows the supported values:
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
@@ -896,7 +896,7 @@ The following list shows the supported values:
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -951,7 +951,7 @@ The following list shows the supported values:
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
@@ -1004,12 +1004,12 @@ The following list shows the supported values:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 
@@ -1055,11 +1055,11 @@ The following list shows the supported values:
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 

From 16bc0d9c7984c343ce49c6a7b01246d87dee26f9 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 26 Feb 2018 23:31:03 +0000
Subject: [PATCH 040/119] Merged PR 6032:
 Experience/AllowWindowsSpotlightOnSettings added to Policy CSP

---
 ...ew-in-windows-mdm-enrollment-management.md |     1 +
 .../policy-configuration-service-provider.md  |     3 +
 .../mdm/policy-csp-experience.md              |    64 +
 .../client-management/mdm/policy-ddf-file.md  | 13185 ++++++++++++++--
 4 files changed, 11805 insertions(+), 1448 deletions(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index a55bdccdcb..55233dabcb 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1410,6 +1410,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Display/DisablePerProcessDpiForApps</li>
 <li>Display/EnablePerProcessDpi</li>
 <li>Display/EnablePerProcessDpiForApps</li>
+<li>Experience/AllowWindowsSpotlightOnSettings</li>
 <ul>
 </td></tr>
 <tr class="odd">
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 3791a903e5..1d2ee6afaa 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1082,6 +1082,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter" id="experience-allowwindowsspotlightonactioncenter">Experience/AllowWindowsSpotlightOnActionCenter</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowsspotlightonsettings" id="experience-allowwindowsspotlightonsettings">Experience/AllowWindowsSpotlightOnSettings</a>
+  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience" id="experience-allowwindowsspotlightwindowswelcomeexperience">Experience/AllowWindowsSpotlightWindowsWelcomeExperience</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index fbdad3f72a..8d5e6e3703 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -72,6 +72,9 @@ ms.date: 02/26/2018
   <dd>
     <a href="#experience-allowwindowsspotlightonactioncenter">Experience/AllowWindowsSpotlightOnActionCenter</a>
   </dd>
+  <dd>
+    <a href="#experience-allowwindowsspotlightonsettings">Experience/AllowWindowsSpotlightOnSettings</a>
+  </dd>
   <dd>
     <a href="#experience-allowwindowsspotlightwindowswelcomeexperience">Experience/AllowWindowsSpotlightWindowsWelcomeExperience</a>
   </dd>
@@ -932,6 +935,67 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="experience-allowwindowsspotlightonsettings"></a>**Experience/AllowWindowsSpotlightOnSettings**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1083. This policy allows IT admins to turn off Suggestions in Settings app. These suggestions from Microsoft may show after each OS clean install, upgrade or an on-going basis to help users discover apps/features on Windows or across devices, to make thier experience productive.  
+
+-  User setting is under Settings -> Privacy -> General -> Show me suggested content in Settings app.
+-  User Setting is changeable on a per user basis.
+-  If the Group policy is set to off, no suggestions will be shown to the user in Settings app. 
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - Not allowed.
+-   1 - Allowed.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
 
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 72cac2741a..406db3df06 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 02/26/2018
 ---
 
 # Policy DDF file
@@ -24,7 +24,7 @@ You can download the DDF files from the links below:
 - [Download the Policy DDF file for Windows 10, version 1607 release 8C](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
 - [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)
 
-The XML below is the DDF for Windows 10, version 1709.
+The XML below is the DDF for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -50,7 +50,7 @@ The XML below is the DDF for Windows 10, version 1709.
         <Permanent />
       </Scope>
       <DFType>
-        <MIME>com.microsoft/6.0/MDM/Policy</MIME>
+        <MIME>com.microsoft/7.0/MDM/Policy</MIME>
       </DFType>
     </DFProperties>
     <Node>
@@ -58,8 +58,8 @@ The XML below is the DDF for Windows 10, version 1709.
       <DFProperties>
         <AccessType>
           <Add />
-          <Get />
           <Delete />
+          <Get />
         </AccessType>
         <DFFormat>
           <node />
@@ -79,8 +79,8 @@ The XML below is the DDF for Windows 10, version 1709.
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -125,8 +125,8 @@ The XML below is the DDF for Windows 10, version 1709.
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -219,8 +219,8 @@ The XML below is the DDF for Windows 10, version 1709.
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -265,8 +265,8 @@ The XML below is the DDF for Windows 10, version 1709.
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -359,8 +359,8 @@ The XML below is the DDF for Windows 10, version 1709.
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -447,6 +447,30 @@ The XML below is the DDF for Windows 10, version 1709.
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowCookies</NodeName>
           <DFProperties>
@@ -875,6 +899,30 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableExtendedBooksTelemetry</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnterpriseModeSiteList</NodeName>
           <DFProperties>
@@ -1131,6 +1179,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PreventTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
           <DFProperties>
@@ -1288,14 +1360,38 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UseSharedFolderForBooks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>CredentialsUI</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -1340,8 +1436,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -1381,13 +1477,59 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Display</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnablePerProcessDpi</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Education</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -1480,8 +1622,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -1646,8 +1788,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -1710,30 +1852,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>AllowWindowsConsumerFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description></Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>AllowWindowsSpotlight</NodeName>
           <DFProperties>
@@ -1782,6 +1900,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowWindowsSpotlightOnSettings</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowWindowsSpotlightWindowsWelcomeExperience</NodeName>
           <DFProperties>
@@ -1836,8 +1978,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -3508,6 +3650,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
@@ -4828,6 +4994,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
           <DFProperties>
@@ -6652,6 +6842,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
@@ -7541,13 +7755,179 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>KioskBrowser</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BlockedUrlExceptions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BlockedUrls</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DefaultURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's home button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableNavigationButtons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestartOnIdleTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Notifications</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -7592,8 +7972,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -7638,8 +8018,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -7684,8 +8064,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -7700,6 +8080,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>DisableContextMenus</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HidePeopleBar</NodeName>
           <DFProperties>
@@ -7754,8 +8158,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -7795,6 +8199,52 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>WindowsPowerShell</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
     </Node>
     <Node>
       <NodeName>Result</NodeName>
@@ -7840,8 +8290,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -7854,6 +8304,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly_1</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -7883,8 +8337,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -7910,8 +8364,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -7937,8 +8391,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -7984,8 +8438,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8028,8 +8482,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8055,8 +8509,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8082,8 +8536,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8129,8 +8583,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8145,6 +8599,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowAddressBarDropdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8154,8 +8611,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8169,6 +8626,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowAutofill</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8178,8 +8638,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8198,13 +8658,13 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>AllowCookies</NodeName>
+          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DefaultValue>2</DefaultValue>
+            <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8217,6 +8677,35 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowCookies</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>2</DefaultValue>
+            <Description>This setting lets you configure how your company deals with cookies.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CookiesListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Cookies</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8226,8 +8715,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8242,6 +8731,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowDeveloperTools</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8251,8 +8743,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8266,6 +8758,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowDoNotTrack</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8275,8 +8770,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8291,6 +8786,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowExtensions</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8300,8 +8798,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8316,6 +8814,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFlash</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8325,8 +8826,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8341,6 +8842,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFlashClickToRun</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8350,8 +8854,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8365,6 +8869,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowInPrivate</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8374,12 +8881,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
 If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8393,6 +8900,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCVList</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8402,8 +8912,8 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8417,6 +8927,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPasswordManager</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8426,8 +8939,8 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8442,6 +8955,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPopups</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8451,13 +8967,13 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
 
 If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
 If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
 
 This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8471,6 +8987,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSearchEngineCustomization</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8480,8 +8999,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8495,6 +9014,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSearchSuggestionsinAddressBar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8504,8 +9026,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8519,6 +9041,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSmartScreen</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8528,8 +9053,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8543,6 +9068,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AlwaysEnableBooksLibrary</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8552,8 +9080,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8568,6 +9096,9 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowClearingBrowsingDataOnExit</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8577,6 +9108,7 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
@@ -8584,7 +9116,6 @@ If this setting is turned on, you can add up to 5 additional search engines for
 If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8597,6 +9128,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureAdditionalSearchEngines_Prompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureAdditionalSearchEngines</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8606,13 +9141,13 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
 
 Note: This policy has no effect when Browser/HomePages is not configured.
 
 Important
 This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8627,6 +9162,36 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableExtendedBooksTelemetry</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableExtendedBooksTelemetry</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8636,8 +9201,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
             <DefaultValue></DefaultValue>
+            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8651,6 +9216,10 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EnterSiteListPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8660,8 +9229,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8684,8 +9253,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Configure first run URL.</Description>
             <DefaultValue></DefaultValue>
+            <Description>Configure first run URL.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8708,13 +9277,13 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Configure the Start page URLs for your employees.
 Example:
 If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
 Encapsulate each string with greater than and less than characters like any other XML tag.
 
 Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8728,6 +9297,10 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>HomePagesPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HomePages</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8737,6 +9310,7 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
 If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
@@ -8745,7 +9319,6 @@ Important
 Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
 If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8759,6 +9332,9 @@ If you disable or don't configure this setting (default), employees can add, imp
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LockdownFavorites</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8768,8 +9344,8 @@ If you disable or don't configure this setting (default), employees can add, imp
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8783,6 +9359,9 @@ If you disable or don't configure this setting (default), employees can add, imp
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventAccessToAboutFlagsInMicrosoftEdge</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8792,10 +9371,10 @@ If you disable or don't configure this setting (default), employees can add, imp
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8810,6 +9389,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventFirstRunPage</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8819,10 +9401,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8836,6 +9418,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventLiveTileDataCollection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8845,8 +9430,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8860,6 +9445,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverride</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8869,8 +9457,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8884,6 +9472,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverrideForFiles</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventTabPreloading</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8893,8 +9512,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Prevent using localhost IP address for WebRTC</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8908,6 +9527,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HideLocalHostIPAddress</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8917,6 +9539,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
 If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
@@ -8925,7 +9548,6 @@ Important
 Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
 If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8938,6 +9560,10 @@ If you disable or don't configure this setting, employees will see the favorites
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfiguredFavoritesPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfiguredFavorites</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8947,8 +9573,8 @@ If you disable or don't configure this setting, employees will see the favorites
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -8963,6 +9589,9 @@ If you disable or don't configure this setting, employees will see the favorites
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SendIntranetTraffictoInternetExplorer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -8972,6 +9601,7 @@ If you disable or don't configure this setting, employees will see the favorites
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
 
 If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
@@ -8979,7 +9609,6 @@ If this setting is turned on, you are setting the default search engine that you
 If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -8992,6 +9621,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetDefaultSearchEngine_Prompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetDefaultSearchEngine</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9001,8 +9634,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Show message when opening sites in Internet Explorer</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Show message when opening sites in Internet Explorer</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9017,6 +9650,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ShowMessageWhenOpeningSitesInInternetExplorer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9026,8 +9662,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9042,6 +9678,36 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SyncFavoritesBetweenIEAndMicrosoftEdge</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>UseSharedFolderForBooks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UseSharedFolderForBooks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9071,8 +9737,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9118,8 +9784,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9140,6 +9806,55 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Display</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnablePerProcessDpi</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayGlobalPerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Education</NodeName>
         <DFProperties>
@@ -9165,8 +9880,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy sets user's default printer</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy sets user's default printer</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9188,8 +9903,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Boolean that specifies whether or not to prevent user to install new printers</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Boolean that specifies whether or not to prevent user to install new printers</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9203,6 +9918,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Printing.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Printing~AT~ControlPanel~CplPrinters</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoAddPrinter</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9212,8 +9930,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy provisions per-user network printers</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy provisions per-user network printers</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9255,8 +9973,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy provisions per-user discovery end point to discover cloud printers</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy provisions per-user discovery end point to discover cloud printers</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9278,8 +9996,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Authentication endpoint for acquiring OAuth tokens</Description>
             <DefaultValue></DefaultValue>
+            <Description>Authentication endpoint for acquiring OAuth tokens</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9301,8 +10019,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority</Description>
             <DefaultValue></DefaultValue>
+            <Description>A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9324,8 +10042,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication</Description>
             <DefaultValue></DefaultValue>
+            <Description>Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9347,8 +10065,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Defines the maximum number of printers that should be queried from discovery end point</Description>
             <DefaultValue>20</DefaultValue>
+            <Description>Defines the maximum number of printers that should be queried from discovery end point</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9361,6 +10079,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="65535"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9370,8 +10089,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication</Description>
             <DefaultValue></DefaultValue>
+            <Description>Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9413,8 +10132,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9428,6 +10147,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableTailoredExperiencesWithDiagnosticData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9437,33 +10159,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowWindowsConsumerFeatures</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
             <Description></Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9478,6 +10175,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableThirdPartySuggestions</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9487,8 +10187,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9503,6 +10203,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsSpotlightFeatures</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9512,8 +10215,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9527,6 +10230,36 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsSpotlightOnActionCenter</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowWindowsSpotlightOnSettings</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsSpotlightOnSettings</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9536,8 +10269,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9551,6 +10284,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsSpotlightWindowsWelcomeExperience</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9560,8 +10296,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -9574,7 +10310,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureWindowsSpotlight</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -9604,8 +10344,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9631,8 +10371,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9658,8 +10398,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9685,8 +10425,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9712,8 +10452,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9739,8 +10479,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9766,8 +10506,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9793,8 +10533,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9820,8 +10560,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9847,8 +10587,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9874,8 +10614,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9901,8 +10641,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9928,8 +10668,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9955,8 +10695,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -9982,8 +10722,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10009,8 +10749,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10036,8 +10776,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10063,8 +10803,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10090,8 +10830,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10117,8 +10857,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10144,8 +10884,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10171,8 +10911,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10198,8 +10938,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10225,8 +10965,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10252,8 +10992,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10279,8 +11019,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10306,8 +11046,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10333,8 +11073,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10349,8 +11089,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_2</MSFT:ADMXPolicyName>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryConsistentMimeHandling</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_5</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -10360,8 +11100,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10387,8 +11127,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10414,8 +11154,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10441,8 +11181,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10468,8 +11208,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10495,8 +11235,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10522,8 +11262,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10549,8 +11289,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10576,8 +11316,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10603,8 +11343,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10630,8 +11370,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10657,8 +11397,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10684,8 +11424,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10711,8 +11451,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10738,8 +11478,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10765,8 +11505,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10792,8 +11532,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10819,8 +11559,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10846,8 +11586,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10873,8 +11613,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10900,8 +11640,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10927,8 +11667,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10954,8 +11694,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -10981,8 +11721,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11008,8 +11748,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11035,8 +11775,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11062,8 +11802,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11089,8 +11829,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11116,8 +11856,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11143,8 +11883,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11170,8 +11910,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11197,8 +11937,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11224,8 +11964,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11251,8 +11991,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11278,8 +12018,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11305,8 +12045,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11332,8 +12072,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11359,8 +12099,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11386,8 +12126,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11413,8 +12153,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11440,8 +12180,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11461,14 +12201,41 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_1</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11494,8 +12261,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11521,8 +12288,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11548,8 +12315,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11575,8 +12342,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11602,8 +12369,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11629,8 +12396,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11656,8 +12423,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11683,8 +12450,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11710,8 +12477,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11737,8 +12504,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11764,8 +12531,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11791,8 +12558,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11818,8 +12585,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11845,8 +12612,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11872,8 +12639,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11899,8 +12666,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11926,8 +12693,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11953,8 +12720,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -11980,8 +12747,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12007,8 +12774,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12034,8 +12801,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12061,8 +12828,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12088,8 +12855,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12115,8 +12882,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12142,8 +12909,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12169,8 +12936,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12196,8 +12963,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12223,8 +12990,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12250,8 +13017,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12277,8 +13044,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12304,8 +13071,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12331,8 +13098,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12358,8 +13125,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12385,8 +13152,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12412,8 +13179,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12439,8 +13206,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12466,8 +13233,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12493,8 +13260,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12520,8 +13287,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12547,8 +13314,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12574,8 +13341,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12601,8 +13368,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12628,8 +13395,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12655,8 +13422,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12682,8 +13449,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12709,8 +13476,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12736,8 +13503,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12763,8 +13530,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12790,8 +13557,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12817,8 +13584,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12844,8 +13611,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12871,8 +13638,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12898,8 +13665,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12925,8 +13692,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12946,14 +13713,41 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_4</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -12979,8 +13773,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13006,8 +13800,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13033,8 +13827,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13060,8 +13854,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13087,8 +13881,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13114,8 +13908,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13141,8 +13935,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13168,8 +13962,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13195,8 +13989,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13222,8 +14016,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13249,8 +14043,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13276,8 +14070,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13303,8 +14097,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13330,8 +14124,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13357,8 +14151,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13384,8 +14178,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13411,8 +14205,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13438,8 +14232,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13465,8 +14259,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13492,8 +14286,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13519,8 +14313,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13546,8 +14340,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13573,8 +14367,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13600,8 +14394,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13627,8 +14421,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13654,8 +14448,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13681,8 +14475,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13708,8 +14502,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13735,8 +14529,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13762,8 +14556,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13789,8 +14583,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13816,8 +14610,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13843,8 +14637,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13870,8 +14664,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13897,8 +14691,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13924,8 +14718,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13951,8 +14745,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -13978,8 +14772,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14005,8 +14799,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14032,8 +14826,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14059,8 +14853,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14086,8 +14880,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14113,8 +14907,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14140,8 +14934,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14167,8 +14961,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14194,8 +14988,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14221,8 +15015,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14248,8 +15042,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14275,8 +15069,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14302,8 +15096,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14329,8 +15123,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14356,8 +15150,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14383,8 +15177,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14410,8 +15204,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14437,8 +15231,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14464,8 +15258,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14491,8 +15285,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14518,8 +15312,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14545,8 +15339,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14572,8 +15366,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14599,8 +15393,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14626,8 +15420,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14653,8 +15447,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14680,8 +15474,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14707,8 +15501,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14734,8 +15528,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14761,8 +15555,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14788,8 +15582,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14815,8 +15609,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14842,8 +15636,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14869,8 +15663,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14896,8 +15690,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14923,8 +15717,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14950,8 +15744,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14977,8 +15771,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -14998,14 +15792,41 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_7</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15031,8 +15852,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15058,8 +15879,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15085,8 +15906,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15112,8 +15933,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15139,8 +15960,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15166,8 +15987,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15193,8 +16014,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15220,8 +16041,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15247,8 +16068,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15274,8 +16095,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15301,8 +16122,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15328,8 +16149,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15355,8 +16176,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15382,8 +16203,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15409,8 +16230,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15436,8 +16257,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15463,8 +16284,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15490,8 +16311,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15517,8 +16338,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15544,8 +16365,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15571,8 +16392,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15598,8 +16419,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15625,8 +16446,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15652,8 +16473,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15679,8 +16500,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15706,8 +16527,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15733,8 +16554,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15760,8 +16581,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15787,8 +16608,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15814,8 +16635,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15841,8 +16662,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15868,8 +16689,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15895,8 +16716,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15922,8 +16743,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15949,8 +16770,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15976,8 +16797,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -15998,6 +16819,173 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>KioskBrowser</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BlockedUrlExceptions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BlockedUrls</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DefaultURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's home button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableNavigationButtons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestartOnIdleTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="1440"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Notifications</NodeName>
         <DFProperties>
@@ -16023,8 +17011,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -16038,6 +17026,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoNotificationMirroring</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16067,8 +17058,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -16114,8 +17105,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -16128,6 +17119,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Taskbar.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Taskbar~AT~StartMenu~TPMCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureTaskbarCalendar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16152,13 +17147,13 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFType>
         </DFProperties>
         <Node>
-          <NodeName>HidePeopleBar</NodeName>
+          <NodeName>DisableContextMenus</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -16173,6 +17168,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableContextMenusInStart</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HidePeopleBar</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HidePeopleBar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16182,8 +17208,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -16197,6 +17223,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LockedStartLayout</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16226,8 +17255,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -16240,10 +17269,62 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowTelemetry</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowTelemetry</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>WindowsPowerShell</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>PowerShellExecutionPolicy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>PowerShellExecutionPolicy~AT~WindowsComponents~PowerShell</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableScriptBlockLogging</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
     </Node>
   </Node>
   <Node>
@@ -16263,7 +17344,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <Permanent />
       </Scope>
       <DFType>
-        <MIME>com.microsoft/6.0/MDM/Policy</MIME>
+        <MIME>com.microsoft/7.0/MDM/Policy</MIME>
       </DFType>
     </DFProperties>
     <Node>
@@ -16271,8 +17352,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
       <DFProperties>
         <AccessType>
           <Add />
-          <Get />
           <Delete />
+          <Get />
         </AccessType>
         <Description>Policy CSP ConfigOperations</Description>
         <DFFormat>
@@ -16293,8 +17374,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <Description>Win32 App ADMX Ingestion</Description>
           <DFFormat>
@@ -16315,8 +17396,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           <DFProperties>
             <AccessType>
               <Add />
-              <Get />
               <Delete />
+              <Get />
             </AccessType>
             <Description>Win32 App Name</Description>
             <DFFormat>
@@ -16337,8 +17418,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFProperties>
               <AccessType>
                 <Add />
-                <Get />
                 <Delete />
+                <Get />
               </AccessType>
               <Description>Setting Type of Win32 App. Policy Or Preference</Description>
               <DFFormat>
@@ -16359,8 +17440,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <DFProperties>
                 <AccessType>
                   <Add />
-                  <Get />
                   <Delete />
+                  <Get />
                 </AccessType>
                 <Description>Unique ID of ADMX file</Description>
                 <DFFormat>
@@ -16386,8 +17467,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
       <DFProperties>
         <AccessType>
           <Add />
-          <Get />
           <Delete />
+          <Get />
         </AccessType>
         <DFFormat>
           <node />
@@ -16407,8 +17488,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -16501,8 +17582,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -16619,8 +17700,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -16665,8 +17746,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -16705,14 +17786,38 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableAppUriHandlers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enables web-to-app linking, which allows apps to be launched with a http(s) URI</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>ApplicationManagement</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -16968,13 +18073,59 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>AppRuntime</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowMicrosoftAccountsToBeOptional</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>AppVirtualization</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -17667,8 +18818,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -17731,30 +18882,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>AllowFidoDeviceSignon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Specifies whether FIDO device can be used to sign on.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>AllowSecondaryAuthenticationDevice</NodeName>
           <DFProperties>
@@ -17785,8 +18912,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -17879,8 +19006,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -17925,8 +19052,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -18013,6 +19140,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPromptedProximalConnections</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>LocalDeviceName</NodeName>
           <DFProperties>
@@ -18067,8 +19218,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -18155,6 +19306,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowCookies</NodeName>
           <DFProperties>
@@ -18583,6 +19758,30 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableExtendedBooksTelemetry</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnterpriseModeSiteList</NodeName>
           <DFProperties>
@@ -18839,6 +20038,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PreventTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
           <DFProperties>
@@ -18996,14 +20219,38 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UseSharedFolderForBooks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Camera</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19048,8 +20295,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19121,7 +20368,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -19145,7 +20392,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -19190,8 +20437,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19326,6 +20573,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPhonePCLinking</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowUSBConnection</NodeName>
           <DFProperties>
@@ -19544,12 +20815,56 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         </Node>
       </Node>
       <Node>
-        <NodeName>CredentialProviders</NodeName>
+        <NodeName>ControlPolicyConflict</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
             <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>MDMWinsOverGP</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>CredentialProviders</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19637,13 +20952,59 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>CredentialsDelegation</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RemoteHostAllowsDelegationOfNonExportableCredentials</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>CredentialsUI</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19712,8 +21073,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19782,8 +21143,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19852,8 +21213,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -19922,8 +21283,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -20784,8 +22145,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -20849,7 +22210,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DOCacheHost</NodeName>
+          <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
           <DFProperties>
             <AccessType>
               <Add />
@@ -20859,7 +22220,31 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </AccessType>
             <Description></Description>
             <DFFormat>
-              <chr/>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DODelayForegroundDownloadFromHttp</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
             </DFFormat>
             <Occurrence>
               <ZeroOrOne />
@@ -20920,6 +22305,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOGroupIdSource</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DOMaxCacheAge</NodeName>
           <DFProperties>
@@ -21184,6 +22593,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOPercentageMaxBackgroundBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DOPercentageMaxDownloadBandwidth</NodeName>
           <DFProperties>
@@ -21208,14 +22641,110 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOPercentageMaxForegroundBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DORestrictPeerSelectionBy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOSetHoursToLimitBackgroundDownloadBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOSetHoursToLimitForegroundDownloadBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>DeviceGuard</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -21308,8 +22837,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -21378,8 +22907,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -21758,6 +23287,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>PreventEnablingLockScreenCamera</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventLockScreenSlideShow</NodeName>
           <DFProperties>
@@ -21812,8 +23365,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -21828,6 +23381,78 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>DisablePerProcessDpiForApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnablePerProcessDpi</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnablePerProcessDpiForApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>TurnOffGdiDPIScalingForApps</NodeName>
           <DFProperties>
@@ -21882,8 +23507,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22024,8 +23649,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22142,8 +23767,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22446,6 +24071,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowWindowsConsumerFeatures</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowWindowsTips</NodeName>
           <DFProperties>
@@ -22500,8 +24149,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22541,13 +24190,83 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>FileExplorer</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOffDataExecutionPreventionForExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TurnOffHeapTerminationOnCorruption</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Games</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22592,8 +24311,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -22638,8 +24357,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -24358,6 +26077,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
@@ -25678,6 +27421,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
           <DFProperties>
@@ -27502,6 +29269,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
@@ -28055,7 +29846,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>SecurityZonesUseOnlyMachineSettings </NodeName>
+          <NodeName>SecurityZonesUseOnlyMachineSettings</NodeName>
           <DFProperties>
             <AccessType>
               <Add />
@@ -28420,8 +30211,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -28557,13 +30348,179 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>KioskBrowser</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BlockedUrlExceptions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BlockedUrls</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DefaultURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's home button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableNavigationButtons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestartOnIdleTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Licensing</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -28632,8 +30589,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -28958,6 +30915,225 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Digitally encrypt or sign secure channel data (always)
+
+This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
+
+Domain member: Digitally encrypt secure channel data (when possible)
+Domain member: Digitally sign secure channel data (when possible)
+
+Default: Enabled.
+
+Notes:
+
+If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
+If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
+Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Digitally encrypt secure channel data (when possible)
+
+This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
+
+Default: Enabled.
+
+Important
+
+There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
+
+Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallySignSecureChannelDataWhenPossible</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Digitally sign secure channel data (when possible)
+
+This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it cannot be tampered with in transit.
+
+Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Disable machine account password changes
+
+Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
+
+Default: Disabled.
+
+Notes
+
+This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
+This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_MaximumMachineAccountPasswordAge</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Maximum machine account password age
+
+This security setting determines how often a domain member will attempt to change its computer account password.
+
+Default: 30 days.
+
+Important
+
+This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_RequireStrongSessionKey</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Domain member: Require strong (Windows 2000 or later) session key
+
+This security setting determines whether 128-bit key strength is required for encrypted secure channel data.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller within the domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup, and so on.
+
+Depending on what version of Windows is running on the domain controller that the domain member is communicating with and the settings of the parameters:
+
+Domain member: Digitally encrypt or sign secure channel data (always)
+Domain member: Digitally encrypt secure channel data (when possible)
+Some or all of the information that is transmitted over the secure channel will be encrypted. This policy setting determines whether or not 128-bit key strength is required for the secure channel information that is encrypted.
+
+If this setting is enabled, then the secure channel will not be established unless 128-bit encryption can be performed. If this setting is disabled, then the key strength is negotiated with the domain controller.
+
+Default: Enabled.
+
+Important
+
+In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later.
+In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
           <DFProperties>
@@ -29164,6 +31340,404 @@ Default: No message.</Description>
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>InteractiveLogon_SmartCardRemovalBehavior</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Interactive logon: Smart card removal behavior
+
+This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
+
+The options are:
+
+ No Action
+ Lock Workstation
+ Force Logoff
+ Disconnect if a Remote Desktop Services session 
+
+If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
+
+If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
+
+If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
+
+Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
+
+Default: This policy is not defined, which means that the system treats it as No action.
+
+On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network client: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB client component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+
+If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
+
+Default: Disabled.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network client: Digitally sign communications (if server agrees)
+
+This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
+
+If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
+
+Default: Enabled.
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network client: Send unencrypted password to connect to third-party SMB servers
+
+If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
+
+Sending unencrypted passwords is a security risk.
+
+Default: Disabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network server: Amount of idle time required before suspending a session
+
+This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
+
+Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
+
+For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
+
+Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network server: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB server component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
+
+If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
+
+Default:
+
+Disabled for member servers.
+Enabled for domain controllers.
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
+Microsoft network server: Digitally sign communications (if server agrees)
+
+For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
+HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Microsoft network server: Digitally sign communications (if client agrees)
+
+This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
+
+If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
+
+Default: Enabled on domain controllers only.
+
+Important
+
+For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network access: Do not allow anonymous enumeration of SAM accounts
+
+This security setting determines what additional permissions will be granted for anonymous connections to the computer.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust.
+
+This security option allows additional restrictions to be placed on anonymous connections as follows:
+
+Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
+Disabled: No additional restrictions. Rely on default permissions.
+
+Default on workstations: Enabled.
+Default on server:Enabled.
+
+Important
+
+This policy has no impact on domain controllers.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network access: Do not allow anonymous enumeration of SAM accounts and shares
+
+This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
+
+Default: Disabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network access: Restrict anonymous access to Named Pipes and Shares
+
+When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
+
+Network access: Named pipes that can be accessed anonymously
+Network access: Shares that can be accessed anonymously
+Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</NodeName>
           <DFProperties>
@@ -29220,6 +31794,161 @@ This policy will be turned off by default on domain joined machines. This would
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Do not store LAN Manager hash value on next password change
+
+This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
+
+
+Default on Windows Vista and above: Enabled
+Default on Windows XP: Disabled.
+
+Important
+
+Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
+This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_LANManagerAuthenticationLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security LAN Manager authentication level
+
+This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
+
+Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
+
+Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
+
+Important
+
+This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
+
+Default:
+
+Windows 2000 and windows XP: send LM and NTLM responses
+
+Windows Server 2003: Send NTLM response only
+
+Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
+
+This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
+Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
+
+This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
+Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</NodeName>
           <DFProperties>
@@ -29624,8 +32353,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -29670,8 +32399,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -29716,8 +32445,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -29786,8 +32515,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -29875,13 +32604,273 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>MSSecurityGuide</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureSMBV1ClientDriver</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureSMBV1Server</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableStructuredExceptionHandlingOverwriteProtection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>WDigestAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>MSSLegacy</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IPSourceRoutingProtectionLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IPv6SourceRoutingProtectionLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>NetworkIsolation</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -30090,12 +33079,12 @@ The options are:
         </Node>
       </Node>
       <Node>
-        <NodeName>Power</NodeName>
+        <NodeName>Notifications</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -30110,6 +33099,76 @@ The options are:
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>DisallowCloudNotification</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>Power</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowStandbyStatesWhenSleepingOnBattery</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowStandbyWhenSleepingPluggedIn</NodeName>
           <DFProperties>
@@ -30332,8 +33391,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -30402,8 +33461,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -30835,7 +33894,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -30859,7 +33918,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -30883,7 +33942,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -30931,7 +33990,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -30955,7 +34014,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -30979,7 +34038,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31027,7 +34086,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31051,7 +34110,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31075,7 +34134,103 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy setting specifies whether Windows apps can access the eye tracker.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput_ForceAllowTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput_ForceDenyTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput_UserInControlOfTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31123,7 +34278,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31147,7 +34302,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31171,7 +34326,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31219,7 +34374,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31243,7 +34398,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31267,7 +34422,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31315,7 +34470,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31339,7 +34494,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31363,7 +34518,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31411,7 +34566,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31435,7 +34590,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31459,7 +34614,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31507,7 +34662,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31531,7 +34686,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31555,7 +34710,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31603,7 +34758,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31627,7 +34782,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31651,7 +34806,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31699,7 +34854,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31723,7 +34878,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31747,7 +34902,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31795,7 +34950,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31819,7 +34974,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31843,7 +34998,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31891,7 +35046,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31915,7 +35070,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -31939,7 +35094,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -32179,7 +35334,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -32203,7 +35358,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -32227,7 +35382,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -32266,14 +35421,38 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>UploadUserActivities</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Allows ActivityFeed to upload published 'User Activities'.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>RemoteAssistance</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -32390,8 +35569,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -32556,8 +35735,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -32938,8 +36117,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -33008,8 +36187,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -33193,13 +36372,60 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>RestrictedGroups</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ConfigureGroupMembership</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
+Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Search</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -33238,6 +36464,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowCortanaInAAD</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This features allows you to show the cortana opt-in page during Windows Setup</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowIndexingEncryptedStoresOrItems</NodeName>
           <DFProperties>
@@ -33430,6 +36680,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DoNotUseWebResults</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventIndexingLowDiskSpaceMB</NodeName>
           <DFProperties>
@@ -33508,8 +36782,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -33644,6 +36918,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureWindowsPasswords</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures the use of passwords for Windows features</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</NodeName>
           <DFProperties>
@@ -33746,8 +37044,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -34080,8 +37378,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -34174,8 +37472,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -34220,8 +37518,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -34476,6 +37774,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableContextMenus</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ForceStartSize</NodeName>
           <DFProperties>
@@ -34914,8 +38236,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -34984,8 +38306,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -35216,6 +38538,54 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryOptInSettingsUx</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableEnterpriseAuthProxy</NodeName>
           <DFProperties>
@@ -35249,7 +38619,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
+            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -35321,7 +38691,7 @@ The options are:
               <Get />
               <Replace />
             </AccessType>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy.</Description>
+            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you're not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you've set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you'll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don't configure this policy setting, you'll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -35362,12 +38732,12 @@ The options are:
         </Node>
       </Node>
       <Node>
-        <NodeName>TextInput</NodeName>
+        <NodeName>SystemServices</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -35382,6 +38752,242 @@ The options are:
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>ConfigureHomeGroupListenerServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeGroupProviderServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxAccessoryManagementServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveAuthManagerServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveGameSaveServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveNetworkingServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>TaskScheduler</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnableXboxGameSaveTask</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>TextInput</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowHardwareKeyboardTextSuggestions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowIMELogging</NodeName>
           <DFProperties>
@@ -35598,6 +39204,54 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowLinguisticDataCollection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableTouchKeyboardAutoInvokeInDesktopMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>ExcludeJapaneseIMEExceptJIS0208</NodeName>
           <DFProperties>
@@ -35670,14 +39324,206 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceTouchKeyboardDockedState</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardDictationButtonAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardEmojiButtonAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardFullModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardHandwritingModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardNarrowModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardSplitModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardWideModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>TimeLanguageSettings</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -35722,8 +39568,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -36026,6 +39872,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ConfigureFeatureUpdateUninstallPeriod</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable enterprises/IT admin to configure feature update uninstall period</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DeferFeatureUpdatesPeriodInDays</NodeName>
           <DFProperties>
@@ -36867,13 +40737,735 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>UserRights</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AccessCredentialManagerAsTrustedCaller</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AccessFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ActAsPartOfTheOperatingSystem</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowLocalLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. </Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BackupFilesAndDirectories</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ChangeSystemTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateGlobalObjects</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreatePageFile</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreatePermanentSharedObjects</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateSymbolicLinks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateToken</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DebugPrograms</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyAccessFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyLocalLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyRemoteDesktopServicesLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableDelegation</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>GenerateSecurityAudits</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ImpersonateClient</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
+1) The access token that is being impersonated is for this user.
+2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
+3) The requested level is less than Impersonate, such as Anonymous or Identify.
+Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IncreaseSchedulingPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LoadUnloadDeviceDrivers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LockMemory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ManageAuditingAndSecurityLog</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ManageVolume</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ModifyFirmwareEnvironment</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ModifyObjectLabel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ProfileSingleProcess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can use performance monitoring tools to monitor the performance of system processes.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RemoteShutdown</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestoreFilesAndDirectories</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TakeOwnership</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Wifi</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -37033,13 +41625,59 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>WindowsConnectionManager</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>WindowsDefenderSecurityCenter</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -37078,6 +41716,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableAccountProtectionUI</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableAppBrowserUI</NodeName>
           <DFProperties>
@@ -37102,6 +41764,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableDeviceSecurityUI</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisableEnhancedNotifications</NodeName>
           <DFProperties>
@@ -37342,6 +42028,78 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>HideRansomwareDataRecovery</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideSecureBoot</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideTPMTroubleshooting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Phone</NodeName>
           <DFProperties>
@@ -37396,8 +42154,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -37466,8 +42224,8 @@ The options are:
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -37530,6 +42288,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnumerateLocalUsersOnDomainJoinedComputers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HideFastUserSwitching</NodeName>
           <DFProperties>
@@ -37554,14 +42336,84 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>WindowsPowerShell</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>WirelessDisplay</NodeName>
         <DFProperties>
           <AccessType>
             <Add />
-            <Get />
             <Delete />
+            <Get />
           </AccessType>
           <DFFormat>
             <node />
@@ -37824,8 +42676,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37849,8 +42701,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37864,6 +42716,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCortanaAboveLock</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -37873,8 +42728,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37917,8 +42772,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37941,8 +42796,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37965,8 +42820,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -37989,8 +42844,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38032,8 +42887,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38079,8 +42934,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38094,9 +42949,40 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsExplorer.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DefaultAssociationsConfiguration_TextBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsExplorer~AT~WindowsComponents~WindowsExplorer</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DefaultAssociationsConfiguration</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableAppUriHandlers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Enables web-to-app linking, which allows apps to be launched with a http(s) URI</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>GroupPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>GroupPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableAppUriHandlers</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>ApplicationManagement</NodeName>
@@ -38123,8 +43009,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>65535</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38138,6 +43024,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AppxDeploymentAllowAllTrustedApps</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38147,8 +43036,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38161,6 +43050,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableAutoInstall</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38170,8 +43063,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>65535</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38185,6 +43078,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowDevelopmentWithoutDevLicense</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38194,8 +43090,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38210,6 +43106,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>GameDVR.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>GameDVR~AT~WindowsComponents~GAMEDVR</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowGameDVR</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38219,8 +43118,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38234,6 +43133,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSharedLocalAppData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38243,8 +43145,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38268,8 +43170,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38292,8 +43194,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38307,6 +43209,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableStoreApps</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38316,8 +43221,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38331,6 +43236,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RestrictAppDataToSystemVolume</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -38340,8 +43248,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -38355,10 +43263,60 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppxPackageManager.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AppxPackageManager~AT~WindowsComponents~AppxDeployment</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableDeploymentToNonSystemVolumes</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>AppRuntime</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowMicrosoftAccountsToBeOptional</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>AppXRuntime.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>AppXRuntime~AT~WindowsComponents~AppXRuntime</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AppxRuntimeMicrosoftAccountsOptional</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>AppVirtualization</NodeName>
         <DFProperties>
@@ -38384,8 +43342,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38411,8 +43369,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38438,8 +43396,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38465,8 +43423,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38492,8 +43450,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38519,8 +43477,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38546,8 +43504,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38573,8 +43531,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38600,8 +43558,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38627,8 +43585,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38654,8 +43612,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38681,8 +43639,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38708,8 +43666,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38735,8 +43693,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38762,8 +43720,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38789,8 +43747,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38816,8 +43774,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38843,8 +43801,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38870,8 +43828,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38897,8 +43855,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38924,8 +43882,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38951,8 +43909,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -38978,8 +43936,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39005,8 +43963,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39032,8 +43990,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39059,8 +44017,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39086,8 +44044,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39113,8 +44071,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39160,8 +44118,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether password reset is enabled for AAD accounts.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether password reset is enabled for AAD accounts.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39185,8 +44143,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39203,39 +44161,14 @@ The options are:
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>AllowFidoDeviceSignon</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <Description>Specifies whether FIDO device can be used to sign on.</Description>
-            <DefaultValue>0</DefaultValue>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>AllowSecondaryAuthenticationDevice</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39249,6 +44182,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeviceCredential.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>DeviceCredential~AT~WindowsComponents~MSSecondaryAuthFactorCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39278,8 +44214,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39305,8 +44241,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39332,8 +44268,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39379,8 +44315,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>6</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39423,8 +44359,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39447,8 +44383,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39471,8 +44407,32 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowPromptedProximalConnections</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39495,8 +44455,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39518,8 +44478,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -39561,8 +44521,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39577,6 +44537,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowAddressBarDropdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39586,8 +44549,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39601,6 +44564,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowAutofill</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39610,8 +44576,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39630,13 +44596,13 @@ The options are:
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>AllowCookies</NodeName>
+          <NodeName>AllowConfigurationUpdateForBooksLibrary</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you configure how your company deals with cookies.</Description>
-            <DefaultValue>2</DefaultValue>
+            <DefaultValue>1</DefaultValue>
+            <Description>This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39649,6 +44615,35 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowCookies</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>2</DefaultValue>
+            <Description>This setting lets you configure how your company deals with cookies.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CookiesListBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Cookies</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39658,8 +44653,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39674,6 +44669,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowDeveloperTools</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39683,8 +44681,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39698,6 +44696,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowDoNotTrack</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39707,8 +44708,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can load extensions in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39723,6 +44724,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowExtensions</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39732,8 +44736,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39748,6 +44752,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFlash</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39757,8 +44764,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Configure the Adobe Flash Click-to-Run setting.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39773,6 +44780,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowFlashClickToRun</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39782,8 +44792,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can browse using InPrivate website browsing.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39797,6 +44807,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowInPrivate</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39806,12 +44819,12 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
 
 If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
 
 If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39825,6 +44838,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCVList</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39834,8 +44850,8 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether employees can save their passwords locally, using Password Manager.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39849,6 +44865,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPasswordManager</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39858,8 +44877,8 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39874,6 +44893,9 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowPopups</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39883,13 +44905,13 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
 
 If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings.
 If this setting is disabled, users will be unable to add search engines or change the default used in the address bar.
 
 This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39903,6 +44925,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSearchEngineCustomization</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39912,8 +44937,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39927,6 +44952,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSearchSuggestionsinAddressBar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39936,8 +44964,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This setting lets you decide whether to turn on Windows Defender SmartScreen.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39951,6 +44979,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSmartScreen</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39960,8 +44991,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether the Books Library in Microsoft Edge will always be visible regardless of the country or region setting for the device.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -39975,6 +45006,9 @@ This policy will only apply on domain joined machines or when the device is MDM
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AlwaysEnableBooksLibrary</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -39984,8 +45018,8 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether to always clear browsing history on exiting Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40000,6 +45034,9 @@ This policy will only apply on domain joined machines or when the device is MDM
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowClearingBrowsingDataOnExit</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40009,6 +45046,7 @@ This policy will only apply on domain joined machines or when the device is MDM
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Allows you to add up to 5 additional search engines for MDM-enrolled devices.
 
 If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default.
@@ -40016,7 +45054,6 @@ If this setting is turned on, you can add up to 5 additional search engines for
 If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40029,6 +45066,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureAdditionalSearchEngines_Prompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureAdditionalSearchEngines</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40038,13 +45079,13 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
 
 Note: This policy has no effect when Browser/HomePages is not configured.
 
 Important
 This setting can only be used with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy).</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40059,6 +45100,36 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableLockdownOfStartPages</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableExtendedBooksTelemetry</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting allows organizations to send extended telemetry on book usage from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableExtendedBooksTelemetry</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40068,8 +45139,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
             <DefaultValue></DefaultValue>
+            <Description>This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40083,6 +45154,10 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EnterSiteListPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseModeSiteList</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40092,8 +45167,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40116,8 +45191,8 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Configure first run URL.</Description>
             <DefaultValue></DefaultValue>
+            <Description>Configure first run URL.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40140,13 +45215,13 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Configure the Start page URLs for your employees.
 Example:
 If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
 Encapsulate each string with greater than and less than characters like any other XML tag.
 
 Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40160,6 +45235,10 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>HomePagesPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HomePages</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40169,6 +45248,7 @@ Version 1703 or later:  If you don't want to send traffic to Microsoft, you ca
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
 
 If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off.
@@ -40177,7 +45257,6 @@ Important
 Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
 If you disable or don't configure this setting (default), employees can add, import and make changes to the Favorites list.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40191,6 +45270,9 @@ If you disable or don't configure this setting (default), employees can add, imp
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LockdownFavorites</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40200,8 +45282,8 @@ If you disable or don't configure this setting (default), employees can add, imp
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Prevent access to the about:flags page in Microsoft Edge.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40215,6 +45297,9 @@ If you disable or don't configure this setting (default), employees can add, imp
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventAccessToAboutFlagsInMicrosoftEdge</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40224,10 +45309,10 @@ If you disable or don't configure this setting (default), employees can add, imp
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40242,6 +45327,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventFirstRunPage</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40251,10 +45339,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40268,6 +45356,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventLiveTileDataCollection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40277,8 +45368,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Don't allow Windows Defender SmartScreen warning overrides</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40292,6 +45383,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverride</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40301,8 +45395,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Don't allow Windows Defender SmartScreen warning overrides for unverified files.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40316,6 +45410,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventSmartScreenPromptOverrideForFiles</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventTabPreloading</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventTabPreloading</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40325,8 +45450,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Prevent using localhost IP address for WebRTC</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Prevent using localhost IP address for WebRTC</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40340,6 +45465,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HideLocalHostIPAddress</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40349,6 +45477,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites.
 
 If you enable this setting, you can set favorite URL's and favorite folders to appear on top of users' favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites.
@@ -40357,7 +45486,6 @@ Important
 Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge.
 
 If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40370,6 +45498,10 @@ If you disable or don't configure this setting, employees will see the favorites
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfiguredFavoritesPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfiguredFavorites</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40379,8 +45511,8 @@ If you disable or don't configure this setting, employees will see the favorites
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Sends all intranet traffic over to Internet Explorer.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40395,6 +45527,9 @@ If you disable or don't configure this setting, employees will see the favorites
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SendIntranetTraffictoInternetExplorer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40404,6 +45539,7 @@ If you disable or don't configure this setting, employees will see the favorites
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
 
 If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING.
@@ -40411,7 +45547,6 @@ If this setting is turned on, you are setting the default search engine that you
 If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees.  If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.
 
 Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40424,6 +45559,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetDefaultSearchEngine_Prompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetDefaultSearchEngine</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40433,8 +45572,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Show message when opening sites in Internet Explorer</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Show message when opening sites in Internet Explorer</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40449,6 +45588,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ShowMessageWhenOpeningSitesInInternetExplorer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40458,8 +45600,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40474,6 +45616,36 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SyncFavoritesBetweenIEAndMicrosoftEdge</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>UseSharedFolderForBooks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UseSharedFolderForBooks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40503,8 +45675,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40518,6 +45690,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Camera.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Camera~AT~WindowsComponents~L_Camera_GroupPolicyCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>L_AllowCamera</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40547,8 +45722,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access cellular data.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access cellular data.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40561,6 +45736,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40570,8 +45750,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40584,6 +45764,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -40594,8 +45778,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40608,6 +45792,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -40618,8 +45806,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40632,6 +45820,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>wwansvc.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCellularData_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>wwansvc~AT~Network~WwanSvc_Category~CellularDataAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCellularData</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -40642,8 +45834,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40688,8 +45880,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40712,8 +45904,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40726,6 +45918,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40735,8 +45928,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40749,6 +45942,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WCM.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WCM~AT~Network~WCM_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WCM_DisableRoaming</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40758,8 +45955,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40782,8 +45979,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40801,14 +45998,41 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AllowPhonePCLinking</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>grouppolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>grouppolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>enableMMX</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowUSBConnection</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40832,8 +46056,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40856,8 +46080,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40880,8 +46104,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40907,8 +46131,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40934,8 +46158,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -40961,8 +46185,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -40975,6 +46199,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>ICM.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>ICM~AT~System~InternetManagement~InternetManagement_Settings</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoActiveProbe</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -40984,8 +46212,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41011,8 +46239,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41033,6 +46261,50 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>ControlPolicyConflict</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>MDMWinsOverGP</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>If set to 1 then any MDM policy that is set that has an equivalent GP policy will result in GP service blocking the setting of the policy by GP MMC</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>CredentialProviders</NodeName>
         <DFProperties>
@@ -41058,8 +46330,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41085,8 +46357,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41112,8 +46384,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41131,6 +46403,53 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>CredentialsDelegation</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RemoteHostAllowsDelegationOfNonExportableCredentials</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>CredSsp.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>CredSsp~AT~System~CredentialsDelegation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowProtectedCreds</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>CredentialsUI</NodeName>
         <DFProperties>
@@ -41156,8 +46475,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41183,8 +46502,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41230,8 +46549,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41244,6 +46563,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41253,8 +46575,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41296,8 +46618,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41320,8 +46642,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41363,8 +46685,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41389,8 +46711,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41435,8 +46757,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41449,7 +46771,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableArchiveScanning</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41459,8 +46785,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41473,7 +46799,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RealtimeProtection_DisableBehaviorMonitoring</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41483,8 +46813,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41497,7 +46827,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SpynetReporting</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Spynet</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SpynetReporting</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41507,8 +46842,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41521,7 +46856,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableEmailScanning</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41531,8 +46870,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41545,7 +46884,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableScanningMappedNetworkDrivesForFullScan</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41555,8 +46898,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41569,7 +46912,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableRemovableDriveScanning</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41579,8 +46926,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41593,6 +46940,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -41603,8 +46951,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41617,7 +46965,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RealtimeProtection_DisableIOAVProtection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41627,8 +46979,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41641,7 +46993,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RealtimeProtection_DisableOnAccessProtection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41651,8 +47007,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41665,7 +47021,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableRealtimeMonitoring</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41675,8 +47035,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41689,7 +47049,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_DisableScanningNetworkFiles</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41699,8 +47063,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41713,6 +47077,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -41723,8 +47088,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41737,7 +47102,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ClientInterface</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UX_Configuration_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41747,8 +47116,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41762,6 +47131,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_ASR_ASROnlyExclusions</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ASR</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_ASR_ASROnlyExclusions</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41771,8 +47144,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41786,6 +47159,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_ASR_Rules</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ASR</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_ASR_Rules</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41795,8 +47172,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>50</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41809,7 +47186,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_AvgCPULoadFactor</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_AvgCPULoadFactor</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41819,8 +47201,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41833,7 +47215,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="6"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MpCloudBlockLevel</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~MpEngine</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MpEngine_MpCloudBlockLevel</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41843,8 +47230,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41857,7 +47244,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="50"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MpBafsExtendedTimeout</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~MpEngine</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MpEngine_MpBafsExtendedTimeout</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41867,8 +47259,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41882,6 +47274,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_AllowedApplications</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_AllowedApplications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41891,8 +47287,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -41906,6 +47302,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_ProtectedFolders</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_ProtectedFolders</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41915,8 +47315,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41929,7 +47329,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="90"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Quarantine_PurgeItemsAfterDelay</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Quarantine</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Quarantine_PurgeItemsAfterDelay</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41939,8 +47344,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41953,7 +47358,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_ControlledFolderAccess</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41963,8 +47373,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -41977,7 +47387,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitGuard_EnableNetworkProtection</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~ExploitGuard~ExploitGuard_NetworkProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitGuard_EnableNetworkProtection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -41987,8 +47402,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42002,6 +47417,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Exclusions_PathsList</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Exclusions_Paths</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42011,8 +47430,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42026,6 +47445,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Exclusions_ExtensionsList</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Exclusions_Extensions</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42035,8 +47458,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42050,6 +47473,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Exclusions_ProcessesList</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Exclusions</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Exclusions_Processes</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42059,8 +47486,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42073,6 +47500,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
@@ -42083,8 +47511,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42097,7 +47525,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RealtimeProtection_RealtimeScanDirection</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~RealtimeProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RealtimeProtection_RealtimeScanDirection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42107,8 +47540,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42121,7 +47554,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_ScanParameters</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_ScanParameters</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42131,8 +47569,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>120</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42145,7 +47583,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1380"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_ScheduleQuickScantime</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_ScheduleQuickScantime</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42155,8 +47598,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42169,7 +47612,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="8"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_ScheduleDay</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_ScheduleDay</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42179,8 +47627,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>120</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42193,7 +47641,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1380"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Scan_ScheduleTime</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Scan</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Scan_ScheduleTime</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42203,8 +47656,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>8</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42217,7 +47670,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="24"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SignatureUpdate_SignatureUpdateInterval</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~SignatureUpdate</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SignatureUpdate_SignatureUpdateInterval</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42227,8 +47685,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42241,7 +47699,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SubmitSamplesConsent</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Spynet</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SubmitSamplesConsent</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42251,8 +47714,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42266,6 +47729,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefender.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Threats_ThreatSeverityDefaultActionList</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefender~AT~WindowsComponents~AntiSpywareDefender~Threats</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Threats_ThreatSeverityDefaultAction</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42295,8 +47762,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>10</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42309,7 +47776,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AbsoluteMaxCacheSize</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AbsoluteMaxCacheSize</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42319,8 +47790,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42334,20 +47805,23 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowVPNPeerCaching</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowVPNPeerCaching</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DOCacheHost</NodeName>
+          <NodeName>DODelayBackgroundDownloadFromHttp</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description></Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
-              <chr/>
+              <int/>
             </DFFormat>
             <Occurrence>
               <One />
@@ -42358,7 +47832,39 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DelayBackgroundDownloadFromHttp</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DelayBackgroundDownloadFromHttp</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DODelayForegroundDownloadFromHttp</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DelayForegroundDownloadFromHttp</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DelayForegroundDownloadFromHttp</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42368,8 +47874,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42383,7 +47889,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,2,3,99,100"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DownloadMode</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DownloadMode</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42393,8 +47902,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42407,7 +47916,38 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>GroupId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>GroupId</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOGroupIdSource</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>GroupIdSource</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>GroupIdSource</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42417,8 +47957,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>259200</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42431,7 +47971,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MaxCacheAge</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MaxCacheAge</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42441,8 +47985,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>20</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42455,7 +47999,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="1" high="100"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MaxCacheSize</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MaxCacheSize</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42465,8 +48013,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42479,7 +48027,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MaxDownloadBandwidth</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MaxDownloadBandwidth</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42489,8 +48041,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42503,7 +48055,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4000000"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MaxUploadBandwidth</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MaxUploadBandwidth</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42513,8 +48069,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>500</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42527,7 +48083,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="1" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MinBackgroundQos</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinBackgroundQos</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42537,8 +48097,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42551,7 +48111,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MinBatteryPercentageAllowedToUpload</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinBatteryPercentageAllowedToUpload</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42561,8 +48125,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>32</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42575,7 +48139,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MinDiskSizeAllowedToPeer</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinDiskSizeAllowedToPeer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42585,8 +48153,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>100</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42599,7 +48167,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MinFileSizeToCache</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinFileSizeToCache</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42609,8 +48181,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>4</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42623,7 +48195,11 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="1" high="100000"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MinRAMAllowedToPeer</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MinRAMAllowedToPeer</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42633,8 +48209,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>%SystemDrive%</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42647,7 +48223,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ModifyCacheDrive</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ModifyCacheDrive</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42657,8 +48236,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>20</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42671,7 +48250,39 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:SupportedValues low="0" high="4294967295"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>MonthlyUploadDataCap</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MonthlyUploadDataCap</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOPercentageMaxBackgroundBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PercentageMaxBackgroundBandwidth</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PercentageMaxBackgroundBandwidth</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42681,8 +48292,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42695,10 +48306,191 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DOPercentageMaxForegroundBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="100"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PercentageMaxForegroundBandwidth</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PercentageMaxForegroundBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DORestrictPeerSelectionBy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DeliveryOptimization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RestrictPeerSelectionBy</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RestrictPeerSelectionBy</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOSetHoursToLimitBackgroundDownloadBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXBacked>DeliveryOptimization.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetHoursToLimitBackgroundDownloadBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+                <xs:simpleType name="hours">
+                    <xs:restriction base="xs:integer">
+                        <xs:minInclusive value="0"/>
+                        <xs:maxInclusive value="23"/>
+                    </xs:restriction>
+                </xs:simpleType>
+                <xs:simpleType name="percent">
+                    <xs:restriction base="xs:integer">
+                        <xs:minInclusive value="0"/>
+                        <xs:maxInclusive value="100"/>
+                    </xs:restriction>
+                </xs:simpleType>
+                <xs:element name="Range">
+                    <xs:complexType mixed="true">
+                        <xs:sequence>
+                            <xs:element
+                                name="RangeStartTime"
+                                type="hours"
+                            />
+                            <xs:element
+                                name="RangeEndTime"
+                                type="hours"
+                            />
+                            <xs:element
+                                name="PercentageMaxDownloadBandwidthIn"
+                                type="percent"
+                            />
+                            <xs:element
+                                name="PercentageMaxDownloadBandwidthOut"
+                                type="percent"
+                        />
+                        </xs:sequence>
+                    </xs:complexType>
+                </xs:element>
+            </xs:schema>]]></MSFT:XMLSchema>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DOSetHoursToLimitForegroundDownloadBandwidth</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXBacked>DeliveryOptimization.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>DeliveryOptimization~AT~WindowsComponents~DeliveryOptimizationCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetHoursToLimitForegroundDownloadBandwidth</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+                <xs:simpleType name="hours">
+                    <xs:restriction base="xs:integer">
+                        <xs:minInclusive value="0"/>
+                        <xs:maxInclusive value="23"/>
+                    </xs:restriction>
+                </xs:simpleType>
+                <xs:simpleType name="percent">
+                    <xs:restriction base="xs:integer">
+                        <xs:minInclusive value="0"/>
+                        <xs:maxInclusive value="100"/>
+                    </xs:restriction>
+                </xs:simpleType>
+                <xs:element name="Range">
+                    <xs:complexType mixed="true">
+                        <xs:sequence>
+                            <xs:element
+                                name="RangeStartTime"
+                                type="hours"
+                            />
+                            <xs:element
+                                name="RangeEndTime"
+                                type="hours"
+                            />
+                            <xs:element
+                                name="PercentageMaxDownloadBandwidthIn"
+                                type="percent"
+                            />
+                            <xs:element
+                                name="PercentageMaxDownloadBandwidthOut"
+                                type="percent"
+                        />
+                        </xs:sequence>
+                    </xs:complexType>
+                </xs:element>
+            </xs:schema>]]></MSFT:XMLSchema>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>DeviceGuard</NodeName>
@@ -42725,8 +48517,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Turns On Virtualization Based Security(VBS)</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Turns On Virtualization Based Security(VBS)</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42741,6 +48533,9 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42750,8 +48545,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42766,6 +48561,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CredentialIsolationDrop</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42775,8 +48574,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42791,6 +48590,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
             <MSFT:SupportedValues AllowedValues="1,3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>DeviceGuard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RequirePlatformSecurityFeaturesDrop</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DeviceGuard~AT~System~DeviceGuardCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirtualizationBasedSecurity</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42820,8 +48623,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42847,8 +48650,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -42894,8 +48697,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether the user must input a PIN or password when the device resumes from an idle state.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Specifies whether the user must input a PIN or password when the device resumes from an idle state.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42919,8 +48722,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42933,6 +48736,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42942,8 +48746,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42956,6 +48760,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42965,8 +48770,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0</Description>
             <DefaultValue>2</DefaultValue>
+            <Description>Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -42979,6 +48784,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -42988,8 +48794,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether device lock is enabled.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Specifies whether device lock is enabled.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43002,6 +48808,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43011,8 +48818,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies when the password expires (in days).</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies when the password expires (in days).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43025,6 +48832,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="730"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43034,8 +48842,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies how many passwords can be stored in the history that can’t be used.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies how many passwords can be stored in the history that can’t be used.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43048,6 +48856,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="50"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43057,8 +48866,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43081,8 +48890,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43104,8 +48913,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43118,6 +48927,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43127,8 +48937,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43141,6 +48951,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43150,8 +48961,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Sets the maximum timeout value for the external display.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Sets the maximum timeout value for the external display.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43164,6 +48975,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="999"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -43174,8 +48986,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43188,6 +49000,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43197,8 +49010,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies the minimum number or characters required in the PIN or password.</Description>
             <DefaultValue>4</DefaultValue>
+            <Description>Specifies the minimum number or characters required in the PIN or password.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43211,6 +49024,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="4" high="18"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43220,12 +49034,12 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
 
 The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
 
 Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43238,8 +49052,38 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="998"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Account Policies~Password Policy</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Minimum password age</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventEnablingLockScreenCamera</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+            <MSFT:ADMXBacked>ControlPanelDisplay.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>ControlPanelDisplay~AT~ControlPanel~Personalization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CPL_Personalization_NoLockScreenCamera</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
@@ -43248,8 +49092,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43275,8 +49119,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.</Description>
             <DefaultValue>10</DefaultValue>
+            <Description>Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43289,6 +49133,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="10" high="1800"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43313,13 +49158,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFType>
         </DFProperties>
         <Node>
-          <NodeName>TurnOffGdiDPIScalingForApps</NodeName>
+          <NodeName>DisablePerProcessDpiForApps</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43333,6 +49178,95 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayDisablePerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnablePerProcessDpi</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Enable or disable Per-Process System DPI for all applications.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayGlobalPerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnablePerProcessDpiForApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayEnablePerProcessSystemDpiSettings</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayPerProcessSystemDpiSettings</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TurnOffGdiDPIScalingForApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayTurnOffGdiDPIScalingPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayTurnOffGdiDPIScaling</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43342,8 +49276,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43357,6 +49291,10 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Display.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisplayTurnOnGdiDPIScalingPrompt</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Display~AT~System~DisplayCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisplayTurnOnGdiDPIScaling</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43386,8 +49324,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43413,8 +49351,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43440,8 +49378,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43467,8 +49405,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43494,8 +49432,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43541,8 +49479,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43568,8 +49506,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43595,8 +49533,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43622,8 +49560,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -43669,8 +49607,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43694,8 +49632,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43709,6 +49647,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCortana</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43718,8 +49659,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43742,8 +49683,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43757,6 +49698,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>FindMy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>FindMy~AT~WindowsComponents~FindMyDeviceCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>FindMy_AllowFindMyDeviceConfig</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -43766,8 +49710,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43790,8 +49734,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43814,8 +49758,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43838,8 +49782,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43862,8 +49806,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43886,8 +49830,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43910,8 +49854,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43935,8 +49879,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43955,13 +49899,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>AllowWindowsTips</NodeName>
+          <NodeName>AllowWindowsConsumerFeatures</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description></Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43976,17 +49920,20 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsConsumerFeatures</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DoNotShowFeedbackNotifications</NodeName>
+          <NodeName>AllowWindowsTips</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description></Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -43999,6 +49946,38 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableSoftLanding</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DoNotShowFeedbackNotifications</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>FeedbackNotifications.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>FeedbackNotifications~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DoNotShowFeedbackNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -44028,8 +50007,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44042,6 +50021,84 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>ExploitGuard.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ExploitProtection_Name</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>ExploitGuard~AT~WindowsComponents~WindowsDefenderExploitGuard~ExploitProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExploitProtection_Name</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>FileExplorer</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOffDataExecutionPreventionForExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>Explorer.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Explorer~AT~WindowsExplorer</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoDataExecutionPrevention</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TurnOffHeapTerminationOnCorruption</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>Explorer.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Explorer~AT~WindowsExplorer</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoHeapTerminationOnCorruption</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -44071,8 +50128,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -44115,8 +50172,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Specifies whether the handwriting panel comes up floating near the text box or attached to the bottom of the screen</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -44131,6 +50188,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Handwriting.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Handwriting~AT~WindowsComponents~Handwriting</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PanelDefaultModeDocked</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -44160,8 +50220,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44187,8 +50247,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44214,8 +50274,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44241,8 +50301,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44268,8 +50328,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44295,8 +50355,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44322,8 +50382,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44349,8 +50409,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44376,8 +50436,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44403,8 +50463,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44430,8 +50490,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44457,8 +50517,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44484,8 +50544,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44511,8 +50571,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44538,8 +50598,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44565,8 +50625,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44592,8 +50652,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44619,8 +50679,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44646,8 +50706,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44673,8 +50733,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44700,8 +50760,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44727,8 +50787,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44754,8 +50814,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44781,8 +50841,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44808,8 +50868,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44835,8 +50895,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44862,8 +50922,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44889,8 +50949,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44905,8 +50965,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
-            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_2</MSFT:ADMXPolicyName>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryConsistentMimeHandling</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_5</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -44916,8 +50976,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44943,8 +51003,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44970,8 +51030,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -44997,8 +51057,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45024,8 +51084,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45051,8 +51111,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45078,8 +51138,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45105,8 +51165,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45132,8 +51192,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45159,8 +51219,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45186,8 +51246,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45213,8 +51273,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45240,8 +51300,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45267,8 +51327,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45294,8 +51354,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45321,8 +51381,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45348,8 +51408,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45375,8 +51435,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45402,8 +51462,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45429,8 +51489,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45456,8 +51516,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45483,8 +51543,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45510,8 +51570,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45537,8 +51597,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45564,8 +51624,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45591,8 +51651,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45618,8 +51678,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45645,8 +51705,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45672,8 +51732,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45699,8 +51759,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45726,8 +51786,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45753,8 +51813,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45780,8 +51840,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45807,8 +51867,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45834,8 +51894,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45861,8 +51921,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45888,8 +51948,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45915,8 +51975,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45942,8 +52002,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45969,8 +52029,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -45996,8 +52056,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46023,8 +52083,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46050,8 +52110,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46071,14 +52131,41 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>InternetZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_1</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>InternetZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46104,8 +52191,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46131,8 +52218,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46158,8 +52245,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46185,8 +52272,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46212,8 +52299,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46239,8 +52326,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46266,8 +52353,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46293,8 +52380,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46320,8 +52407,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46347,8 +52434,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46374,8 +52461,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46401,8 +52488,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46428,8 +52515,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46455,8 +52542,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46482,8 +52569,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46509,8 +52596,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46536,8 +52623,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46563,8 +52650,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46590,8 +52677,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46617,8 +52704,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46644,8 +52731,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46671,8 +52758,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46698,8 +52785,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46725,8 +52812,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46752,8 +52839,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46779,8 +52866,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46806,8 +52893,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46833,8 +52920,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46860,8 +52947,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46887,8 +52974,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46914,8 +53001,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46941,8 +53028,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46968,8 +53055,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -46995,8 +53082,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47022,8 +53109,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47049,8 +53136,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47076,8 +53163,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47103,8 +53190,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47130,8 +53217,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47157,8 +53244,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47184,8 +53271,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47211,8 +53298,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47238,8 +53325,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47265,8 +53352,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47292,8 +53379,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47319,8 +53406,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47346,8 +53433,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47373,8 +53460,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47400,8 +53487,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47427,8 +53514,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47454,8 +53541,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47481,8 +53568,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47508,8 +53595,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47535,8 +53622,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47556,14 +53643,41 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>LockedDownIntranetJavaPermissions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyJavaPermissions_4</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>LockedDownIntranetZoneAllowAccessToDataSources</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47589,8 +53703,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47616,8 +53730,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47643,8 +53757,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47670,8 +53784,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47697,8 +53811,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47724,8 +53838,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47751,8 +53865,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47778,8 +53892,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47805,8 +53919,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47832,8 +53946,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47859,8 +53973,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47886,8 +54000,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47913,8 +54027,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47940,8 +54054,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47967,8 +54081,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -47994,8 +54108,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48021,8 +54135,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48048,8 +54162,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48075,8 +54189,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48102,8 +54216,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48129,8 +54243,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48156,8 +54270,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48183,8 +54297,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48210,8 +54324,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48237,8 +54351,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48264,8 +54378,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48291,8 +54405,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48318,8 +54432,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48345,8 +54459,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48372,8 +54486,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48399,8 +54513,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48426,8 +54540,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48453,8 +54567,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48480,8 +54594,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48507,8 +54621,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48534,8 +54648,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48561,8 +54675,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48588,8 +54702,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48615,8 +54729,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48642,8 +54756,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48669,8 +54783,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48696,8 +54810,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48723,8 +54837,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48750,8 +54864,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48777,8 +54891,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48804,8 +54918,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48831,8 +54945,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48858,8 +54972,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48885,8 +54999,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48912,8 +55026,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48939,8 +55053,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48966,8 +55080,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -48993,8 +55107,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49020,8 +55134,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49047,8 +55161,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49074,8 +55188,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49101,8 +55215,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49128,8 +55242,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49155,8 +55269,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49182,8 +55296,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49209,8 +55323,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49236,8 +55350,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49263,8 +55377,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49290,8 +55404,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49317,8 +55431,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49344,8 +55458,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49371,8 +55485,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49398,8 +55512,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49425,8 +55539,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49452,8 +55566,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49479,8 +55593,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49506,8 +55620,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49533,8 +55647,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49560,8 +55674,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49587,8 +55701,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49608,14 +55722,41 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>IZ_PolicyAllowVBScript_7</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49641,8 +55782,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49668,8 +55809,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49695,8 +55836,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49722,8 +55863,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49749,8 +55890,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49776,8 +55917,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49803,8 +55944,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49830,8 +55971,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49857,8 +55998,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49884,8 +56025,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49911,8 +56052,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49938,8 +56079,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49965,8 +56106,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -49992,8 +56133,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50019,8 +56160,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50046,8 +56187,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50073,8 +56214,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50100,8 +56241,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50127,8 +56268,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50154,8 +56295,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50181,8 +56322,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50208,8 +56349,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50230,13 +56371,13 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>SecurityZonesUseOnlyMachineSettings </NodeName>
+          <NodeName>SecurityZonesUseOnlyMachineSettings</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50262,8 +56403,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50289,8 +56430,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50316,8 +56457,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50343,8 +56484,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50370,8 +56511,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50397,8 +56538,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50424,8 +56565,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50451,8 +56592,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50478,8 +56619,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50505,8 +56646,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50532,8 +56673,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50559,8 +56700,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50586,8 +56727,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50613,8 +56754,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50660,8 +56801,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50687,8 +56828,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50714,8 +56855,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50741,8 +56882,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50768,8 +56909,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -50790,6 +56931,173 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>KioskBrowser</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BlockedUrlExceptions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BlockedUrls</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DefaultURL</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Configures the default URL kiosk browsers to navigate on launch and restart.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableHomeButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's home button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableNavigationButtons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's navigation buttons (forward/back).</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestartOnIdleTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="1" high="1440"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Licensing</NodeName>
         <DFProperties>
@@ -50815,8 +57123,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -50831,6 +57139,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>AVSValidationGP.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AVSValidationGP~AT~WindowsComponents~SoftwareProtectionPlatform</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowWindowsEntitlementReactivation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -50840,8 +57151,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -50856,6 +57167,9 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>AVSValidationGP.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AVSValidationGP~AT~WindowsComponents~SoftwareProtectionPlatform</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoAcquireGT</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -50885,6 +57199,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy setting prevents users from adding new Microsoft accounts on this computer.
 
 If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
@@ -50892,7 +57207,6 @@ If you select the "Users can’t add Microsoft accounts" option, users will not
 If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
 
 If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -50907,6 +57221,8 @@ If you disable or do not configure this policy (recommended), users will be able
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Accounts: Block Microsoft accounts</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -50916,6 +57232,7 @@ If you disable or do not configure this policy (recommended), users will be able
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This security setting determines whether the local Administrator account is enabled or disabled.
 
 Notes
@@ -50926,7 +57243,6 @@ Disabling the Administrator account can become a maintenance issue under certain
 Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts.  If the computer is domain joined the disabled administrator will not be enabled.
 
 Default: Disabled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -50939,7 +57255,10 @@ Default: Disabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Accounts: Administrator account status</MSFT:GPDBMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -50949,12 +57268,12 @@ Default: Disabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This security setting determines if the Guest account is enabled or disabled.
 
 Default: Disabled.
 
 Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -50967,7 +57286,10 @@ Note: If the Guest account is disabled and the security option Network Access: S
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Accounts: Guest account status</MSFT:GPDBMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -50977,6 +57299,7 @@ Note: If the Guest account is disabled and the security option Network Access: S
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Accounts: Limit local account use of blank passwords to console logon only
 
 This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
@@ -50993,7 +57316,6 @@ Notes
 
 This setting does not affect logons that use domain accounts.
 It is possible for applications that use remote interactive logons to bypass this setting.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51006,7 +57328,10 @@ It is possible for applications that use remote interactive logons to bypass thi
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Accounts: Limit local account use of blank passwords to console logon only</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51016,12 +57341,12 @@ It is possible for applications that use remote interactive logons to bypass thi
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>Administrator</DefaultValue>
             <Description>Accounts: Rename administrator account
 
 This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
 
 Default: Administrator.</Description>
-            <DefaultValue>Administrator</DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51035,6 +57360,8 @@ Default: Administrator.</Description>
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Accounts: Rename administrator account</MSFT:GPDBMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51044,12 +57371,12 @@ Default: Administrator.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>Guest</DefaultValue>
             <Description>Accounts: Rename guest account
 
 This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
 
 Default: Guest.</Description>
-            <DefaultValue>Guest</DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51063,6 +57390,8 @@ Default: Guest.</Description>
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Accounts: Rename guest account</MSFT:GPDBMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51072,6 +57401,7 @@ Default: Guest.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Devices: Allowed to format and eject removable media
 
 This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to:
@@ -51080,7 +57410,6 @@ Administrators
 Administrators and Interactive Users
 
 Default: This policy is not defined and only Administrators have this ability.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51094,6 +57423,8 @@ Default: This policy is not defined and only Administrators have this ability.</
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Devices: Allowed to format and eject removable media</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51103,13 +57434,13 @@ Default: This policy is not defined and only Administrators have this ability.</
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Devices: Allow undock without having to log on
 This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
 Default: Enabled.
 
 Caution
 Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51122,7 +57453,10 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Devices: Allow undock without having to log on</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51132,6 +57466,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Devices: Prevent users from installing printer drivers when connecting to shared printers
 
 For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer.
@@ -51143,7 +57478,6 @@ Notes
 
 This setting does not affect the ability to add a local printer.
 This setting does not affect Administrators.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51156,7 +57490,10 @@ This setting does not affect Administrators.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Devices: Prevent users from installing printer drivers</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51166,6 +57503,7 @@ This setting does not affect Administrators.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Devices: Restrict CD-ROM access to locally logged-on user only
 
 This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.
@@ -51173,7 +57511,6 @@ This security setting determines whether a CD-ROM is accessible to both local an
 If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can be accessed over the network.
 
 Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51187,6 +57524,245 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Devices: Restrict CD-ROM access to locally logged-on user only</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Domain member: Digitally encrypt or sign secure channel data (always)
+
+This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
+
+Domain member: Digitally encrypt secure channel data (when possible)
+Domain member: Digitally sign secure channel data (when possible)
+
+Default: Enabled.
+
+Notes:
+
+If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
+If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
+Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Digitally encrypt or sign secure channel data (always)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Domain member: Digitally encrypt secure channel data (when possible)
+
+This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
+
+Default: Enabled.
+
+Important
+
+There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
+
+Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Digitally encrypt secure channel data (when possible)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DigitallySignSecureChannelDataWhenPossible</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Domain member: Digitally sign secure channel data (when possible)
+
+This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
+
+This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it cannot be tampered with in transit.
+
+Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Digitally sign secure channel data (when possible)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Domain member: Disable machine account password changes
+
+Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
+
+Default: Disabled.
+
+Notes
+
+This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
+This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Disable machine account password changes</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_MaximumMachineAccountPasswordAge</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>30</DefaultValue>
+            <Description>Domain member: Maximum machine account password age
+
+This security setting determines how often a domain member will attempt to change its computer account password.
+
+Default: 30 days.
+
+Important
+
+This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Maximum machine account password age</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DomainMember_RequireStrongSessionKey</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Domain member: Require strong (Windows 2000 or later) session key
+
+This security setting determines whether 128-bit key strength is required for encrypted secure channel data.
+
+When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller within the domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup, and so on.
+
+Depending on what version of Windows is running on the domain controller that the domain member is communicating with and the settings of the parameters:
+
+Domain member: Digitally encrypt or sign secure channel data (always)
+Domain member: Digitally encrypt secure channel data (when possible)
+Some or all of the information that is transmitted over the secure channel will be encrypted. This policy setting determines whether or not 128-bit key strength is required for the secure channel information that is encrypted.
+
+If this setting is enabled, then the secure channel will not be established unless 128-bit encryption can be performed. If this setting is disabled, then the key strength is negotiated with the domain controller.
+
+Default: Enabled.
+
+Important
+
+In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later.
+In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Domain member: Require strong (Windows 2000 or later) session key</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51196,11 +57772,11 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Interactive Logon:Display user information when the session is locked
 User display name, domain and user names (1)
 User display name only (2)
 Do not display user information (3)</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51213,7 +57789,10 @@ Do not display user information (3)</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Display user information when the session is locked</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51223,6 +57802,7 @@ Do not display user information (3)</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Interactive logon: Don't display last signed-in
 This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
 If this policy is enabled, the username will not be shown.
@@ -51230,7 +57810,6 @@ If this policy is enabled, the username will not be shown.
 If this policy is disabled, the username will be shown.
 
 Default: Disabled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51243,7 +57822,10 @@ Default: Disabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Don't display last signed-in</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51253,6 +57835,7 @@ Default: Disabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Interactive logon: Don't display username at sign-in
 This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
 If this policy is enabled, the username will not be shown.
@@ -51260,7 +57843,6 @@ If this policy is enabled, the username will not be shown.
 If this policy is disabled, the username will be shown.
 
 Default: Disabled.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51273,7 +57855,10 @@ Default: Disabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Don't display username at sign-in</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51283,6 +57868,7 @@ Default: Disabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Interactive logon: Do not require CTRL+ALT+DEL
 
 This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
@@ -51293,7 +57879,6 @@ If this policy is disabled, any user is required to press CTRL+ALT+DEL before lo
 
 Default on domain-computers: Enabled: At least Windows  8/Disabled: Windows 7 or earlier.
 Default on stand-alone computers: Enabled.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51306,7 +57891,10 @@ Default on stand-alone computers: Enabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Do not require CTRL+ALT+DEL</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51316,12 +57904,12 @@ Default on stand-alone computers: Enabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Interactive logon: Machine inactivity limit.
 
 Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
 
 Default: not enforced.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51334,7 +57922,10 @@ Default: not enforced.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="599940"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Machine inactivity limit</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51344,6 +57935,7 @@ Default: not enforced.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Interactive logon: Message text for users attempting to log on
 
 This security setting specifies a text message that is displayed to users when they log on.
@@ -51351,7 +57943,6 @@ This security setting specifies a text message that is displayed to users when t
 This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
 
 Default: No message.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51365,6 +57956,8 @@ Default: No message.</Description>
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Message text for users attempting to log on</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -51375,12 +57968,12 @@ Default: No message.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue></DefaultValue>
             <Description>Interactive logon: Message title for users attempting to log on
 
 This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
 
 Default: No message.</Description>
-            <DefaultValue></DefaultValue>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51394,23 +57987,40 @@ Default: No message.</Description>
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Message title for users attempting to log on</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</NodeName>
+          <NodeName>InteractiveLogon_SmartCardRemovalBehavior</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Network access: Restrict clients allowed to make remote calls to SAM
+            <DefaultValue>0</DefaultValue>
+            <Description>Interactive logon: Smart card removal behavior
 
-This policy setting allows you to restrict remote rpc connections to SAM.
+This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
 
-If not selected, the default security descriptor will be used.
+The options are:
 
-This policy is supported on at least Windows Server 2016.</Description>
-            <DefaultValue></DefaultValue>
+ No Action
+ Lock Workstation
+ Force Logoff
+ Disconnect if a Remote Desktop Services session 
+
+If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
+
+If you click Force Logoff in the Properties dialog box for this policy, the user is automatically logged off when the smart card is removed.
+
+If you click Disconnect if a Remote Desktop Services session, removal of the smart card disconnects the session without logging the user off. This allows the user to insert the smart card and resume the session later, or at another smart card reader-equipped computer, without having to log on again. If the session is local, this policy functions identically to Lock Workstation.
+
+Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
+
+Default: This policy is not defined, which means that the system treats it as No action.
+
+On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -51424,19 +58034,41 @@ This policy is supported on at least Windows Server 2016.</Description>
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Interactive logon: Smart card removal behavior</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Network security: Allow PKU2U authentication requests to this computer to use online identities.
+            <DefaultValue>0</DefaultValue>
+            <Description>Microsoft network client: Digitally sign communications (always)
 
-This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.</Description>
-            <DefaultValue>1</DefaultValue>
+This security setting determines whether packet signing is required by the SMB client component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
+
+If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
+
+Default: Disabled.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51449,16 +58081,579 @@ This policy will be turned off by default on domain joined machines. This would
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Microsoft network client: Digitally sign communications (if server agrees)
+
+This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB client component attempts to negotiate SMB packet signing when it connects to an SMB server.
+
+If this setting is enabled, the Microsoft network client will ask the server to perform SMB packet signing upon session setup. If packet signing has been enabled on the server, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
+
+Default: Enabled.
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (if server agrees)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Microsoft network client: Send unencrypted password to connect to third-party SMB servers
+
+If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
+
+Sending unencrypted passwords is a security risk.
+
+Default: Disabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network client: Send unencrypted password to third-party SMB servers</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>15</DefaultValue>
+            <Description>Microsoft network server: Amount of idle time required before suspending a session
+
+This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
+
+Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
+
+For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
+
+Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="99999"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network server: Amount of idle time required before suspending session</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Microsoft network server: Digitally sign communications (always)
+
+This security setting determines whether packet signing is required by the SMB server component.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted.
+
+If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server.
+
+Default:
+
+Disabled for member servers.
+Enabled for domain controllers.
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers.
+If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
+
+Important
+
+For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy:
+Microsoft network server: Digitally sign communications (if server agrees)
+
+For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server:
+HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network server: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Microsoft network server: Digitally sign communications (if client agrees)
+
+This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
+
+The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether the SMB server will negotiate SMB packet signing when an SMB client requests it.
+
+If this setting is enabled, the Microsoft network server will negotiate SMB packet signing as requested by the client. That is, if packet signing has been enabled on the client, packet signing will be negotiated. If this policy is disabled, the SMB client will never negotiate SMB packet signing.
+
+Default: Enabled on domain controllers only.
+
+Important
+
+For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
+
+Notes
+
+All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
+Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
+Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
+Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
+Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
+If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted.
+SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections.
+For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Microsoft network server: Digitally sign communications (if client agrees)</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Network access: Do not allow anonymous enumeration of SAM accounts
+
+This security setting determines what additional permissions will be granted for anonymous connections to the computer.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust.
+
+This security option allows additional restrictions to be placed on anonymous connections as follows:
+
+Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources.
+Disabled: No additional restrictions. Rely on default permissions.
+
+Default on workstations: Enabled.
+Default on server:Enabled.
+
+Important
+
+This policy has no impact on domain controllers.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network access: Do not allow anonymous enumeration of SAM accounts</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network access: Do not allow anonymous enumeration of SAM accounts and shares
+
+This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
+
+Default: Disabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network access: Do not allow anonymous enumeration of SAM accounts and shares</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Network access: Restrict anonymous access to Named Pipes and Shares
+
+When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
+
+Network access: Named pipes that can be accessed anonymously
+Network access: Shares that can be accessed anonymously
+Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network access: Restrict anonymous access to Named Pipes and Shares</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Network access: Restrict clients allowed to make remote calls to SAM
+
+This policy setting allows you to restrict remote rpc connections to SAM.
+
+If not selected, the default security descriptor will be used.
+
+This policy is supported on at least Windows Server 2016.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network access: Restrict clients allowed to make remote calls to SAM</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_AllowPKU2UAuthenticationRequests</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Network security: Allow PKU2U authentication requests to this computer to use online identities.
+
+This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Allow PKU2U authentication requests to this computer to use online identities.</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Network security: Do not store LAN Manager hash value on next password change
+
+This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
+
+
+Default on Windows Vista and above: Enabled
+Default on Windows XP: Disabled.
+
+Important
+
+Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0.
+This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Do not store LAN Manager hash value on next password change</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_LANManagerAuthenticationLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security LAN Manager authentication level
+
+This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
+
+Send LM and NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send LM and NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
+
+Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).
+
+Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
+
+Important
+
+This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM.
+
+Default:
+
+Windows 2000 and windows XP: send LM and NTLM responses
+
+Windows Server 2003: Send NTLM response only
+
+Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: LAN Manager authentication level</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
+
+This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
+Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
+
+This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+
+Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
+Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
+
+Default:
+
+Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+
+Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>Shutdown: Allow system to be shut down without having to log on
 
 This security setting determines whether a computer can be shut down without having to log on to Windows.
@@ -51469,7 +58664,6 @@ When this policy is disabled, the option to shut down the computer does not appe
 
 Default on workstations: Enabled.
 Default on servers: Disabled.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51482,7 +58676,10 @@ Default on servers: Disabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Shutdown: Allow system to be shut down without having to log on</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51492,6 +58689,7 @@ Default on servers: Disabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Shutdown: Clear virtual memory pagefile
 
 This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
@@ -51501,7 +58699,6 @@ Virtual memory support uses a system pagefile to swap pages of memory to disk wh
 When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
 
 Default: Disabled.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51514,7 +58711,10 @@ Default: Disabled.</Description>
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Shutdown: Clear virtual memory pagefile</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51524,6 +58724,7 @@ Default: Disabled.</Description>
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
 
 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
@@ -51531,7 +58732,6 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U
 • Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
 
 • Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51544,7 +58744,10 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51554,6 +58757,7 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>5</DefaultValue>
             <Description>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
 
 This policy setting controls the behavior of the elevation prompt for administrators.
@@ -51571,7 +58775,6 @@ The options are:
 • Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
 
 • Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.</Description>
-            <DefaultValue>5</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51584,7 +58787,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51594,6 +58800,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>3</DefaultValue>
             <Description>User Account Control: Behavior of the elevation prompt for standard users
 This policy setting controls the behavior of the elevation prompt for standard users.
 
@@ -51604,7 +58811,6 @@ The options are:
 • Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
 
 • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.</Description>
-            <DefaultValue>3</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51619,6 +58825,8 @@ The options are:
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Behavior of the elevation prompt for standard users</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51628,6 +58836,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Detect application installations and prompt for elevation
 
 This policy setting controls the behavior of application installation detection for the computer.
@@ -51637,7 +58846,6 @@ The options are:
 Enabled: (Default) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
 
 Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51650,7 +58858,10 @@ Disabled: Application installation packages are not detected and prompted for el
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Detect application installations and prompt for elevation</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51660,6 +58871,7 @@ Disabled: Application installation packages are not detected and prompted for el
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>User Account Control: Only elevate executable files that are signed and validated
 
 This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
@@ -51669,7 +58881,6 @@ The options are:
 • Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
 
 • Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51682,7 +58893,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Only elevate executables that are signed and validated</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51692,6 +58906,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Only elevate UIAccess applications that are installed in secure locations
 
 This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
@@ -51707,7 +58922,6 @@ The options are:
 • Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
 
 • Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51720,7 +58934,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Only elevate UIAccess applications that are installed in secure locations</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51730,6 +58947,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Turn on Admin Approval Mode
 
 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
@@ -51739,7 +58957,6 @@ The options are:
 • Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
 
 • Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51752,7 +58969,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Run all administrators in Admin Approval Mode</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51762,6 +58982,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Switch to the secure desktop when prompting for elevation
 
 This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
@@ -51771,7 +58992,6 @@ The options are:
 • Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
 
 • Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51784,7 +59004,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Switch to the secure desktop when prompting for elevation</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51794,6 +59017,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>User Account Control: Use Admin Approval Mode for the built-in Administrator account
 
 This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
@@ -51803,7 +59027,6 @@ The options are:
 • Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
 
 • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51816,7 +59039,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Admin Approval Mode for the Built-in Administrator account</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51826,6 +59052,7 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>User Account Control: Virtualize file and registry write failures to per-user locations
 
 This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
@@ -51835,7 +59062,6 @@ The options are:
 • Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
 
 • Disabled: Applications that write data to protected locations fail.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51848,7 +59074,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>User Account Control: Virtualize file and registry write failures to per-user locations</MSFT:GPRegistryMappedName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51878,8 +59107,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51892,6 +59121,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>LocationProviderAdm.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>LocationProviderAdm~AT~LocationAndSensors~WindowsLocationProvider</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableWindowsLocationProvider_1</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51921,8 +59154,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51937,6 +59170,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>EdgeUI.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>EdgeUI~AT~WindowsComponents~EdgeUI</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowEdgeSwipe</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -51966,8 +59202,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>65535</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -51990,8 +59226,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>65535</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52005,6 +59241,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WinMaps.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WinMaps~AT~WindowsComponents~Maps</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>TurnOffAutoUpdate</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52034,8 +59273,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52048,6 +59287,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>messaging.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>messaging~AT~WindowsComponents~Messaging_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowMessageSync</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52057,8 +59300,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52071,6 +59314,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -52081,8 +59325,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52095,11 +59339,295 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>MSSecurityGuide</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0201_LATFP</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureSMBV1ClientDriver</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0002_SMBv1_ClientDriver</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureSMBV1Server</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0001_SMBv1_Server</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableStructuredExceptionHandlingOverwriteProtection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0102_SEHOP</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>WDigestAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0202_WDigestAuthn</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>MSSLegacy</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_MSS_EnableICMPRedirect</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_MSS_NoNameReleaseOnDemand</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IPSourceRoutingProtectionLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_MSS_DisableIPSourceRouting</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IPv6SourceRoutingProtectionLevel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>mss-legacy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Mss-legacy~AT~Cat_MSS</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_MSS_DisableIPSourceRoutingIPv6</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>NetworkIsolation</NodeName>
         <DFProperties>
@@ -52125,8 +59653,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52139,6 +59667,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>WF_NetIsolation_EnterpriseCloudResourcesBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_EnterpriseCloudResources</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52148,8 +59680,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52162,6 +59694,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>WF_NetIsolation_Intranet_ProxiesBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_Intranet_Proxies</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52171,8 +59707,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52185,6 +59721,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>WF_NetIsolation_PrivateSubnetBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_PrivateSubnet</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52194,8 +59734,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52208,6 +59748,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_Authoritative_Subnet</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52217,8 +59761,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52240,8 +59784,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52254,6 +59798,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>WF_NetIsolation_Domain_ProxiesBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_Domain_Proxies</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52263,8 +59811,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52277,6 +59825,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_Authoritative_Proxies</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52286,8 +59838,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52300,10 +59852,61 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>NetworkIsolation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>WF_NetIsolation_NeutralResourcesBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>NetworkIsolation~AT~Network~WF_Isolation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WF_NetIsolation_NeutralResources</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Notifications</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>DisallowCloudNotification</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoCloudNotification</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Power</NodeName>
         <DFProperties>
@@ -52323,14 +59926,41 @@ The options are:
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowStandbyStatesWhenSleepingOnBattery</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>power.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Power~AT~System~PowerManagementCat~PowerSleepSettingsCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowStandbyStatesDC_2</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowStandbyWhenSleepingPluggedIn</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52356,8 +59986,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52383,8 +60013,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52410,8 +60040,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52437,8 +60067,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52464,8 +60094,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52491,8 +60121,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52518,8 +60148,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52545,8 +60175,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52592,8 +60222,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52619,8 +60249,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52666,8 +60296,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52690,8 +60320,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52706,6 +60336,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:StartOSVerison>10.0.10240</MSFT:StartOSVerison>
+            <MSFT:ADMXMapped>Globalization.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Globalization~AT~ControlPanel~RegionalOptions</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowInputPersonalization</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52715,8 +60348,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>65535</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52730,6 +60363,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="0,1,65535"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>UserProfiles.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>UserProfiles~AT~System~UserProfiles</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableAdvertisingId</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52739,8 +60375,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52754,6 +60390,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableActivityFeed</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52763,8 +60402,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access account information.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access account information.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52777,6 +60416,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52786,8 +60430,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52800,6 +60444,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52810,8 +60458,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52824,6 +60472,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52834,8 +60486,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52848,6 +60500,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessAccountInfo_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessAccountInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52858,8 +60514,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the calendar.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access the calendar.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52872,6 +60528,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52881,8 +60542,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52895,6 +60556,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52905,8 +60570,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52919,6 +60584,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52929,8 +60598,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52943,6 +60612,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCalendar_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCalendar</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -52953,8 +60626,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access call history.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access call history.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -52967,6 +60640,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -52976,8 +60654,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -52990,6 +60668,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53000,8 +60682,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53014,6 +60696,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53024,8 +60710,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53038,6 +60724,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCallHistory_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCallHistory</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53048,8 +60738,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the camera.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access the camera.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53062,6 +60752,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCamera_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53071,8 +60766,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53085,6 +60780,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCamera_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53095,8 +60794,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53109,6 +60808,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCamera_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53119,8 +60822,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53133,6 +60836,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessCamera_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessCamera</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53143,8 +60850,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access contacts.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access contacts.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53157,6 +60864,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessContacts_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53166,8 +60878,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53180,6 +60892,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessContacts_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53190,8 +60906,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53204,6 +60920,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessContacts_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53214,8 +60934,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53228,6 +60948,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessContacts_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessContacts</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53238,8 +60962,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access email.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access email.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53252,6 +60976,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessEmail_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53261,8 +60990,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53275,6 +61004,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessEmail_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53285,8 +61018,88 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessEmail_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessEmail_UserInControlOfTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessEmail_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessEmail</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access the eye tracker.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput_ForceAllowTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53304,13 +61117,37 @@ The options are:
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>LetAppsAccessEmail_UserInControlOfTheseApps</NodeName>
+          <NodeName>LetAppsAccessGazeInput_ForceDenyTheseApps</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LetAppsAccessGazeInput_UserInControlOfTheseApps</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53333,8 +61170,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access location.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access location.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53347,6 +61184,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessLocation_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53356,8 +61198,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53370,6 +61212,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessLocation_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53380,8 +61226,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53394,6 +61240,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessLocation_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53404,8 +61254,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53418,6 +61268,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessLocation_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessLocation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53428,8 +61282,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can read or send messages (text or MMS).</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can read or send messages (text or MMS).</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53442,6 +61296,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53451,8 +61310,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53465,6 +61324,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53475,8 +61338,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53489,6 +61352,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53499,8 +61366,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53513,6 +61380,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMessaging_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMessaging</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53523,8 +61394,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access the microphone.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access the microphone.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53537,6 +61408,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53546,8 +61422,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53560,6 +61436,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53570,8 +61450,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53584,6 +61464,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53594,8 +61478,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53608,6 +61492,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMicrophone_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMicrophone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53618,8 +61506,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access motion data.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access motion data.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53632,6 +61520,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMotion_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53641,8 +61534,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53655,6 +61548,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMotion_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53665,8 +61562,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53679,6 +61576,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMotion_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53689,8 +61590,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53703,6 +61604,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessMotion_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessMotion</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53713,8 +61618,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access notifications.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access notifications.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53727,6 +61632,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53736,8 +61646,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53750,6 +61660,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53760,8 +61674,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53774,6 +61688,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53784,8 +61702,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53798,6 +61716,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessNotifications_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53808,8 +61730,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can make phone calls</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can make phone calls</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53822,6 +61744,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessPhone_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53831,8 +61758,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53845,6 +61772,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessPhone_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53855,8 +61786,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53869,6 +61800,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessPhone_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53879,8 +61814,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53893,6 +61828,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessPhone_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessPhone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53903,8 +61842,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps have access to control radios.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps have access to control radios.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -53917,6 +61856,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessRadios_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -53926,8 +61870,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53940,6 +61884,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessRadios_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53950,8 +61898,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53964,6 +61912,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessRadios_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53974,8 +61926,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -53988,6 +61940,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessRadios_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessRadios</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -53998,8 +61954,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access tasks.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access tasks.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54012,6 +61968,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTasks_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54021,8 +61982,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54035,6 +61996,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTasks_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54045,8 +62010,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54059,6 +62024,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTasks_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54069,8 +62038,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54083,6 +62052,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTasks_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTasks</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54093,8 +62066,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can access trusted devices.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can access trusted devices.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54107,6 +62080,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54116,8 +62094,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54130,6 +62108,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54140,8 +62122,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54154,6 +62136,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54164,8 +62150,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54178,6 +62164,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsAccessTrustedDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54188,8 +62178,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54202,6 +62192,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54211,8 +62206,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54225,6 +62220,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54235,8 +62234,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54249,6 +62248,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54259,8 +62262,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54273,6 +62276,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsGetDiagnosticInfo</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54283,8 +62290,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can run in the background.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can run in the background.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54297,6 +62304,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsRunInBackground_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54306,8 +62318,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54320,6 +62332,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsRunInBackground_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54330,8 +62346,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54344,6 +62360,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsRunInBackground_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54354,8 +62374,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54368,6 +62388,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsRunInBackground_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsRunInBackground</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54378,8 +62402,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting specifies whether Windows apps can communicate with unpaired wireless devices.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54392,6 +62416,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_Enum</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54401,8 +62430,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54415,6 +62444,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_ForceAllowTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54425,8 +62458,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54439,6 +62472,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_ForceDenyTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54449,8 +62486,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DefaultValue></DefaultValue>
+            <Description>List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54463,6 +62500,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>AppPrivacy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LetAppsSyncWithDevices_UserInControlOfTheseApps_List</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>AppPrivacy~AT~WindowsComponents~AppPrivacy</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LetAppsSyncWithDevices</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
             <MSFT:SubStringSeparatorChar>;</MSFT:SubStringSeparatorChar>
           </DFProperties>
@@ -54473,8 +62514,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Allows apps/system to publish 'User Activities' into ActivityFeed.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>Allows apps/system to publish 'User Activities' into ActivityFeed.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -54488,6 +62529,36 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PublishUserActivities</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>UploadUserActivities</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Allows ActivityFeed to upload published 'User Activities'.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>OSPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>OSPolicy~AT~System~PolicyPolicies</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>UploadUserActivities</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -54517,8 +62588,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54544,8 +62615,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54571,8 +62642,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54598,8 +62669,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54645,8 +62716,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54672,8 +62743,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54699,8 +62770,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54726,8 +62797,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54753,8 +62824,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54780,8 +62851,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54827,8 +62898,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54854,8 +62925,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54881,8 +62952,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54908,8 +62979,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54935,8 +63006,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54962,8 +63033,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -54989,8 +63060,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55016,8 +63087,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55043,8 +63114,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55070,8 +63141,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55097,8 +63168,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55124,8 +63195,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55151,8 +63222,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55178,8 +63249,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55205,8 +63276,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55252,8 +63323,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55279,8 +63350,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55326,8 +63397,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55353,8 +63424,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55380,8 +63451,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55407,8 +63478,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55434,8 +63505,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55461,8 +63532,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55488,8 +63559,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -55510,6 +63581,51 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>RestrictedGroups</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ConfigureGroupMembership</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
+Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Search</NodeName>
         <DFProperties>
@@ -55535,8 +63651,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55549,6 +63665,39 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowCloudSearch_Dropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCloudSearch</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowCortanaInAAD</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This features allows you to show the cortana opt-in page during Windows Setup</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowCortanaInAAD</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55558,8 +63707,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55573,6 +63722,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowIndexingEncryptedStoresOrItems</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55582,8 +63734,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55597,6 +63749,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSearchToUseLocation</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55606,8 +63761,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55630,8 +63785,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55644,6 +63799,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowUsingDiacritics</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55653,8 +63812,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55667,6 +63826,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55676,8 +63836,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55690,6 +63850,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AlwaysUseAutoLangDetection</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55699,8 +63863,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55713,6 +63877,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableBackoff</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55722,8 +63890,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55736,17 +63904,48 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableRemovableDriveIndexing</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DoNotUseWebResults</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DoNotUseWebResults</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>PreventIndexingLowDiskSpaceMB</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55759,6 +63958,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>StopIndexingOnLimitedHardDriveSpace</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55768,8 +63971,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55782,6 +63985,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Search.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Search~AT~WindowsComponents~Search</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventRemoteQueries</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55791,8 +63998,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55805,6 +64012,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>desktop</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -55835,8 +64043,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55859,8 +64067,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55884,8 +64092,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55908,8 +64116,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55933,8 +64141,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55949,17 +64157,20 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>TPM.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>TPM~AT~System~TPMCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ClearTPMIfNotReady_Name</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</NodeName>
+          <NodeName>ConfigureWindowsPasswords</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
-            <DefaultValue>0</DefaultValue>
+            <DefaultValue>2</DefaultValue>
+            <Description>Configures the use of passwords for Windows features</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55972,6 +64183,32 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55981,8 +64218,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -55995,6 +64232,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56004,8 +64242,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56018,6 +64256,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56027,8 +64266,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56041,6 +64280,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56070,8 +64310,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56095,8 +64335,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56119,8 +64359,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56143,8 +64383,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56167,8 +64407,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56192,8 +64432,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56207,6 +64447,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CheckBox_AllowOnlineTips</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowOnlineTips</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56216,8 +64460,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56241,8 +64485,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56266,8 +64510,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56291,8 +64535,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56315,8 +64559,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56340,8 +64584,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56364,8 +64608,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -56378,6 +64622,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>ControlPanel.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SettingsPageVisibilityBox</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>ControlPanel~AT~ControlPanel</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SettingsPageVisibility</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56407,8 +64655,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56423,6 +64671,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureAppInstallControl</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56432,8 +64683,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56448,6 +64699,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ShellConfigureSmartScreen</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56457,8 +64711,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56473,6 +64727,10 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ShellConfigureSmartScreen_Dropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ShellConfigureSmartScreen</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56502,8 +64760,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56517,6 +64775,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Speech.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Speech~AT~WindowsComponents~Speech</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSpeechModelUpdate</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56546,8 +64807,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56571,8 +64832,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56596,8 +64857,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56621,8 +64882,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56646,8 +64907,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56671,8 +64932,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56696,8 +64957,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56721,8 +64982,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56746,8 +65007,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56771,8 +65032,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DefaultValue>65535</DefaultValue>
+            <Description>This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56791,13 +65052,13 @@ The options are:
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>ForceStartSize</NodeName>
+          <NodeName>DisableContextMenus</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy prevents context menus from being invoked in the Start Menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56810,6 +65071,35 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableContextMenusInStart</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ForceStartSize</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
@@ -56820,8 +65110,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56834,6 +65124,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
@@ -56844,8 +65135,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56868,8 +65159,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56893,8 +65184,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Hibernate" from appearing in the power button in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Hibernate" from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56917,8 +65208,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Lock" from appearing in the user tile in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Lock" from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56941,8 +65232,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides the power button from appearing in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides the power button from appearing in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56965,8 +65256,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -56990,8 +65281,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57006,6 +65297,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HideRecentlyAddedApps</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57015,8 +65309,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57039,8 +65333,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57063,8 +65357,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Sign out" from appearing in the user tile in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Sign out" from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57087,8 +65381,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Sleep" from appearing in the power button in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Sleep" from appearing in the power button in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57111,8 +65405,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides "Switch account" from appearing in the user tile in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides "Switch account" from appearing in the user tile in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57135,8 +65429,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Enabling this policy hides the user tile from appearing in the start menu.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Enabling this policy hides the user tile from appearing in the start menu.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57159,8 +65453,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified.</Description>
             <DefaultValue></DefaultValue>
+            <Description>This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified.</Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57183,8 +65477,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57208,8 +65502,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57223,6 +65517,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StartMenu.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StartMenu~AT~StartMenu</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LockedStartLayout</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57252,8 +65549,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57266,7 +65563,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>StorageHealth.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>StorageHealth~AT~System~StorageHealth</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SH_AllowDiskHealthModelUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57276,8 +65577,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57323,8 +65624,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57337,6 +65638,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>AllowBuildPreview.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>AllowBuildPreview~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowBuildPreview</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57346,8 +65651,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57370,8 +65675,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57384,6 +65689,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57393,8 +65699,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57408,6 +65714,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>GroupPolicy.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>GroupPolicy~AT~Network~NetworkFonts</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableFontProviders</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57417,8 +65726,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57431,6 +65740,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Sensors.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Sensors~AT~LocationAndSensors</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableLocation_2</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57440,8 +65753,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57464,8 +65777,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57478,6 +65791,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowTelemetry</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowTelemetry</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57487,8 +65805,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57511,8 +65829,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57533,36 +65851,13 @@ The options are:
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>DisableEnterpriseAuthProxy</NodeName>
+          <NodeName>ConfigureTelemetryOptInChangeNotification</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.</Description>
-            <DefaultValue>0</DefaultValue>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DisableOneDriveFileSync</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57576,6 +65871,93 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureTelemetryOptInChangeNotification</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureTelemetryOptInChangeNotification</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureTelemetryOptInSettingsUx</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ConfigureTelemetryOptInSettingsUx</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ConfigureTelemetryOptInSettingsUx</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableEnterpriseAuthProxy</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DisableEnterpriseAuthProxy</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableEnterpriseAuthProxy</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableOneDriveFileSync</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>SkyDrive.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>SkyDrive~AT~WindowsComponents~OneDrive</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>PreventOnedriveFileSync</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57585,8 +65967,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57612,31 +65994,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.</Description>
-            <DefaultValue>0</DefaultValue>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>LimitEnhancedDiagnosticDataWindowsAnalytics</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57650,6 +66009,34 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LimitEnhancedDiagnosticDataWindowsAnalytics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. By configuring this setting, you're not stopping people from changing their Telemetry Settings; however, you are stopping them from choosing a higher level than you've set for the organization. To enable this behavior, you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced).If you configure these policy settings together, you'll send the Basic level of diagnostic data plus any additional events that are required for Windows Analytics, to Microsoft. The additional events are documented here: https://go.Microsoft.com/fwlink/?linked=847594. If you enable Enhanced diagnostic data in the Allow Telemetry policy setting, but you don't configure this policy setting, you'll send the required events for Windows Analytics, plus any additional Enhanced level telemetry data to Microsoft. This setting has no effect on computers configured to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy setting.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>LimitEnhancedDiagnosticDataWindowsAnalytics</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>LimitEnhancedDiagnosticDataWindowsAnalytics</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57659,8 +66046,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -57673,6 +66060,237 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>TelemetryProxyName</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>TelemetryProxy</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>SystemServices</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ConfigureHomeGroupListenerServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>HomeGroup Listener</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureHomeGroupProviderServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>HomeGroup Provider</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxAccessoryManagementServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Xbox Accessory Management Service</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveAuthManagerServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Xbox Live Auth Manager</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveGameSaveServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Xbox Live Game Save</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureXboxLiveNetworkingServiceStartupMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~System Services</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Xbox Live Networking Service</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>TaskScheduler</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnableXboxGameSaveTask</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57696,14 +66314,38 @@ The options are:
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>AllowHardwareKeyboardTextSuggestions</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>AllowIMELogging</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57727,8 +66369,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57752,8 +66394,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57777,8 +66419,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57791,6 +66433,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -57801,8 +66444,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57826,8 +66469,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57851,8 +66494,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57876,8 +66519,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57900,8 +66543,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57916,6 +66559,60 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>TextInput.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>TextInput~AT~WindowsComponents~TextInput</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowLanguageFeaturesUninstall</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowLinguisticDataCollection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>TextInput.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>TextInput~AT~WindowsComponents~TextInput</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowLinguisticDataCollection</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableTouchKeyboardAutoInvokeInDesktopMode</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57925,8 +66622,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57939,6 +66636,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57948,8 +66646,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57962,6 +66660,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
@@ -57972,8 +66671,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -57986,10 +66685,203 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>ForceTouchKeyboardDockedState</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardDictationButtonAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardEmojiButtonAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardFullModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardHandwritingModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardNarrowModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardSplitModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TouchKeyboardWideModeAvailability</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>TimeLanguageSettings</NodeName>
@@ -58016,8 +66908,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58061,8 +66953,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>17</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58075,6 +66967,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ActiveHoursEndTime</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ActiveHours</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58084,8 +66981,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>18</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58098,6 +66995,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="8" high="18"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ActiveHoursMaxRange</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ActiveHoursMaxRange</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58107,8 +67009,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>8</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58121,6 +67023,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ActiveHoursStartTime</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ActiveHours</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58130,8 +67037,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58144,6 +67051,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="5"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoUpdateMode</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58153,8 +67065,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58167,6 +67079,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowAutoWindowsUpdateDownloadOverMeteredNetwork</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58176,8 +67092,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58190,7 +67106,12 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowMUUpdateServiceId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58200,8 +67121,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58224,8 +67145,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58239,6 +67160,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58248,8 +67172,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>7</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58262,6 +67186,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoRestartDeadline</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoRestartDeadline</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58271,8 +67200,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>15</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58286,6 +67215,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="15,30,60,120,240"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoRestartNotificationSchd</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoRestartNotificationConfig</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58295,8 +67228,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58309,6 +67242,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="2"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoRestartRequiredNotificationDismissal</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoRestartRequiredNotificationDismissal</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58318,8 +67256,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>16</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58333,6 +67271,34 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="2,4,8,16,32"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>BranchReadinessLevelId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ConfigureFeatureUpdateUninstallPeriod</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>10</DefaultValue>
+            <Description>Enable enterprises/IT admin to configure feature update uninstall period</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="2" high="60"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58342,8 +67308,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58356,6 +67322,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="365"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DeferFeatureUpdatesPeriodId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58365,8 +67336,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58379,6 +67350,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DeferQualityUpdatesPeriodId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58388,8 +67364,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58402,6 +67378,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DeferUpdatePeriodId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58411,8 +67392,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58425,6 +67406,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="8"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DeferUpgradePeriodId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58434,8 +67420,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>22</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58448,6 +67434,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="22"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DetectionFrequency_Hour2</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DetectionFrequency_Title</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58457,8 +67448,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>Do not allow update deferral policies to cause scans against Windows Update</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>Do not allow update deferral policies to cause scans against Windows Update</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58471,6 +67462,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableDualScan</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58480,8 +67475,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>14</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58494,6 +67489,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartDeadline</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58503,8 +67503,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58517,6 +67517,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="1" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartSnoozeSchedule</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58526,8 +67531,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>7</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58540,6 +67545,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>EngagedRestartTransitionSchedule</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EngagedRestartTransitionSchedule</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58549,8 +67559,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58563,6 +67573,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ExcludeWUDriversInQualityUpdate</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58572,8 +67586,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58586,6 +67600,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CorpWUFillEmptyContentUrls</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58595,8 +67614,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58619,8 +67638,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58643,8 +67662,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58657,6 +67676,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ManagePreviewBuildsId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>ManagePreviewBuilds</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58666,8 +67690,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58680,6 +67704,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PauseDeferralsId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58689,8 +67718,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58703,6 +67732,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PauseFeatureUpdatesId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58712,8 +67746,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -58726,6 +67760,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PauseFeatureUpdatesStartId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferFeatureUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58735,8 +67773,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58749,6 +67787,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PauseQualityUpdatesId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58758,8 +67801,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -58772,6 +67815,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>PauseQualityUpdatesStartId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat~DeferUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferQualityUpdates</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58781,8 +67828,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>4</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58795,6 +67842,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="4"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58804,8 +67852,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58818,6 +67866,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>DeferUpgradePeriodId</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeferUpgrade</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58827,8 +67880,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58841,6 +67894,7 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58850,8 +67904,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58864,6 +67918,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="7"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoUpdateSchDay</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58873,8 +67932,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58887,6 +67946,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoUpdateSchEveryWeek</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58896,8 +67960,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58910,6 +67974,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoUpdateSchFirstWeek</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58919,8 +67988,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58933,6 +68002,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ScheduledInstallFourthWeek</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58942,8 +68016,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58956,6 +68030,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ScheduledInstallSecondWeek</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58965,8 +68044,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -58979,6 +68058,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>ScheduledInstallThirdWeek</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -58988,8 +68072,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>3</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59002,6 +68086,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="23"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoUpdateSchTime</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoUpdateCfg</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59011,8 +68100,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>15</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59026,6 +68115,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="15,30,60"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RestartWarn</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RestartWarnRemind</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59035,8 +68128,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>4</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59050,6 +68143,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues AllowedValues="2,4,8,12,24"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>RestartWarnRemind</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RestartWarnRemind</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59059,8 +68156,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59073,6 +68170,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AutoRestartNotificationSchd</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutoRestartNotificationDisable</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59082,8 +68184,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59096,6 +68198,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>SetEDURestart</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59105,8 +68211,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>CorpWSUS</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59119,6 +68225,10 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CorpWUURL_Name</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59128,8 +68238,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59143,10 +68253,821 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>CorpWUContentHost_Name</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>UserRights</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AccessCredentialManagerAsTrustedCaller</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Access Credential Manager ase a trusted caller</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AccessFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Access this computer from the network</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ActAsPartOfTheOperatingSystem</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Act as part of the operating system</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>AllowLocalLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. </Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Allow log on locally</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BackupFilesAndDirectories</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Back up files and directories</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ChangeSystemTime</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Change the system time</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateGlobalObjects</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Create global objects</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreatePageFile</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Create a pagefile</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreatePermanentSharedObjects</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Create permanent shared objects</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateSymbolicLinks</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Create symbolic links</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>CreateToken</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Create a token object</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DebugPrograms</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Debug programs</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyAccessFromNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Deny access to this computer from the network</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyLocalLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Deny log on as a service</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DenyRemoteDesktopServicesLogOn</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Deny log on through Remote Desktop Services</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>EnableDelegation</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Enable computer and user accounts to be trusted for delegation</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>GenerateSecurityAudits</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Generate security audits</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ImpersonateClient</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 
+1) The access token that is being impersonated is for this user.
+2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
+3) The requested level is less than Impersonate, such as Anonymous or Identify.
+Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Impersonate a client after authentication</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>IncreaseSchedulingPriority</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Increase scheduling priority</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LoadUnloadDeviceDrivers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Load and unload device drivers</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>LockMemory</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Lock pages in memory</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ManageAuditingAndSecurityLog</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Manage auditing and security log</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ManageVolume</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Perform volume maintenance tasks</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ModifyFirmwareEnvironment</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Modify firmware environment values</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ModifyObjectLabel</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Modify an object label</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>ProfileSingleProcess</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can use performance monitoring tools to monitor the performance of system processes.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Profile single process</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RemoteShutdown</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Force shutdown from a remote system</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RestoreFilesAndDirectories</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Restore files and directories</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>TakeOwnership</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPDBMappedCategory>Windows Settings~Security Settings~Local Policies~User Rights Assignment</MSFT:GPDBMappedCategory>
+            <MSFT:GPDBMappedName>Take ownership of files or other objects</MSFT:GPDBMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:SubStringSeparatorChar>0xF000</MSFT:SubStringSeparatorChar>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Wifi</NodeName>
         <DFProperties>
@@ -59172,8 +69093,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59187,6 +69108,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>wlansvc.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>wlansvc~AT~Network~WlanSvc_Category~WlanSettings_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WiFiSense</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59196,8 +69120,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59211,6 +69135,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>NetworkConnections.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>NetworkConnections~AT~Network~NetworkConnections</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NC_ShowSharedAccessUI</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59220,8 +69147,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59244,8 +69171,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59268,8 +69195,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59292,8 +69219,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59306,10 +69233,58 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1000"></MSFT:SupportedValues>
             <MSFT:ConflictResolution>HighestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>WindowsConnectionManager</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>WCM.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>WCM~AT~Network~WCM_Category</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>WCM_BlockNonDomain</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>WindowsDefenderSecurityCenter</NodeName>
         <DFProperties>
@@ -59335,8 +69310,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59350,6 +69325,38 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_CompanyName</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_CompanyName</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableAccountProtectionUI</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AccountProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AccountProtection_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59359,8 +69366,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59373,7 +69380,39 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AppBrowserProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AppBrowserProtection_UILockdown</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>DisableDeviceSecurityUI</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceSecurity_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59383,8 +69422,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59397,7 +69436,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Notifications</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Notifications_DisableEnhancedNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59407,8 +69450,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59421,7 +69464,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~FamilyOptions</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>FamilyOptions_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59431,8 +69478,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59445,7 +69492,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DevicePerformanceHealth</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DevicePerformanceHealth_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59455,8 +69506,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59469,7 +69520,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~FirewallNetworkProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>FirewallNetworkProtection_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59479,8 +69534,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59493,7 +69548,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~Notifications</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Notifications_DisableNotifications</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59503,8 +69562,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59517,7 +69576,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~VirusThreatProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirusThreatProtection_UILockdown</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59527,8 +69590,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59541,7 +69604,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~AppBrowserProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AppBrowserProtection_DisallowExploitProtectionOverride</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59551,8 +69618,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59566,6 +69633,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_Email</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_Email</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59575,8 +69646,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59589,7 +69660,11 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_EnableCustomizedToasts</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59599,8 +69674,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>0</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59613,7 +69688,95 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_EnableInAppCustomization</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideRansomwareDataRecovery</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~VirusThreatProtection</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>VirusThreatProtection_HideRansomwareRecovery</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideSecureBoot</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceSecurity_HideSecureBoot</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HideTPMTroubleshooting</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~DeviceSecurity</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DeviceSecurity_HideTPMTroubleshooting</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59623,8 +69786,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59638,6 +69801,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_Phone</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_Phone</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59647,8 +69814,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59662,6 +69829,10 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsDefenderSecurityCenter.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>Presentation_EnterpriseCustomization_URL</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsDefenderSecurityCenter~AT~WindowsComponents~WindowsDefenderSecurityCenter~EnterpriseCustomization</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnterpriseCustomization_URL</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59691,8 +69862,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59707,6 +69878,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsInkWorkspace.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsInkWorkspace~AT~WindowsComponents~WindowsInkWorkspace</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowSuggestedAppsInWindowsInkWorkspace</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59716,8 +69890,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>2</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59730,7 +69904,12 @@ The options are:
             <DFType>
               <MIME>text/plain</MIME>
             </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WindowsInkWorkspace.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AllowWindowsInkWorkspaceDropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsInkWorkspace~AT~WindowsComponents~WindowsInkWorkspace</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowWindowsInkWorkspace</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59760,8 +69939,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59787,8 +69966,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue></DefaultValue>
+            <Description></Description>
             <DFFormat>
               <chr/>
             </DFFormat>
@@ -59808,14 +69987,41 @@ The options are:
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnumerateLocalUsersOnDomainJoinedComputers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>logon.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnumerateLocalUsers</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>HideFastUserSwitching</NodeName>
           <DFProperties>
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.</Description>
             <DefaultValue>0</DefaultValue>
+            <Description>This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59829,9 +70035,86 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>Logon.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>Logon~AT~System~Logon</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>HideFastUserSwitching</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>WinLogon.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>WinLogon~AT~WindowsComponents~Logon</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AutomaticRestartSignOn</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>WindowsPowerShell</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>TurnOnPowerShellScriptBlockLogging</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>PowerShellExecutionPolicy.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>PowerShellExecutionPolicy~AT~WindowsComponents~PowerShell</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableScriptBlockLogging</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>WirelessDisplay</NodeName>
@@ -59858,8 +70141,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59882,8 +70165,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description>This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.</Description>
             <DefaultValue>1</DefaultValue>
+            <Description>This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59906,10 +70189,10 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy allows you to turn off projection from a PC.
                             If you set it to 0, your PC cannot discover or project to other devices.
                             If you set it to 1, your PC can discover and project to other devices.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59932,10 +70215,10 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy allows you to turn off projection from a PC over infrastructure.
                             If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct.
                             If you set it to 1, your PC can discover and project to other devices over infrastructure.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59958,10 +70241,10 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy setting allows you to turn off projection to a PC
                             If you set it to 0, your PC isn't discoverable and can't be projected to
                             If you set it to 1, your PC is discoverable and can be projected to above the lock screen only. The user has an option to turn it always on or off except for manual launch, too.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -59976,6 +70259,9 @@ The options are:
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>WirelessDisplay.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WirelessDisplay~AT~WindowsComponents~Connect</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AllowProjectionToPC</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -59985,10 +70271,10 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>1</DefaultValue>
             <Description>This policy setting allows you to turn off projection to a PC over infrastructure.
                             If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
                             If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.</Description>
-            <DefaultValue>1</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -60011,8 +70297,8 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
-            <Description></Description>
             <DefaultValue>1</DefaultValue>
+            <Description></Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -60035,10 +70321,10 @@ The options are:
             <AccessType>
               <Get />
             </AccessType>
+            <DefaultValue>0</DefaultValue>
             <Description>This policy setting allows you to require a pin for pairing.
                             If you turn this on, the pairing ceremony for new devices will always require a PIN
                             If you turn it off or don't configure it, a pin isn't required for pairing.</Description>
-            <DefaultValue>0</DefaultValue>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -60052,6 +70338,9 @@ The options are:
               <MIME>text/plain</MIME>
             </DFType>
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WirelessDisplay.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WirelessDisplay~AT~WindowsComponents~Connect</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RequirePinForPairing</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>

From 1d6a7981b9e87b9b082e802b25da353b1ffa5782 Mon Sep 17 00:00:00 2001
From: "Andrea Bichsel (Aquent LLC)" <v-anbic@microsoft.com>
Date: Tue, 27 Feb 2018 00:13:52 +0000
Subject: [PATCH 041/119] Added sentences to bulleted list to make it clear
 which features require Windows Defender Antivirus.

---
 .../windows-defender-exploit-guard.md                | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index 817038ca1c..d75309c31b 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
+author: andreabichsel
+ms.author: v-anbic
 ms.date: 12/12/2017
 ---
 
@@ -33,10 +33,10 @@ Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrus
 
 There are four features in Windows Defender EG:
 
-- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps
-- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-,  script- and mail-based malware 
-- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices
-- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
+- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV).
+- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-,  script- and mail-based malware. Requires Windows Defender AV. 
+- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
+- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
 
 
 You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:

From 6a1bdfa038d144374fbb60367b1df52b691c39b8 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 11:16:03 -0800
Subject: [PATCH 042/119] revised hub page

---
 windows/hub/TOC.md         |  4 +---
 windows/hub/index.md       | 30 +++++++++---------------------
 windows/security/index.yml |  2 ++
 3 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index b0a1554fa0..43202e6dde 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -5,8 +5,6 @@
 ## [Configuration](/windows/configuration)
 ## [Client management](/windows/client-management)
 ## [Application management](/windows/application-management)
-## [Identity and access management](/windows/security/identity-protection)
-## [Information protection](/windows/security/information-protection)
-## [Threat protection](/windows/security/threat-protection)
+## [Security](/windows/security)
 ## [Troubleshooting](/windows/client-management/windows-10-support-solutions)
 ## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows)
\ No newline at end of file
diff --git a/windows/hub/index.md b/windows/hub/index.md
index 7d1f965f9d..4c7f9358ed 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -37,12 +37,6 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
       <a href="/windows/deployment/index">
         <img src="images/deployment.png" alt="Windows 10 deployment" title="Windows 10 deployment" />
       <br/>Deployment </a><br>
-    </td>
-       <td align="center" style="width:25%; border:0;">
-      <a href="/windows/client-management/index">
-        <img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
-      <br/>Client Management </a><br>
-    </td>
   </tr>
   <tr style="text-align:center;">
     <td align="center" style="width:25%; border:0;"><br>
@@ -50,21 +44,15 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
         <img src="images/applicationmanagement.png" alt="Manage applications in your Windows 10 enterprise deployment" title="Application management" />
       <br/>Application Management </a>
     </td>
-    <td align="center" style="width:25%; border:0;"><br>
-      <a href="/windows/access-protection/index">
-        <img src="images/accessprotection.png" alt="Windows 10 access protection" title="Windows 10 access protection" />
-      <br/>Access Protection </a>
+       <td align="center" style="width:25%; border:0;">
+      <a href="/windows/client-management/index">
+        <img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
+      <br/>Client Management </a><br>
     </td>
     <td align="center" style="width:25%; border:0;"><br>
-      <a href="/windows/device-security/index">
-        <img src="images/devicesecurity.png" alt="Windows 10 device security" title="W10 device security" />
-      <br/>Device Security </a>
-    </td>
-    <td align="center" style="width:25%; border:0;"><br>
-      <a href="/windows/threat-protection/index">
-        <img src="images/threatprotection.png" alt="Windows 10 threat protection" title="Windows 10 threat protection" />
-      <br/>Threat Protection </a>
-    </td>
+      <a href="/windows/security/index">
+        <img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
+      <br/>Security </a>
   </tr>
 </table>
 
@@ -74,9 +62,9 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
 
 The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers.
 
-  These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
+These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
   
-  - [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
+- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
 
 ## Related topics
 [Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 8999a8a950..7a1ed6b87c 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -14,6 +14,8 @@ metadata:
 
   keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
 
+  ms.localizationpriority: high
+
   author: brianlic-msft
 
   ms.author: brianlic

From 723c69a6906d714004fa9f1ed3b1bcfed7120424 Mon Sep 17 00:00:00 2001
From: computeronix <19168174+computeronix@users.noreply.github.com>
Date: Tue, 27 Feb 2018 14:32:12 -0500
Subject: [PATCH 043/119] corrected typo

instead of pased it should be based
---
 windows/whats-new/whats-new-windows-10-version-1607.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index fb858f7d9e..b296cc0cdf 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -81,7 +81,7 @@ Additional changes for Windows Hello in Windows 10, version 1607:
 
 ### VPN
 
-- The VPN client can integrate with the Conditional Access Framework, a cloud-pased policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
+- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
 - The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
 - New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607)
 - Microsoft Intune: *VPN Profile (Windows 10 Desktop and Mobile and later)* policy template includes support for native VPN plug-ins.

From ba1edcfafa36ab85c1b9ee1d5809e36e02d165f4 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 11:33:21 -0800
Subject: [PATCH 044/119] added new png

---
 windows/hub/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/hub/index.md b/windows/hub/index.md
index 4c7f9358ed..90c4720c7a 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -51,7 +51,7 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     </td>
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/security/index">
-        <img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
+        <img src="https://docs.microsoft.com/media/common/i_identity-protection.svg" alt="Windows 10 security" title="W10 security" />
       <br/>Security </a>
   </tr>
 </table>

From 746a27a847738dd540fda6cd6d14f7de673b5f61 Mon Sep 17 00:00:00 2001
From: computeronix <19168174+computeronix@users.noreply.github.com>
Date: Tue, 27 Feb 2018 14:35:28 -0500
Subject: [PATCH 045/119] Typo and link correction

Corrected link typo causing poor display issues
Corrected link for Windows Hello for Business forgot pin to point to right article
---
 windows/whats-new/whats-new-windows-10-version-1703.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index 3b14218ea5..9beb4709cd 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -122,7 +122,7 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10
 
 You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/).
 
-Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
+Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
 
 ### Windows Defender Antivirus
 Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
@@ -169,7 +169,7 @@ For Windows Phone devices, an administrator is able to initiate a remote PIN res
 
 For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**.
 
-For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin).
+For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset).
 
 ### Windows Information Protection (WIP) and Azure Active Directory (Azure AD)
 Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune).

From 4bb6735f7a0777a94d159b99a277dfb54dc623a9 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 27 Feb 2018 19:53:13 +0000
Subject: [PATCH 046/119] Merged PR 6054:
 TextInput/AllowHardwareKeyboardTextSuggestions added to Policy CSP

---
 ...ew-in-windows-mdm-enrollment-management.md |  3 +-
 .../policy-configuration-service-provider.md  |  6 +-
 .../mdm/policy-csp-textinput.md               | 55 ++++++++++++++++++-
 3 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 55233dabcb..7a1fc2a5f2 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/05/2018
+ms.date: 02/26/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1411,6 +1411,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Display/EnablePerProcessDpi</li>
 <li>Display/EnablePerProcessDpiForApps</li>
 <li>Experience/AllowWindowsSpotlightOnSettings</li>
+<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
 <ul>
 </td></tr>
 <tr class="odd">
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 1d2ee6afaa..1d092797ac 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/12/2018
+ms.date: 02/26/2018
 ---
 
 # Policy CSP
@@ -2811,6 +2811,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode" id="systemservices-configurexboxlivenetworkingservicestartupmode">SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</a>
   </dd>
+</dl>
 
 ### TaskScheduler policies
 
@@ -2823,6 +2824,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### TextInput policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowhardwarekeyboardtextsuggestions" id="textinput-allowhardwarekeyboardtextsuggestions">TextInput/AllowHardwareKeyboardTextSuggestions</a>
+  </dd>
   <dd>
     <a href="./policy-csp-textinput.md#textinput-allowimelogging" id="textinput-allowimelogging">TextInput/AllowIMELogging</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 18075100b2..ea9e693f80 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 02/26/2018
 ---
 
 # Policy CSP - TextInput
@@ -21,6 +21,9 @@ ms.date: 01/30/2018
 ## TextInput policies  
 
 <dl>
+  <dd>
+    <a href="#textinput-allowhardwarekeyboardtextsuggestions">TextInput/AllowHardwareKeyboardTextSuggestions</a>
+  </dd>
   <dd>
     <a href="#textinput-allowimelogging">TextInput/AllowIMELogging</a>
   </dd>
@@ -66,6 +69,56 @@ ms.date: 01/30/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-allowhardwarekeyboardtextsuggestions"></a>**TextInput/AllowHardwareKeyboardTextSuggestions**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803.  Specifies text prediction for hardware keyboard is always disabled. When this policy is set to 0, text prediction for hardware keyboard is always disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 – Text prediction for the hardware keyboard is disabled and the switch is unusable (user cannot activate the feature).
+-   1 (default) – Text prediction for the hardware keyboard is enabled. User can change the setting.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->

From 3d60a7b52a0c526219e4af11ba6f5794b257c346 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 12:42:51 -0800
Subject: [PATCH 047/119] added image

---
 windows/hub/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/hub/index.md b/windows/hub/index.md
index 90c4720c7a..fe2fe838a6 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -51,7 +51,7 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     </td>
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/security/index">
-        <img src="https://docs.microsoft.com/media/common/i_identity-protection.svg" alt="Windows 10 security" title="W10 security" />
+        <img src="https://docs.microsoft.com/media/common/i_threat-protection.svg" alt="Windows 10 security" title="W10 security" />
       <br/>Security </a>
   </tr>
 </table>

From b3dbeaaeb981241dc987561646462131b4f243eb Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 12:51:56 -0800
Subject: [PATCH 048/119] added spaces to images

---
 windows/hub/index.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/hub/index.md b/windows/hub/index.md
index fe2fe838a6..ac84a4855e 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -42,7 +42,7 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/application-management/index">
         <img src="images/applicationmanagement.png" alt="Manage applications in your Windows 10 enterprise deployment" title="Application management" />
-      <br/>Application Management </a>
+      <br/>Application Management </a><br>
     </td>
        <td align="center" style="width:25%; border:0;">
       <a href="/windows/client-management/index">
@@ -52,7 +52,7 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/security/index">
         <img src="https://docs.microsoft.com/media/common/i_threat-protection.svg" alt="Windows 10 security" title="W10 security" />
-      <br/>Security </a>
+      <br/>Security </a><br>
   </tr>
 </table>
 

From b58bd49c3ddb5e85ffab2434e393b61d6001dab4 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 13:00:08 -0800
Subject: [PATCH 049/119] added spaces to images

---
 windows/hub/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/hub/index.md b/windows/hub/index.md
index ac84a4855e..a1d13d683d 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -51,7 +51,7 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     </td>
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/security/index">
-        <img src="https://docs.microsoft.com/media/common/i_threat-protection.svg" alt="Windows 10 security" title="W10 security" />
+        <img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
       <br/>Security </a><br>
   </tr>
 </table>

From b2200d31f8725f178ecd17b02ce0ff848315e98a Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 27 Feb 2018 14:20:08 -0800
Subject: [PATCH 050/119] added spaces

---
 windows/hub/index.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/hub/index.md b/windows/hub/index.md
index a1d13d683d..73eff095ff 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -42,17 +42,17 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/application-management/index">
         <img src="images/applicationmanagement.png" alt="Manage applications in your Windows 10 enterprise deployment" title="Application management" />
-      <br/>Application Management </a><br>
+      <br/>Application Management </a>
     </td>
-       <td align="center" style="width:25%; border:0;">
+       <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/client-management/index">
         <img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
-      <br/>Client Management </a><br>
+      <br/>Client Management </a>
     </td>
     <td align="center" style="width:25%; border:0;"><br>
       <a href="/windows/security/index">
         <img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
-      <br/>Security </a><br>
+      <br/>Security </a>
   </tr>
 </table>
 

From 9ddb49ba952cda14ab491ad31cb2ca5ff859f282 Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Tue, 27 Feb 2018 22:58:48 +0000
Subject: [PATCH 051/119] Merged PR 6060: Deleting duplicate browser policy.

---
 .../mdm/policy-csp-browser.md                 | 56 -------------------
 1 file changed, 56 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index da6abdd0ee..762300cba0 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -2331,62 +2331,6 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
-<!--StartPolicy-->
-<a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartScope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-<hr/>
-
-<!--EndScope-->
-<!--StartDescription-->
-This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
-
-<!--EndDescription-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - No shared folder.
--   1 - Use a shared folder.
-
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--EndPolicy-->
-<hr/>
 
 Footnote:
 

From cfbf00b7299ff56ef514aa60dfb26c3e11d24e5f Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Wed, 28 Feb 2018 19:14:01 +0000
Subject: [PATCH 052/119] Merged PR 6077: fixing 3 cellular href ID's to match
 consistent schema produced by automation

fixing 3 cellular href ID's to match consistent schema produced by automation
---
 .../mdm/policy-configuration-service-provider.md     |  6 +++---
 windows/client-management/mdm/policy-csp-cellular.md | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 1d092797ac..ea66a5dbe0 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -536,13 +536,13 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata" id="cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_forceallowtheseapps" id="cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps" id="cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_forcedenytheseapps" id="cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps" id="cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
   </dd>
   <dd>
-    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_userincontroloftheseapps" id="cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
+    <a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps" id="cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
   </dd>
   <dd>
     <a href="./policy-csp-cellular.md#cellular-showappcellularaccessui" id="cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 33931f6aa7..0a1606c00c 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -23,13 +23,13 @@ ms.date: 01/30/2018
     <a href="#cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
   </dd>
   <dd>
     <a href="#cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
@@ -103,7 +103,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**  
 
 <!--SupportedSKUs-->
 <table>
@@ -146,7 +146,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**  
 
 <!--SupportedSKUs-->
 <table>
@@ -189,7 +189,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**  
 
 <!--SupportedSKUs-->
 <table>

From bf96b81dc5c3b07c5c2d1d1383501a0367d0899e Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Wed, 28 Feb 2018 20:06:49 +0000
Subject: [PATCH 053/119] Merged PR 6079: TextInput policies in Policy CSP -
 added new policies

---
 ...ew-in-windows-mdm-enrollment-management.md |   8 +
 .../policy-configuration-service-provider.md  |  24 +
 .../mdm/policy-csp-textinput.md               | 432 ++++++++++++++++++
 3 files changed, 464 insertions(+)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 7a1fc2a5f2..4ff04b5dba 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1412,6 +1412,14 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Display/EnablePerProcessDpiForApps</li>
 <li>Experience/AllowWindowsSpotlightOnSettings</li>
 <li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
+<li>TextInput/ForceTouchKeyboardDockedState</li>
+<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
+<li>TextInput/TouchKeyboardEmojiButtonAvailability</li>
+<li>TextInput/TouchKeyboardFullModeAvailability</li>
+<li>TextInput/TouchKeyboardHandwritingModeAvailability</li>
+<li>TextInput/TouchKeyboardNarrowModeAvailability</li>
+<li>TextInput/TouchKeyboardSplitModeAvailability</li>
+<li>TextInput/TouchKeyboardWideModeAvailability</li>
 <ul>
 </td></tr>
 <tr class="odd">
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index ea66a5dbe0..4b54639bbb 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2866,6 +2866,30 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis" id="textinput-excludejapaneseimeexceptshiftjis">TextInput/ExcludeJapaneseIMEExceptShiftJIS</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-forcetouchkeyboarddockedstate" id="textinput-forcetouchkeyboarddockedstate">TextInput/ForceTouchKeyboardDockedState</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboarddictationbuttonavailability" id="">TextInput/TouchKeyboardDictationButtonAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardemojibuttonavailability" id="textinput-touchkeyboarddictationbuttonavailability">TextInput/TouchKeyboardEmojiButtonAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardfullmodeavailability" id="textinput-touchkeyboardfullmodeavailability">TextInput/TouchKeyboardFullModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardhandwritingmodeavailability" id="textinput-touchkeyboardhandwritingmodeavailability">TextInput/TouchKeyboardHandwritingModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardnarrowmodeavailability" id="textinput-touchkeyboardnarrowmodeavailability">TextInput/TouchKeyboardNarrowModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardsplitmodeavailability" id="textinput-touchkeyboardsplitmodeavailability">TextInput/TouchKeyboardSplitModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-touchkeyboardwidemodeavailability" id="textinput-touchkeyboardwidemodeavailability">TextInput/TouchKeyboardWideModeAvailability</a>
+  </dd>
 </dl>
 
 ### TimeLanguageSettings policies
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index ea9e693f80..c301cc1884 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -66,6 +66,30 @@ ms.date: 02/26/2018
   <dd>
     <a href="#textinput-excludejapaneseimeexceptshiftjis">TextInput/ExcludeJapaneseIMEExceptShiftJIS</a>
   </dd>
+  <dd>
+    <a href="#textinput-forcetouchkeyboarddockedstate">TextInput/ForceTouchKeyboardDockedState</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboarddictationbuttonavailability">TextInput/TouchKeyboardDictationButtonAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardemojibuttonavailability">TextInput/TouchKeyboardEmojiButtonAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardfullmodeavailability">TextInput/TouchKeyboardFullModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardhandwritingmodeavailability">TextInput/TouchKeyboardHandwritingModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardnarrowmodeavailability">TextInput/TouchKeyboardNarrowModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardsplitmodeavailability">TextInput/TouchKeyboardSplitModeAvailability</a>
+  </dd>
+  <dd>
+    <a href="#textinput-touchkeyboardwidemodeavailability">TextInput/TouchKeyboardWideModeAvailability</a>
+  </dd>
 </dl>
 
 
@@ -859,8 +883,416 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
+
 <hr/>
 
+<!--Policy-->
+<a href="" id="textinput-forcetouchkeyboarddockedstate"></a>**TextInput/ForceTouchKeyboardDockedState**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies the touch keyboard is always docked. When this policy is set to enabled, the touch keyboard is always docked.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - (default) - The OS determines when it's most appropriate to be available. 
+-   1 - Touch keyboard is always docked.
+-   2 - Touch keyboard docking can be changed.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboarddictationbuttonavailability"></a>**TextInput/TouchKeyboardDictationButtonAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the dictation input button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the dictation input button on touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Dictation button on the keyboard is always available.
+-   2 - Dictation button on the keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardemojibuttonavailability"></a>**TextInput/TouchKeyboardEmojiButtonAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the emoji button is enabled or disabled for the touch keyboard. When this policy is set to disabled, the emoji button on touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Emoji button on keyboard is always available.
+-   2 - Emoji button on keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardfullmodeavailability"></a>**TextInput/TouchKeyboardFullModeAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the full keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the full keyboard mode for touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Full keyboard is always available.
+-   2 - Full keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardhandwritingmodeavailability"></a>**TextInput/TouchKeyboardHandwritingModeAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the handwriting input panel is enabled or disabled. When this policy is set to disabled, the handwriting input panel is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Handwriting input panel is always available.
+-   2 - Handwriting input panel is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardnarrowmodeavailability"></a>**TextInput/TouchKeyboardNarrowModeAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the narrow keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the narrow keyboard mode for touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Narrow keyboard is always available.
+-   2 - Narrow keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardsplitmodeavailability"></a>**TextInput/TouchKeyboardSplitModeAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the split keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the split keyboard mode for touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Split keyboard is always available.
+-   2 - Split keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="textinput-touchkeyboardwidemodeavailability"></a>**TextInput/TouchKeyboardWideModeAvailability**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Specifies whether the wide keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the wide keyboard mode for touch keyboard is disabled.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - The OS determines when it's most appropriate to be available.
+-   1 - Wide keyboard is always available.
+-   2 - Wide keyboard is always disabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
 Footnote:
 
 -   1 - Added in Windows 10, version 1607.

From b68561c57c4065bdca882b8c8dab6d119cae6fc2 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Wed, 28 Feb 2018 12:54:24 -0800
Subject: [PATCH 054/119] new WIP4Biz intro; other additions from PMs

---
 windows/deployment/update/WIP4Biz-intro.md    |  70 +++++++
 .../update/images/WIP4Biz_Deployment.png      | Bin 0 -> 28300 bytes
 .../update/images/WIP4Biz_Prompts.png         | Bin 0 -> 66737 bytes
 .../waas-windows-insider-for-business.md      | 181 ++++++------------
 4 files changed, 132 insertions(+), 119 deletions(-)
 create mode 100644 windows/deployment/update/WIP4Biz-intro.md
 create mode 100644 windows/deployment/update/images/WIP4Biz_Deployment.png
 create mode 100644 windows/deployment/update/images/WIP4Biz_Prompts.png

diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
new file mode 100644
index 0000000000..4623481b66
--- /dev/null
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -0,0 +1,70 @@
+---
+title: Introduction to the Windows Insider Program for Business
+description: Introduction to the Windows Insider Program for Business and why IT Pros should join it 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jaimeo
+ms.localizationpriority: high
+ms.author: jaimeo
+ms.date: 02/26/2018
+---
+
+# Introduction to the Windows Insider Program for Business
+
+
+**Applies to**
+
+- Windows 10
+
+> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+
+For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the Semi-Annual Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
+
+The Windows Insider Program for Business gives you the opportunity to:
+ 
+* Get early access to Windows Insider Preview Builds. 
+* Provide feedback to Microsoft in real time by using the Feedback Hub app.
+* Sign in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
+* Register your Azure Active Directory domain in the program, allowing you to cover all users within your organization with just one registration.
+* Starting with Windows 10, version 1709, enable, disable, defer, and pause the installation of preview builds through policies.
+* Track feedback provided through the Feedback Hub App across your organization.
+
+Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App. 
+
+The Windows Insider Program doesn't replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
+
+
+
+
+
+## Explore new Windows 10 features in Insider Previews
+Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration: 
+
+|Objective |Feature exploration|
+|---------|---------|
+|Release channel  |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
+|Users    |    Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices.     |
+|Tasks   |  - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)<br>  - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications<br> - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features.      |
+|Feedback   |  - Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/en-us/how-to-feedback/)       |
+
+## Validate Insider Preview builds 
+Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits:
+ 
+- Get a head start on your Windows validation process 
+- Identify issues sooner to accelerate your Windows deployment 
+- Engage Microsoft earlier for help with potential compatibility issues 
+- Deploy Windows 10 Semi-Annual releases faster and more confidently 
+- Maximize the 18-month support Window that comes with each Semi-Annual release. 
+
+[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the Semi-Annual Channel Targeted ring for Pilot deployment, and the Semi-Annual Channel for broad deployment](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
+Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
+
+|Objective |Feature exploration|
+|---------|---------|
+|Release channel  |**Slow Ring:** Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production devices by skilled users.|
+|Users    |   Application and infrastructure validation: In addition to Insiders who might have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.|
+|Tasks   | Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes.    |
+|Feedback   | Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues.  |
+|Guidance  |  Application and infrastructure validation:<br>- [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps)<br>- [Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor)<br> - [Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)| 
+
diff --git a/windows/deployment/update/images/WIP4Biz_Deployment.png b/windows/deployment/update/images/WIP4Biz_Deployment.png
new file mode 100644
index 0000000000000000000000000000000000000000..bf267aa9eb8a01d0ae43b623a0b3701550d2a269
GIT binary patch
literal 28300
zcmdRW^;?wN7q1FPDk&{3AV`UXq%<gqfRrd*N_VFN3?LvPf=Htxf^>J6G)PHzcjsN>
z`QGRL4fhAnQ66UIec!$ITA$hz{OqaR4IE0GD_5@EP>`2ay>jK6)|D$)nX#_HPk0*L
z(&2yTW)eygSFYqm;GP*^z`wC=<+UBITp=Ss{kckRK=>DaNZ}}><)~(3>gZx%Z*s-f
z;I*|Qr?rVA-2+Z;&ig#ubg!eYT(QPhkd}Dvs=J=x;z}|<8We#{{lQAdN=N$q8G06$
z>Q|h{Tx=o95AIYQPIzp>f7t!@-an?K|9(h-h3$H;Wq0WC$pnvH7xSY=rPd9x!+qT{
z(}}yEl}wX7yerf$_HiW$&?S)EOp^X|Sdw4q35n1p2pDbzzo*0UCwMK7fPW$6r5Kp7
z{OP1AiRj^%>HFSeVZ$#+21?7LUi#qw&zJhgTwGi%EG+EpIkK~7IxKd1oh+x{zI}V_
zLCV{IH)h+|+}z&QR#aTfshvO9D@S`iRCBT4${2A^ullSfMM_CYX-rWP6ZNDd3rigq
zZ(gHq<QEkDk&$tHyqIKWY@Dm`=FJ;k(~cjRnQEGvhg)021!nlNIj<_3zvHm~duRsN
zM^~4Y%+1YfZ67_V%`<Az$k9EYi&D;hSw<vkF_<N>_C?&s+uK`A_WbOOo05=_r*Mv|
zCie4Zg9rETe+c{EyQExum{U>`a|0g_&+}+HsKBiI0^Wn0jf)FEZ+)z+e|T6>RP?r}
zSy#N<Uawq|&&4sBo@ZWuetuyg3Ga^|Kk&Fj_Z05Rs;jGy{K%C=Ej58F9k-_D5Imjz
z)gdX5)xlpCUZ?yg!otEy<fgr;G9}jIJ6l`6!<JT7gv9hu&I$_(r0_p5NFSZ7<_rxC
zbj0zk*7~7Y7PUskx^GQM@Uvz8D;acr@+T@PDpFEt_uua7daM_j{Qg9b%kWope?Toa
zrlv;Rl>OelMs9|wj?cV*M@M&dcX>`0zSvZsAN<{2=w#>OQhxG8Dk3`iR$$(mj!jj7
z`Y)}#Yne?mSRZjo@6|4CZIZnBSFrsF8ynV6PEJ}YBW6kCB{q6?cH3c80vg#b9~w2k
zD=ihAD{i6ndHM1swS)J;h#A)nG>`qm!_$+Kt^{FCIXTSYCkhI$ZESpY+E|jjPnH?w
z!p$u#jOspp`Xoo=HaC!=rghNw?TN!eM_oKtfEKA}4?V+zQG}>7Tx806tmzci)XDzp
zSgW`%s*ZTVmR449aB+YC{yp35bBsZBGW8ap#%r&aL#KFcqyY1U|KImmPaZ!excJ2R
zYGrn|K_uuiA#sY3va<4?mX3~8(w52d=OnT>ZrmWGn3hL~;OUzlY~Pg~%6=uh_r?48
z&clZkaR|yh`$1w_TKu7ja;MO+r|h;5l9QA5U%&qR`7?HlLzNFLYUegerKP1Yii(bR
zb=|}mZ*RvrzMhBI_u<2bnT4ZyGBY!?y&pe+=0~uPl(<iNpK?$I7LszjcwjS8>F0NK
zj~k;t?Tdg-;Pg#uLEELCluXT>)LmGcIy_WC!Gd)siPw0YI?I!26QgONsWC!fnOj;K
zhsQ5CIy+0AiQiykW;WH=fB*601N+pT#(#}QkubMw{&$R*msj-1k8|_$^j~81yeXL9
z=IOdlW0by`Z4UeO>sNtk=V-YTdr1dZ4YjbdW%E0V=;&z6!kQYNgS8Q@_g=!KK9}D2
zT=$k#_;0PYu%f$7*JEJeKUCG$rf|FY-4j|O_uIHQN`~1Fcb*hm{bi=7_fvw6DOqS3
zs;s<qKSf}vEIFBupMS8Sp`o=^URE~nt}S|HJQ9h-d?tw6-G-`<q%*U#Iq%+GUS2j3
zZ8gXx={W3r!nOXl1Ya}=pVoUVuZ8<>=NAFZ9Nn-CSQrnx*hv3yrXX+U1X`n}kXz7P
zOn3(d2Mt%?_S%>w$hVdv#4oUvQi-D^B_+Av)uJ;RUjO>z;J}%bHl1bog(XvC(&x_<
z)YO&+27a^G6%-Vnx}^EyMt&XPCUQ_$zf}@agZ-~TcMCpzSao@EN<b8k`M!2<e_v&i
zgM-6>nT(7Kuizo<fZnK&AJKWeppe(bptxNOM-~=L`6G&o_!cC3&C+_viRfo;>$FWx
zO*wRnmc04H#(yi#VkkQRi{~Amv9YmY_wGw_+lT!4f3=|oX=yj-=L3GQ+_@9Lc>TM;
zby<4JrJjzCj+Pb{9v;FVviEl`u8oY0#ICHYoG9xuqponq<}J>|z<}d&-yM>9ScL3D
zF1#BzQaG8)a&x(fiHX0KQ1F^2_oRRQntTa0B>y@tF3wh0S{mIwIlE-S9e202z1`4G
zMn-07w>|*Z(hB-BSLN0<|Frn{_%C0mNRF1$B2JEv^D^FF{V+MC=hG=$hvvyI$fw_+
z&vjM?ElyHOir$rvkIy`!f1Gvev6G`CH8u4XW=C5as!5NiM~sEY_V)B#Aqy9NJ@c<g
zZJ-%yxVQ)i?EL1^(9qaj?3QzXo1M&Kz6_f+&4Nex3Gp}2y`{Rhm{e3$JiI!_UGWcD
zx1l1n+WawapPd^#E+%qL;>EzgFvowR_~Z#YE3512dPyFM@$uPiH*~dpKHiIz>&$4D
zL>J~z-AHRejYsdK2BJQFA|)m^`bl+FbZ2Kr@Z}@wM!hS$E>2DcBN?75sA+-p@Dr*w
z?@eV%bWKf7_1_;J9)9$E(&ti?<Q4%zuI0%6cakqG+4Rj`hkM!#O-@FLlo&RJPzhMy
zds({GM5fn>cdul;+zF<NHvFM@b(kXheR!n6tmb3|iaUF$@eBsQaNz5seVR%Pk7*ft
zhM=IJzkmN)SXe|*?L#rVzt-8&AtEA@nwG|M8O^Ra^*d<Q{$F1qI6gkca)!DQwV%Vn
zYuUfp35C0<pX^r_ud*289E^&LtRteL>TGZKFOf}J49*Wf*8KINX+^k?seUYo)*CtP
zv^rSliRGV>k+JsW*Wsj(&qSqL8rMLD_qou^Yqt$01OrzS_#d@B(|rB<_2b7OIXPUZ
zG=`bb$rsC2lJ#IzK}!q5b*(ZnF)1o4+TY(7zvRMd_c`0fEIA0eimJq3e^I}snWoUZ
zygb+<S;QE(Q`XBC6W?Yhy02tF5gr{K<tlg_Zphq&vV6NfGc(ikwuxugEXk|cbZL3{
zGq2fARYoe4EWH{UPHFem)m0;wP)YKoAR2DGT>i82z`*N*%5rjM?z(y5>znKARnF@#
ztgWq|KmQmSirWZ1r%puRnl9Z=64WHzWkrPt6#31Y1p9)$O1@oPPd7Bh@KCc0i?`J{
z_jbsAUL|8=CgE+wi224?Su5+SSFddQpnnl4apR{>&qjz>yKWn@68qtu3p=mXeuZVs
z(Jr`d{pel8W0)dBXH<ceM~%eF`b1PFbT19h{}x;6l-kl?zey|B!GDD<Ix^DF1m=;P
z&!*sQ{mB*e=g;W~PLGd2$Hua<v4#Jk(Pt@u>N+|-WhDFb@#Db2fbCNcI=XtF%hSm*
zXT^u8YD7f&`};#j=}Hn$N-*+&J~TG=jt-0Cwx~Nvbc|?JYi%tZfDW`Z-2^;m3>w2{
zIy!%&l*Qa&a%^pF;fozzN$Be8iZ$r}t_1zvpP#NbibXk<c2xiOeE<~(BR8n{&yHpz
z-cL51-?Y4EOXC<Wg0tGv*jQRtCShqiF}zCJgMFKlimIZ#d?vznx<26N&!2g;HWv>6
z0Dvbm7uRN_9L@1wzw&gMQA>E8dU$xaE&U9gKc%U@<~{~GIujF<zV9oKmY)88DP?_q
zIt~A;zJjHeBl+ox?l{`H>FIKhALFp=ReK)CKXfn!=ybC8I+1Jl{pI)WA&=qMgM)+i
z_V#!0@G4nxadG+hitNOvr3d=^`tpm55BB$!6cromq@A4j%zi2?&@ULFwn@DLKns!p
z#Xy6Bb0{lPzT0h<aN*q|yB(i6bh!7Szm(WaW@ltbym?t>Ki`V|84#P_8K++L+RTjq
zRbJkL>T0nLD4t*yCMFvj8?CLWy0?^+lmP(&{cKwjwSY&5*_c#ZTwJ6@%{|tfaIbtG
z?&%?*5P0x_L<RqQR%YgG<%4-Toy&v2He(jC|DX~UM^5EVJF&9J_DW_>y)F#(gPk4!
zJm<}cFcm?(5o_3n03jF?#Lu=GnnKCoBc_{*EQab?pJ4?$I5>>psAQ$3rmn26jx0%G
zs^k<D5c>x;!%SOSTT5QaW3jFGhkA#3fK~U*)zZ@P>C>){GF8F5x!HKA`A=V1>)b=d
zprWNkevSHLU_8PR+4Urb6R-dsbJu5H%mgbdD`;TS;<KoVci(3l^i}AgsaV)dL0hL^
zp-*RKVsdqL1$ZTCW0W>=yt{adgai){kNWoQw{PDXoP>nnR8n{G_rs6_+LGjV&4BM9
zSqvK+8&6JF_T=Qmuof^-LR(uKAZFb%`#Y&L_6EATx{n?`($*f4y8J=>7&d;!uU|5f
z0Zq55sUJLe&@6;6+L{HW2FN%uF|oI|7wN7QLL8dx*AS`aa~^$4tVsWFbCAx_3)%n@
zz`RKv`_O?IfmuOE^Xo+s&KrZ>!s6om^gMCt;jr|`XY{6ATwI8UGBQneMM2)8qM{xi
zr-0mmliXt{9i@6=WHc*<9q{ihKf%XB>xZ6x3or*iFE5pw@v0P_C)7-}-K^}ZSGQBC
zW-<Wbm6w;7mL8#YNJeUEJ*P@bd~D74?+c?v7V!@dAA{@(F;M+51*0CC*sLtgb)>s|
zJoHT{tm^9O_dH|Gvm(Af(%~x7(i%2oKYjS1s-?xMsA4lySXii7g{y#~glAVrGjnpf
zJ3GU|!=3Hz`+9obQ|_9J`qID~LH`sGC;|8cMF2}5<T_qonELBi7zzy2U#WG28LpZA
zQbAc6_zFA>8iAGI(9qxQ?QdSc9)YHFeB9L1vbeYywY$+dFp2z!q3vj4xd`@gaBvKb
zj9$HbNyoor^%6>ef`Y;z5&8)f4fL@02N#@bKA{x<mb(Rd)Aj4upCL1U{=Co23k4B5
z_wnP$4d-$Hz`#J5*AWrQKmZ<KFDf-F3Ci4%UcX!2g!gY!%maE43kw6(vAw+wO&mTO
zKG`TO5rIH=G}qUknwx9fkkxqc;<1X&j=u6r?0r<zL88lh^ytD4(a<0@Hnp(8EeZ3Q
zxJE!mrm3k}lAF7=vl9aEIZ)xg|FcK0g!|Xjg_+vFl`wewim!KU4CqLFZ0yqdy49OE
zKY#pa4YnpBpl6`-Pk#GW%GTEQ&6^cK%584=3D9~nD*wAwzx0xl5@<NUMy98yk?w44
zY_qy0SJq)IKY#h+;p*Dh*f_Vi2v-nw@SPs!o|;=f8ay6FwPD`5$4{Q5=QAieY^9gF
z?V9T7P+i=+d-pD|&D^-kN)eWFm0CA@dwZxR_`s`Iufje-x;rw5Ug3#e{0&ISkkZe1
zc6K%`IXM^bZH%t_Yd{v=VyE{WiwkHs`X0EuyRTf7Q&D{Uo{~b($k<S3O#)N{>Aq%d
z4Ev_6tPF}E<p)cTqmz@}Y26%149KA7sVTaZ)9u+7@yj!Z#uyl?2WNY*uf>5NDvKR|
z4GU9pb}nXRlB{g@^YeoN0#IpS;JLA&wCI^qbCtEkix)3o&<qX^PELy7y_->58k?;{
zAeOCHBW9vU`~fbSZE15;E;uJUd!aeVrrHx2gwOe^9#{3zOvo*E(~j6Y09d1=qu;+X
zYZ+W#oG&deEln+ua&C<h?k8u%V?h@Lo&@_;TU)!!DeXOM4iyz1etu^sr!XWEz$zO%
zJL6*TH9^if=a{x2DETOPbMqx&_U;}YPo6xX1>Uz=bD8*M>o*tjeuT&lRz4jy_AU(G
zM<H?%G$v|){`}#Ii;wS+#Yg~97FiLQXR{BZN^mGlQdL#;$&=r3aYI7_fVWlf<*t7f
z?L}vZ&-eHh35tw3>`!t^%0xlCnFf4u&(&Wg+`cP0U%#R!nV6ay9&NYKUcy8zEAu%H
zP<kvcub&3A3*fB}FyN8h;j{B|o?Bh|Y8V*OqRzqY1_lODkAMIpBYVfI|EN8G-uS#x
zf||27Qcz>+F`WdS1CZT}va15HV~(Vpoc7;Q@B(QIfH$-m&b>+ra26&>{S}6rrmpKn
zL%N>ZO_65MZ`%!tJY0p0j(6rGL=VU-dJPp6u)kkyHQ-zJ?V(E)7Zeoy{J8>9zpf5N
zx8e8UuH#o_udZkO_%ZdUZel_VW^Gm$o)2e;dt+5y-JOz5rTfqyr|@A>fRSrgx$^~X
zUk_}4e;E=I!fm@T_Rx_=)ZKBR<1^!?m7JWMqCfvI>rHPmE?p6qjhCOWgoT7q2(TA>
zXWIWq5Qn9;HH`fGs`t<%xCJ(f+yMt7eSwr93t&0u>FM8}!x-c`m$A0y)V-~_f;F>I
zSX6X=ak@FiDfk)1A8fK-mhFJ-5Wt~DAf0GoW0NH6anKw_#iI@lFM*Mez-9+k&=*Iu
z&d$ycA3jWfno$4T&CQMf){J)1n?G{2UWluMywOuJ3@d*I1|I3Bq@?ik^Ftq<l@)bl
zz@Q{2pHe?MIcaWg{{HP-*x-a#enG+ZXql=U!J+Y+?Ar`5RwtnX(2cK`bjI=+H3Z&h
z6@}*4>V}d?uH+Mbhc*ji5{09@ks7x2LUm~oV(vS03Z$46AnU|k!<{H|!2CNnI{HFY
z^#ic-+1a;0SU5OD56UqR;^xXyQVl@)Mn)bA3X-dKx3|xn9k_tNwYssf@c6dGSVG1_
zJ(Mo!i5BSFryu$|hD(Y&Yj?L>Jc-Xj!^nv78mR-#BSqlC%>yt%fBayT$50zNi^6Hg
z!9&NV|0E+VEhr?kva~eDv2vG<jiHI*CTtv|1=!?WMwhW?XP((zgpH!hYisfTnb<Ij
z>I7hg=pGs~TYHj26{7SR0Qv9VBM^wUZ_$VhfEticuP{7gSb>&LUw(XY!mt9JEX-s4
z8UtN%KS0~IHf)Wj08BbM=Cb&(A2qaAgVge}h!I)QGd3n-ulUgI-?F}}aK6!X3Mi>`
z+W^%drpjH-_hC=~*MMGzjOFCygjQ*k;Bs;12810}R1uWJgS|aGe0-3tX3_ZqVEpvl
z<!$t;>+K_n=YocZRqcl!NHjSy(G{jliB#LNkdeWlUfA4>U}~ZH)v|0&a{vB)P%2=p
z0li8{NC0$!iKi%o9|JcH3@dw-uyK5OeSQAmQ~{+~_EWYN)zr|oGyxw2o&%#xNJz+*
zrrQaZ{1zEmOjK0=;9zlKp`(k7+`toM<(fn6cziPFWl_y_tQk(ly8ab-pgdvv5xPIK
zvS5(`N+J5*FX{_Eb@90h(-yWMIRynQJRM1WWDkuQ`PHi_xd2Bqozd;cpz|`HdZK2p
z$b;*cm<Im!_4P+buEv7S*A@Yb_-18g!G;b9z#uZv($aeIV)X4R7=o-E994F+*Z+3`
z=O*%q#<#vxeWRmsF)@p?vmjlz?i0CS`sBgxTUmL7b??E0fr$xSH8qDZi~X<PzR3Z+
zNfKaVdlToGDL|pWnBpK8?D19<K}5g3Rpzkx)WKml0GDi-?D_osJZu2hnP8UTJ9aQD
z$2=SL9(f?$o0^(}gM(>kXkc8;ioL)emAY&lZzb4=w!^$%9<VIy<t6H+BtJ&xj5g5*
z&-e`ARu_~xD=Ur)XG}DdIyhG5VAc`44Z5(%@mv%%2ifg7K8ryZC-0xXxBouHmbBba
zTl>hyhU?-P>#88Lt)t^WPY?N!+nO6LAdBMS;)#g~q&vfWr5%jl6lJ;KQ+w#G3O4}u
z&G?kMZqERXzOfFV$cRM3c5|W%iUOC6({m*weYoitQkeWzzA^Sac%ts}?YD}vSZl3C
z!ZZ`&<MBRIP*Sqpy*tjaQiuHh{W}yW^e<%K*Q&g^xw)5B?$Q6&4LB6bzMCSGq{`K6
zMkV+CnmxU|Krg|+EmUYdUJeo$NB|LI{e6JXU|7O4JOcSrcJc&W2zb!~aDm~a?@C`T
z_J@@Cl;Z{KgaYu+l#;8;%Y{f*K}=&|VL@7rt&-A7f*=AN+BsM#)V=?>Jm5735q&sE
zslOb-Z13pk<KXwM1ay_FLpctN4JCCiD_!kCy<6$x1#&cO6!Gg-h4W%p0t#Gw3{>qh
z6?WU1d%{&^Y-#!KDJ?DSAog>0_1>tsxOQ1sPM(kzS~9Yso}OAE3`)TqkXR}!sdIX}
zySo8n$;bq>xLxsKh4BqH2}tz^4>vb~&(#q3O9b#)P~fts2peC;4&>;|BP6dCYHDjg
zv`^%jd*E|%1~f8H1(dQYPH->uOO^YBI=1wyax<R=Y-lQ5J&R2{<4_nSJ>3jg9XCT(
zo2e1LVo6?}L7Jr%!S%rHCm^3|*CbzA|1&hSI6p5VCs**Vv1)iM`K^IgNBB`2wJXW|
zS4qF$0`TdW!#7j?ZXmVISDN)lvNIwe;1(%qzRFk8*ky1ZEJ>K920RYOT}D{tpFVBI
zgK0-D=DI}}XmE``xTyj_F`#)+EjEVp8ag}Ip~*|81AqL2+2uMHDF>oegDkLBZl~qG
zZ{6aTBG&;tXk9v@$wi)@pKtA<<Q;BmOwgYvp?m_cs@I5|1jYFI4`4LEEMjJk0)f38
z>0c^9Fg*v`gMow`Hq6K9XgQieBLjo0Xm^;I4NEgJus^wj_JsmHurE?Euet7a3M_Vf
zM!SL6eSv$x)Zs8ydlfG;Bf~(O#GN184J!?<IrsMUTG&&drQV3HcUTMTU0+|fW%8)K
z_h{q=(Bg~pQ^MG5XlQcrCp~_@w;$u;;6O73@C<W!er~S$4^46Wcvwe61LOVsL_WHG
z6Ah_ZS?{Ff$G(8_xuGP6{T>VB`kXlHo4K~@NV^_gz`cRQL`2+eEiGmMU_s(GH3I}N
z9|QPg_)n&0kQwdFa(Yr=)l{pm@0AW46O(|avG(huMOwG+M@2;upMW%jiHXVcB{&#c
zmL9M8D43W9dZ(;d1}%jv>r@Gl9J(V7b#=gCfd~YsD!IghZiPWK(95Z%0IrSx{acX!
z!_35_x9whk5KLX_O$Uq!x@NSNnW#f@9HNxkD-YrM$=T|Fnjq@}9}Eapr=cV*Adkl9
z%&zf1z+8~8q-A7M)Bs^nf|Ee`!Zj8IHG0N+TF?gMgIXP65@5NJUjPK;X@Itv=(*Dd
z<d|Q)?-upj(l%LI&b8~EP;t4{6%`dA_T!22uS_330xk@Ib8HNrCtk|u>OWr=jLppY
zP4*kTC?1w2Y{G*KE-fvM{Cx}Li(>C{_dy>}BtVK{>`oB#qTJERGsMUO5&NBiv0z6J
z%*?Sd&y|6@dvuJ3BqM|kQ=I~n(w_`H$esC)7N%uIuT#HNQ$zEsGlq`X>R^<kb4A`m
z-jC6RQEDJ<l@y&2Ngzza?u^dE3FDbb(hzG66U$avbe}|W8ieDK40hWIU_tb)Zo3Or
zurop8^qW{)Uq=}$`=p#NOZDrn?a_%#xNcUTTI=f449+euV;hL<6^PQm63qGb?OSOn
z`Sh*(QXc^6&Pfa4NTU!weA18crlvcrtgK>UiK&S_zOyv{s(uYE7qu((r-mss{+8I#
zb}UX!`O;|31+yd$gH`d)zZb+%1IM-xcb4?3-1ny&f`FcaERsv5G_gI<XmDsFH64mX
zf?QV|<}>aeizuutuX-y5V#edgj};a1UX{>|P01t0Zr|DHoV#5bg@q9z6?Bt+<*Ktk
zYe*{yMNsL(&wb-yP=@#g9nrIR?}Pnd_fGG{3!JFDCj&6;TAUI~zh-59$j;BM`tFwO
zrxsGCm!agEW+mOvRdcaeb9v5n6HWUU6CxJ+UR|98s_(f@ai5e-de1(_)1xO8!-C3&
zH?p&{1ETeEh(z`I^F46mHb#p=Uk&%bSQs2Uu<fTQ4Du=jb3{M@#xRbGx|*6AI4BO|
ztc{J|zRnGh3@H71C*rtns93ebftG1mPnBGi_p4x26S*~cc_E;A4?6{BQy{x5IuFg-
zciO0{!CShuoJdAcaRKTe_15A<)YST0Xgn;Nxxq6LJbh#z;)Wc3yK6f)F)|V?<p+HW
z_N8=Hg@}>7qN3zuSrr|HmZ$yq9!=gI8LR1FUNieUT__OgTr|%weYBY5V`^sR(DZ>o
z*Va=3KZ|8U!oh*}PQ5~URh1|o->ru>b33-TZzn(zU#{w1`X6uY0+m9Lp`oGiptvG5
z*&xHZ4D@E1fd<alq$Jwgw?QdR1v#3X{WlO?r2B__ww*W3KLf3W_#>M)V(wjIW8SE=
z`#Ya`PCyT3G!=4(z7mB4kMB2DQ2>^IL##)rLO7H2(Ej(WK!DLO@z5Ilv<pn>=aZp7
z6Qu!{1r-b?V+;30CTwSNL7xjx0MZ{APCZr4YgLY+Rd1EU8s58ikA#HeKdyLfG)iSa
zwXe9Bd%xdBk^hjr=w{Ucevv@2N%TGs;iu?mJJcfx2@TzroyDP%c-O*|Ajo#cPzgGK
zg$4UsbYf!HhB7Gu0XHzJUcF7|U0uK>{`^!YBqRh7kyCxL0s|%P!-x8fVgHv%eaE?0
zLM)<7?AT3cF>>Ol3G+Uxv<QpDRR&oAlE~3-I&=?rcS;Hhg(puOQmF!BOTT`7mm2>w
z@~2;Dv3hKz#lo`zD#l-J=G$)Liio3@f7fU4;IM6NvL8;@Z1Q14kj;|8xX#VimVoD`
z40WITe6*%4CyftSZy+-fxNvt^i+2jT@3Bg20acX+VS=Y2MJfn1Gj5bMB1p8+D8zGX
z^A9-Rb};;a-rl-(E6QEj(fjJUle6>8{L50?tKa4N)HO6f@iP2L6$YEK(Eoetr|7`o
zh-#w`pKbEgZ8;{>CeU?kO)-fLz{G~)oxUS1T#=vu;eYk}!BfsxW_V&ETuNR~PtVF~
zy{G3HFc9cT>)`at)BtfcJe>}r<))H8S}W)VZJmjQMSQ!F7{+6@^E&0V$=0`&we8XD
zNp1_DVN>zr{Gs1XAr@Wo*(h5)SpOR&0|sVu;?^M$PNTrYM4ER{9`zNLb<0<Dy?uOq
zpk0GV6lq>nRYkZzRmn5N5iiaK=EEJ9bi?G-&95dDhD#p|C|u_a9@>m8d>(F>Mk;pS
zdLsFwjtb|}B71?bk-WU3f@Ri|LgLmm2x#EZ^O5d=3(UmD6=96(@kibL{c1`|HzxdV
z@~{jXLC#=iJRtW7r5*>sr?xs^xml{~A8w3m<rWrx43k8}T6M<pX&FN+M8S+T*eelw
zE-?1ZH;=YwK>%q5Acx>Hda4z~A-JFW1Cv6p(v?sS4Tb<n+rWA46ewQ1ImsyDIuYB5
z2Dz$jUdv2=L$j?|vOqq5wwNTv&`5}_c^A4!ZZ5$l^S@hw7c$T8m|uO0&?&a`3ww_%
zS1o2`Z5>E5{R^Is&1hlpc@=CGI&RqMHZ|v@yGbyv65cNX>X7S-$tx&m5J7sqr~c&s
zlpExnPz9Y5>jXXvQg7Uo&zFr&O$iAJkvAjr6crVTh>2O2PygmU@_;QWUjoV&(jCzG
zFbzmU1TpU;)d$rE9eVPyXu{p2rG_}971N*-nbMAQWM^!G_R4mLe&G4@=Tpf+nQrJj
zfePjRlD;yopja%iF*7r>v9%8k#W;OWPw$R@NPNzycNJt^{k_j-i4yhw{ryII3>%X*
zwC*6o%EkZ8&X$cEt90Wv^#J4o!W#Bpdaius$IwMV9uD`p639cPIy>Nb7wZn#14DoQ
z!2FN~s{Qcc^2!Q~9Q)K$pRNWsRr{Yfl%{WF6U&Qxn`uTqNvMm+684yqjW{}NxgZHH
z`Lb1sB$Yt=aQ4vH!7_aL9<!9KO&nbd0WJI)85(wk69b!s5!7<vBAv|M*YDpA1AATQ
z&_KmmiWjh%03IW1)Qop#mm*+J)b+Q_Aw4C<0C<tW>PKH6EASZs^B0q<3h?uPiix2;
zEDuPjh`j6I!pQ5WP=fV?yxdx%Cv~EcYW$__*VeAC?-nb;9=sGuwb;2>jEs!*1#0O}
z>4(ES-&C4))0F=D@nZ?>Jyd)K4D$=y*!8XH2FvTRT3W-fg`Osf-S`4B@Y8Px1pA;4
zhFf+0{v8TZwv&_009A|IVmJP)RL-<}Io7GBOI@5QB{<pB+lZc$z;I!LX(*XM;||oW
zkzfG1$n*}NwR*8Xvs~Bi)%W$OB5Gz^B4(A}9^zN}(==8<ctrnaL<Ii#Y~3o#!DCRm
zM##L?@Gs1uWS|8h(;<bl#pzK<V^(pwSc&*J)-&E(XvNog4KH3Th*Jf>tlbEM&@ws<
zjbNJA=gjYti~S?QRw^QeZllw9tU=mW2CELmJGm#JA>%BrPuA!uDz2@UOg>doYI<(m
zcy@LM?jqj1xh94AgRL+HDoV=#RP^!jaqR)B&2kJoh1W7}d`9YMnpUf}Mu(vqbww@}
z+l9!I`nZ&etaEV59b@<iQ>v>ItC^WL>L5qseZH@my|#mWm2?{DP=;DM(66e>N)V!S
zbaZ+fl)iXQiBQMF4`FUx$G`v}m64elA?im=`teg_jOHK=CYow0?GG6)DeCeZ%4O-!
zCH(d=eCQac^12bOx2!5TL-RmDz(GCM2P+pV{R3#dP+?$tgP?$qk1s9y`t@>Nx6YOO
z_8}`m%*}%|H+6Zuc>;K1;)r*IU!i@ltk2&5==z5EwE~8yA_BI<G-|7nkdmr0Fl|V9
zcnDACB-0V@fZlg#@K3PUFgIuQD4ZzmCjap9llt@C0lwlQM;yl+iZ>Kl!+u*mVOzQV
z*U(<bayhCS^G)x_D@BB3g$g0Pu<#ck7H^xIWlzjMcK<&)0hBF}6F{4ueZ5)vuJS`%
zab)DTFI8rRHjWa{2fMf3Zj01c=-?`GmhAjqyt_TX+$VWaKE4EGy7aLE79YVh@Q$)L
zIRYbJtYh!HDOka_U^;--<Qg&ENlHVrv9$CfCFSbkc6>*@b=^Z_Q7H=tOdqn#xmrYi
z>DWPIJq=BjQso^|#}SN}|DJ<)#=0V6_*6TE2|-h-ybP4d8r-aB4Dqb6EiGTazRSU(
z^z<p{{2(=IsH#%3tON(QwcgEmLrMOkbl6S$M0z1GT`%mn#Ujs$xFz=S?VEmOB6ku;
zrQ<YJsVc_J*~eXUj9EdwU}r^o_)6W$?%BmQAV5u!lhacOynO<qbn6y0ov+#1-Z87B
zjdLXGMR@l**Sr$WiQWdL>gpIu2t<@Hr|b(Jef#f{H@1KIoSC&EpxeIu%!EidIdLza
zWwpaUx{#NwBc_L!=;(mR23|=`O%338kd4U~&zYE+IXN<uQ?t$V7mQ~~7bxOxeNcV4
zZL@zgaYnTKAsF*DXC6n*IS*4k49{#uqWY&QDuffWFFP5LJh@a7yM%QF20(-q72kmp
z4Gp5Oa8GNUewBXZ^~&cjqwd1T%;?M?n~eon=3KUim+1LRe5JoUD_857w7#j*S#!a^
zcLkNWur>KW;0)*r2>-uje8e|p!%BijSYB4<&`cHXuG*LX_>GYJ_nU*9^c!^)^lj1D
z#|a`cpRGCKvXfntP04y26B`{@2RZ&-p||%1r11W|QLWvF*5EAw0vg5P%>0SrVs=;U
znpCvKm3`L3tmqX?G`s^u)L~gDJ&1^%(f+*}lucA!p{fZ&Y{X5{S}#whVmK9}NRx&P
zh@ZEs&15Kj&12y)5SVIbqF;N2s5w8N(%i)|#Ph5vd#BG-UyEd-$-#OV`rE1imu==>
zwZ16#@x$^t-yd3AvxGfc{}ia{zn6e(cINfb{|b_T>qxRr9rd~=tV{U^kLUlr&fA*S
zooO2UkEaYIw?X?_!mer@H@C7n2YXjgY6}e>zNb53geH2PTXWwn68ye5I@jqX*AAH^
zdx0f@tUQKxA!Z@ZElnOB+sSxK!jeDR;9nVzMhB*t?Os5yLj5Xeh2Opfz)an)**dTO
z>u;B@Xsyi~@f<x5<6Ftrzs7LKsf14QeN<FKw1VWY1j8D*Jnevk{b~-!N#8}8oJq~P
zePuv)iVBW1XC<b$t5w(-;b&k%z5T1j`g%#&@THhQ3*zaI{NN$YywJ_SGQ?G=dK|In
z<@-s;?QJkYQzUy7BG+Mm<qxVP_+U!ZmiZ}T$ui(!J(-IPp(}p>@v--~iBikMMURIb
z{GO`KvMnY{y`*d!ZA3y6a@{L;W1I68jQ&omy+|jCcNJn8ZY(<cW4Yn9YJ2wPVboG&
zZ;sFX`r@#6Vzw1p6D_c?FFXF-&WVk=`P7?#w}YQd0JoDLlD#c2L!cwCTBff5P&wKs
z_xi5re#gtq9{14XQEg?B{U)A=j@CzOf8iZJ4cr)XsafT)<li{i=)tEHNg%eQwK?6<
z!FEXO>Qzz|kndi<OcJj=pHlXyQKzKvn);+-pAd|Kd+bs5tsuA7H#C$HR)0uLw6?M7
z4#UENF$Y%DzddH_K1J+LUtc<KjRu}qXy@yK8<(Hc+r@1?4BA%PHQEg0ynk!jJSw<(
zdffEQM$!-S>5q0wnUL4Vn-7_5tS-x}PP<<OyyV6G;s1%>+u3u!B}oFoy%e*!CqCx6
zwVPv{(sw?Y!5Y^><reL^w`}lbt9kS5uRHtxKB|YhCFhyrdXFQ{WSJ%Jgd%QZ`bdgb
zTFmGetf^I>*G8-sdwnxZu%ALul0LxC8gbJ)i%OXE%(WAjHorZ%^+!37)<)F+W&Jhw
zI@L+!XPOfU2jikctBe?r&sdP8DZ76c3$&2R-7aCSs=dC2&M#%z9y80!Wd;p_fQRg7
z8_+Q^0mt=&QBLJUH#M}F=n+muNB|L6=wtu(_7XTKcy;*bQi$HRG7;73*EcUd2M37S
zx!vZZe@K4gamIFN&a*xT8c}?U-k298PPg5JHhU%eR<1?;bQRL>=iU$hJx?>8`Fi2@
zC-0<T%D9)-%TWz#^R%T_!nPZ~3r>#QUi6w=)PFmnkqOmv`^{WAJ?@m0q-rbuz;n6C
zWp4~;;^lrD{?5&$+n<Kdjt^TSxoYyRGn}2Ur2V1YlypDc3#E0Y7P_3*uIdh#k5{qx
zvc6!rl{qIcp`AYOYPYc)`e*&V<Evd+Z${#2w;QyIea`I{uB$4sHr)a^UuupfS}O*I
z)A4FfO25u0+RRPM+$&xC6+u@|e4pQ<gqnYkt?uB*i*$YM4x1@AH`JrO##Rr6Ukmy(
z8ic-%AcnF$Jq`TRZ~FcF_Yj)q;>v-{*4M90dyF@~fBg!7$K!Yy0#>vYq@5r+O5WAp
zZtvov3{K}Rgt2QAz!A~H-wVE~MO+}^K`yKO>>0s=95snFAt@<oA0u|Khb?s6E`qa1
z+)qEX-L;yD#8K9%*yf!qy-%Fpiotcy?`Dn2U6b|bEE}p1&w6fXN_ej=SMWTv${m$U
zvTWfV(i?u;^))qdc<g{adchfQ-?)UKDvytSwc?D`%-5-T(aF$zPhVYy><ckYdB;nm
z*<E4cor<0sqwXPHl^9~&iZm|1Sr(zZ`pD?qz_7fCIUNRRQbY$Sr>^OOUXkgzwRGYB
z-x|qFB$ff=JL_?mg-qHTnpq=XEk7ew4tkeZgv0B?$)o#lwU6ug`MwkiOln^)C#uCd
zOxl@X;Yo__RW<v|<gA}QrJx{mNDV{U9<PLvi`vUB7BJ3G9*|AAnw^L6Q8~pse8!qQ
zwyk(q*K;dMK7@e2uw-d|-lnF;sj1?N$qhz2Nt549#r4?5U;SyA>)AE4ZB0}Ozy^2U
z|Dy@<z$qqqT-`H>PHJXpO|Pt!`&?eAXKJhu=NSP31f>k6hCxg->;j0G11>(=Zq-gZ
zdk@tEQn06DV~@a}-UOoj+Z$Bl+-1m%1*=zWH&X$pf@DL5%Vx7`O9ZW^h6Y%tVzyIP
zm_kI@l7n+0`;H<|*Vky`X^#Bf$KP|%t<!3%-QOx%Eb-ZnHZ$%$rM1CU%4|?xvhBpA
z($7d^VY2j6?JZbr#V1Hn(;t*eS{p7uZM}=#Sta+>t>t6Z-^#yZeAYu3Hbop~gH{tx
zPh}&1eGc9#{5rUSHtALB{iXQZWi^*F?a@hmfQN{;W@A90vJ1_a$KC+@Zw*&zk~J|~
z&&e1wZuOS?Q*WJg+!$UD1h_xhyqCy!S$pHc!@a8#!srcKJUsm)%Ay{!Bexo6Lu~su
zh=p$kzZTMk{TNL!4NYzODT2Rs6WW?pJtb-7(MrW?%_DzL=#)AKiLw#J4*d4h1-rV1
zSToj0-fXN$=^IrcJj*?IIhZBSnmdz{2J9>M+P`c{Amo!aZH7Zf=7PG@{IJxs)P`|b
zhS8rRwvwWw{|IkZ?m{{gT-SP_JxP=0POH6Xat2)BVGi3t{0kWf#u137oPfD#Owl4E
zBj1nYoBRfsXy}&?3mh>Z6g%JR#|j6DIhK~e6J{{|6QE;)(Q*hZe^@6F=TXjc{56*P
z_;_j|?Z8q@@PYm}Ha}zz$x)eDI^c8pu8WQ4HVpIZRM18XSpN;}X_h|vbJ&-%>|`M}
z=D3IWYE&EWejt-zTC*XNkkD#5(?;^e%wuM)voHPjUtFktxiqUvXc8<t85tfp1lP6K
z2;Dv3$G@Mne#uXlN5tTW-8PcH%5B<^o2NF%o>Sv=mNl~zy}7D&67j?FE4}n60OjY$
znATWtlDxMY1ZGUh2c5gLi=5LV4}01Vz0+91z<G6B>{~#u(P9|P68^1wfn<c3hcuc(
zX>)IGy{NfFuw6s7wO<W^k}D~+h5GmKvi@E~r)pE1)^==q<(tio4NSW|Xev6t)iEO`
z%;4AS@N=VQ;-Pwk%aBjCN%vji8g`hbAA7KCP3i2s^LM|XvHW>2{7W)>{aDtZv!%kB
zhNwXmMv(un+uDoLalRqkkoy-0<HEE%(aOjOGL&)21`v*-m%MZ5TSteY7EXbitLr-?
z!3pB>$_YM=2=ZHU34|)?FeDLRs^Q@+uCI4Wm)cHCp5Z`{5BUtTt6;G~N0`HsM((+-
z4f8;d29gQ|iVq8w{LzS}K{2-ZC$AixTI$xxBQ8>~QB!LBI3b5i&uLD0JNMlQ8ClJ}
zj5j<C^)}tCc%in89gZ3=G&_gU7(V{VJzglR40hNH{N>@VW|1QGYPI$ct)=hQ8F6-L
z&|;3(zQIdt%s~+bNsDeKVix4H_B%{EFFJ9&1J2H7*e71>rx@vz&Y3NKsa`o(9;@G>
zM$4a4xy$#vR|g3|)|%>Bt=fFXcuCW|6EC5LrltdQB^1#IXF}{~3QY^=!2R<4ke-c|
zV6-9#t1N))mE?|;?z@nXdhUF%Nm8dprO9b%!d0@4!IeN@MdFH|ETuIB;p6_m0wS=w
zvhsfc^ek#b&l-OYjaha3dcXMf=hM=_n+a-+Y1U!GWHCc2Z|1_sOs7f7qQ-w3PEp4E
z4OcMD&a<V@PyYTH-;?4q-`;xK$DbGrz4s6IL%9w^sy$z*Qdt{iI^Af?+gEt|42>w~
zsPPj6*-efghT#}azpl|gVUo`x{T*mF(2#8Q&8cUWLL0HyHptyaCuy;%n8>EQUd_R&
zNhgEV-2_>$rY8D1gFW!*AYp}tB$q9I0xG~2)7s}9!6RG526pCc29U?(78kHzCNh<W
z!!-B{EkC(KlC-F!l4Xlu2;MqB3XU#l;=vXl$)V8=t9}3Fi?E<z>mLz+aw$E%B=b9x
zNN(mk5prz)!$i0q@o7g65~6X4r&BJf8URt>RkEB^PFA%<E1t8v38niGKO-c%L}#i8
z<1Kpu`!>qa!@<eV&3&}7SiXTB?h3+fX=Dv6Cntz~5PO|&rp2O;YJ;iGcunTX6I?Sa
zZ#r^@cS>!GFo~tm3lD$W;{JYX>B<~ttr8Q*r&I->kws7VqI6<Ek;|u~>ipu<I;PL4
z_f*TGo@dj&<T$gH()HD(cO7UJu5dM>ZPU`oLlI483<BdKIDKF}Cm~Tx<q;h4>;nWN
z#>YGVh@=>Sy`JQC@EHO>;o&!joRr`1fUp4<2`X+9uUU9WiGaYxBZ%LCW|T-p$eQc1
zwSAQYMKGKd7$cs$#(n(RlrD_FG3K$>7{P{p{0bYxd^|W{+|EsEa<^&GX@<q!FkdH(
zx;`jyx1tBzqInTt$&fd9TEWWNZtNS@Wu*jSr=dhu=j7y#$?vZKQBNc$rV)ijev9)7
zK}{|+M7(?V#GEIz23d)AsbdNouQa{}0K1@f+{AOt;n8g_q$`p>a}gC-qNLT3u6L%t
zq|RVN*}$0@tHHrm5gMFZT>ObW>e@B7@l25LJ9xWMJ|}n@tUhB1OpG>t@U20t87tlL
zmu78@QNE{@Tie|oL3Mm=*1862EmRa}<B~@W=JN8$>gtQ-{&dJb^H>@h)|;9R{P_c?
zvFdAU^}7>A$(uMK@|X7Omlv2OeSHuQea1>E3V(?uu8TY-5;it9HI<cZMkO>7gaW>y
zYa+npWpK$?)R(>=q2fv@{Udo+e?7YLb;|{p@?)>!O)9C=tzQ)pp2eFwc6XwRsKjx9
zmma`;xL%w>RlKqPj%~EmYI5N=CZ46#pl5C`OR;0y?;OlKnntFHe|Adl%(-Zlx9p-i
zJi+v9nZ=}ms-!P9t;6YOBW_%t<%=K7txl-ehk`AR8<3mXr)OWY#^sV|^095Sc2@q%
zPJDAn(#u-Z@V(gln#ELzrt7vV%ENKVx9V&$Y$7IVHgQ)b{dQ27QG!U#Qi{OUTl8$b
zt2s3^BqWa8Gcs83g1Lo+;=J;Ly0*4#jivFDxee$by(b!rXz=0x+e+pEgBHSWYft3B
zT7d&ob8ixRrWY29;m8cE(NC}?FZY1J8`2Kv8lWLcJdf>LI|c?wT9hFYB#0m)BLlfq
z%=3u5WQ%(k)$87Z>?9LP3O<Icj12v4LoOlvIV1#Ev&tab4)!w~62*TZ>bCP04B$^E
zsB?n&2dNORGBKI=Iz5QQqVSKz3eDMh9FQ)7$f>?KXtwfrCFMXbNwrC$wz%|X(`RR$
zA|Qf)?Y(NjbAba-oAva%yP#Md8m_>wJ*ds2t+~)OZ5R~2Psv|_pZH#-M1#+9QJcf(
zZ;uPYz_Y^h8iVKRc;~7Mwb}!!534=ny72`ZZ&ztN&Vp}kTEECM?LVbDh&y`a1}F#T
zd)}sJZdfN8p<&>Brhxtk{09FvM^cULGJvCq_}+2gDZo-p{gd*anuL-n5~f~Hp|N9(
z;gmpd)tv2w-xeNj(e7cYEVZA1OpS`ec7VMP-URC#h-!gL@Z&>;^SV1&E1sU7BBG*p
zYY`csvF0ryxdj9?OSzKZb?p$L&}aTysHy8_0%sK<$`Dylz$=XuiHV89BsAoQfDwSB
z@L=vccjm`kCSR3UzfxEK19NlIZ83q?`)C?8i53w8dRZRvdfJ7S@Rr8lDhPROo^ICA
za!9T{$Hb>;%t7;KuLrlM_r#nexQB}=T#ij7?2aTq2u6sxS|nA;rqt*zlJ(K3hsC~}
zIMM<=eNYk+QvQ_uAp9=2;?EDycusB4`FUf8hbFWr;xq*E>)XtOF~$$Bj)<sV`2B5_
zOUvr?@(#{^lIUc9j{9Wd*@K9nYtu4&QbCzwqiyyy#M6BynURd0XY57soGA|bquo<7
zpbLEatx<J8L0Vk=`VacHF~yunqXc<46)ovB>a>DygDn7!!omlQ*Pj1?13R<@b)H)2
ze0GqTC7`cJr|k26_pSqkDtu}|Uzvrjgiy)5Lcs(rqAxp%g}|wV^N<ixnsA-H(OCUU
zrv!{J$RyGI9hX8_YTK@l@=-rGxU7puxpx%OrEn}wkx~<pJ0&pb`PK;z<D#b!x9ET`
z4f$?(#3@rDxn*UadC|oQ-buS=l={Kr>zv?fxVyzb#qazMPvKXSZ<z%(Vv#g4>G=Sf
zS}N~}DsHNQq(n?e%HN3mlayttLqc`l9b~5!nc4$|^2K2O%gX7)(G%k>RL20Utx}*w
zOA*jLd_%+}j6u^o*Q&F8Ts*_W;Q3>&xlWfs#=H4$?<ybX4#Y*c{L-!16~4>vnE0{i
z@7b{eo+S{q*jViA-*t$43S<qqs9mINEFI^B>tS=_Xh>B`MSl47so76N8tIQzK)zK(
zto0ocvpju-c%KS3@o#Ryc(Md(B%?lRfXdtV;7j^gTHebF9KRC01x+UV$B){ZK!<H1
zPYd8q|0zV%e%$P$^0GFwx4(bz4MbDCm`|S=7z2ZXXdl|6r^$Q7PL7W!bmpX`p^Yyr
zE^ZFzp{=&0s2dulLPH1H0t|nH76@)39n8P^%euH6g4@wdF+<CEg@L+y`Jm@lAx8DB
zgHma`681FyZRTXM0m#%clAz2D4JxmEJZYrC9wQ|K&X^{m6<zR5+-Ze`En&&?L5Qog
z@(-4ctIqiU7`8Nd41aKh!DH5?oARag{SPTP#Bv(yIl})*ZBNctNi86*`SLRf0VFr3
z;4r}ad~{r#ko_^3R_KAf4T)mYo100WJ_U|&W2;=*P3C1{LQfNXVHPvokn#Rb_<Wuu
zoR8VV5|u|d_FK)+zyZ_{4F>eXbMpr&$rh6_>7oocdRm2hK+T-)ox7Pn+6`kbu#GTl
z=&Fm+eYw;A^HBU)MMGR<cX6}pZbV0O|5F9?@}OO%hU`4(U^6~c8p4I9w_`*OJ_gtH
z)>8$I>ZQenlUdbM$;xi_F)ypXn?&E!O=}dV7Z=w<<}jjz4JSATX9*zR2ks&&vBWIG
zDp;thsktaC?K?QA5n18MAb3Bzg;k_;jN|F!&OY{&orMHUo;a=H8x3CGTZnHS{?TTA
ziHzdrpHDZAW-_BK2Hjge>R)fE%}VfyXqqdm+H0qZ)DC0uR<*+^cLjR0@ph78GzcSo
zz%UZPc>I|HAL}>ML%&T~?_TlO+htay*4U`-@Wt)X{@+a-p52_2HDu#VjOIOex2C%o
zEk=gSz&6@>7e(W;EiQ~A#J6`=Gs*6`hrN<GYHoLu)jcd%4|CFLh;ypgAN#)XJ%g#<
zPC`pjL19`Jag#}szPdnBLt}7f{x>9+_JQ)RE-xnt+8O$54o;$pi`PIr$&QiXk&e!n
zrB`Aqzu9jkUSEHR@yZ`-QS`DtD9O?Vt2Ei-))9)rZHTyT4M&K#QOUlt<ab6MsdV{v
z;uCUuFBe4!tbh1Zcta`kbgrMP<E7zEPp?7ol$nP8zj?`#UZqt&%`7?x`U_!y5AwfV
z7)V(<Vf~uQ*uftQPY}3Rkwf!3OifSxY(e_Wgm}XImc5lUf>fd?UzTviS!!{?{GqPl
zgerGflSs3e$%^wBhcbPAz>`k~Q}I7r@=L_(edFy&7F6;c^Y7jJ#1~?GXw%Rh-9h}|
zc7E>lEbYf!#{C;9yB6QSe<QKOUjQ$1s(r4IMO5@WT2og$-?$BztJ3!>BxS7YC$Ij5
zh|-K~bFR~>2GbR5=_OWnb}CdbB(Y~3j-Nw9%$`yF5|8k)f&%20;egD*&=3ox>z+ea
zSlAP?Le4b53}E}MK&Tabp?{~ogE1`LyqQwzcvlnqBRIF9Ky8jQY3oM#Jm6?y_Ow;%
zc+n47=QHiVvlpp7Uypx(1$g?-^Nx}YAw0swPkpAlQV8J#&tG2`J?Dgj2?;OgvI#$_
zTuzKC<5LTpEl27ve(4IfJrye+5VzcRTj%#K`!{DQR>g;$+lxWE{WHIrGj1>4;N5Da
zh{zrKpgB2FdMaGHUaPPlb)TO~>~wHov%RCmw9X+&`8BO*W{bu(LNNiK-iSB4w3eea
zhdOumI=sB|{95KqCQeE096%Z2y61LVcg*QIj)L8JxRG*)_w^dA39tFiLs^<(;Sr@r
zNzZ%$ZIN&-g(L{Z!P#kA+U`V+2&SN`1H$}xf2Uc-f>q8ME#>iI{l<mRaSd-k{4S&6
zaG6G1x>P0>e1NVH60x6|nP%OIUdKBo)}C63wGY)8xTJJA4bH=uFv!v&68$t92Mfy;
zGM8`!2~Ja&IIoY^*4Dy-03(*;jfzcZ*xZ-!6&w&;W>jS$Y5L8w;StIwb!zKo<uO;5
zQytUHx`P6#;R&CF_d1nTf0F)nrd1c%-V4n+a_u);OH+wJ`p+(Y1Zwr3%*sm@pO&oP
z@JUR6epttwF^@Tt@7BZRn7<A0Jev&{)eAdI_31Or|B`jgQa?1Qi%V}%E0Vj=gC9pQ
ztV}7Uh?sn=WjTDz!Mt3)P-py~=8OAzvq1^7`sl^Y>wj`<YEciJ&un6$Te*5~RCu8w
zrY{1yl@(H9<vJV6Rb?=vBWAWC$+&s{3zW3gaA{bmuCAD04$*Oc-;-=!LWVn_{5{fV
zXuR@faAUjzbqWn2D`?>7r-y0wR%4}va)%&=6YX3LNq}=RkEcOsdV2wmAOw!ZPuB`)
zJ-7T~V#pRI3t#uc*9Zg~fd5~NHS?VyG#4l;q(m~^>SZ871A(Zwvs9=B8CK`M(l*VC
zS$_%#7~%ZzK2Y^X2yO;u1$p_U)m143H?3@m)!)Eeq?bMfsNrC&D{y}Bxn&+BQeBUw
zpBwT6MSJ1ty|@_kbZ6BxrPV*AJUnUr^m^pBoVJ%o4PGJzP1YR}$C04j^_^f4wryr~
zuHwG9jxX9f^V{J%t(91-^ijgcTc^Iy`{{9U5PAAapC}DV0VjoJ8PBEl{yOc-#as+W
zZdHEgLIfFO69PF%OwkNhH$OiMc#=od_^fy|a$oVyZ?;V%hI^cx3+-QhxfvvV&w^Bo
z0HN~o@*;2W-Aq7by;!dgJH7g0-4cFVs>%ZZDp)E!yoEutUIW6Y<1Bk{@)OQ#78eyY
zF`y7DJhUG_<dHRu(jOXBRN$llI91Nh2dyrMqof%@>`SjX86F;<H9STJs8M4EX~jlX
z(jcrzMnZH0jjYE5VwAVaq_GH_%}BQ8O;o9_eJe5}qE#j};Sl-N-WO!!@@b@WRoE?x
zJQgq8eX(IZ^b==Lc`R1sy1p1wjpl?Wz61g9rV!iy4%Ox;LZG_*>|Cir`CXQ=G@@B-
z9=OxjdB@i;2{$fODNm%6Jr~Lrc_RGedZ{+EsI=RROXAz96cMc9s9`TFO-@Q$3~?<8
zSW_=RK}aD4v*pB}FD@?!Umf5>5;$!^)>F2Dj)I#|NKjB;dl36BgK)kD2fyVoT_Zyl
zWIoo`Py|XvU40+YCO}AM5?m(oKp>8eE`l!u5WndNfCA3>!WWM~N`nzYNLbh?rj`jp
z0C1Wge5$qU<V_;bX9dgat$n=|A><|ZRLj$RJ=L#O)ax2UrIzC*=I+x=(xgc%vbK`V
zKgKs02R8)+uZAYSC=D4GZodCDT+|#p<%Sz!)Nscq`k`SZ=}xpvZGYn%8C?Sr9+D}a
zeQuEo>{ndVi^F(Mf0@!hP(zevzSI)GtEUw*5}w#A>O2w4!H4lHd4ZYO0KWJI<O&2K
zp}U(K$IH@Za9(l5x)AHz*RRiRMB<Zj>EbED!Jz7cQ465f_qb9iA?%IzyBZ{QR?l?h
zB-y*t%#Ze^1L0T}8A1yIN6R2{^3R4tj%lY!#VAXUFYaLbnb%?8(eRc*^>C^=$GO6;
zfiXspp%~THNSo{z5lPS1E{J~)HpIopX?PYT1#`2o1c8PiDJ_kFFJPdO-D%)PzI%uG
zJKVGnXQ~|G#Gs1{>}lfgz24c)O&ib#5{3Pwyz$^$BfzBx7pJVW)Y!ztfDmvafV8X-
z(O;6Rce%L8W+G&ReV)q61+~5svnw;T-@GQo$FWo2&2ON#h%d$;I+ZEJ>2^Ia#y~Go
zL9K_)o5mO8624IZWkD<A;39pAh={-(&?|RbZdFJ@2RH3IDw_c|f8-N{m;{fADq$n(
zM=fh&23LHf&(g2&ZUhWx-98tLo($5Xybm5olQQA%JcDy7aBu*nccFzx{j;Ry5f4o|
zQ7>MgO0Xez4*Q2tGi@qv5MDqCubxG6#(M1kba&>DP_FUcFImPCGnQ;qjj^Y)WSIzA
zGAgnsTC7EKY)M*dW8aA)DNBiLp@=w@C8JGg5hqzobvTkrI-Gppx4zHw7d$^b{aP{i
zeO=e*`YiAFYrtIbyKOlTjp`D4W(&F+o*X|C<fHtIt{JA^sZgxvZ5Xe1p|uefVN)gg
z@LJ2jj7A-L4oRl1<FPw22|fBP?ZW6A2Y%*6<1haNGBaXn&Wwin$#0y2{t!`Y+ekT}
zlt19bwzB+cIlh6=jQs2OA2((2PS^!v%q;sY{SxihW`_Of|28NyK5F6z@7uY4vNkwz
zcxn9Zw>U4904Yf%@gK4-TmX#Xp%@-DotRI@4f7CvESqCGn7>ye3T}>f8Nq*>dP6PF
zTm0`$1g#B^7epu<P?lMbFIhJNF)`aEgo&AOQR>AT7rn9_O+!LY{$U)h_*^Xg(A9|K
zr$=thJ{q|;gCCRc;T%5ypH%`eu37p31qDwX^jMAj^dCJ+0Y`r<d{XVWFE5s@b#rCa
zdg_XOE9_Q??6_PPZZ<edc^Z5q^Soo#e?LR^O7<M~Tat#D|6gec%$hQHdX!ql=R&Uv
zkOe4^_(E)&mz&%5=+RLFYHTjlrr9@>;x5&mZH{(KvGVi_?R?eI_UZd!A78&_%a70g
z*?R52D##&qCtDX0Qv->I^f_|m(+uzEAfPINC-H7%+Inad$KRSJ9v-|pA8&8?JuewX
zT)Hvpl8~6Ja?R({`M$kPoXuRNJo0CmE<QVkUmVR_Q}{E+%ZW!w-yq|!A)h<Sf0#%u
ze2&NzZq(RL(t|k#CZ9E~KZeKJNm0Xz0qY4p4kU3KH>Rbg9s`C%Lj$twcc&SAoXo?L
zCmbwSh#V1O7BGfBE=+%`u$w*aV{W#|DzQ{Mb5(v%tLYvWm#2^blp%rvRWm|JdwEP5
z=-~23t|dj2*g+q<S95-V9uKN%c#;rd!Tf-MK)v<LmdUcR;u8OH?|-EJUUNqB%xQV;
z(qkHv-k&9(EJ;MR9r)XwURhQ3o{&-zK7gZ&38&!CQc4=4%*0{`X+l4}YE>r?4d|^%
zNYEH*U(c84HdeOO-EOG8R+W?G&vLPFGc|i_czQO>-R;&9Q{|-(eh!QW(}Z@ZC2b+v
zj}Z}uj?*OfEdga6?9v$yitxxDa<x-{g{37JO}B2|w1>Z1L}aXX?B`ea(a|$W>+-nA
zcQs6nTq<%Zy5?X#)^UAwYsby6rAHLkTsfG%&x;OM^Kbo^sA#~eG};u9Fzv`g8g;vc
zOr2xKSi_+(RSXOapz4LU7ovCEK7E;3)O>M~EJxcH&u?ko_;GC3Y9_szdZNg{;CeJO
zs&d=@#zX()u$NxVdq*MtOTQp*HO>A&yq&_wJ@q0Tf5JLkn04@K9@J}yLY(Y(?>u2v
z!mve5>}+kpHRIGXwi-$6oa4s3L)K&-7|AiVs~Gzl|5767^<n9a8R_rBKBnrQ{b9KH
z(+YltC5bD9Ew#0oOIl;xSo@BRixkt_pxP=gU)RDe)V$;QH^hX<3l6k|s&Cmc098N4
z1(=rR4~PER!n$03HR^V4Y4!ffM6c?D)@SQo4N89%-8>SZpF#xnitHF`D9*wEnzF<W
z3}epGFi$XYM&f`}N=-vUic0M$5SICjqHf`~!&9_v$bBm7)<Fb|9yykWLS@@s&TY)j
zPbqGwyA<7Uu&ik3ZOEpNDe2c7U+5jw`zD|;`Hcu{dGK-GexwxWg6p@b?vbMDwipP{
zUSD_lJT=w(@};Lfz&qFp=uAUK2ZeKG)?M1ky5Ugtr!z9hP*p92pc+ySG4&J8%671M
zS@%-y`>Px2I^Q4O;=5MQyLg_>SKK>EZ}L(bxfe@3SM-1tBCe{^c<|4T=w&P3-U(~I
zdGqDdr$U#Zs8<sytFG=WgV{XDEih1h$nfMEewGK;37y%~r(58GhH?NoDM6d*pmZ1H
zWbDpx=yB{h-rFFk6ZAxrP}ftcF5K*AYQL2X=N7T$AQp?8nHs7XMC>>8#Fsf*{fsF~
zuy%1-YuMh_22W=pJy$633A{D>k4zjKv}iOMC><;2`g?oh+HKWZK3<7#BplZ0Q^HIH
zJXMS%+^yI(f)QowWRxo^%MO;fjbHzq;r;i1+CafIT~n>a4^NBqQt1zmo;^eMdHCqj
zr*WT-u#wk4oMaP{NRo5>ZMuZHO3)0qu!o0-I-e}qcD3mnvE=UV?l9rc&(HVU3UN_q
z3h6)wczEDM^u1rit(q^&lu^E{bp24V&&O&Hk;CuK9i&*hZCHQ&M@YJVEZ6e4fqPBC
z;J`z<--lK|_Op%@SFyZtr#XS|ISHqvbgVzE4M>ZabckWET)9$n;;N8!D9lRQ64Hqa
zK5$g+)0^@tcNcyR0rHN&dh^Dk{@wN9>R{|{8OIY;S@H(8i_JYsznJ?<<YIF0u?UwQ
z;d~uAwS%&aGMK8@?n+y~KIOZ`(VF@iS-B`aVQ39u%P1{XR8cu~%b)uG)shLt_j1Zx
zRVVJ<&hfo(%rs{jy`1ZF^ZgXsaAJZ8KSYi6@!;Tq5+XzpZQZ+z-C{-tMs!i_LNog;
zTzcqs8X6j6<N>oD_C|NY;?om>+no+`S<0{8yCIpjqSSs<0li|_d5xI<fOb$sJzDJ5
zdxYEg1&@Dh66pwwA~m_Q4b5ZPgji$5>7in@C`+dUWfdG8T-d3u!<ICVW;z=gwOhRH
z+xdE9XNN3%U1O(0OBCD6u9wdzZt6NW&P1d8c9Lq2s>{_)2NUMu0D3r7@o9OYwP{n>
zy!LD<GC^o!5NJ?NAfZLesXGy3^fOsYV)U1F0_wrLHvLeM6il=Ga^C0I3z~?GXg9>n
zp-u4N3chaiVUmv*H8)?lD^B4M9=WN2W-aFRYHBqAf}kp!xJWHD+ns2A22r#>Y^?J?
z3kQpRw#LqZN{qa@kNxcPq2qMM3?oIg>W{ew4MIx@y)ro~Cx`hVSy-e97?295g=kYo
zm5rTUyA=*uV@*rT>41P|aBjYNBW<Yaa_8~*d3!*QurYD<5zw(upAMrxSysllv^qjK
zC;P0Omc3R$PXphk;3qZHsy76ie58M+v&QaSEUNhQrM!uFJvi3ixMb8R*5t;S4!rUg
zfIWtTe<ASk<HwrCFsSYW18d96ef<5eXJy&>`c6)#*zvJs!%u~U5e9!4=Kq1Kgo?AW
zd2O08Y(=)aw;8p&f4mbY$g6PR#5to^Tgsc6M^pTMjTxFazHqr4eo^II%rr}%kNNMu
zYw(UouTZF#_#z}c@~s3AmPe2HSE#KGA8ZT+VUDz-%X6;(^=lqWx-wlAB$>L%F2C$e
z_i0*n{?tHgAsv|TJoE@J<DW?;`)m&>F{ExE-piC|+FwIzbQjre=oj$K+<W!xa0J)|
zOPhfpX{eGC=P_ry_hZw+Wr+d*vZfuKos*WI<44LL*flUX=;!XvvUw@UWU>LfXnXzI
z5&i``I}snki|iaEA*b!<y`{#mcD{0#aE%9mA@F!K`{x4`*I)@h*QQaW4*4r3Vwz(0
zm6}f$zOT*#2_~N95$dtkc|L>tlg~*C4O$Sk?eB;8iQFGsp@DT)S|%VU=q>~|>b-#d
z`!B+kkFgaThQ(*l6FB33{P-=<99tMcF9Q7iKZ5{8FRtxDM!$dmTR8L4y|!pufZxdO
z>xMDX<T}B|7DPf_-M?PF5>s^>_-g+&IWc+X!}5t-SJ@kNb=dhZp*Eh`PLl1jQ5F;y
zSw7D@WF^TZXWYtN`*d*d4hA>ikhHb2CRYDa5UNAD=z1BM(zADv*WR6<YA!BDWem3&
z8nR#A3T-(}=U~3z$@5H3xr#lik=C|sl5`Q3q|tL+voNzG;*EumLH2yDx;pI%FgWNA
zB_t=ebC110T9Qrn#NQ)+Hv-LYoaa5uKuTVLk8{(%avm{;S5(lbm+Qix++2x9a`%hZ
zuYt`pHHbci9uy8PKn#3#DEgY3n@z$4ymszPZfMZHRs4Wwub}!^4*K>UcF;xFX5v=L
z7h=jFTMYNTkea$un?a{@+)>oxqk_ZN=lIF?q&wZB^AGF@YdKi$V@W*R+!>3QyQ2xC
zrKt%Ut&Fr1&#&b4bhfYgxrBYBy*2!%Bp1*@?x_R$v|_JN@m^q?kdp1z+AbNmuTLj!
zawcN-CK;F?B5l-R|KycU8TLMOXnb^3SX4CTb!??YNPhR$m_FVnT_7nq@5kf0=Q`m|
z^nZI>Ol?856DH))`?z{9-2fEl%a^Fl@FRc~KwD#OzI}V*1_vjn2X_XeeZdRBr9?Pu
ztq=v=sTaI_?(LSTqMN-NAICHUTi@LSGb6^@G!7qoYwLUVNOfXduUPP<y+}enG#Rz;
zqHMyc=a}oCU3Lda4I^XPRh)Y1$LuUzXq)x)bhNY{baf#&rbW5ML7{+r11$i#4Oi3&
z>LylW>n4Qx$ruN@Z7@~|08Tm5SB1=WqT{1zqzk9YSQu+KH#e8`LFTRd8%QrgS+ZtM
z0UZ;pmk1u}5lB+|zZ69-iid67VUh75AsQT`0sbxl<^&c_BF=+MEm{?Ge+7@=)*$R#
zL}`q(axKx*{kpXn!*PjcJv~Ngrl&jZ9C3H&xKYQy(q@iqw%6G?uGc`mCZ1s&)O81m
zAD|1Qw6XB3NseBwuC88QA0{S}Q<8JI_3GR$E!Om%08YU)_sS8)Wr-Pcr)Z%vQqFt!
z+>1a+Ft>;N8v7ILn46Tu-4Eaxm#$H&or6Q{E@XYsalaiH=)R<%%$b;-STgL`(5B4&
zCITE-q@ZWc2!{+Yd@tYxe`vR%?V!)m8Kd{%8;g&Lp)qWI-Vv8mCq>xt18MY<#q)X*
zJo>^P@HsO#K33DxS{;@W=LQ!CJ}q=g5)_sNKx-gPXt)_5seL?#Y0tZNng`dO-$nN9
z$E}-^l7dr@)eZT%*f&hNCOhAD5kVwW28k(zp`z5a64bQdXYHYhiBbFC6ZX}?+S9T4
zm9i+Cn~KyCfCL2uwuS~20WeFbd<fsDH@fVPrY`ATY&!8(VIj3kBWQ>L-G6ud<w&U_
ziv-*~!aU1i5}cG~RzDZ{5n~`Ouh9K2tOOhBs+3Z|I@LdiWixbx4>&m`ib{~lu7CVd
zRbH+;OJPfhiHMj4XsWBb<t&<%bme(6*TBYj{lK3O#Wu4V*Je5DfED#6y-|IE%*L*V
zjuos<sG~XAOC<q@_b^I7D@E$krp}syn3|!OAcrCi$?=CIs?k9D1HD=TiA7!b_b=g0
z@$ai!)#c@JoSs6H?&Nf$QmRK5tU=c08#j((M<9JQFEOKTefFWagR`|-LsG}l12mJ-
z93<eLS{@!_(7{wE578LCuU;MW@?!oUOBkI-R|wj@!2gYAP2Zii@0ZX8z9RuwUU()X
zZrc9)N7$4CG%}KMzZIg+TlMugDz)2XX(L4eM`cfs_Ezmh+ZDIc_8mKBzI;*F(P8RR
ze{4dfscfO4rFAf8QI^3MB^9_QGUw^iYr(>21^>fIqX-uZK8{~c+5l@T>|^VclyE?C
z%0Ub<Wip3ga04+1*SMx;@Z|aGNm*;Zn6>vFqTm5q(pdZcA@9S7ai~*PrcKMUWSbY(
z3a3KhwTkcDYDl!DKlSYFi1{=zAxjbN@C5c@8m<E<k8s-BPD~yMM0N}e3>E-22kw0|
zvXlnQ%*=8*w-vG2ot+@L0861RBjXmT)#AEN=iAdrDR`j2ya7Z4^-l(WrXbrvHv1ZU
z3Z9?F$5#mpvsSjNjNaVzr0dC(`!-yTBP4f@l>hSM(y;)nQ<HHJ7!CTOxG|5K<{K@9
z|Cob*XzMf#hwWC6d9}24bYRnK)dd@5vLYF^$;;z0J42K8^E_rQ?T<ZsV>p3C8gZ+j
z`D2iADcwPx&&7S7Km>0DD0({S>Vq2$^5qM8d5wHbvWV+UclL5Hk|g3G#;mMdKf5(T
zTKd9^QY)9Hp!<MB)9GzPLoPUlnMlfBbacdo9r*jxCoDlOn#HcJ%YM)VjSXuKq5G(J
z=Hlc|MMQG0de<B9*y?ZDLOy^=Et0p*D!;fU6M`#BN)E!EH8r(HN-C*v^Y>QDDn*L0
zNNH_t;H0?7=@@L?AMt<kX5K?#;mVYkm&a8P|2Fnd$hnoz<+uyYzL{uakqrzC6s<0K
zT7AH^1zyJSz`)k|{#UP#P5$)H`cf;@@DoTSYr!o%+f6?7{S|0vw=EAjT}%_$az#H8
zmbW{ML19eEYa*V1Sv+>vQ7vwus@CLFqPTc?#uV3c=#7InOlr$RQ?9<MYQrRJm#Ntv
zo;q07j(B@p+t@^D*xB0Fh)&ME&v9u>vsM;RZ@Ke;V}k9^US-B)Ha9iZF7Qz_l+(;m
zo$qA?{fxlG{q7`*^8Bzy#}J4A%?EmR+zDj_U#hWa#F=1216<>me;wVzBWHRoEKFSM
zfbf~zj}VLm8@mwk94%VKUHOqx-@koBX?)Pr6L-U%pX1UH)B+y1K6XF>SN$YnR|OL3
z&HaCo^_hNt-8D5e!*O#wFB2^9`y;Q2@2aY-Bw&Te&9SI95dHM^_e=VC{YV{qH+%fv
zM9I@_iFfaROwyMmMUuW;;^pTz;lfF6J5^s;7<oZ$IpQV~^QKIj;egz*;@Gi$m8(kD
zp+jIPRa91%ApI}@o|QLhWlvU5gu8YJ>O_($eSUFa66$40!QeGyGE2+L`OI4HbofcW
z`s**gc6pFC9f{(kjjrpK4Ax>Nn=QLVhS_GNb`D73L-&f_eDtT{rtkM35#J--o48+m
zFE~S=Mn^ef+lP+NcT(*B@bztJX`$2Uwsv-(!^D_ytmz+5oNHbnz*~cxH{&@1*ORg1
zOn}OC?~Oh##km_$Nh<X*cffFpF6*v%nk_h$z^b#Bx5V3=w057K1+l6#e=gBuj~cxV
zS(t)xFif|j64d13|MD+hO!YV+s=9V<!OToh3b-8rR^?r|V3JX0xySHcBxHc$vfMS=
zFZHP19-=C(c_2sISXw_q@Td{J+g+*{6NwsCDe9*H&xvQ-(ZvsD>96cIQJl3x{fL{)
zo7)gCMJ*bzM%<@}^>qp%n;)lN-0k8L@vcgp!*lbj`BcF&t<j4KtEJ1oe*b>|4c~4;
zBa=NRZjBg&!Ub7DG`y7~tE0vo4;e-31c75x;m3)JXB)-1adlu2IXB(xi(t$-wMZSg
zc>`|4FL518f5+kqJUP5cNkq!z!My^ZuVee;*NBR@#8Xr-FrIFJPGSv3W((Ui7t#tb
z_hnjKcD1C_agu%4@9Ek^*D!+j*xIt}F<$L|^M?PGo3g0ZOWDUM+iILErvcrX``{+}
zg%bZWcjbjBNw|ai2D@fW4lxCgwII_l-rSdyQC#EV_8CC-g5Mn#xa*#{VHgl-5qErf
zor2)642?i?+?tPGp>MOe8bsdn8gyRZI>i{I;ZF3pKDrEziuH`qVGR`({;#qkV})5~
zai{7qf{IP&7Ki^y_2#-IvmhhdW)}LU-8NKYw2Eufh<@Ul1Ri$V#}2iJoP3-d^i_e!
zkH@!XEDSefXN&GWsV2RfYro8H2#JjM=kkbgstf98(C5W!E@Cvvu{I?+e8HclUCAlN
zSI^7*R_3xtnl4)|)*!-LUsA#)`3*?TJ-p)`=Y;N(SaYX_L-~97nk8rHllDky`!?5(
z$)p->>r1V_d9$Vf<I%URt;>7Cn%>&GCG1~Ki|G4b4&1Y$HKIoXna#VmcMGB{+ssBS
zV{};9UuP;%>Ek1A8udo%nR&3tin?#~pXm18jRlkDDF@$W-+W-gusYXzf$uC!`b6JA
zW8jLYpt{TYGIUV8XsbsRLxSXLaJrDxP*)poc=F^4BLozh`@ZJ!xjZXy(Ur+EA|E|?
zKoJ*bf1!GMpgQ!>qmCFkliy7zDe{+5{Fk?^Ro#C(rkxpM>^s|7aIM%5sJ^Lh$k^v<
zTM2c}207DQWyX*-W1Bg-82r(Tm<OFHKu-f03jj2n?q+6EW{T1JRFKJk4_>P7G2G{1
zbO@~5wmbS5>bpMi<#ybx^}%U3lY*fSISicB6}{fHtq_iYTYH|d)OuL$CO%a<tfV_k
z_OVsXcg5vtOmYh(Z`JOKNJzw(6Xl_K5)NKh8ZMJAFC-l}9&In<!xh9?vJE3xB4qaF
z6}ae;EF+wvUW(e~TZ0Axs2yAQ>c<=c9J0u|w6@HPCuWd<#F$5tJFA<~5;W`Ffu8g1
zY}_eY7g|3@j!b+CX;sk<4G5?~-yWG0knwNduD*~O$(UUycxCS@YGxt=0m?UI8<b3C
z2H*0&!;0T8X$Sy{mY|8WC4;WVl{b;sc`pq`K)?xP7XS}0RQ={-DhG;wG`-p(fZ7s7
zG7#MGj<1+ST}Cfve#lAz_cx7GqU;NDD^eOd)c76+#13TfMEb9kIPC4|8500x%K5Wr
z9c*k`&+c`<t-)20%z@ucHa2HZr%s_b&LH7aAe;O=n@U6;Bpovck?7!OL9|HNL^Uk7
z*dx%D4qHfW1)t7%&M2S-a9LbF;DTc0hZ344%RxupZ@yy(mQzAn8lx86hoCmpwzT9M
z*o7%+YHNeE$)YJxLO5)Yp#vj${rYu4@=!RKb{#!RO@Wq028I(|aN<g@UWNDPb#Je2
zK)x?<!`ty&S-G}_owzKsT|>M~LykHk9oUtK#2gGAw3(4?!RLT&rp%bRsH~TD9w`N9
zpkrYtRJ5Q{ak3$H^?usXVS3;|_@r!FPy13b41+iF!E2e5bFR1=Em~tmh*cqX48`ep
zsH>=`$jNo!?t<#PHE?nz8(RtG@%jxL!cLz?6BK>4Z|DCu_4fDw@T)gVh=9b77O;l<
zhK7dv`<-lUp~C$zGSWIF&Hfo6iarJIbNHFi^Z*~4ler_+1EYZ4JXO+f5P8Y1TjJNM
zQA#R|-JW}h-UEI;fDX|t7D{c%sB!Igax;<FdG3G(BlFQB2(}pW5`}=>A)}>bF+F_b
zNc6dk5ft#5hK+;U$B_+TPonN3#zsKeXlf!IqB^FMvJu*_(y;A_Z`^k;B&pl0d}Y?6
z+F%cng_3P>(@jiFU<r}Gl1xlY@N)eSsrvhQ_gmVUQTf9?(6VNE;OK1K8i@^=l=QIC
zF|cOX+siAyA2?U&IAg!B6Qt%?%(jOzO^7XH8W<dm2dS*CHV7OwMdJ?t47hW9`<I!r
z%wh8mEsMJP`VC4-k>Vrem{2qfqc=c#**7iMx@I)N1qs}5qE7lSW7ggQRq-ASnI!gh
zZv^>3MTGU#zI3vUmq_JEl#-?<Np-9o@r@kFld<{n(h{7|nXv{ub?TD-DRN8UT9le8
zb=wi~_K=0&_s-mPmCq8DM;`>e4Adjo*0BGn>0n3KR4_2Zf)E`mq4pK&BiBZ)T~9Wc
zF%cCwWp2~nfyap(vQ2$5d;kRk7`tFU!s?Gnd)zkis+9r)NSu<BlhxY^fIYZsC~wyf
z_Vge^A<Cj}gz;Di2B!GaFn(=$8v(R#P~5VG8h7aF1?mqeCWv&6FCINoK^_9COmQ&>
zf6!m&4*`+<3ty`;ppq|4V1~(yE9k2^v0p$~MSIH8-k!kVg`*#BT7ldO0YO_+vyjI}
zfJBP4FEp7GZZ|)SaDf{X6sH8OJu6m89+(haE(s0@(tj?eUN)PJ54vsJ!N~^<YuQt_
zV#OOY)Eh(|7AO>411vH?^-wwS0*nTDW)A~evB93F6<*dMTsZo0W0JDXGt8aMGZ2Y!
zVIg^i+{`2o+~;-c*T=}Z?Lb_?TurX)*|TRrIE>W);<yhydhN)A71HU9<OQ~S1u&fp
zJp6+j7|u>kt%V7Q6HP+z*QF`zSsvzGI-)CBlgH*~|A8z<mZNQL05_|!u1>?A=LjAN
zoBPt16T&|QSfF46|7x*oR~m-q=T=jx1I@=(v$1s&EVSL(6tb@RQRHDd-G~#o3eY!0
zlu#PzKvf(#P`ZdOX}|<Sck^bWV(g;HxUu{?h2;xcSLgVRiSq`!Y=XwL`>9jSfBqR}
zWE53Vp|US@cG5|}3$<gmM4S|wC4CDJls_ARWfjRb@B5lvU66s?NlZ__d-`V`YQ2d9
z-<tR983%wF$`s$5_9R-0ec*o7F3x=z!XhgS6)lgG`g!bVK6bBi^Zkz`BHkxF;5sa{
zyBUr7x}1^{c{%pKZh6p&qgob_&8Xeg!A63BEgz$1p{1s_Rq-@pf9&#*k;UwTSHY~2
zDMs8vWrilAw4@~Vy4xEDinR4<;TEy;m^--shwG4sKP^N3M{_B8=~cHc54l!Z86yQJ
zr`bk}7<+Uhk-gv>JD^bnAh?HD)_sjP@A96$zCDhP;t!NHG@iG&udoF-N?~sZU*s8l
zg$|jzNkb#UFOwg&Ozo3=;YE&C8&n~!J)NC#VYNwnwotTowdP#)`2GDavKdn7Mxlh3
zAzC3<)Ps#vaU#vnp%%h+wchFHR}EgNxw*Nu^)rC=YD5)UuR&^dXyW`1+8Fo@=t23a
zrBvf8S5-CCX0)Y|(y+~@kE3O%;dkQ1Pj5ZU^Zx^sYGB9zKB6X<jS#QEimvT&ly)5;
z%URpoo7%=4Lt&Ar-2Wp1w;}Gw_DA}s3p=N#reFlZ;L3NMKx*n*$5i-GvB;Ah^v424
zb(?}pg^8CIb1wi>^*+Jnlr+=npnw3taKFyX0AUL=M~rhWqg19Z$X8lh11L-o37cR}
z6E8aV!QP?F2B}c*E$D$)t~~gZ8yon~H?P4-ufnPgbVZ}ngzsVUMKoTi%FW4%iTl_G
zdxKjeYdN$UZr!@^H5v{~WOay1a`N)Oi*K?oP}3tLQCmSn9C-P%<BsLyCr@G-MUNwb
zI4DHKWaVx|kRwxNz9V~q{s!_oqI6bdT}Fdp!pHy~&hg$Eou#D#Ot!BU7=^b#ULl=<
zK?G?OzIg**jf3(YGf5uC{siLYH6lsW?00b)!uY$gu<+jD>CytEb{rfWXb3i)S6Cvd
zv&iOt1C26pY?qWE2+msh`RyVekH$%$UC;xG2+#5(-sS%<-!1n4{(IC&UmvM1^03l)
Xw}~gOOvg9JE!)0rmua=JE9-v%#r$G_

literal 0
HcmV?d00001

diff --git a/windows/deployment/update/images/WIP4Biz_Prompts.png b/windows/deployment/update/images/WIP4Biz_Prompts.png
new file mode 100644
index 0000000000000000000000000000000000000000..37acadde3a67183843c6e1bc9452430d67923bcb
GIT binary patch
literal 66737
zcmd42WmH>V)W%7R7l#(t;O_1atU!RaSaEl^LUE_K7cW*^OQCov6hd%!D8;=5C=hHe
z{lD+5S@UH+&8+#5K$4qWJ7@2Ge$TUGG$Bej&&Z!4AtB+YD1%=iAwAVYLVB`<fd;%o
zQn@J%{6VpiRhLCVYDmPoHA4knW4bEqdmtgvO+P-K%r5Ep0&kLeD(HE>cCq&KF>|*<
zay7Ga_T+N5@}w2u;^E@sJ*BlvM?!jtR{_hud1rjMf||xSkj{L2ad<e|Vq@cNJ&Idx
z=a`r!+sIMRVQsxl%+JsN1^B1&V^&sHkGb_gnaMX74exzzAMLrSW54|yY38ccA?$B%
z^uJewmZ8I!Yrkk(0^tSs0XOI_H~qMH87{{n>xmEZ_aS^U_lap+kifR;cZ>YKo5@Pl
z|DGh>IL<_Ut|y!m)3i_y3R-;sG<UCT_Q2EQnQu>h4pvNbB#$ECJ3dmJG=cC;2{@EK
z@!wOvNPf`42Hz5aMm(hc{^m1Y#=~FH!R${1J17T1wLwApTjwM&hm(M}gfU=HvND4o
zYF)?8AP=Kn0S!h5h7Mu%zjp~c!=;&fUNZdKXqPK8($wkpdk|G#?d6$rXu9&_`$Z%Z
z0ihS76^NX%#D|kJzI*G`Q`P!=cxHE;7+Pq^XN`Yfo}dy4@F}zKH&eTakEL8;)T5Br
zyT94l+_!lzX}m4AodpkS_P5p4st&=g_E`&PkwEMgZ>_#R;dJS`wpOwd7>fW&18>2X
zJ;u^~R()-9pMU(fck|^xdu0U~1Jv)UfsZ7&j@wVDkG?(J-wYKz-0r{^YzpGlBt12w
z+E)DzYP4>VZi61~E{9aPJKsFup%^jhfpoj)Z%!Kr1nV-sj`=p+ZV+!oncAIiWttd!
zFIZ(ZjtDKK9n^Jq`CqL^(bwI-pb5Hl^ZgZq4y&r`dJ7z1=gWTM!0WBbVJxn1pCm4(
zUvHEW5&gTOw=Y~eP8IdNX0(TN44kx^mz>+R27qS+p+(zbci`vnKF-Hs;dg!+lWNa(
zhp`GO6J7lZ!(&qtIsUf6W<!e6rdWS(U5q|7cInq~=(FNrHHBruWwLg^4o}BXT8;X8
zx?@L41&`m`<?iu=4>Gg2id}D}4pI3mYf%SYtyeyusAyRWY!3`P`Z{M{W)yHSvvoQk
zo$1ki2P@4qek*>QWs_gAS8{12FccJy^<H82cdo!Fy<IXhFc=79`o7cg2^>^^nf)GJ
zK4avwqK(&e8%>|ULg831ixZA5c!dx@>G<N<x|OjNP6R3Ug5T}r`4}%)rmC~~d}l-p
z?IGgmvnxi2;rRqrQ+l5rSRJU|8+JAK(r>v4`+mAj92>f($+??5O@FeQI%5)gark8{
zV?=nZgVJkSEB(r}=)S;jzrw08f|%{*@Qa4%`MCU0UEoC(-;(1O?dIE9liQ+U!8yaN
z5A3xp%=z!kkH%xUyS^QM+eonb`9hZiI5rR8^#~HSRLR5oUKotM&ah6ac{dZHXBP1S
z7C~aHCk0%q<dpvz*WBO;VtvbGa+H`FQS@$m8~Z7BVJdDEtmzm_r;gM9t)?kRRWiH(
zdL)H2X_@Iu5{y~otrKZx4GQBw?u>GCQrE_!`_00z2A>Y?1Q*JvHMrmPU5G|Toj;^s
zEMsaNxIv9~QAf4i_Xw+A9AOST$#YF@sC`w9j`v!?C3!31s)2b7BaAMJ@>NWl13L9P
zQ{Ue)%=YNUo)ZdIb4EU#>@`iVL?3R?4lX=KMau}wfk9cV*gk9g{-_PrcUIqK#zSoF
z7Z2%wlk~-Ww#S(JO&4?2Ssk!PXqtR1t=<vh@cC)G|IrmlFW7R$|7^r6-*=mpe@wz7
z-Vk#!4y&zE;VOMhWme<wyJ|}JsROIbDq~jZmAeKww}I4~dn@*V-ixd5f}s2MCmBmL
zp%Kfw7!0aScEDV!3xAfJ?Y(HnZboSSyyC6Tiq}xOuCcyKy6tm#xL|DHb)0LAPE6nt
za1Fgq<^m5J2B;0>BkoUtzgvqAbu|VlN;CnUttVYK{rcDcCXO1$GB8)IE@pJ=q$Y9I
zDZ8+kmOZD`HyGdX<YHv}ZKG1&w9m52sE{Q~=4e5VkL7Cfz{@B@7xt^ab*y8C8PDBc
zP*=M+UMgS1&@ShWdbI|SPI~uUP_P;ZXZcO<uLh)bLap#-eu-W#dpHOT1-u1@IfPNA
z8CjtSSL*7QpYgQnG%P?LBjbII_q<sY;yR9hl*PcM)2sEgpTdE<4_mhVuyM%V7oEy;
zJowV;-)#S=DMNf!qigJ2DkZuTM0vV$ajH;HY~(pH;mm=KqIz!YPsq_lLo#n3%L&ug
zHPRN1pyImpNsPrdY9Cx#e}U7zcvHvVaCc_R^&pUMJQaN1mIw>b!WABBb)#C4%XcIK
zX@el3*R??SIlZWeFmP@yRjj;C<dmIY+cFz#rf{NywZPb_(pJ2eY9jH{_gJG2YTLO^
z{)^n^l)spK+SPBrP|;g5B^&`!p<{J(bZ2S8{RWTP)Mx+il1p7j(VeGR(71M}HoblU
zjr79VDc?!MSX$5`V*QCyO}0`HCNbk~2|A5`eV233h;5oxBAKlF>o(jX%DFow7`Uk9
zl*}Vtkp<tw+qhg)pS$bIT)UBCZJEQxKr0JAl=)w*{`Jd7GJ3l{_W3~9&9T8>;Pz|D
zCKjSm(*cRIO26Rjsleu+?6Qzg?I=U1qJ;?9&cMTMM_ip}n^bUdHwqShrAW4I!NGwC
zvt~8L{VZ@x5PgMZn9Ck7tP(hb9+MbhOjl2$VsLQ)#=CFbe*VFfPucRkOHhnJMS}RA
z1*SjE99;1y*au`VW;KI<D6~sxnPE-by+zh`{qM^$c=Ag1ZLVsz|C8E4yj=gA<v<fw
z4F6{y<V!JS{4Z^Kl9|xzJv3c}wcH&k;!V@o=Z_CO7+&5tPF8TI>8AeAX1jF$A*KQE
zccPqg;GdX>1kj}=*AtQRIo=yy+xs4bG3fnI3Pvv`sCGHJ+ms%0>q~7}IUjz%l_e~d
z^=IIKX6~qG4DR*%e>TJb_IgHjcJ8DR0CD{9NEiq=BDwLaegAi#%Gl3T>i_4Xwz&V@
z1)-7R|7P|WE_zIz|IQnnnT*2z@A83*hW;PV`2U-qEh;<B?7l6fj_IMh_^9kj^0?PN
z7XQBsHe2z+t1NY02zwxeYbfSZQT@xwcNcR*Hz(a|6LdqDz`#luUi1IrkJu~Q%JW%e
z4Z1%oxZ!Z&(HvWkqA{**KW<~wtpk#+6iZzP{N?qZUc9LAX_m9j%hf8x^=@&ZV*U|@
zrw<UT(<~Atn>)@YRq4lYsh~<+8^5o23b@B4FAXJ)->pZ8-TPH=6UB6mdxcv4=Bd2r
zpOs=Jj9EpB3fe7<%D@qt|0HpDK4s#1-z9zfr`HNdE1Ww8L4it>=Y2#PX`IdTMU=pV
z-l}O?WmBT^dZX|3bp|F6q=yJNTI>K#P=^}t&*zUBpeDSIL<YTO)z3lyF~9<+wBVJ8
z^weiN%O>ONoN@cI+W-~)*k7EsC5O6B7!a@Yj$3!~>5?ljyVmb-PPiRvTdlKzN(y#+
zHfE9t<iBs#Uq;2YfTv2ZL;036LnNUQy&hBOiz(oIb)12$-u5E^s40fjg;(C_YRNbF
zsWT9+poV$@l~0BWQ&tIKxi^FC^g3_@xJ+&q=h*D*Q^~!5g<^5BNZ+pG4auTYy;%*s
zIcnU=f1d#y$$MoeN~qw7z*L&#-}&M)j9K5EJl#OVR6)jL+D?gg4&zjGBr$aDai7uF
zjh9#w-gWN2`^)}iM984^a`k;w?!4Z+)B|SeYn3b@0}cV{L09GOtwW8r)&0szpzdR(
zMy^6-uTL0LC^v^e+&iqNr*d51i@P=bTB8QdyZxw{9i7ru#`k<eN$Im117Yur+`Gr3
z=5wC+V&mQ4CEd{J@bb{z8R^?z>9j2C><WpqVSf6$+ZTty%FvQj$lKc1?d*MJ6aUkn
z<Tby}Q%&#EP4D(Jg4numx44I_GL3{7P*k(HyKmj&$(wKLiI`A&_@wZCyMBZ&XEZ*5
zK2f-IxLuzn1{p%6@6H3A+?WV^3Bs84m_Wt$=8v`CR+2m}>zwg>C!?6d_LHuQv&TA7
zw~h%R1JaK}*>H4`Y9`;v?L@?VU?g0LxISF{1e9=X9Icxv7xy1soA0H8vfnCMftWQ_
zL(2F1$R)_2SX<q7e~7ciP#-vEr7bUP)EK1EcX9;P<3loZYnntHq|vL)3_W5%b)~f6
zqj?!{xuV;38t?K(`ZskKP}B3;hDI3DX$??%sEGn)>4AOUhu-E-FRET_Cx{>G0grF)
zz{Sk8DF|p@OVwRq>SX!&Ui5n>D##qDiG7UJ(bE<xmj7Pge^zB+(s6BmEaKwLSKe*J
z7jH+P;>ZaC(_-#gc;?OPbYL+13NVlIx@QBmox0?hTbt8&@1)i$j;%Fd1YH<&jh+ET
zeeHxx$p&y$*nvXf7&>{61#2t^CDsf9*}r`D;yW^)CxhO;7xLHld0ZWTeq`?eC0}(5
zXJ2y}-(w;9)_N)<_yhy#W~K>?IA+cyC?MS^uo-fL&$tx0NcUElsj;j>sK*_*!Rt%l
z@)b}j>(23&x=9<pZ_fzu>P{2O**j1D>#zhAsJ9W#$wxitG?eMwi*~XSz<DJq))#f}
zicWsHByN@cP%@F|jILGYBxzSdvL4r%og@s@5kD7Wt+pNpf^L=cf%?;a;oQ+NX~bL#
z@nStwc=P-YC}PXq+m7$~lN*|`yUtjN?|G%-kS`|VS)Ai^H<GFMpikwxp~W?|2k2mv
zoS7<@bk*Z>-S=C<$AcEbhJJgcUX)eb`$ghjtn%X1$sysZKR;n)JfUl|G#GCVcCD4Q
z{6qiRCf7}o>Kz(asMW!^40Y<M-H%TeBErBG*FsS>zVw_gun~d&>W(ROMjIC;ngk2b
zVO!hb3n6C^yh`wl%Xz|G=fI>2;^hsKwfPlvcVIGC2K$lhF0fskld@vd3Wu@J*}gDG
zg1cozhqbx{W_cWjd0?b?Y!|T1lRH#v9rZU3aTyT5wJqdZ@tjJpD9dkKeT#oaH9gi^
z+X!R3U~**m9v}{zw=2u5OtmKZQJaLU<rdcB2~0wbEMRyHVe=1bo_z~hln}n;#9+>G
zY+PJr5|PFYJg8}*j-O}IJwFE4CgshF`mvnNdRZ0;qV`l!=FWPh#YN1~7R(GG_wr-O
zB5ngqOUCw`t4uxfnEmha!~wu^=)S>tPSI<M>Ia1eZc4J@A#eGd;HCATQs!~|nZ5}}
z_bptzCE5X6>vHsxqyGETuhl>tsM;<z*i1OYWiSIu@0z~11>n}A*LfInsiqTValD!>
zH6t!TH%r=hi!Yspzo!yh3mZ@S0CnU{m*o!U9}=J@ti-c;V^Go%_M<D6=ys>Yd&#MV
zydlRbL%*^b_cCNp<D&1~mUPonfO+#sdfnj^M7$<J^pXJ-YWeD9n19T0Xc<_;R^dH8
z3tnC{g*bg%kNm0;PZD4wLHppp`AU^jd+7S^B*?^y_pkh4u#1@{ifS2!KN{P1LPO3l
z+AJn>uBJ+cigS|6PKQ(9{W1{}5HEp%Z!jBkEZ*x-`V)gy7aaE_$+|dRs4`g~b;4BP
z2dV32981)x&!`W(8_}BmM6iu=%c6ai`>5#7v>#zi%!}L)EZEHEwSD`G`_zTMDTjH%
z%IC_PKfFAq%%Pq7l;o})hhaHcTbYnIVIHzPBA<bkdW)iR^|C0!<n}j-;P0P%jl8)v
zoT}kr{PIX(j0AvS>_2}vTDz}NoDMaOA$0xI%u2ulmLUVNLGeO=@e_hLUxkT8rrHe5
zR|Z{Y233qE6r=7*nz42x6jqaPm-L8}m0wJLk{qd-5z0LQ*Ee0auiZH_qIxRQfUGD*
zQ??32zX^ukzJ`ceeRUwfd5+_z$CHvCxZC3;1BOVP_U%tEs9I`CB}-}qwC!LH&RklS
zprfGae=<p+PHs%nIR<8|9zEBD(j*-TOy@I;=Gor_rd+JhpWEcjiwe$`n5>AIx<KtC
zfmegG2O3&a1oVn;3?TV>&!@to*+Ywrj;~*I!oNqJ+8Q=qELt^i8iCC@iJM~a&fd^V
z((3UV$6J*=3n?ud;_mLq7`Yr5{9&)FVEMZ9+$rI9Te!Pog3HRbKmaP?UdiPJ8aa>7
zrE|T-UzsRts9j6$@_x=YK|$(?GW1L67pY?8u&I1CHVgaA<Jy{BgJ{METs8IKGg0UT
ze-V&q-V6FMg_o(R;S(W+G*+7a;sP>?y$o3vPb1tQ{w+au7h?b73m@qdqJ)lSS~3aC
zaTKhmWM#E#nNPDOL3d)8KUA_`>)cYdwAyjCW~~(Ud-Y+i<J&!Jq&G4_IoOeY@Xc#k
z4;HmgP~9AMLIsiJb|?_M3Ud|66C7aYy9WkoHz7ka^mlyT`r*iiHKN?$xmjttP9@y7
zY;0ZgiI%w%n6qi%rZ9LTb5_ujaBw1UqOIO;U$d;3o8q@Wu!jSa2fqOI5Fagtz_t>3
z0vw10=mv_ZM7eicMr8FBGsA(hO*w5&-d2^r0F{+6wuDx1G3@*J6L=BLQ^a$(t=k2|
zi)7?v0!HjmAtq>;;jROg1;gZep0z(FsAxo%1E0fU+h7f$GxHt{-yJQYUU)7#RWQ;P
zPggQ87i^+gr%cz_=OaLJQ+sL#O^X1>>9+GI*Yy&YiuDM(_Z>%{o!3G(lLI;K_a?ni
zhJN>a)YeTi!~Rw<vHVIG>LL;QYmW%bH}RfSpvSx(pLpFq{O1Q`0={)@%dl1ZQMQnY
zzGa;6_uoH(lknM)wMzz3no?xzt2vgVhjvNp(Y_(nSR%!tDJsE+tp%}WV2m0t>C@DO
z@RW>@(}jCKY&h85JiOILtIy3XJhv_4wTPn!4nad_$hhm9=xAH~0qSshQKwL=bt`ro
zpyaxf6Uh1U+t!i7y^^w9EU6Qc?7~M&EnA<2k&s`5nKB0!5t|UzV)2$|Na$tkJ~>3b
z7LjXKY+u0t`_%2ri_*LGIE7Y!CKHiS-Vj{GBIx;7f;`NpPikAg{+KP{6o%x+LGw68
zy)_MTgsRl*(+VMXcB-|V&{A=4${2jQ>9tjh$oUWD_3K48xOdRn`*pmaazExOWzx>r
z=IH%6oJ|5dIgzgG5tmtA9T9vk27Ei0t|B^+9wLV0$&pOju3TTWQ%i9{935EeK{e5p
zF6roepCG_qu|A1<Lm@myP5m3Smhjd@O*t7M7x^FwT2JGd9PS1et#oTL?^(I1b-Ke)
zrtz*Ya4XJ<3zN!aO}%KvtTdm|<=BE$bxN2RH^M0~wS-UVNQu<kQ=gE@tzt{1&WS1-
ztY8;v2B<xsOOh;!#YW>6RmVj`Z?)h7*F%}&LlTk1NHgzAqrtz2us!-If18RLd;BnL
zC}l1}Eg~<%Gsd?&jzwA`#(auq0n*$4B)S@Y&1!Egt|{>2_N&v2(FUANkh8lIAv6w5
zt3W4DluN}N%|a(Y*$E{`iPW@XMz@pgcXnzVWGV(p!RZJV(JgH*MNG8N67)BV$d2|<
z#CBs%lk+6hpKi7(6ObwR`s)h6w;ob6Smx{LN8@!M;@G*s(^v3cY%?=R4te)MQ(7<S
zekbVOrbd@)ME-ryc`?mQL~Wx*tR@-4%yE1*+LVljxDS*DRa&NBLiuemJWnma^>n{k
zS*OK6j}{}ChmHpk$t~lVbSZ@IzZBE&8#gx(Vz9~COnt2>>p3!yf7&FXXPspQyX?B`
ze7T*2G9;;uVEyEOkJVFjvMW6vRn+oufAU~_!vNfc=RHq}CX9LM`$&07(IQn$d9b|r
z6R>&17P0LTapIzDdb*t5h25rE+kPS~617am-}x5)<@x)!lRyH_XL-!YJ5GjCWn|Sl
z7JHV&l>Bkt4B~2^`?Scy0Vf%gxz}ype8-UhDIr#V2OBvLBg37b9D)+-p;$jX6sd=z
zP*TDj`eJVDMTFd|q*$RCBt8SA57VxHC_8<*pZ)ZX4vw*=Pj`%0{s4{n8=Da8E_@QD
zg`Q)kHP8x@z<A5AP7y%BfhFB|BP|q)I;n^M7W(1v+XLqMM#&P&kdJptoTG(-@FJ{d
zK!}tg8b4Zj@}~-Op1`76p&GFt-FtivKikw|NK%<Ep3axfJbaX)0Nat%(i#L->z)I}
zh;NBf(-^7SST64@YiHmF#Ue`8l#X2z*iQ+bB=0vB=;xLX`8qOx(Mr^lLfj(<Swg{b
zyPpfXn<I}<J*P%fuUC762BQ^NuTH79R<|~D3LE`SOqKFkI+fd0GrJ!8hSUp9e?bS0
zDNOTgI(>>|1Spg-{IH8#7`s2ebu2CvlSyDi?^!#a6jScOe!~Z+s1Tx<7y@F!V~seB
zl-<ai+8?4fF8AML=Wg8!ihXAo<iZ&Bwpo-SZaqI>$Mk;-itvX=7L!~YH<c<=Lt?9&
zNkWhrT0C+)kEje>N9i4NK}+i$s3u<mKB?!@MLF^AZrce9x2ULnGC;xd|J?g+-B>`2
zp$v!~%yoS8Th`Yyx`=VfHzS;KYYWa>ZuduF%a)|rJ@(QH^O(RrxW<=BeoavS+4;K<
zJXWUF3oL#`UqabnC)YjC+TgX)fnLQOTFP-G$jyOLgtPxVc`8$x&4_|urJhL&JKGc$
zn^t3t=d&^d9Er_SrAp-biN};omPiUM-=i5V-3E!gBM!^l(u(|KfpFi48uM($hR$qH
zp*?Ld<jVQa+w`AAFDID^iNr;oEzwX$C`Z1x;K<LG2?gUX(`?Fo&mMKJM;Vf6c9nyR
zaBi^{NdCf>yuJbIg|Ca02}XgIn8`Bcxv8r?#<Uc<jLZ~TOh?aWwpkRo!0nuqxh?9p
z?V8WAlAA<4jK$MNB3XnjUopP|eOR5ACxYWfnzkwmFYbFZ;k0g)i@L7mps3~@QW9FW
z^o)l3;|9pIoMvNR=P8jpvNmoJPiSR6fCOQG^cTYD^gK&*c?*F{;w-cz)PTX3LeZy@
zWhp?NZBTsNAec|UWI?-Fs_y^srWM@LuUH?afE93rOL$N()1r4-G#zKEzPwA`!{>^_
z!7df{e1ccD29i{Auhs_PL84OcYZW=^Mo^739gU5g9~Hm82QpI>CqF^S!(I1-4<q>K
z$O96bdU~GYl)e30^Lv9UAqH{d?`(|NBgMW7;C_!~wT|Y87n9_<t;IP7F7biX^XpSa
zQ>|p{gTE+6LoM8x$r+0nLPI)yIgHzfeP~k^NS^MksBXqL-s=9v3%cr^$mMDU?<C{Z
zmB@BTeBWS|_iCTb<aDF%aS!tWqohY|x-|hKW)p}+{B`XyQIXS5ZsncMu`&`Du`4La
z6b7Ne*pnenYAuem<jS~tDHMCr7{p{35q#kHVEnyhN$10M?<vk7vQlEg5D6Y0{Ln4x
z>U(^S@K+}9<-V%a%NRS!$S9C;HVvu>dkZJA<0=1~S0G+_ThzH2vPn))UGC1E&P=*g
zXUB72)cNG%ZLppmZ6IQjxF+z_G~;G2=`*cfC=M|(5UKdY2skc<-y20E$rb@cVJIqE
z>=Sb<tEXhNXkMg^V9<oYuVH*T4e$aJ|3Ho{A+m5!3nuA+Io801HOf$@S~HC}0Y}2L
z`j1?;dRAiRTz2>G>-4y*>EY$y2uwU_DaEsvLEk50UaFi(@%m2hy<I9y4g0d?DZ2gb
zSlWG~173tHgrl;dXSA{GgwsYcpuTSbBJ;#QX((!^)l;So4SOfB<w1ox4#Cp#p79A!
zGX9G5WL#sBxOwi*qR1J8t(>IQb&ayIGEj@%@`vbA%g<;eu=D{k9`?MHcINqcIrncW
z?a8-b`nr6HBkmqK>^&T_vj8<7+;}n+K2YM53vngkMNl>)p;9I&1tVA4wn@dvn;)!G
zT8RGebr2FMmVIfeFF>n^p_vLy0%>IycL&N{`m^tUD<hu%AVV3lVKAaWO`{Ww$OUze
z1eO_S@e2>pcgC#B>pnuzEB6o&5|u{5`MrE5+)(+ig7of_#%c<I5VqWghvr`;mz|h<
z3f)F7Vn#cn{O+_!Mb8=}qv~5{tCwsn)tlnvJ+6jjn-5TSMC|N1@af|p76<5B4t`-1
z5MRb5V-6;L-eb6VDw?LE=q2L+dBFN^yyG*T|4#j$@}}}q+KV|5-YeNm^&dpO3Pc28
z-}Eq3`|k5v^z6N2u7FP~2;NULn+oCCV*6OInbGFufDp(anL$pT47J5eX>d?@?h$;j
z{GOC%k?8|#ca0)g-#EH?Z^?TFRw{0xDcT=;dTh8WPkwP-jiY`S+Jq3AMDy3lFfcDs
zIj8=QVw)E|X$%vfQ&m=@jQ&WmrGV_TbHPlQsT_y-AL!+skP#SfF1cv}_kj_&ErJJ<
z1{fL4csC!?7zytb{-eoi0`*@HnJ%xc1@Khg5zb0F;cl`Q>&7_K{zsUZ$iEc~N$NU-
zFU3&tq~5tt%TuoAe7qEAY>W60On)r@mCr7mvqbHA*7ndPUZCuW_5VI)mL=kF>AE=B
ze3aRJ68)<@0T_PHg{Dw1f+WrB3b5K46Q*uJ@;L(}by;fRWmow;jWOv5f5x|u6n<9{
zNEDI)|Jiy(4+DUll>;dD*l>~k@?zK{|2*zE8-)YfbV9DvzwH?xw+D#E7QmOee3spm
z;;pv;kv~kF8bHAA!@L92qUrxAydRNKjHw$M9)OIYUt+-KJXdE04~7tt_3(ceYoZs3
zwSE9!R?G*WY*-JlN;FK6zQ6jP4<GS8Ha|lTIeEQq$o39!q@>T{bVC^f&TR7!1ka0x
zV=xm*Pb|o#dm~JfweDyFugtCi625<WIzW@CeIFttN)vFd^@!Hdw3$Rt+74<F^&`cJ
zQeyDKUCnzyGuD4xox>3ab%_$<BJW_S5IJewBeKdlN86o8Vb$rFy{>}~?s!=!y?X|5
zISvf~d5U~hpte|$Y<onUGeb@-D?<HzYXHS?2N-kaBjD%&C@=jO6Jck}sa$=DMTrT(
z;NZVwxo0;3*k8VLYm<h+>OTaetJ;Ss!Vw<=(d+_1I$dG&Q6wQmeo|(2*afIb#r@r<
z)BUcrdX@oz%m^!tqJFDm==PKEq~k0jg7|H@W9P-}#h&8a0Ll?a9CS7+eiA2fqfn0u
zNM+7WC#Ks1zW3*4(&@lzeR|H&bFxab1ArXqkHqIu*as8<+{Koo=A{fWo7@Hf#7J0m
zU2j);(aOrp;_uqlb^fjN@~pziGj+@dh^`fkwXC{sy|6t*j^>@IMY^_5g+@O}BR}Qt
zk<B;*-%JRwH0Jm+%x48GdH2aNAq-5<`>}fXL}}jr3VE~#%wc*1DsTqiGiU>dCe~KA
zLoM0(GnD`Uxq1iqxs}ThH`0Ym@e4hQ5nc({*MOR#7yqudp70KJ;0m~Xv!{Uo7EgbK
z2#?N)bpNJ-`*0?`{pWVSHi-=!8yYtf#4`Z)UFQfKOu8kNJCtrlKLL|BN(fN#$>Vp2
zWTj90h_-+XD!*VBMP(muVOS`oVG5!mmdT@4Z^4{>G*J-inTEh0)%Zg|JFx-|g=2`T
z-I38S)7WoMFJ@P!5T_sgW`OG=;_pXtmNtd@wBD{SrTs5Vcpu5{ql#G^hcP>;%AJS8
zep>qd9lf4TXIVj@U!J4RALxfc=HU@q#9_C}PaggZ-U@ZKy=w0hU_UP>tK+hhbf~#)
zEQ7_!gtp$vsb0HuUg)HoNO{3*+;1R441WNjqYiEQr7=YvAolo;$WlXy2H{4n`!C|L
zde^ht3||+V<i)-GJ%nQcyJ{@wF^MC=MGt8Md?VezSO6{#VxRo7Us*K^om}x*GaBHM
zvkKHV)Z<WS8hq!y+MMfK<TRRv4&6Knylf}GFsCVTNDM0RXxsbDE`HSXdItFi*=CP_
z5D-`PAGZAyd=JURKSA76r~Dlh`$j~Ml4re88~}laI^I-N!`sOg2Bp^5YrvYkSw6=5
zYxaoo0jh1Q&Yako@z%bg5ePwZ@cH(7yv-y<D$jB!PYc7VTB=EL8Zk7dXYE#pELFZn
z;(M?39aG(Rc^p~GU$3ZBO;k0`%lJNpa)mN3Zf><K?y0zmVSqR~g&Yiae+JnN((v{D
zp7!y6lcgS7I(9*ScZLVj1LmzeC&hFbwv)$-o?~J$*j&WCgMj1a8Y5PPzM!{H=`AUm
z;zdy`S7nvdr3ywv&bP_dKmdWJKhnI~NGAgUoDu<;)%e!esIhV(oX8j#!U6!^3O=<C
z%_*l`LnSfP92MD!b3gq_qAN<8@+ei;D%XAc{ef)?K%lw@Tc(EHz%{qe(?I~7mM?9n
zoaf!KIBo2~POb+8CssJ#-268Zb7Wey9vOw{usiwcJT)#44;?1)b;qVBfFd~nVf%(;
zU$`unzWZVOPU`0H^{k=CNMk>_!}N`Vh~C+=2E@K@_uJ3;e*5Hie8Sltgu_QbfbKd3
zB6YEH)^0>=6W}A7J}SMKGwI&erZIY3tx^X8kN=3r9a(!6>tH3+;NICZ0YGH)j_(-Z
z9iS}6$bgG@O^D8wE&;BkDm8fQa`{FuGH$uk8x3*yvKr_Np(=;gj)XG3yAn<9mqY`n
zui7&}yg7dBl-dN!8dZ%NZd8Y&Q8Yh_P-J@xZa`F<sZq96%6YVgh(QeHKTbCQ)+Ozg
z25sV^ev;oXYkT%0ko$+LiNX$;>B0OqX%6iX0My?y75Kv|g^wNs=aASz_3I<X>r$J{
z3tvZM`e1}Q_*GD2YmQU1eof|)10jbPQ~NDKe_>G&$Va-N5$6&4aWtDB^AD*@sMOD&
z_B)^)0ODDdVxOf&pPF+O!)7e9oGmH774I`>tV;j9vF}#;3{TcFAh$k{U}R_)%oMt(
zp9IG7y!-XV2aER?EIHw{eKSS1GSvejWeMFMiqFEX{7a_|xCdN2A=LfrfK8|BI$2P7
z_GK|;f>t}2X`1=zC&{4O4Vo%md-8_9z7Sfye()48sSPn{!z(;B<xs{SJ*_ogXWyoO
zio@JSi)vYRADX!~jcZ3Al$0ytV9xV=bv>vN`06CKQMutAuP#vja`b^WNm+@0$}n))
zTjzPrz6^$j3D7c7Ha1}pP!vgdcxKyuuE721p%j<ITGB5!@Ido$HE@xuj6n!>1B5)d
zAX|cRv?3iNMp)}z=Se^v%%$+Bq5!=eK8k7|Y<bq?QH<@h!6^ihP~F|`NY||`2;4cH
zegz`6F5$~Sa4dBkItmtn<w05*r}J=Te$AWwnzwDQiQh;6N;Z*BBH;x$CJ`fw#G6$E
zq!AN|mB&p#i^ei4emZ<{!XUm;GC_n&T8^bf_{a7)RzS1fpU<0&8@sbj>B&tJu)(J^
zQcdYBnhRFiKhvZq(gt0&uhm$kWcmYQ>bvxu;r@)DPKy&@Zqp9MdQw$(M$4Fx4P`ZR
z_V>6@6n-tT7m@wo6g=J-Z7IT1seUdQT(lnh=OOa%NZ%8Q03p~(#|r+^#fy<@qZ0Qr
znpcxah<>2lJvy#@aKtn@e&SEwZQQ39#2cIKVoeIh;jxY|nPt*L0c;|gxCh$%qQ-vY
z9ScYLUkye?ACmyfjm$?dEr_kh?k%O;EQRwoGe-8@s#A_d{A4?bA&NPm=GTFt60Sin
zb{2HS7g4Ylt`Z-v67AV{q5ix|Wq>+c$&N+l<vzU0mpCXFWtnRhNmlt<Xn=tK68y87
z@%qPg6-mXP1xjm^T_XWhUo)He6q5(U+{|iIjCQb-3@q@fmqv$>1r|n0S3w+d4tg3j
zJ%KLTq#Eup$e3B}Ubz(1r*N(kPH7e^CDTWMyB1bYM+LKqoldkwjhUnlpe-8s4B}BP
z5IT@Y5YfG^J3tt`&xyvE9Si*XrBXM*f>Jd~GesdVTxnCIQ%1@XuV)&9<v^f@QlnB2
zwcwT9D@oM>)poH2H7{6GDAa@RldUb{xzY$40Rft7Bi%HMgDL(5?k)si-Q(ocZ(I_I
z(OJ>hk%P~a2?(bd^e8ht8x(B5Ito&hV5ix^*-4&!foYcw9(}>@=w(~7WG0C!cSK9*
zrMJm3<uxxdm#xR=PmnRjB}|iLI?@OgJe4h=DCigFOF)W7x*B_ugQX7mTDF*+Ea{2}
zDO-L<l@s%YOMFy?Mq?!AbgX=gdp^uJ#9`HgN>V+#=KtGJ;q#4ZeNxNA?bt)L2lg;~
zLLdMet8lXd@MGjkl28rKwneGvpE`5dAal4bFIhQ91>TW_$a*g`GyXoCD!6Zgale!g
z+{7@Gb;swqcuRSKih^Z#bAQ=wvPBTnX!^QKDAngtVG<+aMcx4;0BfI#cBg0(p>WU=
z+B9`CU9#Zc84+1A4v`DIP)5m>2I=m*BbTbxud@1QW70v4nYCm-Qd4x|3W`>#=vf40
zi`F?#_CZ2DXrOjL)Y-BX1M4L7JEbsVWVm4?)9E>~JasmstY;Crhbn2DvyeyefC@Y(
zjFTRn02^Mh<7^B}MI9I!Dsf3X{Zi;Xd=<&hQxhiyC)At^y$XZ+8BI}R!|8ZoHio5k
zgdCCC#jdW-xp~oP&=<cg&4;RRBPV<#XM7Z&6Igr`ePR~KF1=H#Wy~KM@r}-1=X-A2
z8MYc>bqrR&h>fW~y^b<^qq7@rC`EF*5ED>na5whKW~Xk_hqYSPE=hTC$F({n(1~q#
zHzXuoxg6%C!aY76uaRN&G%8p+%i(h{fG8#J%41WNB%o&bf|$es^m@wr!Pw2j1RUN9
zmTHL4w?%GnTJ&v)APi!;$dZ`F20G$5KsZ&7zKIX6RxXDoi*0BoV&vUA76>T6xI?X&
zkya07Oa#t_ZXvyx6F!kD0kQ&FAIHnRG9;pFL~Z}^jD7m2<!fsoq9UT*Dg$8dwow@C
z(Lj+*Ag}{vvKL|sElrGbo2dBAS;h^X>$KdTeArf9R%M0_%$EJjCKNs9JQiOu;n`_%
zA>*yLabYTql7tpNe`3<{Ftx}0oL?N%bqRK>2g!w|(bWh5L@zau*FA5&33ac{Kd$Wz
z)>3H^-HW8ho1E37SXu2zhLg+&QA~?}^6cpVly?=IyO*(YTZ+5i@D5uSC=hIHt7-3Z
ztK6u<f9`Yv)j<XVoTFfcj~t5!nKC3;d2#gXHqI*+V5^4s`V+<;*{N?5d}%?J;)Ayv
z&wI7d5g@(&2%(-==te0~`OEX1<`%0T8tK$9@=v0pY%@LA4{d<F(Z&h2OD*UXx?CW$
za&VZZ#rgpN9|P;=!z7px0BPD9XFgojGw*vr^kJXqn-%)-lj-PlevYavErTq(9qrn*
z3Xb<a-b#HDL_Cp|XCt7w{G8Gozk`w6)r4d#Zyc*oSMW*KDrMyN3tz&!;@95skU?1?
zD>^GTJRK7hRlmOhDJo1A7Dm^epKe({e=JH7+BuI^h`F~u8&qRH&sN6vi6aSRq)IU_
z63~6glw03AXaTx*H0O85rlRltp8c*!4qLj|ywnyhL>E6pW4<kBGhRJpqs0SJ)o0>v
zB}MI@&j^3vlgo_vdq5>ArpH_&&B^_So14st-lIv$IC4a=@0F-B4SJzuObl{=#Ltih
zJ|?-DeqeEGYDiB~#FyJh(W4->tZG@+FZ9tD^o+#7IXaG0-awJ~`8EY%a}OHD8^Ucg
zm$RxGbc6f+H(vxJP3>CV*AIK~m~c2cZs|X75N<Aa^r#qn-?mH|FW~w&x8*%e@{@@d
z3|Lw9>i?AL_oetx`x4@10>KB%Q!n64Z~1pPla|9Q3Fb+r*`-tFnpM6hEM$CHAu$L?
zym^j^NuVX4K)G*SJWt~%=NR}WjAohzPd_99j6V~_KyCqNRlO;~IgD>h?`8V19mCX^
zyq|geC@n4ku2To;uRR$*y*Zzfom}xTH8H{_m^X>yUo#m6o#m`mCo3RKbvrBN4btq^
z54zZ6U%^#e{ArK(W!N6W)!Y%pdsc4loySOkb+eAb7qLCDWKw5Rz*t-oPd_d(Cn08J
z!J@Xi-O2=tw@{l)C$Rh7Q9O0+?R#`GLJ#lj`NIpM<Op+0A0t&-?8~Id6=;+kmnr}>
zSP^+GG{}n>!aaO1-nnE@-+-YE#&X}W6d5?wgXAl1i-6R7&R}G_lrl`G7wd$Dh1{|D
zU|e71t&d8|X%R`j5y}-B4Crq18Teuocm^LQE70BQos<I`W8cJV+on1o6bzCm5?0Kr
z)Y}IWKGJf^{uS%_k-XtEu1^si3~jrS%F!YL$8<o$nrX$L=mCB2%w7|`v3RnFD&~$?
z>7<1vVyDoxe5vrT_yIfio05Q<@sW2p_99bFc|e&0O~40~l*C(v@^f5*(nM%+0Q6hi
z-bcrxWDJ6UT?$`?s<b^~Jd}lR6H3a=tx1ZOs!fwROab}=v42>{dXZtwSmqhZK!Hlp
zlRf{PfQRY0v>ry(=^&m7E+UFV?s<A<a0f-Q88JgpqagWjI~oB>Pw-!_9m5lWd!wCq
z#d(uWL#`0=9Z)BnazCL7=31k#0X_Mnk6^*NJyE?cZ%JJafu8JQxk<uszy>p_UEbsc
zGc;|Oo^0HU6&&G}oL}6teT$C07t{ro>Q2&Erj2N8m4f;R=CUuYPTJ3&>}<wMxq}0}
z1ihw*Gl6;d=opP8i^Te89PRt|=(pq@PWlh>&;W+Jzc8YhzF+IB<ig(nHCe1G=wf7)
zi7n&r*|7?9ZUcB|Bk&z;#^UH74J-0_bY;Eq{oQNv4WtiXtASs*8mYcwqf>AH`&=0K
zd`s)?iQjMR$3Bo_s^({B6%~)LN*(*d|5{cVx}yJsZh&3(|Br4^tt+4x0EWfgp_w0a
ze+>Ylf@u$6)o=W0-Wvi|UOL_4+#>*ed7c0MxE22BqfC@Slp9k}NCBQQIKUES=wUR^
z0AF4ZD~<mj+4M7D1z)qa26*1x0X~riv|-dd+P1bf5+8;}TWj-xb{S<SX329tDZru$
z2MmMhBqsh1f8(Y6ZjM@%jH#&3Y4eI#oW&?#uR3qc=$dc>3q7CKi&+B)X-NQ+75B$T
z`2my)2Kd<Y>(&7G+eQ1?N^tYR`;9iy{EZI3!Of(8J)zHWj0kF=hTlLux~=`9Hvl?S
zd3S!bk*M2>hU^r$m9D%0(RMVoA;b}m+oZ7><G;N=r6Fy!3Q)3S-S_`ve|3ExMdhux
z;P_>v((RuKd{|&gZ43C3I<%zq6@b#f9*xzH6l>-TyUk&wI7TGukkbE8&!fSRYzswf
z%PugotM=<z$cd!{&}IUA^iUoHjPH@>WdhFArs@tj>_RW-?qcZfa?K>(Z&Q}|5k&4Q
zi;l6h8%YV&dA*#HT7&R^b_fxX{_J_=a7sld0+{<@FLVvH1{;OefS7slR-7}Xh#Nq9
zCojvh=kO2Gb>3E3tSV1o=1mHWeXT=<KHh*#;2UmlOjZEvYPuzzG2qcO&<7|E3^4B+
z{cDi{N_78_WgoU~-`W5ie<g-dU`783Lv)`Kx!#{oX>dQ<L-noFwP8Rtvj0uacDnm|
zJ4aV;T({Lie63@4?wTpL8?f#U0c{(48HVnIe1i<B(^6u;f{|g!coLc!0Hb2lZI8Q>
zYCgkt5(@eY5J~u>Y2{7Z)tW^1IEk*2m$s421+%1xQjo4mfY(SJ&SU$_%*jW%r<nBe
zzlj|8)Z7hdu+gFCTnr0#<yyNt_5ldk;VaC^M<*@S$YUdsN=i9$FR2#(H6?+OW~2at
z?=J>mttma*f!%5wT#nRhk6O!7^#?#DW!qNOWWJ61Ga&4HdT?%CTXvNZ!znN%Idh!b
z>>izP4&-2qc){6nOI7_^H)@?B8OR05dQq86(Io8`U~Q(Z@wXdP!EMuI(*Lnb&kBbQ
zsj#RTl+qc1PeHFfk7k+#w&vp{DV!^kMSt=?XDxtF%R?rJ8e{k(a08T-cMUr?4If2%
z9N}f2x9!xxxOs~PZv~)jI<OL}m{l;rK=TEkZ+6}z4yvjx@kQmlH|dp#3Mm3=C<Ce>
zR%8^G$pyKHmOL7LCD$fZX@K*3dvzpvt$59GF1d6E_yTr4d#Sm-ZZgS9XFr|pK)Tqr
z!5Vc$uOMQUdTTtH7raWJAW}pq;*JIl0@&v)Z!z|rqM}&)Zc!}T1i#Iui{kRFl4dd9
z43XHI1YU@umjd-hGRLSA%{i(SD@AJx@%f+}7U!D*X-S7Vsac2x%*Pi>c4w|O(IORp
zy0NIGM5Vo?tUF1HRjZJeoI64C>GtNhz3#D*$Se7CfMp4HW4SOW=!tK7;;%6v!hAK{
z!`}s9P3^21*F<a+JSDF-XD5pNpKPLKS}npddiaPLA!?Qu0JN*Xjg;RgPksT(3nRE#
zXAqG~Q1Tpl_VCyp1xeF-9Oefv*BY*V$LhNGt}g@OXeP!P0MdewoiGLmYd~kn{>zVH
z%fPUy#9sdf*u3Z5fv}Ph@OPmsqh(a=;7u{buWC}ie%}$nxoU!M0FrM5;(*Z16FQkk
z{&6=dE7NoX0QYLEp;%3}wFm3#IEf!jp}!WHavWb-DbYe%p2-FJikgTOeE~vMs~GE1
z#tx7qsz(#g6wSj9-Ck1imwf?zfI3E%V}&E<tRs(YJbwXnyx+0=IuF3megFw~u<y1z
z0}R~;OJ4y5qn*OQ?cP44W1!8vEf!TlIf2h-j|B>wPVxcBbB$PX!muUby2S3MFgAUR
zaXO{pR{Mg}B9{v?NqSd!MekKnnXLyBpt`!dZ}%thL8~Rew3L+(r=p+m;*^dI9vkOG
zcXD4_J$kVn-t>t)?-YoP)87cmkE6SwO@*VHJ+bV4H^H>CXZ&18ABfp*`al<zy-8}~
zF}{(78o1vV!KVWbpY{Rzz;sq9<`yd{Ey2|8lktt`n0GBpq_k1j^ou0nn%B`E+*}|P
zQTbn=v`#wnk+b)IJ1q-@PmoDQzof4@H}4=r_uTm6YlYo+HQOTlad$!Qe#9m4^}sM7
z188j#)?};}8bPg_RE%S}{2ngqf{ZTgS7QmCfq3SX0P0wjk;eGw&8l>Fesb&jPc7pm
zPXdkR$!_V1UI9kc&*UbfIa3z5BI@DM1e>&uJ3Mi5pUx>!!-hrqu5>=<;%+!t4aa;4
z=lwou<l2LJ(VouE9QQ`Ql<VvCtBa2F<|I=4DhInH<_YAIQcN_%60~(0=jlR-)0asp
zK=!bw5Ghfv!@(9dCxf8)u7gV)#87d4LQsjzw`ipn8EB%EG$<L-y@4dFD``t%^WnK$
zcC%r6V#zU(M$*HRv8Kb6Z7Fub&RN5blaLXzput47Z*woj5Zc61F`wuJYU%X=dBJ}M
z`DuwE0TLp*E7hgpCvg?P$QtQhA_zsNxJI#M8}CXa*{kd2?uI9j8=v1nh`o|z7Z!^t
zaZR$IWJcm^D4`J;Za)yl0SH{*xeOsXhtSm|8F&?iEG<^3>5bZrhzokauCSKgg&jrf
zE{U1!^i$dTl44zpnRilKX|MNnsN^gRD@ic<UE(N86drEkXh})7Q?H93E^MX~Jy}Uw
zi<f9^7RPmSZa{iK?|@Bu@5k{0n9nNkf)xBJ&h1RGDLX$7%dhbrp_d#60XtZeY>~hq
z)w0CG@56l=v&E9RT07^<T^u)l>k)d3smpD>IU7(ELJ39v-1!lf7$D%|%qjM6O4JO)
z8G_eeU$>h(;|l-l6)Fxn-M}X`!cCl7?*ppeo%y>Km{qt!HK{0WxO@^#tIV(nKP25u
z@mUg|BF*0K@JDa37DT7-Dd0AXqVM*H*-VQP@kPIMJp`EnwTKBLhFSe1+3bJ2%1glE
zB*T$bbFXimRZ6J7CD2lc&w=s*`ArKSxDlKT9i^iagn^$8o=6n+utKY-8^sgDT{(cL
z#9`&$7mXyEBnqd?Q|44ktar7YbpJzn^w={(ucfRoO@g9|qM9Z<{md*6fNl2Y3MQ<X
zl)1k6&o*O^H@7~DwgHZ%ru`M6w6+o~bcd=bQv9Fe#C~#yA|9h!403*m9oGvx{_H2U
z4*=__D^YlZ+{(}m#Tu}WJ4fA$rrj53crx+PxovM>q!`_b_Bn3f2&p0{9_LP#%fMj~
zKOA)zIV;<~vf^K(%GN9D&MH;EBmORept~B%BOTmUe1i=<-U-FFaS~5!DO!f@$+XuH
zeavT68i4L1n8@;)*%PD}P2gUXXe69LzsP}zgp$$#77!Z6_#n&Vj!mU5e5wtYVZLMI
zp#3$p79J<Ql~vZS?qM7Zk0U`z=J0fuV9B9QV#eYvVMDA4o_+Vdv*98wz^HRrl+kIH
zSvs#$$b47?@y$`n_x_W|`)o~>YbZr=*>w}*lM|1ysubDX63SHSMR5Alihqj`u%j&n
zO+4Kb6;3cg>HSbZzb-?ELA>)x0{7!<62UL<E&Rdo!v$i^C>D&Ta;weBIH3`gw2V4E
z*zFxq)#Wi{cqNe?q57mTZaB6w?EpUbsoO97>d%8ewCsseeoI7=CA{!`lgJm=#FC0k
zm=#kagexM$WI3XP>n>B4TWk9S^wW-xdjE|E_*===FQqtAEw3piJx~BbH4TgsEEPZ;
zL)#v03RqR-#KD4_ThN)_3Abhp)H_i16H8eWhq7kCI^ST4O-8dnC#98R-MvS`M`!9;
zMU!TMP40u?P?9M2TiixN8ete{U=&Thkc{e7Vt}5ND_;xlhcZYTImqXj+D$#Sxn2~m
z^t0{IB&$r2uf_9&UzknK0lHHlAM4OJMs&i^zAD}GL<l}s-^x3%UfO}}J|;k6fCYdn
zV<4?uB>u#g#*rs&!c0^XHa2-)Iy0rMk*0LJ=N9c_SHjJPKBQBNzwZ?-V6DLjf}pci
z8!WswjO(xJ56zevZiQ4B84V6@Tip(sM&9~VK8u#QHyYCYX`+QEk^kj!?(gws*o_!S
z?%xNagY|xTn8tBz46yP9#^t5+p!fb-fFvb6X?~`gq0MU^$uSRKml1V=nD{EA_rhZ6
zI4RSVF+(kHMlzm<Zry{d+|IFU(yL#HkmYE0Q3MlU0BCYz!!bz?!l?5ruCr0Zjeu{<
zA+=3Zr-U1}qbY(i`oV&c-8~fh!&Oo;y>_=U*>AgaDl0eB#i52&Dpp%XRuP<V!V223
zMgmkw_ThdW(8y9%oJ>4{6|j$mt0Ok5PPI?yweF}eS3)QJw3IvPwVeX;c}}koZXVl!
zFC?q0N#OxHrY}TKx)@wf`-;+YS?Tk`;P+&Qs#7x#R#hYQ-=?=BiG2dHxP8gPo<$N~
zyI)-Eq12NvX*TI&m2n6`?qRM%^m_eyT}*XCdmaH%v`r^Ha*Cx`KT!I+-3IsQ<-6#=
z5nK~pD}1}aTA|k-1yH0==nDdlGpHef7MP`}Kq5N&)S)A}9dl#czfqDZ_IZi*qh#(L
zQjRBAY-|x6$VnL|4_9_E{)VpU3mV<dWl3r3|G-Nhf2z7xE4tg8VSYx<;vp+d7w1`O
zbZ!<>v=)cHmb0PQ=@|Dj1750K&>&j|(j%5aL<eY=dE)wwy?^X@)R1Ke3o}nkMy|4g
zsFRwYMDSaX5@0|^1b4{1aaoU_m~)U>B*dC2p!jbuSL={@ZmPcR3o+Y%M`}8O4ap+d
z;t?ghuHIjf8M+!GxujGGXZ^17w$uQV|F%dJBh9}#G70LMaqkcYB_QlCq$7iiD@9tP
z#P&Y-{S9uCU)bD2xg(j;#A9aq(5pooxv!fq0jqxzdMju}LNy@;M%ItcNfec5h)iu<
z+%Y{T`rSK7ud@Fd-KKw`J@Vs34GW5XS`|$acGUeAM!HHtZWab=04@3??d!!4C0Epb
zc8c|KQIjn4Hvx(X=M|?t>l8FFd5&{~R8ul(O0nPbD0g(2AdP*+q%EcV&?^M@)85l6
zgSRDychLz#DVfJkW1w=7`63(M^)6%q!S=~8neBp%{|O(RLIb0tA+2M7L{|zkY$^&`
z+HlYzHfU~$HsLX1D91JY0xT!}0ZEjEfz5Pyyx2R^u%E_U2``v5hX$J6NFct^*8wU!
z$LI*8>n?9>aOg02lZ3NCU&m|dNI{Q~Y29w|e`3je+=}h4;<BiL2lrZ>q^Fr2*iKrw
z5)j%YjhQxa4EEL+ATwDE`514v^iJ+yW9rpYQWq3dQ8NKDa7mQgW*VvXjtB^%O^!D1
zvm+X)n9Xm&K&EQ>vI#5(S@X53>=o?K>&cXcZJUBwL_`xNMZG+PifG{#-FBPEFhw~L
zzO5Kyo>{n?vihryHX&Cg$~-<Y58NiBt|m$rNoX<EW+C@n(}Mk)P|R-F!LRPWw0N)$
z!@a2ornL23z9jAoR~cCbsB*y~GiTlem3~;<q_kW~-Z`^mD<vWrH?4xBBwh^^nw#V8
zfOY3;oIK}qrx-OUvNqc;aDLbpCb4)#OVSyUAY$S!R2Y;u*UYpT6F3K9&=W6mL59hT
z88VwdA$aEmjkdy~=@shD&%egT)e0UY3MI1_S>fL?Xbcm;54gRQRTV9sx6Ww5QWUB7
zXUja*rF@|ul*z?G>gO6#6KxQ&WT|Zo7I|s%-cOJK87ZgnZjdazT=#A>ky9M37kH7v
zI+?UUTCDN#Ri%wI^@$Z!sbKr--^un<Yl(5Q_rplnO>_P+yq~z`2hJ6kE>y~bE=X3C
z`3?Uy2YaIQ&IlRjjiUCa2}ubj%9MGGvjX@_aLh~Y1~Cs8sEcQH3WDvWefF)Lx?uY4
zCvJ2jE->};t9AC@o$ZOaR++P#kCTEEtm@(cWw%EXPJI`=r3dWlCIy9AT>+fqYiA=T
zTE-^6g}$9xQlqkG9u!9o7KmeyvuKaJajCUo5+xH`W0%i~z^jf`$ehHQR3!iZr3?H2
z<`(;nMQVE$;2(8xQ(3p<?%CcUgk})9Nn=2^Qf~2SmwoM9hA^pGv>1A5VT#NDLEC%(
zv-SUR|5a+&Y>7>@XlV&b?7eDNYt$BduOjvq6`NX7d)BUMZHfrBX>HmHf@+IUQuI3B
zpYQi}yZ(Xe*W+g8oV-rX^YwV#@5*f<?k@th+XSlE9A2;itxVQU^)^1~LN+$^UHym>
z3&}51=sAi8tqt}5<_Zq#(t4F=;a~{pgY6gH3eT+lNtC$t$^x6DI_;ym?MnBANh04)
zilsA8%r`!B$&pUOAOXby$!qVIr>&a|@jv73E<U@zojkCVS(#f2{odGHY$U1GsT9oZ
zz0o!NLymhYD{0)Xtg|3@bwO6Xn9~En_9KC9rE4wpTCuse(T9Lem(b8wa}L5%#0FaB
z9@_HlKVo!g0zGnFZ+@5*4lX)r_fhct!KDXe=w}p@55*tL4t+(9RKu3_<?uH+O4-rw
zI+=PMQ8c&IF<+18qN?=K_V%DBsTaY&;{T~Qn9AL@^@jTrlP*=N+Ev>K<@a(XNmwuG
zQ@n`gPwjeJGuv4mfBiM;5UkVa|68hWDtJBJggsV{m3pD+RO)rfwQhKC#vgDp)!DRF
zqtfsDWTGuE`hEt_yiA_vLZOB)yC1@ef2-!sGY54KDE_$B^7S+EYf3k11JPhnQ7dAI
zygL`eo13AEIOh+Fe@C{T(XPItg&%YfH<me{^cyIiEqxo24@<QPiA$=wDf4b*;rQnR
z{ZX3M@fqG<=vVNRh@gA5YH05Pp!*n~-+J&fAL?WmLZ<%rV55g_Gw2U>>1UT2sRRK-
z*NEgG?7>6OuTM5(btlp+)-fNc)~MA}hQ5MoY03msS6$ykIn&W-oD}As+Dss-gNiZ&
z86dG+KB}e`%=FDr?==hYK&bbx-eyJLRa+ey>2Z@yZjI6AG+W|QcR{bStT(dT9P%>5
zX(1YEf0Q11Adl9jH!P(!OItDVUF?c;{HX+#A4j{7UiY~F+QCMc{F=#a?^RT??*%_F
z_r&Kll+QLe7x_)cI~O^#m3|9*;vU^~DOg3}kgjj$v)a!T45=7iFEo*N?(|IumL>Hy
zvZ1rHwK|o>9zpZYGUPP|>}CpieJe1{=(uatstupEB1~^%%rJKgJCgZN7XIeaDa_+k
z<TppQQNiqoQ!H|SSJ)Y&93wEoT=399UAd*mpf?&UhWc~2x3htX-L46#r8BH`_MM~o
z61NGipa++gdgv({oSra7P?iq%d$?QqCau#f#h(aXaa-xI=Zz`icgSJ7Qo#u2MEXGB
zHmvS!rR&RF`qB7F=45AUm&&I%_b@e$6{*q%NBu802At-z%H($n_Fc9z)y<adh;ZG{
z-LsFjdPG$sN(!8bKQMV1#k)bm6DWaqrt~z`inzc;-swUO8b^I|p1bhtTN>h<DH8{;
z=>%<xvX!*5bm2XFHq`6O4lj^?S-ic$`J1E`%!!8|#o-{(3xT&3XLPb8W5wj{cHAtv
zyWFY4#bH)XXFnq_^d9_g{_Q?%n4D?%%>Jf3yv8!~!=GGk@DK1tu(b$zkIc~$C9F04
z7`Bn}*_b~6{aw+E=?~g*n?(q%hsOk+Tvrry@)|rbc20V=1u`ZZz&S*X9#py<t(%&(
zNtS-v3tWei`K_-U82fI*-+qwn`@8e1Nv2rGZ$z7A^N+gQG|wiO5-bNKsRBJ{4+p;l
zCGu89Mtb*Q5X?mrK+fp6qLzj}=bB9P2TivILSy|_!=LLs+Dy5le;5qCT<7KK`F6TL
z7>W-~rk*x-TU{Gb3ZmfsJ{|gAe}PZftPq$X?R^4er=s8#KTLWFpMxKO)!dn7w)pjc
zHqNilJqGV{5QGaAFZds+HADOPNJhS@9J{5Cqz)xHbkvZrxyG8n@WOAay8-%lq8rXb
zDLJ^|rTJF1HUEUb=}KX>Uij{gopCDR%~?)~*ROFPvy%cp|1r-H;+}PTRn;ttB|(me
zfd<ypo+SDE=0)Z|+*G<MRzXu$X!|sa4TD90C!I$x`t*)?mIRZTKh$b3KTyr8=iJcx
zHzBd?{_a75GWO=w`?z;G`4d-zI*Xvjthg?Sv!NGtK}gRYE$sf9Z-b{W<`Hum&3yL8
zP=P(gbz5pFuezyrxQlyU!jeN>9&E{8FGfOJBM>Xfsrnficr;9<KF;5J1L2+-MKe+(
zPemVgTJIJ1X4fQQHdDo#<t;kFZH6tg0luEo9DOZQ>ujs-kE4rz8ce#v?V=*QH}R@q
z+xzfGtDKdyV38kTN#7aHQY(QYgMC_=pC>35-HQ+awqhJg!E&}Zl-Qy!<>0_>D!rIe
z+=2i7I9HLf`@+1q=Uo+f^f@#>eiN#<NX31+-+fVhO3KUE=pUY6dNBhjih=HUd(C`i
zkzT>RY$cUfV^ftLAxU-PtC4Mh{5B1yyX%m#tVn<SaYZ+LKKovgQoWqLaeROlzqDc?
zUn-H)cTK^Fx*s|cF<O_7od6dh_8?xCC1*=?V0(YccnK{-=H^}yh(R*bijJ*0PS}dH
zQs?@3jt!d+!+_V7S}0~1!YhC*43-KZ8GQlIhW+#_W~U&#KQrc2J!?UQncTs6*$$CH
zzF2L!==q%NZa}-tSo3W3&n>72#*Bl^-(f(d6|3R*H4BN_h#?uN-QPYq0vqSMcSanv
z(`SD>zDTjm!>dNfXD&{@_wG@`%<&R5JSCE0L<D7ODL&QNwxVpAi#@6~!~mF!9|X79
zD5qERuy-n-_1yQrX$V$;s}f6TOY=meF_T9RJ#22rH%uP)isG4{=z1+FhC7T@2`_ks
zCHA$1;U~{{xCybVWo#F5&IBD{G&KW%<GvPr;ncg7oCc(gkf?eI<#t0gAGXS@x#}gb
zKhj8zbu+>@H*a@^XQID2((w|o!}$6e9r6{#@IoVIyXdLrO@w+H)r$-swA_02#mv2=
zF}!XB;idjmVEB)v=(zCKyq@vf8}q*?r8TU2vcp^Zq2))QWk^ICbyz|qNOFsurM2ka
z&Bas8i@0kc)A!ECA}$lSp2XwPJS<?ucm9IYXGaCX66^RJS^VRN7m0{w4nnHs6#tS}
zO2%J+iQ<sG44N+@j4$Nm{K8s~-+R$MKYK2AVlh9DPJ(DnTqPRYR-w(@vqgj`>aEhr
zt!t}kP6Ci}l24<?F*hYB=i8;DT697)QxCG{zbe`Ix5j*@mgR6)gm6o*1@7E*=5SON
z9H1QLZq27mQyUh0EUlrTwpQ6sR{l7_If<grMpS&1zbcz74@%GB(!`Up0AZ-CCv9l$
z0RSSbb~XD-*QH2^V>z?5_z%Rc@wHIs(7aflxT6hPxmro}yt|O~?VqN-WvO2u{OE1J
zrEo3?w)yFMYb(B8z;^@HGDd|?6+;NTIzm0l=x_IXjJQ=$?Cv*px;=<;Lb6!<#mN33
zu8Jm)TO~RgdwJU>y(r2tcAOVZ$3O!Gv)FG2jVbKVt4;8RkH#>*&7c1nd4#xr;mqhH
z_uWtQ<x}V0mW6A;Ol5%$UAXb>S~`6?sUf)sU7oVyg06&M->YUuRAS4VE<bxkt30oR
zhk2#DFHZx4+>W1N&~uurbLfDF9It2`On)#Hej+$^$J9Mr{4g`qO6?i+-i1E@gbQ=0
zz;~cRW8eN$)*Q_@L)H%U-(=IrDn4%2?VaX7ld{}Uv~C`DcW#}JXv@7!qa<XRtgEhK
zjmXwZ!cT6Sy)UlNzC?6y5vSc9On*Q##bTDMJve+lx^cP)qrc#@&rfDK)94>+jH#vZ
zOM3W@IgdBzfX9oj4nghO*`t9&2Ev9dzzM#shJUkodJjC@S%z&w3(P|y>-Iu!GS)6B
zgQq0>6%o=B%s4HZk9HqHiZAJ$%M(L^NgC_lLsnWW50##cRelo9u?yLCYJ3S$IcolT
z4lrV#ZyM9sX*F&Y`3!owRy9{f_z)c-Q<Cp(+${~lWL=u{gp18Df(FOzqSx>-&5ey?
zB_)Gt?)3R2r1ZRxrKnqJU?Sp3hH~3#|4La_*XuZ;gs895n>M3aFKeDWP2(XplcVRb
zL%<w}Z3l14I$+%5_APX3BlY-`lxnPWI7&pF{cHOhAJEr7;e#<acyp54X4*hHl$z#r
zO_pjiV{CjBNo7Q}G?1|;7)F<TUp@vEile?$`|9)%zgL-G>B6>gQ0<Ks)JFLjOT0Ka
z({NOlKoXJtf)r2(-(unSC_wDnIB(jTvN-!a??$mI4?Bun{y?0S>G&0;doT)>M`vcO
zE34Z_@?xp8zCEW?Q5{`rYl0ycnSHr~i!TwH;w8zWPkPCzEf*Y>T^A@Mq9L@U$~1zG
z<zk3bH~XB)08Wh|i8wJ*4{qUM*79hvE$l*K5AbJ<7)nqu&3vNYA#OAH*CIxKb9;Qv
zr`r8Fo>82F$%&bs^VnxeGd8@8u{^40g_zkxLLHae(5ke!tJVXxGdJ@u_H<c%7GN&L
z{x*D?G^}iuU0BAQ`bJg~sMf@Krnk8|JgiY6nK!`l0^3$!%Yjx_^_?5q0^cTQgnFTH
z`ujF-q=GN%+^Md6%v%ME>MQ5CM`RHr8V?#KK!29*MXVfY8n^H;FC{~VN@K#2Fha^1
zER>sdtHMow&r9SXX7Eq0*jDs`D{$!@-2Un}QbAi-#ebHj8~&`FVDQ)DZQdkaOJZZ8
zOI$z9i&03lg+&R6%jyN9$L1N|_DXy4Nj-DF2t%mPl1rt+Kx7J*G=VhV7a=YG%(e8O
zoA8dpjN=4A81RM)OiJCXbl=V=`E*Sp3gqyHq3{Q4LRBwo-~+Gzt%@@LYu|^s4S^YE
zd>`C}8d_*~jf~}B{ZULGcVKeN)Z%DsM+Gi&lICpA;To?AO`#iuNaU`qv(Cd5{@q#6
z!rS(<f%`PkLy9b?SD26}x4wG-sX(=a7*2g&iAo$a_-MMP+62zPzUE9pmWWPBF(qWn
zRXL`7=*7IuWNiK1*Dk~57f1ZAg}RgHfrjwS1e=NK`B2*?7C+MGt1|_^$P=Zd<`wy)
zhkW8T691Z{iP3XVRdbsfa+xhYTwlDl9KrNh*E@8#jU!sz49?4nl={o9@MOd>_m_Wh
zx90UTC`Ct^3QbbkovH^cDLh-9U5DO6?o@2G`cOIt8UBuGKGScJbBrW{U={ZV(YFmn
zViS|?jdosfWbjS#nUX6N*c=d{?p*K|kduR}EeRmQ?_=e*lTe*I(U)q2P@fBB&*SD^
zaw9sS?a%e0GzCW<49qR2h}pR2!GOoS%Kei~HM-GpsM>Yq0%U+P{=LuS&R@=r$6UW{
z36t0JXq73?_~rZHVf4}(U5oxiL>`It=EaO*b+W-zuda3{w%N+31H$ZeGL1sgXpb{;
zIAP}cKyZ2^0yFC5T6D6Pun>+sBPXn#Rs=famu*?3sSO&kCf)q=@kam5<?lfHZ=Q@o
z!4h1ks)+g1kk|=}swyA}()C5fb8{xa$1QZ`oy1@EbOTj`r(@d^{mOT;YsQtD?0lRj
zrUaj)&h5;W3>K3cgJ5Gz#S*#Hk%%uKx?33T0&YIg-3~{vSS(*&f4n!j(i0>_9r4Yl
zW2@zlzOsmB>S?gmk%BV5=LZ+q4@Nj-jz_qZS9lkyyaw6Kuo{qd_>ZQi`iRkCT)w&$
z{hJYeXm6aNcTyCSW-Ld2EoLG&j~#E*2aun<D`uI{{Z7Q-Qa@zMi8N596COlu2|(#K
zgvpu8CJ_)va>`*Z`2t$wQ>7-0jURM$MHRMl*SFH8aF^sM>-`42l+^yJO=A=j9JY{z
zY?ouC|2-3ITr*9s6Ic?PR-~(_j^&Tp7Z^mI+nex_IZl9u*<}hoMsYu<?)V!?_lXZm
z0mpb{k4JSfC-@oBgnSJL|6!>~I8r$jIt1<(HfNqc-!d-M?l-Hkv?Z=BC`fL(ik<OB
z512vc`AiR+N>FbO=_&Q3$(hV={n<Fx5nigJZGE>BwCL`eZXLWVtQ);qY5y;KTMP~j
zJwx%z6in<SwoS+RD7|;T_jgzJNr}e~xxahCbV30J@`Sm6OgrNTs!Vz-a*s4$cF<E?
zxC`xZZR8w%4nMrF-M;kcOfct%ri)NOe?)K!q>;V+Nt$9In!i_xG)&-Qyv=Ulh5;8D
zk}8aA!|FLf-0Af0#bbUvtf9u-d`?S#d;IP1Fm$C)Z9Rd;1)O<9Z;bH;kHtBS+|)Zb
z?EFzbZQc<&Pc%EKZ|a8JJ&k`jX4s9qQvH2NvXR>GeI@t(!?fG|c3eoG!%p>K!nJ9!
z`FHgFPvpB<sQml&a*NQ-C+#Cv;yFK<B$yO>GUFbexry>PDK#OLNVH|r?(d7fV#hl+
z+`J1k2Kyq_*!`i=_AfNssjsyt8X6<08Sa|je1by5R#+!b^Kg94DH1z%KhoGW1eUKE
z(p*oN!rj5@b|a``mc+%4z1X7(_3k<W>$(=|VB}j_(t2Nzx;n*%TAP2Rz^j1vO4x{i
z7b*~EA?jLWP%gn^Gs^SkA75#dXJ5^F<ejp~-7lP^ODFfboxR@5B@UiOwvSA)ZBth@
zdxj5osp+VuJs?qyUc5#+29>O2k=fvaY|IthAxF9-@%zQ!G<Z!IyK(%1@8;hq*|dSK
zZ+&xa;nl;TCV`ReSfy6XIE7#;Y@?O_=GnN4p6(g46Tj=HnIxWGXtC?lK(Ui{6D{Sh
zEb-#eCrFW$_rw!RdoY)!3+-ZAc+tCr9;kx@$pX)zfVQf-S;LzGB>qdR+vpTcTb|HT
z3H$s4*PrU9N23`jtKT&XVz0I8a^W(!oNU;#8za>Cv-*3ah3ln}6#HK!Hq^ML6qeOJ
zgMSxJPN6~iyCpDqnSN_g_~|RY)<kNipO>E+Bi=1KZE#~>y$U6y$Y*W7ZTZXvE1~d6
zN59xF_k+!ptW5Q`frv*%C-83x#3f{~H6?}gbthPs?CAV^B3SHC9D;qRtO%E(gMNL+
z+vv8H&`OBs#7j!yh@+SnT}N;1GIgs2XR#b+nzfJm>;28H(Z}*cWI4#z40L@7BtS>g
z)=nwgTPGidMU!-rQMtTW1qE6v2xxQ@Eae9iUmw3ctC$=qvAU@3`ta{@I50eMAI%sB
z4VkFEv*daV6hnz_xS4{IK;C?fx8rV?M>({#GZE)9l+SyQ`WU=E%KF)r0-^VRG6(B3
z$c<{$aWL`?nTl)y>tbi6_VI>Q{wbiZ_IJgk3MHFHa9t-uXK9Ad*GC#Sw?A)0_;>uW
zjl~|Atpa2J@A2Le{AS>3DjRQJ28JV90ObSy4UcBRWO_(l*4(_D`cfY!-zzTPuMjeN
z+mQW!LH|E+`1L#2g-R_#g}CIiaFqSKR2b5hNJs!!A#pm&*>>;eMN_Rx4@06=^t0}4
zoIxWsfJ6OfWBaRzZ`q|3R(MWn?eRwUse9;O*C>+rW8{yiZ}dN@{Q8pPuK6oOrN@?I
zlT)=wIf=GL;+U$l1jNy1mi`OJ`Wu95DVxY-vZdjgDj4$3R&Qxb#h#F#GlTG#LQBpi
zlh8OQ@&x4ARk??r&GXzfy~V6y_oJAfnCHbSAk>(s>IKuhDjwtH#1k(+*jX@BT#PgC
zpes_oQF^e{t^HNbl6$&IdpG`x@W9Qbg`xoUjzl%#?w41oNIP-zq7c^6<VNbCh$;WI
z!_M?CDs042T?fTl?hXq}zgyEoIzN`2{)l4LCu^5T^X^@~z4BD%>7Tr`X=7x9wR;Gj
z`4Aq7o;5fS(TRMB`5~Wid7{BMYSh41$nm;`)!O_{%ndo*ub|Pnz_9J!{kkB<+L}f^
zZ#hoAQWe;;DO--uS7RD|8JhA4nJC%)%Q<0mYeHeE?t#4pK2NG7{OFVH=afq%)#iws
zd&f?QyR<en=hf(Y(D`d<*T8Vu!G(|FOi<{`9y#>p#1!xPTG=By<zn{6CkL^#qWwfc
z_RD`8WsS%Cy*<~mv6j+Sd*2g_Pu|=hL?32t+!k1Z-kKtnr0h(Wuv(ttnkvxv)*Vn8
zHhJHP?bn{NDCzah4^^|BaR4P8Mp$#0+cCWOM!qr3OR$=c0ZqltD{+$}pxw@&7SMT@
zC%5wcA<_$KSMj>@#BuO%97dXxA3mC%gg+R3zc`QX4zx=bCJg^A=pr5sn$c@y{T(j3
z58?Yh^Z^zVjQMf#l(SNFi$Nvne`iGG%bIP>2XA}!g4=I#2}k2>wk#ggcZBa^yXe9C
z_u*3DDxBP-asHh1_sS+r+cV;a4L+=XV-St;?fj~=i!9_J)FhofH8bRWVK8sBnz8Tw
zOzKirqN3~slHlpG_evV#ns9cgZ*{1{Jq^zJi|yEV06;Eq7n4c{Z?zb_kGfNZfy0j;
z*)h@+mm39_bNlm%s?c(}mpEx05iz$6eX^8N`$ekSH23Wu4F0a@HJ$#ZPw^5<YEh>4
z8Lv9BT0b$pXrNNxUPT6TC-r;@oz6?|&(b2G5&U9TzoW{p1p&U7qf>g{pO2$Zn^zb<
z$IE5MQ|Jb<LSuhai2cOJ@ISo>DDx??Tr;b-Jj_h(X}t?TZ)s&;|GHa%pkfi??i!LK
zyym=af84`=QQ_f%qZJ;*7oFoj&t(SOpBL1|%}T+N<mYbt1{WqaFQAOjk$(hsxjYOS
zm{A0X{V&Af>a4ewE8DN9VtVDz8h&9tPYMqzX+(Ldm_!a{pZTl&YZ%!>^-LGZ3l5xC
zFmB?gHU^<c$ihydt;>#CJAD{$mArqlUT6SLhG6naH2XoaU#TCVwAZlXTl{}#?-oct
zerfpwiv~KsSwp9;u3Mu@D;K1Zf?n>c0)ifouR|H^lZch5yVO=bQAyEHOzN+R9F7{v
zt8m&p?WR~}d(9FoEc7n;&*6;scNCS=fJ-nO!Y|PMUV@i)hQRVbPsu#Xc1U>lE^B=8
zNDRBy<TO~d)CpCQ!w|wNQT6q1-_nGcrtoe_7}$0c-=ZALgD-htMY+S;Qr?ZP^4!0@
z_&rkUp7cq)-}Xnt%m;`J9I{9#1I^ZuPJvY$ROj@aZM;;JnEQtE_pcD<Xn@N|l9A&1
zUaHZ!jBM_&S&<}uz`>5e<2}5u@YP=3HEj2|jn0dE5yhAO96oercw_JFRzue9oqo3S
z!g&b=!OHG6(iBt4VI@ZF48PTcRs+}hSF(4FYLxVe+=*5s`?7L4Mvr-6!czMcV^#eC
zsdka@A?T>rIV-#(kYrf!=A4R^hiitgLE|3@IJW3~iIJWstU>2OpJ|#8`%(|L2%U}C
zEdpTNdtC=$kBi4vek6(bN}rAX+#|Hl2GhMeWj%-5T$q$*k2==OC1(qqq-f1DsM37n
zX~7tW*HewwIjx7&j`OX<AV~PT{#;2K%fJb!NMqL=Tg{^rBry!}gGib`5UH`DwVo)k
z7jZNb^&|iN5({j#M9%)`x|j4F<_l7a{k#7QKlK?rZ}z2YJFWA-0yge;L8VFa-@>?g
zyFWXqHbF!5;(1~0YRVu}h4*&1IeHO&M8P#Y8Xt+sKt2;GhH8~iKRvz6pn~^B63t6|
zWZTYnQ%TNhm?kneUa50nNTRp9C9zjHR<~u$2$44f=4Qe`N$?r>Huz;<o=XfOvE`ha
z%xRz|Jz;v=ePo8YA3S;0)qX4vl?^sbAV8%Zpj`CI3eOm5G%OnyufHtnE+KaC8%5ne
zqi5edYkwUyZ|Ht^w}{*H5KOhi$3>R>!RIUDVU?EG0b3)!x;I^Q!hi*z%AF>L`F>S}
zQWI9YhxybWJkoku5(p3fyS#49A&uR}TZ+j;U9pvn=ai%~ItrsFnb4)A$k|TfdkoJ?
z^{Ha``c*}d4q=lcY+mT%gJ?zH!|>;5(|K!@tR?pibgX8b?{)G|K>XM8)0E?#)u5>a
z^quSWU8i-HGlB_7Al|jZZ1!$JWIfu#l`2dybwY?c?Sp{!dcGT`{)DXvkppo;v3BlO
znqR<>I2G71G>xg|t>Scm!eY#n3)xJi`!Oq-zXxhuWPth+S7C>z{QYHFkxE=0MXYgQ
zTW2!yMzSmhg=;-4<yb=0xfGpg_n7)m(Jr31CQDUL+NB&b{4WSg{&8?bqzT!y&I7BK
z@+imDX8F)^n<F1;xP0pWLjHtNK{RP);k7M-o|^vtgj##470O@nmSQ2bAb*05PcD1n
z;R=9;GW+H$kAw`PqpFKC)eWHLg0||f-6zDR*y&)C(>x;VEk}sL>g(65Iq$@G0sOj1
z32sqDyzEbx@6fqbWLGN%({}AXif<Lj(J&q#6?kIl@21g?Ona&-7m`yh(#c&Y{lP3=
zMchVMIFf$u&`KW_in%IB)Gq(pe$avefA;asV9%BK6r-4SbDGY9-X}ek_g11ZHD+W4
zZHy9aEt<U@rHsZV3Z#S*mS}gu56S73VJiYAcQnkwkAY0UB87iyHO~rrn~#bU(eaGf
zO#BZ}FV<T=lAPOx{7oBrL5aL#-ZOZLrq_qL_cp?UyMB}kClltXS4}L%qc8)$AK!<d
z+tuD@?k?jkCvKjaCy((#7_=r5=cT0}Fz|y`DMj_Ll3scvzdjJ(TZoopFw>3_5}<4%
ze~xLj%y8MkJQp1$dny8TIk1(2FA^p4yzC_%Ve-yZLx}{O7$#Kl-}20@7e=qcmA>y#
zXr)>Q8YXm97KIa}Q&gM?CJ`CS$|@1Z_y50OvopXd8wKX7nk)_}0DvitRxbyl>J4Q~
zr$iS(wpT8k#M5~UDGYC<M3s3(6K^5we@X=yGN&L^zUNA%R%RkGQO`uco1GY>KPt=L
z9*Y4>qs>g?{OFXLpr$Q8+$cJJu<*w?oR1^wO$&DW96&D<1JC;NX*{u!msvYaqZ)^F
z56cq<u#ssGQ)v2?=|<wGs?FJ?%oSwaH}w+;h*>7H(xU}Z>R6-A({zoCnux5V74MIT
z+hM+FfA(pu!JN>ESvFsmLlQ&auDsX7Ej>j#&AOo)tD=BN^FAlf35mngu4WcdH*{7O
zWl!G`0|vRJV&okM3nY1;mGozJO+09)gyr^VJ=B=qDHUR9lo2+(f=W7=Do=vzD+g+4
zW;ja2I2{red50Sh>49}=s#qfwqD%gLZq$?Zh)%)LG?!@G$Dq*MmVya1z-wvxv<TvC
z;hb<_H?i=O*UjCGx0{Iz7#X?|^jOgKgk;+zjav({ek$Ekl~x;zucR{^#>BN=9Y_G_
z)-N49{m`}`#g*~9B!->Y{Iwqa#jmIGPQZCfUhH`V_V(IKFxY>+qIA%WcnM=XDrw+l
z#`LBDNSU-lw@K9mq)KY^TyNslwK7bu-%Dy}LNPT>M*2ySigPs4`zK6tiYrjn!G7A0
z(p8~wI+_-53FGBMZc}nr<^B<oL#*9bDOFWk`1jwc6c}Ba7N3^Vd!9?rm@<ZWL{3W?
z8hANS+10V1-`|#UN*1`*PA8sX5XSy`zlyth^hFwdx-tmrfK5T}s^&tiJ>D0_A{L*2
z`;h*0`r0yd^y|3?#HZ;eoY#nvU{pRN@tTm&EoK*4mu|kOiD)_Ijedzsr;?hjVi!Mb
zxvJDVCD}+#@(Ak3#)V?HOn2By4B8Ot_*9?bQ26=0_2>*Oe)$du>fx}yu>XCqGQSeZ
zJHtHm4c|8rQvWK&B*N2(4i{NBKRf`_abVSC(t}zSem<q)s7?(pn5qImKbEVW<q-}$
z!X959UX=G*ib>Ez_bGj2Eb?J!A`Wn!u34CI!rv~8yR56AC{|w77i_zgD8Vh*{6fz&
zOzY1QefcD`l2>&hKuq*8a~m%C7q<?E7LISeY(W$gWA*0rR=0Y3rsOxiEVySFcrYbW
zUccMhb2n#l6!LT7hJ%@isZN~SlvP+PcgyW9g)kPfLeFZhiT^PC>QU)fe^nvqzA1}X
zI5h|HIOusYX_`PfeLTZXbM)=I$`clh`?d!4k1JrmSv&=;*O%#q;82H@EJKG}4=$eI
zQYCpmW$=A!g_!{<ZX$Mivhj4EC#Z*2+cF<Np7}jp!i<=%CUu$BFQ*v13b?P|N<{Qs
z7Am}~KgusQqaI#PwMeO~XgqO`oz%C~b3(V>UUip_WFiw5pt;R?>p1pxns|#~(h7>L
zePkz};4#bdj3%X^OBbiFcQeY_y3A=ai95Xjrp83i=fJaAYL05}LQsXVuo0AHF!vvb
z>XIR119l=vzBmPM4esce5j5E7+PS}uRuJzWD4-s3*ZB{gxhgy<-bcVxt<zk>zKQVB
z)jG1^^*PH2J}5%*RT6Ca;EFb(V}&rkpEJBa@$<2l>LNQ&S*JNX#8Y^e;;Yk!&Xv?d
zHL8&zE@>WyqUK3pNraP;mHo|ol^S<c|K&2av6uDYp0Lr`!}P+?QEvY6p*&Dbqm+>E
z<5au`89^`na8Koko1n_&l7M*FqGF9{3C?nPxI?_DHQP#t=MMHbC>b9$ZaBj0KJ1v~
zx3A#cu!7G#$5zh<o}jxDJ&a?UbN*KnB8{i3`5MH|u3#56=dHM3%{XlH$m4HZGnTHL
zp5^N`7HxXoX-WsbViZYL^?4<XXniwX&#dQ7!O_-_xqS=F$7_D%)V=;aNlXGjqJsX>
z1ktyak2Gc&2ddav#v1a3{kH+y8wOTcjaDswNKARlbsm{^9C9N)N9Cp&J0e<uSgu-w
z1tm1|_3eO@@A6uUZ>m6~sM>w(ra)K~zn+;wYd^i;;lA6_V=jB1_bO84kiseEymDR{
zmev9t#N!o}3M+cj--TjX>VrBFJFv}}+h@nAEl_iZq~9O-M&oc(`iwK_netK*1Z8JD
z98=#*_vqO5jlXX7d~U#M#LkGKl}q6)sl$!_+v78&F8Re8qB!QT;vytH{Nm3l{6afG
zdd}M4RmUx%6(1c0it+z$(HG>ysZ|v+kE8HGN^NxQEh+c<V-*S?tNg)2<mrMv_zT+5
zD<T@{Ofa*sX&Pxmt1*fljHgiggRQ1;11F<^DNdJGmc=AUB^Rd7y-3Lt*mA}3qT78O
z8q$r}a47kZ|An`i`#|y2?yQqrXA&Sgjq*hQeOY;pr5-x?(iwpu-{$7Aczxe3N^j?T
z=fA>3l6;qv3#pWz-J7cUn(JLmaE_?0V+lgXmxs*K+2dy~e?V1Xs>aY!%(~Ek6MT7o
z$t8bV%5ad}R#h|Kx$;I)*|{Rht;nl1PdG*KsPo^&gEvO`dh>+G%R3f*XFv=u5aBn@
zJ9WNN*PA!-ugBi4%FXJJ)ZuZQV}8KeRv<2`t+3&uoB4n3Q3hBn0u_?Hg8$VcG0jz8
zT|iD&pc!iR|9??Ul`i<f%QQ_Lf&a@{(($;d&VA+gR{SH$YaL2cH<R|+Xs+s~wlYIE
z-+P9SOI^)Q2B?5q>TCJm<<S~}a`8Lqk5l<W?7!#>2i*}<`IM;oC-Ny=dSuq(HR~=@
z)}EG#K2hF$<QUxb)2!8N@MC}4*H%aPTcxrVUoY?L&kiwq!iblDYKiIBz-Qc{ysznw
z#jPVs!nShxzstr+vxnxvAFppYtaVDrPT!6m`WpNz?vG2*j+w0S4?~^Q<6x8cDm~ec
z9H}o(m`PJcIEj}c);CbRK!flP^ZsGN^}=0HPH+W>Ip_R$&CvF!^B~ETKU3cEtI=mW
z98fEN+-Gt$1MKI8_*Tnsb&1p$yRPJYzfiBz*>_uieA?Gk{{|n0SZ{w1<@bL)zr)@-
zDKi$9Iu&wTv1==Gm3nwperZ#@mn?t2V4HXsk>eLII#1dz`{mc_;{!r;KnHZ&CTAh=
z7yOVFs26MSi%-6vmFOLoaxO}B+y6Bs%e>uf)hAOVdxIjZ!s}yTBlYi}kCLd<VU5|v
z^8wGDb7n7TU>$4cYqIOHCd@%5dGMOvrJZ~@2N1QM(?6(905OkJiXXN1N>1{lQvggI
zhug6O*zV7MJ!N5(Z3t1x`{Q6ko4<1WVf~#V)OKD;$wYnWK|{ULpB<)xtdnx;Yu2fz
zzZVL@h!?wZ$FJ=>k`yP3R9fXa#xZZ#$##vUc@n7NwWZiCs+4}Rx9nN+9HgWV<^Uw0
zz~dmegCxbPK&+{duGD5$Svc!}h1mNpI?>YUt#Y+nydIaDyp$VVkcm9DBllQ<Umoz%
z6OpFL{Ofv#ah6gzJUP%$U=2Q$#~X!xlKN}cBp}2}HN5ef$UFx3=-R07piHPTX`4#O
zT;qxas?6=sR5c@=dbf(o?`htIOG4{tw)}1tnXoIKQFS6SVGZ+`<`;E_F?{09Ed1=d
zoZ8ZEr<-9a-u`7ZOz{kj2sDAGX0%|HKy#Cv?-NbZ0)?4xk34OYR_1SDBRiDQ4`^GO
zxN%Vv^8=6T?3i05u>?4lX*_uD2iMC(!x&s5sR^%Nx0-Z-+z4|KF0K4)T9wwgekm`J
z_npcQH@VvmC0{UveU9B5HBRA<mc%bNCx(+(53n0FN|!t3Y$jhCF`eybtuB>V9kR;I
z%-(=!DZOsHM2dO+`U9SJE(^})62<K02h^H#4^l<lkjJx~b(1XYL4e1_@XwOF<zy}#
zkS)fGtFWS8x%YCU@eNXSwiz5qLGY^v$Hgtxy2xSDLbvSg`gY}xQOPEja4%7bJ`k(d
zjT5wKOf(UsiTWj|YbLLiD6_vfhsO56iaCa|JX3zupel;xZ1Z>(o*?}lB}?k-2R<G9
z9TehOmy0bEwr8Av(iT%UYQWd6wglz!>bm_5(V;>%lgT`SuXL5B;oS)CTv7cskgL)J
z(n5Ebe--IEUcA5lA$h&_?d_eLW9%7c-}#k5K?#!H%X)`LAkOWawIn9`N7(pGJgIjQ
z4@}ZV)_2Vv(Y(i+@Jn}TtL4lqymlb;;Jb3lXsIApwCAEco{)dE;*=6wulTU*-BOn#
zd#eh^+MEYXP15Y~Ykse8bs=aK-x&W1zh~5MCa<&BNh;AzpDC(~soATJ?{dxO&HNjM
z%<z_&aJs;vu#=kQE`*TW2e0h9wWgoRf0i29I~=xG)<-LYYWNEMKDr~$M|0*MD&eBS
z)dafYLSEjhtPXbM@3wgI&z0=rLvl<qIc8Gb>{e0+h|C{N<9CVQ?L2oEJ_F+1^8E$N
zJJXN0@kMQM7YEkXv6gecte(E%Kt#9t^JTnb2eYQ<?4Q(<J3L?byL0<OxX=%;OX{I0
zUmD)K=v1frk2i&Buhf$;wY<Ay*}YVE(~zH=9sFUbp~3oM*W{SL`1|+|?(Tz~<kQ_p
zl_bnrYJUjU=Ev{am4IERNysH`NR}stU{S^|DzORiOy@m(ygk0N>$~;=@&1ragX!o{
z&}~MGzy6=v26EtPTXc&#FX{d6p2_wp>qUuhvf3d_jII<z7|ej=lOjZlnvP?MLRvW?
z7fSl#{FPxuzt5=|Y33^TNt;Qp#uh&*h!Z<rPS-E$ykSMkxF*#yG#T!#i7Z#*_~j2l
zd_+J*_)<UL9Z2|WZYW~Phv-5+tg5789I=0q;%9SB*OXL<lpBW2SMr=8?)D)yW<Zu{
zRavrw_-(S4n09m|CSn;K40ORBDp*`>UHAd&obWL=AIO5$ZhW1?4P(It*=*Z+r@l4<
z6ih0k*TfbO$<LaKRBZ9dfy){4Y@J&aWn&|WzGv`T6Xess{Un({==P$JW(F@-r=kI$
zyiE3DQBaWImldqerlbNL(~IY-xo+;!?a@Nq6#mz@Xr#tvk_0BQ-ikQUvj=?a5-Ea;
zVQsFcQ!e8s_Hp%3^df(tis6`efyoHfBqK@Tk+E;-c`ARe3Z5hP^WF`GKBMV=8L1g#
zI+b^bap1Y%dlW92lB|@0gRTkbF>4Z=4;a^|u;DDsnza>s-9eT&Mtn|@p=oAk_;RjA
zXp^amqX**~s^+->JvMqJPF!l&kH&z-C;pu6_LHpxll@a+=jA$h+IFaC8;Tk~b^=Ba
zq{A!Y)<PxuU@JJUeKpn?6qo{QZ<0>aX2^z=+XP?Yqg6jtMkJg3vz+G-&yTxM%SA?b
zKsbqiyqC{hmwOrh_}-QkPItX&eJlR#<G)iPuMXb=B&1fyUf=xlkZ{X^ytdoQ^xZ>8
z*;>KyBT+orc{Nv|#2Q`L#gMS8*hS`ggah~J=u@(b!Ghn(DzN@j(MyaSXFl<kJ#zI*
zj5InqtbRuX5<nfCL>JZc(w((bg4#c(e-LE8B!PVtMNbmHP!4kzagF~NYs>!80OUTw
z(ifgKOVacmdBlE0#pxp(CVcA2Qw*F@obPqw*4rqwvsUVy$kXtZjA@(PdLht#(Z@~>
z0|shr!vMTYkn~BOCcVl~Vy+O9Qp2v)IaPEEC@;HuW3=@$he;rYt&=Z30lL<k@+2Z&
z#*I`Rw5q4xjOs5t0g6``6`|)Kd)U)kORhzbZFZ1X$`EQx5h;dV_`n2b_^gyQM(a1r
zF3PneGAzYApKR;**-r5c8Js4X#Ojwf3#P3~w8_gk1Uo|7vPbAyk9<Bwidt-Iw$gq(
zTJ}WI_<kfRFbAWzN;|R{6@##lMn(7*&vruOsUD}qH439wa9w_XRjZWw0I+2X@R;l`
z|MmtJQB9*UCb45ZsB6`+J-Cx(Y0yaUkaT_1^O9?uhK0kOjbSt%d<&B@#5P6i^m6VV
z+xfhcd(seF!4SGB2^|;E+&}tlZpWyoc^p%CIiH%I12`Y>x6=|iod6x;()JAEH72HY
zrnl`ajNIIB<u@;Zi>H(qtGLK?xI4>4_?+r5%mI$BYZ*t79s+i>qi0gd6k(A~E>v>h
zCj@Ei4PSu-l)r{?@J(~t88+a9_6fb3jL46N-D)I0SGq;QBgr(=Hp_^Y0?lXV#LC*t
zXqweMg^jy?RindX&cqx$!W+~(SivkU8r4_&knmRhc0!-UcQGWagZq8^gPTv#CNnJG
zHF6FW&-IZkmhB^}*OJPFadh)!OOQivFrOIlFhZ;gnN0Kv!TJ;xovlK5FLuzL{<)(f
zh{uJ6Z->Q$n3)K2O|6<*T#$PErj>nyk5R8UU&%<V1!G^gIUn`FU=w8SFfN@e=Jm8Y
zqfq7wiR07HWnrbdd~_TA=@52fE#vmlI|<$&WbIY&>ryH_brTi6){|gl*r;XaoAKFR
z>>JCX>MvgOpaH#5><wFyN~FpLWq)%MWUWy0RkE7;+RE1;P~cIP5&eygtYoJY4jveB
zen6j--=}lGx9{U_M%&6K-T{4@;pRi!s&edisNkR%@&zO$?VjJt<cN+1xOlJ@tx2mQ
zCLaT0RWboB6hW<LAw5@NA~A#KI+I0DriPWF-;2brXZjB%D0p~i!$#&4ZEir6=oUDV
zM!8K<?1yFbOZ|NL|NNue+b7H<Jm{LTm6~wb8_0kr8G@emBcQCQW+m}d;f;!QOW=<@
zT(&g5u?roo1Rpum;-XpDL=Tvsp1xFY=Zc1yZ_NtN`gAr+CG|jJ<bJ(uaqn?2j*=rC
zXl8qy^Puqq;WKwzh8o_+;XeiZ1AH6;01m<LE(gIp3vu&{Fj`WMHHJPfny>#buMX_*
z&uH^+(QCulKiPdr#nAyAfwofh+ga(Nv}7elcea<VVnAonC`pQ<j#JV7S!<f`zOD@;
zd=2D{6->wK!lvst2VU!v+jMu%i4Y}(ZVk_7j+)m$983qvkanv%e@!aK86a0|a3n7D
zH)7VxLF9EhA|Z_IC6M3s3@pC!I=C!bBZceznyiEJ1yc=Xg`%RQt)dvkN)cH;&Z_8o
zHd#_Z;`&havA){}cCu<QtvSuM;y0DIby?AL=`V>EnEOR@3&n!!zqG~~+E3NHf+S+o
z`oRim1G~|Xv{W95*_FoA6;Ve{FWHhYf-R9$N83M2XQ9iKoBj)W9396!WH-Rxa{v8J
z*m+_KsF9pJ!ExoxohH|0YXoqfn)9-vk|1MwdG9qd&TK*@zIBD7-~1c3{W?y3Bz?$p
z7p(w}Z%vO=x%Cdx7Q^k0M8!JiKVZ~LGE$uwBb)fhjsh4sd$J~NZRzu&V*KfCjwDoh
zPdKA(mv2(o&5kM23ofU+XaBOdO>mc~)wWL0d)TU0*nDknVgcOxLWL$Edu@^2{^KL~
z=VVac21*VtrP)Sq2sTL@<ip<x0TGmOm_9Au>!TaU7=twC1J&<zL=s7bk~BCYGX$x5
zsr3%C*4N^ZltF~AmWq`GGmq<TCZ`Z+pHj1|(4FP%xLI^jth}vVP|<PU;UAJQfF3?0
zu|eN#^LHU&Lj%6_^2e@IKsG9ryc@VArJbk?v<X8WJQ;*e%;gYVi#Ww1R$<#;JC<BK
zj1o&0qUty;l2;1!kCGvt)GrCs-94Gc(gd*-B>(1Y`Y(V{*R7c=;rhNA7XG`LobNDB
zGd;?)T%!%id%Q#Cr@hW*U22ZLQBcZx(O^-o@2_7pl>pI5!0I4bV!)<Z9^Sy_&w4$F
z?hX)Y?ROGo=~{T<mxd>!&QXe06FWZ?qckq!OP-{D({E?MlBN6!U;x^ISWFU#9F*C<
z^2zbWFPd`{<j$}mF$`rNZA3m$gTJG_*)aAkEl*RFkY~%j;ywduB9x>8W;)j#GK+{D
z>vY`Xhp=Dt&;xK=yUeH+V`luQ4G8yf-#<~rB|&R~JWrMWxpBkDCq>cf-FNrzxPfYc
z)Iv4+D@e7@kr~I9u&?bon>l;CRD7fe0n_=c)5q1FWqYf(-p4^}*!wS1#}p%Su4{@w
z@FARYjYa`w6r6@APc#7<=BFgJ%a<yJ%mU1FOrRr8utqhtUUH_0*XE=3akkig)c4$X
zMrTZRTMn6Y0_OM?i<?gd;00Bv@_?DRYN+TiPeCuLvdcZSeS9%vy%bSz(~ALfv?$U{
zB%f=N6b$5@36DnCrA6uCW$a?aGn8UU@<b;K4B7~IMj4)94gMu1$MVP?Vr&I-hZ-NA
z%<?(5Mate*a&x|DNhJX+iJ@376W)<RQ&`@hC+gT#NMrKd(-vjXSbAW$VH1<wj`<Y+
zd_h`Y0~6IYD`~bfXG(Vg`8nr76sgm^s>!7Mqr(@MaiKw~<~Y(f=^T-1vy<6$c23DA
zBzKXp&dV!>Pd~x&N^f)FvS=QVVub21#pW@J`h>LwrO4B3cP80yRe;|H6XT0RJ#O6*
znRutcda|A?`tX$Ef@yFXzC(W(7L_{XMbPNY-)?Xt4x7$w8Ha~CO2+nV>H@bc9@8sd
z*gjpMZJ#6ubRZFGGspLaXclFE5!Ih0q6^T4vPbspV}?lDY9)$CJ~rjzNnb{7z3oRY
zh&(ig7~e)_-G*+A(~CrtQq2q?KE2`0Ogs?p8}R~aiF}cVX+r4uC{;A*-dT3pDpAVN
zi$jqWuqQPcuYCq0-fTY+DV5bP1*zquBgQ}r$bIw^(jeQBbcA28iQ-3g<1B#3pxoBo
z!&R(OTfRE)bSLP3v_m+{#+C>2_CF~X*yHZ44{-@<H<TSJ*j$nW(F+kr*IXdIW3ZEt
z=dKOmF*;@fBG^&NTrPBHb(8?<-|P1Fr&4O=BMbaqvnP?~sH!-!#Ss;W2_tz2)ARIa
zEbegu-l{(yFB`kaY&-wVNLsO<mhbo)8bh6y-EA9#89I9#VQ-L%AbJAs?x^4;3#&<B
zpGfc=sd=#LZG}b5R+=2ACCVe?+BnN$MVlrXbNY>%9CD9%6rRx0ScNP|rxcu*n4G;+
z%1hDwB^#o_7tG^@Oy$E2IquMUq!n=rJ>G<o9jm?Nn$zb;SBs9=xzD`sNY<A2)@7sT
zcGz<hb!A?iE{GHF7SL8;WkgdJ=&kE&Hgaxf>pt8m)hD*UTLdq;*bP{Pht+#PQu;rr
zRhQpQl1NKJLO6HU{y54_$Rr53l%3Iw?kQY}EQU|Btipqf{aT#G0FM&?q5i8}ub#~Q
zl|&yQE;(osNDOf6__LQr=lNkVYC5+PCR!K<<8=qOuI&i>*DCd=<DA#CV??;EkSM<f
zvv2tph}cQKCZ*V7(?<n&j76~hyY#o-a4_o23*LCck6gn_Ec8cy2Z1b!bz7-RlC)gj
z*}izGm?xr}Yf9QlNYmM&4)zrk#N-I%(TVck@(?|($ccYF^2uOUrd$1Knh<q@#A!-(
z9+tY`cHs#)85uZhdN-IEy=6dGR}w9igo2J0MEZR4H1$ZT8$=Z>On*AMWkx4u`-Xvd
z?-Qh=kPcRA<|LdtLJ_4zFEpy&0@7CPAAKyYerj+_ZNbX<i=0|my$yj1&a&png30uo
z-f56xCK+>@XP58%`PPk`np7_!L6*DlcKV*KDCk(biW*)Ty3=a?x>8mbny{j__{|3U
zwjy$h2k!G=)WGZQ59gwR`<Qnp@O9W`8T-y0+ctwW4Q|^CYzi@1f=w;h%Lt+Ca%IMg
zRK1k429!HlYP9a~NdPdrcl|+N3QQIz36U;9Y1e<i-$UNf?D{@>TZA$3vUHx@*xH$)
z@s0`b!!#rm{)#~$Wp79XA)a3?*j<ne#QiyOS2(=E9Qv#D6zBge7NDN1Jr}&df7_sg
zzpoCKYWz=(94~xzQ0~8o7#I?Ibr5IxzuD@y|58e+;H$uyCbjj|!Qfl})sgK^uMSR^
z{kN0DFz_G3?f>zw0=Y&X|7T5xeFQN2&r_Q#_NXpu${3|Lll;by<RgG5-?Eg;QX{if
z^oK7za)oaCGQU2&VoB3)pKfHNA}xE{%rp9P&$+bmC`QfNfkw@8gV>%Ehk8x-zgH$c
z!zK)%@NHfxg;V8DOpDZ!>3$c0i2K2RR@S$$_!dB*9`hfwZ}Q4Z&<<eD$=n6j0q<-6
zuOVjZI$v&Lefcx{c0i*r3i!L9%~o#%8U~>&2A}R;a75t<zzMUwq7Oa4G>A$8Occ|#
z1E~r>d&fUF0QBgRt+HW0OxV%5Wa>=6qN1d~KkyIb092nU6u<)9j3VO%rMY(_0L5|-
zK&N`J3Ah5-;FX;s#=ij9p|l2P`02O9DHYn!^5x4XxuJl(elPb?(O((kVN!=RfX~G-
ze0b$F7=}lnso=;P0Z!G4$sL$g&UK;<)G8csN&mg8jq#j#q1||)^xwq+$s*YUSn<MF
z;##TSeZ(4Sq98uB5Ow}P_E|Hh!e_IcYdW(dX<8avS2AbTF5pA-+y9)3epRwz*+Y<e
zz)i3T5De?oGyPV)dM`!+)RhrOmaM+)fvOn*S^xAOGhgOc*RFkOT_s9)5U%G9NU4PY
z*wsOG2X9zts_*rKZn&b1b>xN|fVFe|=i{ATWki5(f3?t)-YI`v9(@jNEJ|y*`^vOb
z7C1A<p>Mks-@bO_kmmx__6}DF^srt4FQ5J5i&@nQz%DGCk@(~q?v=y1En}IqH>Jbu
zT$y-uu=-EWxiVG!a(MclSGfjX4qzp?0wpGQ9h$VxYM9YoZH2r*Orlq}3cRd7tpf<N
z(JRFL$OMhd4}%ox-RkL4#gi`pYtR=!<)u826)zd9es5;NxWC5)xl&UX2JZg{XjybF
zOTNDt<9Ox)b(($wAQ4m4G3YG*DILZaDxsd%Dh)`rq_TkanWn%WG``L&z^x~T%SQ0Z
zQQ`~W(w>FTBZ8M-{7)UjIb^_42axOPucRMk<V-MO%E4;LDB!?$d}MzmYQC#&ynX3+
z<zqFJ1D#Yht3*#I{5ux~Tm!Ex0~RaPy{=pZqIQFb$1l^k&tj%{xUX=4$<+d#E+i~p
z0TW5jsOA@d3i!?)m_IlGmwaO^<-v#Z!%u?!%B@-2#=bB4yanvr0bZd7iv<BoEeuFJ
ze1U7oB)WuSchjH&P-`xQmp>ti7E`sy{wWmu3f*~JNMnx!G#@p3D6zDM#bKJ?t~@fw
zT3n;tk{n47r?}cNHAqCOfcAyGQNkYHf2Shnl^U~UYn#56UZH$zVhU~(FtAih14;$K
z-G9!#ctXe(E3jpx69D$*4A3fc?WXu$!TbKxdOJ+@62?GxLhx)Hdy?DfiiQPO1j3U{
z@-n}aH1p2$oYbF~^4=Y*a+-URC#rLFdu?KO-d{c|I?;G)6mp!}<zH;EANat&d|QP^
zs{BetT}Cgo-wU|DYmw<zW>;Qy51F%_f`M1@E2a0audIrunOR!@0dK$hi+2Eo^K-L4
z8dwDy*a41d8SqKW9&>u-4A?d0rmBv4z0(heRo-kF3KFZrloa82fFY+vVu5cmkgl00
zWpfv~|D+}vV0|uE3JkNWs8{gh9Jo*9GVgvi@t8_DfHi}Q@aUHV%JB~|w#b>1cHKsW
zzl)Q#DaaQdUdpU~YVFu!W|GG&U~_!2l|icf0<b)N0u046qv7{>w~~GKL*D;yg{QvT
z{}RA8O(MX&K!i<e5zth)VKMNOINKEfL|O}L7PSU^&btvVCjjbl8ms&y1^OK!3gk9k
zJu^0|kiJLa7SG}+04z;T;{)WrrR;~mB4c85iIg_WU%rRr;~!+HDS(-V?7#a2px2Ek
zqRvZIz@*4G|B%8OUBH!;Q{T2!n<18x;G-tmdZT0k_-?`WeBdm-5wjbV(ro#_Hx3w+
zjT@)Qsv>pjTW20Wa|~8OLB(m}*5=e6(n$7U071iL8A0D{l>1G<jRWN$xX7{5O?Kcy
z{tPH;s-AB9?$%Tp!vmLGs#tyUeb6j#<e}qNaKO>7oyvkQ9njw!sR}*2iF(-_DRG`a
z)6M{WEsq9R;&-#QiXtwb({%d*#*2@dDw0Z<xOm?G!`z#PL;1e{!|x(SCJeGKW5ya1
z%AR#>*(3XwC1i=QMWL)?pUIXjYb0A_$(|B}$S!;Kr6hx7|6SAj`}usI<N5D-j^jCw
z=U)!Dnft!4>w2B%`C3$X@jS|!3=Yw5AYMk*7mwfqHlKPa7Bw_p0~`T0In$?t7BV=7
zb!-;zh-TD~mdb;k`Cqk3aUciAk=-WWYlt<<$Fb~c%kEIE`xjvLiKo@_Jw9Z{%}-0a
zJHp9#D>ydAt--nT^;V>60UmHK^)?k3Mpm0dOXPtqHf6XjOo-HszBlWQVs1#lx<1FD
zaa~}1E$=R0Lrr>|&l9HfG|{@6Sm^F6o0lr`IGg2R<d9>tgeKbu45lAEfID3)1&|u~
z!K;gGX70Ze>(W^#?T*zr2L&JHKG^F88RXVo?+*8H=(e+yEt7`6xA#UUYBbHgGuUzc
z@6i3vs~$pbGn^FX0FSD%TlaA;2DV~IuSwUR8>Jrq;s7R2(%AMTHzpq{{hPpb@BWP+
zY+WDo#B1^m;y6jVs>IyRb*AF{tWiov|FnZ$pkZSp>FzQqlg)uty6HSRlI<3gqQm=(
z41>0|%;x<GSMe&kd;B&sol{PGNZl-MyN+MtKdYA4<W{5f`$2o}MvSttV{|xN140^B
zrn`(_)yOEnk)R%giGQ3G?XK;v7`JPdtNCW6q=o7*7Q%wY=b`=j1xW%FAz0Et<v`T4
z8s>luqH(}$8xHQI;T1)gJ~ypqfm5SmMQ9CBE=DC>^RmpUxpS&5-e;6O1CBOB3Zzps
zkY8|fF>chVmQZ(lf1uz?2B&^AEnPobLxM1GhiT@Tn#{?!CJ04W7X?d5C;5V6rF>}t
zh0II7MuVu}>m1!zTB@Ag2I<7EoG*@F!jg04>1{&b6rF9s*H@N?ts4jAgRWi*0?|xL
z<5{&{6$-T<nIPvK^TZ@VU!D*h!`K;pN?VCpPyN&`qe{BK!-hH&gD<IapD$2|cMnnw
zZX65dMxmlx*UW9SLO|%2Q8qlXGk@nC;X5Bn6VObE{)LAxWAQ30n0qWXoh8yGi8ZV^
z(cs-PqLJBAL^C2%gLa`HekCd33F->90s4=d+jGteR#u`JEsrCE{^4g+x5<lxh877v
ziewUDWn4|ch}Z-AojlgHEA2y`k!Fh&<pnw;9v8DTxKCs9xJ{w7UHwvGS#h3aznJ;S
zXz#-E<}p$=nCsZsONuc}Z&r?-{>gTtch}_qc*Tk%JoYW^jHfm@+iy(PfNkD*wf~Q#
z$#a5dvN~swkJU1geq-?;Chc)1_sFdIdrwr)p>9Y$R@9&o*X`<gfh60Ue+3iPy#P~j
zt5Ic@g7&Ah^QQSZD@bFn<Iex47FcRNQTMUCbICn4A{Tvrk|*Oy)~B(OSCKVYJm?SW
z=F!L}Y%$f{kyvyQK36_7_;6iNbLieGPTAM9XmhmjxZ-aR3U}y7rLx`FGmZ4%<tOVg
z-l^&ei0n>M&}HZilkzm3e95lC*l<8LE@j}(xh*ZA9xkQbs5+ZcY{~tEBg-W1xQBwA
zitUZ}hA;ICVdqUr1}TG+%B?t^&Bgb%IsNUX!`8a;xfRZDtDbyaBPTF1R*lBKflpMp
z#NrKTgf?@xp3({hs-I@5>+iNiKu<6n>2&xh;7M%K<^4oAjwIZm=H5!WQ-$wW`L{HK
z90MUsD4)2yq+M*1)a(5Zm9pX(PZ;!Dy%K<Ik%KZ3gEo82M6xmH|2_e}>r-*E8}l5e
z#aVU1=e1i9Dk}feF0$I4qn9zrh3&28q=RMpFoZoj{rjKD1HkN*wT*MG3=oJ%?}hn2
zslux{b22wYD8b5}TWVZh>~+q7LSs^*sKy{MBPCFk;rF}b8_tsNlFlQnie2qLzFT7E
z&mdeXZ1w6MW^6Q2v-@KUdP80xD9q!<rJzjq47v#h3r0*s6735Z{3ly42=t-%v}l|L
z{URG_td|3$l%v{+^rl^N%EzxVG@-wl?m6K*8_Y+wzO;KX#FagE5B;<)N_b-1{orN)
zS8x6e+qX2b!1nQ$85^XS?|$wH;vs^Sjh-Dv|Ib|{qe_L2Mr7Rp`9VH-FFyGpV(V0B
z6iK7mCd+k~?=#ZY;t{b%tJ-Z@JPV&R&C+At;Ldo?4^gC;NUTj8+BS=0A_JZVVf&z>
zOBEy3|J_x0GN8_qG|^*CC1e=49lG}QbXlnTBcC%!zjb)p_Kgy26bOdX3W4;@^QckA
zsXEA8dG4s={s>O6Kd6SUT?7sBwRR`;(4~Oiz}S0I1mY=Wvh0cPai<l!He0KC2ETl$
z$XXM1yp%_M61s-?GnuQsic9w5GMx;4bw$06D`X|Nc?fCHFRM)Lus!pfOXQ|GJ=SIk
z|4zw#RCTViv>}!|$xJ~tInAv{%s9isdqZqCUJ}i6){|m<(wQC*2_<XK_qU%$bUYlk
zSs`gaA^I9LzC>!4DkQsjy{CG`ILMv2gMZdKRIl_V8F|aKpUYd+hJ^6k!Y%B}VJx(h
zY+~=m4DQpu$6b9=EvI#jGGCBrAlL@Nt$P%XKPn^>Q;1Rohz#<pXS;f5M#QkHNf?Wh
z=Po15trB|9Fnx7>G}JTKX!XPMI+J@rO2IwG>d=wAC($pF%)XIy!xFzb$q1rq#-o#C
zSs0QFNR33F6ykUl!a#zTHk}tujpGXY{Ks>wm9kgdx%1_y!pF}Ca7Z77LA?We<5Fq>
zyz&lz*yjl^%t~!lw=Vyj<y}L|)hy}WYfC!MwT$<u(1KA=H|i*LhQb85EE44BZB^3P
zLDdcXr$NsTlg_T67%rTkx%2PFN%JLyd+KkfyryB%g>f0wJ40KZH%*FAcj<CsoNL;B
z!{ZF|C_BU*cuACt9_!BdC-BvYx_RH~)m&%AF$dbk64fEE8T*+63T4B4<3DbQT1(B<
z3B%KVBU9Z8pSEMNJl)(x(!-t)QCD|F6Uc|6D_kTq+uon2G@8JYO;zl6tlSrA!Eg-S
zJkO_4Z4dSQxmz4`h<!X6UlZOUVZE+oMByT-w))&Y!JL<n`#_a;Jwp#6Nl;B>6TSWO
zt#FY<yI5+CJ<;HG5ycE?6peZAnuITmxG*G0tKxTP{QE)3(Ubu<{hxD7q*cnd*P#>c
zlfE6F{tPA_PMC^Q)jSoNEXdxiU?0@;v4^Uo#u<u4HT^+%_sRx;;v*6qoj26%rR*}7
z=OiM&Rs3E?a7=~jMxpxs&pZwpr|Zg@IGvmVozChi`?9qV$4unUFC7=~y&PD{pC*M0
zjSR0uIrg-s_Nzn~?yS`8_CZqRm0o0!Qt}OWG+uZ59CDZ|xLG)Ludv1fxPaw*vhRXv
z_S@slxl{Lp9+TGFiJT{E>b~d2(K(D3rz;Omi>&=yTSDY{nLrLP(n0xr!M$I17iGSn
z#BoeaLUKRz)~NY!bM!biN1Z1lTYOKkt{6EHLf7TMV(7#o#G89L>yg~rBg?x4f!@N+
zm49w&OEI0z@S3i$6+f|zzJ;k~^3Qr(<;s>BveI%GueB4^ZtskvaeS_qZx(0b-R#xR
zrl3-$y^~lKf9FbA&t2A|IKHq~@~|}BSaC{j-6%JCk_op5*Csbo6Wy}TOP71}Y1;1M
z1oph@*v>6#^EzgT_`KJIpW8)<b(|ZdRCftRzhiqvkfQKQc<OJ1`(9@ujpZ%bHf!id
zvLC_%ausx82beRTZv%X8d0*U+K^v88jQz1e^T|RI6T0IyJP48@<h9)yQY)^=$=TK-
zJv)ndoyA{4>a-(TYQ8LVAeKq_OT~B2&1($#IcqU;4lnf#*q89S7-!t!+S5~<SCEE$
zpwCseJntT3-Q9Q@8Z+JGY}G5H-A>LqU$V+YUs)HbztENcCw+cx-Mp!mdOpRZ3C9Bp
zfF(ZJuJ|(eKNzjJkZ^-D>9|Y%Ab~=vGQJa<zMJi(#hBGbs2vS(C}!3kaPo14BI|mT
zB-ZE~Mi?jWKV~6u7~|{AKCQ8hky*a18Yg{WsnB)&v%0*hf`Fd<4q3NbPvPdS-D$dl
zL#}tY(F6lKo}*#JRU7W>fNZLJ<JG6Z!W6Y4JcEqEhzG3w!+DL<{yQz+Lw7@R5t@i;
zxOLUtt~VoS@Dfm|x_p*w-HyLi$OaiB1}jhI%^i-_t7ZFR-0r5IL=c!YOF0g%&-S1S
zwY%0J+4PdHZ#T9VdM}L%@RFuJctU154C_Za(6f~?u4nmQJ0!z+Q{@y`R!c3s{Z5vu
zlJVpVnP|}ivAZX{apzpB!-ugI={D)S$t`{f_zrLRCF2M90uT38lSlT-M<8s2EH9c9
z7I81AukN5M;huE#JVnrmd#K|ya}rcwbyM~^WgIQ?vsc%jYYaG&xp)J$zJNuHcBhFq
zo4}V1qXSInfuL2KLJo|2Zu#=ywS9Zp;&`ly{DD$%br1E*#fdCFKG}H%XQcE}N<zVW
zmb7Dla<KP#f#G0@qLMVvZ~Y}7{dWd$xGdw+Dl+u>Sk;_{o`uP6B-xytCZ)~fio1*!
zB&=~(M}!qxPznDC6RS}VH#pcZhzu;abZ$L6tu08WY0b1P^!uSzLyt-2alcmST-GY-
zgbd-?aL8t=#E@5Ak1<(8ZCXXL>e)v0Z~RuqmvcE24+eP-$NJwy$tOwsY+~g*Q-g78
znFa2-9t6YzLSmQonxFC<<WU^Y@{nXUQ;0*nD5S!*Kt;hhP2LUB`BW4*C=dC;lU(~*
zsRvVecZGxQGiKicHq%Sd5?$}8*fk40Txzt~mt50CKqpKWmK|ZG=(*N%$uZorXH>#{
zFcG15oL{9}$8<*J-6I{#w4SLi(h#3_k9GI$<Ge-QT{`AHt3U77)B{t2x%%~X+7~-g
z%X4QZb7^NgA*XsX2-K4@lxo@I#GNE<F->+RlBWq?ZBGFNYHyCvcjsi9mZ22%n~k~P
zJ<6p)@ysd3QS1FJ+--rG*XJkRe7F`6u6l_jY_R2@pM(0X36giq{C@Opyoc<UnsD^T
zlfZMzsqQ`qzd}aJevt4|982uqCoqZT_mo(cBIe3}(_9N1TitrRDtkxmu1OeO0Uzr}
zNBG@k<sIW#<s;+sqHt-R)rcS6FWJhhg1$Bml%?>_FuCE&>bSCc9_XER{0f!-E&=+w
zWF)`M>Enfc-bm*|-E>8`jxSDi->b{^wfpt$%K^_~flh9#5Yw*CPiT|pTbf)I%x!*#
zb(){CJ9WRLNa#G_ifX80EKfMuUD|#XDlGjE!|Rm8s?|PB5^+A-z`i;~?oXUR>;nAZ
z(AP1VSya)FJH4D1j52aPv;^*^J50tx^y@1@D6Nwvnhn*VaJPs*qrl7=lHIu2Od(XL
z<G*B!8Q~FnZ5^=IiyVKEt9UV@5T-Z>6Ylupq-SyMzI<s^t9_!)EAvO;jyJgwOFACw
z;ZN4pgEX>(cWP40QHRbIYqTG!LF4-4CAUaOw7Z;yP=0m`S*+LZ43TyE6iq0{<2?Le
zS^$@Vb12U(1c6Xn8B~7UcD8@EA^M5laO6lN_@LJ&HRNnRq_T@>GS}D@QwSy9cylS5
zlnYTeiY0wC^1B*Gdh{w^PXqP==&N2~`Z0<WoQ+S1e8ZIkS8<#U9sc_^aF3z2hj-P-
zQE0bPfwV#WHr5@iKsf344zs3LQV!nGTUml46=FmqlxKRh4@s?qKf%+Tce0?Fcs9FO
z=TnybqJk@tpPd=6CBY4wx5r~qsLw(CUMe{<-B+n+xU4o5#Z=46u8#_{UA^C_$Q!Bf
zKi&RMxex|80wJd{va0ISOy1i-lxF&}x?3uj|5UB+bDDy+!@8BZ-J*a;m!rldG&ilo
z=+kR|grF`rX!ZEG96^hYu)-mP;{f`>=$}#|g*w*z{#+t>F2LH@po0ym74}%y)<7-|
zjR=G;n~R6?C_7B)|6$&SMR+gfs?cBi9SOQ;m&>bfVAyaZPitE+nC@7kA>s1^87uef
z#iqQ;9Qyij5Qg)-yX<=|blD{;Mmj;!^NB=_Ef`1uv$=>k%p{!R?0d*bWr7~;^n2T>
zE6)v*84f7?THTtPS3@yG8r_z%ANFVc0;z^`pf<q!PzqXigkZXriZZG``Dxk2&&7AB
zNi6@Id;NsO&NJCTWJlMDZvJh2QjN#68sUxRx~|_Wp)cJm0;@KQ<Seo=3C^&gLaRw;
z$&+VF0SFz0=_K#1BIu?`F+Wo%&*3PyDFR)0Va9Z;^@?LdRNQfYSCU#D2~7Sh$##z+
zFxs|?ZYA{W<E5pT2tCQ%vZpm~OIX!y4zjn3vV!siRQRMPu|-odZ2Ti%PWRMjMe`<p
z{*hziFJN7c6Ty1F>mNSNwKy3Q2B*?fs`)?ecTQ&JPG+1*zjK~#bCwRPUFobH%-2My
zDu7(jjT0k{7-6NQp2Q{usl%K2NTGm?j^Altwv(T3-Y{T?v3F>oK96PXhhaRTnYaY&
zdLP$s3eYY!SHsdCiX<Er7pfG|u<u)GK6s?#fd8E(_f3IzrStKj(jg5`_${Mo15Xm!
zXNB65v$6UUALuD|sF(pqgVtroLVrVv3??bLP->W&!h?uX9HLk#n#p(anHTP=vrr`+
zRlirQQA~xCM$v5Ff`;tUwxdN7yk<7{KSLQ9Y!Fk{Dc^Q%=YwgfPff!kE-|snmD#te
zO1j0mhn!4|(6RFNT>UURhwi$(beB??rHf3gdee_yPU<6ByxyxE72i^lOnhoWY4C2_
zl>S#MJ+Tan&dqlTCXKcQi|zT=Pg?y;A!oykYxb7D`IV8hp%+#X8?KM|?vaBr_c`v^
zkAB|Lq07Zr-I|!o7ALvjA|LJFBhR-Qa;U6a6U|bAPD8KWR%@4MU7|`-;P`}6L*=91
zq8_3?qCDAnnP^uVHB7aQ_Zp)u$<b~<T?j+h$90rD)Lvlu6tCh0P<Y=cXIeA+f8cRH
zQ_z>X@1ooTdb(b9`thP)aSTc?bEWU*Uz#kFqYJm>t#M@|N8fiH2w26(O$%rR<(oSg
z2d^PSk3~mFd!LINACoWk?$^z4__PKkyjA<zb&nEZQ+&Pu)1W5RYIf|7f$`(SW}WAJ
z42qpWQtfy~m&}7n#~Ou98xK0n{;oi2deNnEskiX!ZmDb4m>O4t>{s?J2{bkDBiMLn
zVX5<@qd=R3g=PzCRQm)*VscsLE0<r=2`6294B>>6HF-*#F+jHa^QoC)<5sFw%GCs3
z<=?ISu2EC+U+<DmD5v&~7u9{{(mQ&byxe@ME_XAfuShL(()~$mPuROL0UKNG1Cq_-
z?4`j(zeu@ls!eqKP5Ef*f=c{UN$~hW*2nz0M?I6VQP={yjPZOqb#Voa#pVE{28~j}
zt4GRtrKDN~AF=2a89U4R3$l6TMsu>+lyU3c{B4)UwO{FGf4y38V0EY)aK68Z!?Av_
zc{aJ!>V@m37?7pRz1-5OI2}o2Y6UET2xs_I-78^knxGvfin~vkMSWQX@#jMADlD*g
z!Sa+QZydu@ry5mRsfCAVd_XK$K+U;!{it&9&SnbAOS*G697|Q?7n!QKM3|+`DCu#K
zSn^m#i!BDuD!kZF)rgnA@@#K0^=KgtDYLoddA6lIN-?Y|`!08k4kHyBQ~2)XlSOr7
zq4!I^I#!|~LG_-7R5Jt7pHeX5R`=T)lkd*+=3l+2k>gP9Y!rpg@HRcD=q;Ap^kLUD
z^r#Vm;9L(4Yy_#>zZFhaj&LQ)fg0WHFiCDwl`3`|6WkFn2ZILeW*)BBQjBjhgb$BZ
zZb-h!8XiBqebVREJ_ipY`ZFx5wP96cM^xn-Q=^0&{Naa_I%<oW)-qLEw&%3e_Up{U
z364Fn)k|Eg0jSS$!eU7&kNaH(C#LmcuYI3-Za8`M=AW$$(JMKDaeRBP65Tci7#iKb
zMB^WnY1v;r<gkDL=XUBxCS=lg`6QkdwI@(NU(4cNEHFND=lF_4_g)HOZX&3kbcTCx
zj9UlvX;z#1Jp9$?p&w^P_-<3pZ)3d^A?%sm{DWjBqoA`{Y!rEuIiB^Pd+qLxCKSXt
zj&*!0kktk>7B4zOBS2rE5QP}Dx^_(kNNw#Z1*`Uc%xXr)dM)9lC<W1KNyuMCZc}}1
zV$w|C-cb)opS^TkLe<ZZueYj4V%@*JO75na97|K5A$alMRXBFq1*4pw_rJZgUy@dg
z9GOaYFK#j!mR)8FS#D%kG()uJD@=ZzcP-fB_(kJhuUgEuE@c)ls?;{gA6VG(Gh+AN
z0~xMFg4BCYhAhOvjQkVl!T9Q$oVT^?U%0%uU)(m9=-L|lCvf5U&EpSGJIYC3*p88j
zSk_%G656|;*@&O^flo44CU|ick=td_^{vR&ejyQOgRL&J+{AJnW_zqF<hn!nCZ<E-
z+4ajw<WJukK7H<7DnCDfBN>$IPl!9Tkp*h(xVd{1KQ)&XmsO!NRP7}!j~qrhcO&2^
z`9t*guqnx1F82GCqLHrxKP8Hm2<IF2C(V7ld3fvQ5-wH#L@0qB+A&6=hOqbG*|rIG
zAGL8vN$j6S*yY(m1yy9%Ib6hxMoSb<{B1<gN`3<jn*}BTdyLr#!fuJk$OGuB(iX?)
zvcdXhpRL~vO|+9M@y9)gOqJmJZl<QgoUDpry?-<b-U^ufQ>4gDlGdZOUb(kgs+^E4
zFGsmG&P~vReA&{^%sTYEK6o#pqA%p6O!!dECR2~#66RdEo#%ddC**n9Zf^OhMI3I>
zf2Yq~a>Jll)TwmXUDEG$O^C9s1_Tfim;!;{j@_>^7G@)|c$K@*n{Mq5C5gl8^wSm}
zm>Lt_c(Tch57eo-J&KsOmy@O(Bw0o<0*vyMUKE2M%gU6QmgUb;HOGIVIkGZLP$vzw
zU*N`G?|d=*jj1fP`z43i*VJ#^)2=)>$=}<0YfQo`ulLMrNb{1$58L9qxjFf|MVoSN
zCr5q8Uvy#+I~1ZO?>+GRXJg)3IyfQS(D9dQ0ajLb_#_>{<B&8P(tn9!=^q%mOrE6J
zFppEd{7J;O2xt#uz&B{hmu}$DnleZ5eqnjo877={Wv0|d0a3bfpH|3TX9~tk8df2t
z+Bm%B^HO2$;<h3J#~-Muh%Xg(C>EE==OoCW6s6Px$5%Tk77E#S=iAu=b4z(e>DmWu
z4ym_MSL5^=MHA${7R)%96d&%fKP%guM7C`gUbV+0)Uq?*sc^+)N#}i8heZ3Ey1^AY
zv;Dd(3+cSo+lCcxmI&sjJB&LG&KY=M@1usNJu9y*@a7O|^?sdS;u9AWdW~!o*6A4c
z--()C!{@nsFy>hVD%HiM+=F+R>K7lp2B`z$Cm6g&rH+OnYH95@@NPgv;}uR=T>(Q5
z9@lxzPOYASN%S7<@zR$CEmA#sdz(jbHan@-*(&e$q8b*91Cm|bs&s}j$CtP{Tg+)b
z{r(ZI_%AiVh&1-x+sP#+W^d}mhw1K8bfreR_>Hv1H?$YX3^@i#QOf4~Rd5s=4apar
zSRqtm^@*vc5gU0_Uo_q|rMDeeDs;VnbL4S^6Ln0+F;abs;V|&zq`1u;!+mKnj>&U@
z%?&j~Lyyw7*6pLdP@1`|*29Dr^e<F&NSIH3F~91(CSTWt??`_&ydj<cXEHBX*SY~u
z9{NeZEE`Fd6@FPdN{gKBDs6AOK-!Le<ROhl4vd?M&Va({0$ZxYYs$f;e`+tCQx>BU
zvsXWAK2)oD@)_at{+zdNmc8Q1(7-tjE&0Pd75gyVz35=Ii#3d9;=IQ!QDQh3v4I?~
zBKHLNZOplBoJohSO{w9C=JgnD(OE_FAU#gV^X*qHo!F12%ei|cqIs8Kd8p>NbA_R&
zZd&(~wy)$D>Dmw9kh#IvywYW=)|347vvXp^g@tkvrOe&7fCavVI15rMvx=v$kc50I
zOxO+sdym>_9BZNW4Cd0rnsB}-0ZFrw*g9N^7tLlKK7>OU@{292dkQL*Qx#EfXoO_o
zfNY<+QjA8a<M>Zj{ori_c4eByma&2;z8}CrPd+HhHX`9X-gvsSb8Jn;`!kc6jWA?{
zkM`x(`aqUZ@!8?PyFmunHT3D>cpJy%3z^ve5_7zi5j0t(NRJe^%U|Zb){G15Qly?h
z_QW5vk*Rk|i5Iewpa1Yn^q5WHWB;I6T>g2s>&p2;q$=!LJjJy7@}Zvs(4HI0g;LVo
z9T!tcs?G0^tzrt{cX}2J@g*E;IqfU&rJy;|$OLs+Y36FA7#oRlz8jSy$G!^gj`Wa(
zCOq^L3@LS}evn14u5Pp2gF~8SIcC}pRykue!q+I$Yf=)DW0M6;9!)z7Ev#5dS-FpR
z1ghR%xbTThKgrgsAG{h7g<Q=V$r5nXZkHyRRPd69xl5d6<G6%-5v%UZyMe3K-cKA1
z>LKaBT}tI~S252(ViSrfFHi3b#$W)KLFG$Z6sBjLbHT}-IF${)ZB$(wQGIZT`)TRj
ze>aX*-A9<9%&?58&$=n57*!{sa(0+WwLbM+lw&l$d9Zf#J6xE`o17vCBvaid{fbal
zXdv4_=_9I_<y!bNuj0hRt!-FEG`PhWg332{wd(We>?xJRBz8%v?R2Fc^om0m(z`jU
zN#mRf2jxcVJBwRk6ylY87fuH1TXEJ30<qS6N~lk3OkA}z*NRY0G(snHq$e!<n1<ic
zc0)IsibVF34rv^hJDJ9dCl^9!ggW$t@@+c{8?(~720ga)iE$`{1%PXQ*+Mpp)afHI
zNkHB*j)#_LL_wlcc#wF0$_er0Au$i*9H>ZC*L$SOywI^w694(AcBN>)iMnrYQi~X)
z3#fmJvd}#n{L*4-X>@njkTFj`bE#(CSVd5i=Uv);sXa(Pbqy+C(2MbQsLJLOQ@<zH
zttH>DOHVz4(np0%$9||H#rMFFd_8Gt^ZVHqQicYkhdWlmgi^seh%`$FUlz-=g|~sD
zdJ;0Jx>Hh4ROxgVs4%+VKvwSXCTetaDW!84fsjGS>UCONR&{V8$v)!7RFUP9*v~3a
ziCxYESlL%Zp*{DJf7_9jZ>o~#n#y%8i|&YKP0HQK8l)t_^VzN-?R_C8mBWilqO-}&
z@HB~mr+zLZw3=OqECxKB6WNldcF-n|IM0EN>j}g;{A+svO`->wU45>w&wQst%T#K6
zhs|b5COjTf+hdaKL^NRiEu5+xm-Q<lP{h6ChKj^2z9_LUTjni<tkRpMVm&d$?xcOJ
zaoe*?=|hz(&jK8On%cs7cBi6knJcS=ON0-#E#fTf&$laQ)O0@{Hzu7`Vc(FfsQviW
zC=rCEZ={Sdjqyzmmt~f}!4LQad06%VqCxG|@V<~m5E@<Hww?;@XPxWu?qeFYaeLnQ
zQt9G4+()vNDCAx<fL?B|j#<G<Stl@cD^oFfQ0a1q?bwz{@u&@6G4~;9zpKdXmq30F
zn@X|_XR>kZ?3udZi<W`rK4!y>@<lO27T5h1-BmU0Q+jb<?XYPu-lQ5fDV1L5BTgLe
zczI8Ge=VI9-xP(zz&&4AzWjD2tYm)@S6wiTjKlR@>wc_g;!)hR1%gFMEkU`%xdQ_m
zHS-?Qp!fh+E^^x(%z+543b0pmFYv`<F7h!1wNvy&@kc^^J~w#g;|t^!^`*E_M%QDm
zVnwQPy%Gt5Qi6v{=2D-ZpkbHY$12&f&JHazrA_<O*$5ZRj1x(!l&Y005x2R-2da+o
zq1Sf{FZCcOv)8=`Ra{7V^r;Ci+4DktT@oc^oQ?&$q!)E_hDm~0)$=(f)w&@0fzko?
zRxO=0w~IJW82dyy){N=3NHs$SV|RBe+)zeKx2=5KE!QXwSO*wT);_wd@gd<u(`r3&
zTAN}LwJ?{9b{9MIk9}@E=%iFuTEz%U3q9O*nO?kC#dVQ!Fq?Ntbt6upkvGvxTXLoH
zkml-%>kqT(S2k^f!a**Q=$AJ;F`~tC2G^JIT2x}7$8GW>q3+6XK1tqa*I;FjA@xDu
zP4_|@F_+k_mBhzxl%c8~CoHgz?Py}_CeaSe<*qqHIh<(8p5I-zEx!s2^+ZFBvFC8e
z^_R;787|C*;hjz{OZM<gwXueGIJ46tlGG@BnmgahMx&l+F0$Bl!6KU3m=-IA2xb9c
z-zU|^JkbQ{Rh9re52u+jxlbQH>X^V^Ab|Yi;oCotwuJ_dTw)VmEf3mAmhe$|K;<%`
zBJVz8?2db}WAH)(C+ag0PRKH8^HS0!^fHRMh6N&?DegPmskpuoBTwZlt{w^Da;VxY
zmUk3T@Od@+PV!O>PbccFLI&JEPIND-HDx*L_w{a7MOHk+Nr|;PPMvws+HvS+&@+?3
z@%+a!v3{>49X#WI9FpM`88$twINXh`3nhQP9Ji?`wQ1<DpSqg8Ll7`D%Vl@auTWuS
z@3|jZhMSX$-u@PXx0jO{(Fqo-Jz}&>ih_2wN-L%fu@-FbRtD$Ot+VM&eQOL<9w(@>
z#tARiPR(c3bq4sVo1HtE{-Lm5)4s~YxNQ~exM8vEZ0H>qC-N^%H?9Y;qUS@4&i$T<
z8M&2yS1-<HK*7#6_7<tZ^$tIyOd((<d8YgqPi;H$nYv@D;bv9lI&lhcQ^cdXVAPxG
z0;J3^cRTQn^!fLSbgZCH4BRmP{iFYP<Y7>~$z5JKk)35-Jh>4NcQQZ?dVGUw|H3+Y
z(%xQ*7W|hlc@OCo5=A*@nc^Lmzh4BVm#lxO%%6aIZ7U;Y?o+S*XL3XaF>BoC-wz{d
zMB1xo{fB~ni3|K)zUg0%GT(pr%Dl&aKkRPA-`5gBF&6%BXY@Z?k!0v-vxtkG^xt;r
ze}2dq8e#N_&KEG!oKB_%tVGxxI5Ee6uWPf$(r#xffBI+f{;tB|TEQUIDli817qx^i
zJo5tKuqjD;@(o#@A1DA>PFDcr5(jkEctMjfTo1DQ_kH0(1ZW|ZJMaF>H0#MN4NLIV
z5rd44YHzGTF!lW(%wOsB<h(|_j<>tgKrU?~Z8`Y$O(=ON4>4ueWDHPmtA}n0rT}BM
zWFqtR2Ox;1pfu@l<#0Jdmd}vpGKlTvOeqSuJ}g@SLTxi<L*}MjG7d7jh;+K|kY~$n
za+{C)=X}Sl?o<#tiok2L=)@!BzaN9?VWc0RHwyv6tp5av1OI*oNNELGfGsu344(ea
zyHYe|hI%(^g<AhCID*7({&6dRtA_bV)*fPXZnq8%YllX7uX3+HEFTay-+?qrUXYn>
zUdXmy3Amew@)g8j*dh?S{n7QHUqCAZkPYj4Haz?GODh^*tK}03s>C4dG{MT|>Qup;
zF9a)aUkWywz|UN*(k#)MW<*Zm>(Yw9&mYPHJUxI|-YfvbsP_;F)&*vIH}{MJK)mqA
z7Y~r~Oup#wB>8~QD`N5yPjmDI2Q3tGu>t&J!e{X>+}&D_ORnWnFxXXtpztyLWi(RE
zXMe^&4Sf0f(=@U{b7BJbc}gMuRGZ*~#`t$2{yI75c!|&PnI^9QNPM>DF&aV$LWV%X
zxXmz9<7lfb#LVl{<zD~RoosLzzD*9JmVf7=Q~`p=9f|3H4j3wIQM|<DE1|ca#T<zQ
zR^JkPaEAl|U)-0+s>j>`r+R-P^FeDst-!`Cpn3N;@AO+B9}q1+&4TtulZecIrGiq)
z25~V+is$KVE#W&Rv0)P|$@>^&!e1fdjV!IJ4GuS+VJw)gpUE=UOC=VHZp8fn={u4e
z<{<+n6VV->@58xGF&A#z>&945*on_kOD|zr8q`AFzHn*c|3?23`OMWHE(#`tnD&-u
z$f=loGXuukbs$lCT#QIk41DzTF)^*3N0FS(Q<3ME$4x1agnVDxyYGg{1bESUh~dU7
zS>FBC1Im=6m;)l$n*k6f&B>)FV5IlkPJRoja|AfF)B&>W9kXSxlUD@^SHN54%kzM^
z#5!yT?}UOB`UiIwJF&W81mo+-Z=_IxL*hip#(Q?b%6ToQ%k>y1)S+3Z?XYpMnj=DF
zgYqly0w$xe*xrw~UyMI=d5YBxT`@H4m&NlYvTm!+9WzFI>nv$8L;1UsG@yLiV6MPs
zrm^{MF(Jj)>fwBZ<CJ@SxdTKKF%AOQZHNi#EG4uzmEAx-by=VX2&t_syk%BLk;3%_
zEHRt<-)<A1T8uWf=lrJvJZ^pk<n>-7L!CRlYITKPTjN3dGbX*L<Pol+I*=iqLX?-Q
z6^~hZ_lW`C=r}&Zc>-tyEQhsLCjs{^mAIAteU%{;A6+7xZ$v|^fd8Yf?E8zfRm}WL
zUV4m+m><_ZWV+Xx-Kf?W8C2)AYHLbU$<|0+V^CgJyE9HBx6Wj*VE6r$M)!%f2i}CC
zy0gS|;!q^<jx@3YN)<k+i_BoseLg_i8>H`Xzn;fw(EjQScqeXL;Wp=<lmjIH(TG%U
zBBeE6KK)TeQyyE%{nYQX{IF7xnq8sRhN?n+q><QvG@(o%ua+>q>Y}B0f=^rfYW-;Q
zjw8IST-BG~kluYzm9d;s0zHt<&n&AdQH?ZZu=~4XN)Frz<+1B{C=XUWQD9M7+QXOg
zxSE9v6$xVj-tnCSF{z@C+{`N6faPpcK6Qa=J}A5=aYXDx94|5$n3$yi24D?s@g<3`
zxgJ(A6<nclCHUue#EL(>zqKe&D>-V;>`J}pcKHWQo)&i`B`<e7+VmG(h4Sh<+nHAJ
zxvaN)E1mv3_}`hTX#tLugZaHD<{(;A4P%xZRpy)sNr|Aj?PwjV8~vEeqN2&_AKdLZ
z5DjjHyt8ui_B|yAQc8noHbD$pkW@%hLj@H~QVj0engb4o6q?53vY^Ev8}<M0p3@=`
zPaXrpe2Q(u!JQ6#>J(VZW?!i3mEHhm-i!PC5ohHZGblmxPtLK|Mc>8oscgt1StQ3w
z8Qb69$zxl(HA~L%FxNu`ZkH94a^2pw_d^c@?CnebHcaXk#1bKD2{x-#5+&NpgybAy
z8S)Q~FD8d1IdO29;5e1sulF(!RB=vOUY#sveg)F`wEMOV6zqA=x~4DJ()Lvk*ij4R
z67|t64MdNM4S#N^D4M+;!TM<aR0rm~q=}+@db^@Ie->d=ceT5W3MT4(lPLUQ5^4;j
zX87viN?X<ruY<UYVoY29EW|p3m$5``{MOftDNk#7@b3`HaV6!HpuR_<_jYp5nvWM4
z+xUqJ1Rfpgo4fivMn93b)Ip~oVYVO|9@yU9DCcJu<3*%tKpDa57GVoFgY@S`ahT^2
z=v<U5EZ?q)o@LeF5xKq8?3@Zot3enTqy}vILOoJV?$NNrgmL#bFZ-rOvSZb_FKT)l
z-ek>X3;1l|i}7$tbTz1R@4~#}GIx;NO37;`9{P4~m}o<JWJW-ggk%F!7NJ2TaZ7{j
z_3r^4TFKD{HCJjkodn<e<qK==yNd=x-(D`2<Cv>Mq<(2(tCO1E?bjD1X(z~w=<#_`
zZR~YCd(@3uppBjnomYIb@J11K!S4?nch_C5tNmTl<BOI_pQSh*yBSvtpyQbVnZBBI
zIg6e*d!irXB!^HF3A&DP>sSfmom~sRtMf*RMo`Owtd1V_oJI)Md&PL9CxFzASdi$)
zzR+9^7M`NpHm%1q2GCq_DYtg#X*^SA{yF+9{Rd=>sK72TCJ5ww9IQjxy|a~qmCXn4
zO45$b`E3488C|1PQGO%mwd&;*8F)=URScE3;F3?y`S{HXf6kPnVmAf2!OvdWss;Gt
z-#-PXq6m-HOYq6#BG)2kaXWZq;s_sSN}lE5m3<G)?FqC`QmYsnv;<8TJr7O~y3@bP
zuS4Z=U~OV=aY+C@H)5MBM6P^UJuCKmcK;{f`n3XEMFurNEn@O*CkM4N!IsP2p7HBH
zYeo0X`}p};!_iU$&dLnW#R>^v&~;h!&3~~P7nf-Zm4RRaZ~Q$wDWZD#5u5O}>9pjo
z=hWO<h4SvI2%Pi(G!HI@I(p5MkEvG4(LV#fuJrH{ar(O=|BEXrv1M|HA>0iBzh?ip
z{v?9gj&J|J)w}(FC9Q)pw;%plOzbU4lsBgWCx3OH#8fh!u2i1f+40V@NXS7io*t~2
zYybKG;2px20?K}o+naW>W$<47g@%7oSnasA1rfFqKrUB;wzQu{sazM>*u^%^oN|IB
z#6G<{H)yEF_hI!|v6s^@0A$X<iLX6S5<)53?SAZkwNFF?tDltbm2Is*0D4>oDB$&3
zqU_Ii1aS7pYfImQ3+XAG_%!SeY4rjyX?peDx6nhI^ast`op__gNTNcCDC}D9lbmA<
zSZVtObX%iqtYYJwpt;v{c6!tc<YnT7AKz#S#V9QD{}x7I)y7uP359<Hd(9OfySp3k
zXFjSIrp{&{G3i`@et(WUS-9?Nep%b;;qru24tsjwXPTDAgO$u)UD-_|V>8DTv4f?g
zGyqO2*?b0+mchqnO}{@42Q?XsYclwM-b?9cAKJ+|E&Zmwx>(%5Q`59#zPjw#Dn(6h
z{#h$XRC}Srt@d{j;Fwz1WZIP>s0^&YzU55t(WWE7o+4laSCa;hq8BJ~B;jc8m>nR%
zNy+qRED>ruCfsP;{XO+y{ES-emtq3|tvx^)pidMgqPy7rjiS6q@0g?j)Ly@GC+#~v
zqx_T8ivTc~EhK`+ULq*F3a)_$I=i?S`Aq<s_F6?rwV1)bwGrM2*r{R;c4gTb-OZC?
z+VXqSwYC|g625&w=hXz}WoqsbJxGxjtmKALp>^=Va)!FYPw+j<0$zXv?-qaUK2RBz
zu8TiQ`MWHMPuVBMmWv$Hakc5k?fPx0f0h=AD#<1C1{r`e1n;u&qcUiy21N=<&jGYq
z+e3sB9!;Bd=-B`uW|o|(p>4WsVp)|1uAZX74iNC3`1yOX`aV}MgNRt6+hbP#Ggs2i
z>O{KzzC9&Rb+4bP11MYY#!xMISmS8P*@uhhy-^dB^A1hky~6cEvOnIa5EW~J?dG;m
zFTA!Sik^5hG%kM#0H`GetbsD3n(ju1KM;YMoW~S$<@ES!ggu`DAlwlYQda;H4&r&V
z1XjiWe!qCzXsT$jiGCFcrjU;JhT#~zv4#5`s++q5UVfw?VCcC}-B-JmX*p0Tf?IJT
z-vMESPz8kzI;E?{wvG?RhvOw(14Uv<2SxOJ){BP=(YKBP$}(Ul3K)ri6DC&JcLF4b
zzfF0(F$|$K0FsXc&Xn@p<^xuNay!Xy`(;XL1;cfwQuuEB0lm}MQFkHTdLy_Gf(M4J
z*NM{8lu?p%lN!1mx<}X%RDS&bkZOP_A<r#jOjt7JS2I{BH||H+0?;h)+pA65n>wYK
z(@%MwBK6~mAwp%N?$hcEfeyjC8Ehp{<2j~BC01f1gMzj*i`t=DzEEI=VBDmTyl0$B
z;2mA>$&bBiZVW_NEO}_^^uXoIICOy=p-9dJ%j3(Hgy)^WilLyWQNJ1A@eO)^fVi(9
z(YHJrrvg^9ON9^)h^JvK=?dG+|4}UivYoOgmfqo8j9|qp3$LF6Xm8n%iO#<Ej|3qM
zv^=+#@A)sO`tU)Fo1MOcvVf(Qy<sl+XjE9i0*#M%2HLM|V+tHUU{sMp?kdx_m?P>=
zQ!UZmjVBoRv-aP)kKUu|iB$XQAJx6a=S!N2QqkFOdgMKdQr(g7qV>-)uk{%7g!%$)
zV<N&75dtEOv_eyu=>C^jmFi5dJRi)nba6r%jTKa{$6tm^;i=G$rNSQk>bj_Sx7uv*
zSob1*BrA}%{hT4k+k4`K&>uozC)?YD{cO*0Of|c5fSya*lv$#D>fN7Obo?T6*Q)U1
zymH61?UuX%jBhW-828B-z7Sz6?Ubp<JbTXXM^)FD*!0?#ywIR1;V^C~fa#wS<>uzj
z4@u8n+^U(u<9KP^iOmn<W(TD1OP#41?&ABBq6El!G*`@sF!}<9?L)q0M;`-=-9l%e
z1)44X=nV}=A!J_3C-fhLS>4LCHit#(lA5R6e0NlMG^Rmai?xQrE4lMTUn4E^4@}rs
zT4bRx0aUHEvv00`__W=?sKs1IJ<2FqB}m?l$n<-+71NA2nl@CcoQy<GE_}|Mru%#F
zYH&x2kg>ND?w_-8&6o2y@AShR=9ftW=g!xHU^STY9j8P#yr>4Zck?xHyA{&-uzx0s
zyhBnUI1^6(kJ5wO0Welb^;*-%)a-F7jL!r|@|<7Z<9xGSMTYR`;hmWi>mGdt+O-qY
z9=OF$k*_b8p+@FfRx?3ErG5hir;C>O?}OWFS0=@hS%i9gRkP)#57n2RWSTnA9Y3Ev
z<Rc@=8z*q0_=S)5U(ZqSiFMwb#~3%8ii2J4=Kowm73lB*IBxsTF-a_R{%;C+Uix;H
zwV<aQ(Ct$4naA$Eit~Alm7d%BJ@00F;5p>h$twGF7kAh5*r~T3^7Ddg>;2oY0!^}o
zG}v))v5oc`N)3CtQe?Zep{fPKm`9-b%;x>sz$QeDN%>o}wce;TC=+XE;jY`s6^!R4
zHKTSneqUiObgmsWF0H)DoHnO?L675+N%ovfHr8Pq=$5a5CF~uPlXJ?#h|LbpIDxGa
ztS3?Vvczw(%O4qP8!&?hjSE9Sg?=!?$+F)<q5HMh$LaaqNU^@_!z1IFaTG(3qJI)m
z0va5g)G@YPbeK7!OwJ~N7WLj$yP0vTzU{=F$4uiqX7^zPR2g+|D<|oJrDpW_+lMwU
z=Gau_`RLmT=4m;nyTyAqA1zKYEPm=uZ1Ldz7W7Et8oSP`Iv!dZP{9$c2EdI#xulxf
zMHBV`_tJ4bg0VsYJ?m4KuYehn1iBKjQ6s}q|Jn;Q9D~B@Shj$c5ypdU)*MKxH%2Lm
ztwY+O<lx0S(Br;3q80hIXlKVTIB$Mx?$qz3YFA36XK7!hMdJ^^4rR;a0y}g5j;}>F
z-03LCQ&t=Orw(e#9Xq#PsIh<%oukATb@p?CE@O0ilFPSK4-4IUN$SW$PQKfW=PX_f
zl9hRRC$id-TKagu_5Ix0>3%JA6G<|I=np=x{Q^so&*qZ3iBp?>H>(*H-O=&aXCX24
zE$hY5+L7B@DRajwl8&IQC(H+0hWzTiUI@$Jk4eZEpyB4~fDa&z4EsH76ztbiiNO5v
z?9>T;DO5daO)o&P`h$@Mm6ITUxOT`XeP4#~MEE^Xn0rb%XZKQWc}gr3NOOC81S>5=
zDtZHOZ;8pNr|+89pjH!CxGN#afyeYIIeiH6^riSf98$rT=ROgyjB*C-$I{>}X@p?%
zds7uE#>b~6M>RFkk9&5%Lx*Id*rXXnG{<x;o=-;PJ`AX;UTg1-f)z-F+OGS{q|JWu
zz@>c7b=&(+j=SQr(8wrsbRnh^+$P7DDaNk}&S9Iw4}!j1IBtJptlYX@h-}2pRvKWt
z9~1{lzpayUYqthHm^;P+Zlf|e8r;NHb~82)VH&*SO>8SDkT37wIGOzC)fNDG!j!@_
z`X^jF;H0mVabJ~ov4{oc20rnR53=>B#&7gLA{t0iv8-3`NfA36)l!c^fS_gz<e9LP
zum62Iy9GuhHtWxfUfYyFCBB!~&C!erbkFMp0O<z1w7c+Y)&qi}Ig!iFlZ3DY=)v;f
zBj>4pbkuJIL%!T3$XBr~^#UT}GGDkI!Wa^TNj+4LV=^Gx_f-QJXtXfzuLV<3kV@2O
ze4u?4yj#E-k3c|}mBXOcp6wUzY=Kti{qkWwS1w6+(sqP+OL^^>d98IocUchRW!(m)
zZ_KS{)Lbghy8ncnZJm{$eB<kI%Q=*;3^}R~DYa+|mdlx~8Kz!MQa?&rt-rI!to%wO
zc(2rEH0MZpfMyJw@Etb)qw&7nzVJ&`LMp_eOJ_Mt!f9(?^n~}-BVR0IM?^siFG3L^
zLGWH{Z4$5`rJRSkD1AnC($Mc~ZUQ8i@(-LDoS@zGhS~-I`PPV_svaxsPkX!WYG)&y
zG_oI+AM36WaagZ$MdoDp6F00kz#kR+_b;@gIfp^J)ux;3q#-i=fXg4oGfpEEFuK?o
zOsZ9=-89{XBF99(x_q9;?)tc;_vjqk9kK<k1$7RTp={eu_ST35JT^Gi2LOa}8I@->
zs`3h%5ry63YBWOChwT9tX+3JGG<+xAGEw0hd^jO@6#h8)3i~7M{HnrPz{v$FZpL$k
z3WZ79ovEj=lOc}ARK1zbsB%+>iLJ`uv!l7nJ$yk3>I;}DfC@3+3AkKPih7aAD)T6R
z09+jeQ&uB}{285vN0#WbC*fb8(J?FY(oh>*GN8h7M7ejo3z(Ilr;TE2sN8t-kxG!*
z{EW|sTW9BUK@zKh0N@44r*X}$W5zM#I1N~qx*ilh6NaQ>C~2QuJO1h4R%#Kl;n^>d
zcJz#<m)Q4Kt8t?y>sF~ojRAN1p#)6fg%W+n14huCAb=L62_ho*6=wsg6RQ`l&x}uj
zFw!n%VA9aA{MMhP%ILLWx_G=W)?f;&a5xKq&c^RouV}LmVZlp%cP(ynULkpU(OChZ
zUD<<7a=yI48<Jemhe3XbNN%hM`rnz3isl>C11USwFp?G`XcTzEvn;ppZIlwiP`$*#
zX`ulj$+wNw-z8t)zJFoxnGI;_q)2gzC}mlyUvX<{c*-V?ex;SngV&*BQ;=qZBp<b-
zx>1j4C`r{Ez=%qqK<CZ09uG^z^Jr%-u{s9Tezzm8B=LSJd!9HYbaESLjNS=-D#yi&
zd4(}lysoj-=g0o6coV{mR+R|i8FJDxIHFN*ETndzcTu+6d-@7{>WoB~{&aDj^^V9z
zn9fS8rD6D#ohg%bRY$Rsn~HCC)st)+`1*|je^))&WbDM_=cm}?Q;@6xT~~X9nw?Hd
z(fGIa%2y|HY{yuN6G`DvwlkuiNw&<hC$`bEQYaSyzM~q;c@95NAWaEKg}N80n>4hJ
zQ$xybs5hv}>D7;Uv9!`|k9-^3Sw|AJ;R2W}e#)U@IW+FFfX_^<DlQSobf+8<rVt2W
zvC&<Ldx(Lr0jC$<8Kj5nl*l_uBaS#StTWwuCtlD|pxjUuYeRyZG`D4tNxz2_X7FKn
z-x#PWDdpWH>lTfl#K}UhZ%8ueIF;^RK+wyiSX))GuXR2?VE_3g1Jp*}f9G63oYOg}
zGw+`M!HSa^6rYMFVv)Zg3*blxCp14KRBR^Go^{jJ=4g`tLnsz*j=zL<)VfuJPvuZn
z<kcOQFryLD<B7S#MGd+9p<SRWNDjhcS0LwtdVzW^bt;iX=MKyBDyVx@fxWsqx)u2&
z<a9Npf<Sr>=CTt=4r5$uPkK-X8D%EzWk~nNB)y^+!z^L0N28*_R)o78P#tl<l=hrz
z)`;+J$6iB+OXu<wxHp{?j?8#ccez5tp*j*14tr$YGT2nz+RQQ^1mWeZ#59ukko!Xs
zJ0!z7buE|m6eqmuK0oyI)POg;Vf%%)1`}<}Hyo>|50#6bVY4?r50h4|=59h3Ky!<f
zuAA1YfEslbrxBO%cj8AJM6dp66~s}(po-k60+g)ODx4o5;W`vO>A8kUa=&iC0}~8~
zp2J8cCQZbD)1X-uLD&iQ{iYM6(_4&w@41i-VZglldXYW??fqCWppFrUKCc|GFB!Gs
z8I>chH>mfvIJCOb+40F-Hjse{S7UCwq?PNPWvjfexllzrTK!4WuVduq9f;|Ouvj6G
zPFLfMtI69{8c{XaEBlotU505x_46x%lJ6c>8yIPK7##R8>>;!@(g>l~re;;Xja25$
z2u8}4gK94&ynB(Y`p3P1j<4@%2bG_zcIAh_gbQi%4C{`zKs#&gzd+9Gch*Y{t!chx
zg)Vnj{`btW<`_HAHHfl!<5M3l6Nk9W&)xjx1niZL*tg^cYzHk#7w;<D;)fWMpE_{q
zdKF0W+swY>6NJY@;>$bW@O(#)k>4{<eXf7uvT{(vVufMsj<M$>rmIr!P4(AVOlQr8
z|Bf9iu?Tc5MQU7<+FDoe<x=XCnS>WR(@qo?csF{tQaG5}Jkw&ySywtyRM<t$?Q+V%
z(~jOLO9X)cUyw&BIDs$InH(GU^FWA-{<pJtfz4fNUhydFixR{6R-`JfE~xxq#%VPJ
zbG%s-lxL-$YdA3=Bso;GQ~yP^QHoQY4#(@T74FxHA6~aydn0mv=XbI7_|dIJ%jC;z
z-z}4e<+i+c9wBgl{%1<Aq6(G@P?<dZ7jXWaR{THkwi>5M?JB;x@x96>@tpVh7mAwP
zv@`#g(v^Vmko#~1W(lL5273f)g~e~eZL@Yi`aa@~<@+-=e29`HuowTa(<h~@visVy
z+aLS;_(xd%X`pO%{SDdXmWi#n0Kx6&v!ACKX(UCec0%QVdCE21^RIsg+QeE)^$nJt
zyGM`bPYKlFVze^GjjoYH!TL&mgu{)w3ONb5$t?d5a@7-TSx)FX&_>%SZ;$R+{ZGvj
z#%o$f8bV0QF*@%MJJ0}ZwHn#L?zdOWsaV*nXYK~(bbG}NhpZ6`ipNr=bMLE1-+^Yq
z_#CIo#zJew!z52}u`#*v@dL#p%bk#;$HmBs8)tm9izNU1wFD8`!H|)}c+gvFy<xZP
z-*s$THYZN`XY=*2u53A5;9B0E|GPsH+!az+0JF;4!dAxjRC|usgjPe}A4EKCo4MRZ
zNPKuOQzNytUw_QYNFF|Y;APzQ^j?#}>7Sc74)Ch?#<8kxbIbnC$1Ca8CsgTm4aJ{t
z6p9AN_UW7icYQuX**&&>MUlD;Ov6rIK9(c=nqXPj30bBK;iUmQ4Ke6F9i;1Z<m3%g
ze*0@;V7e+oO%{|SO9*}br`>SrJWNUXI3qa8mWxXx+NMw4^pJ!U9NfQI_DYZOG@+kL
z;EEOQz*b`~?M$_6B+BxjcAq$-I+Zzz=6hjEY#;{psIj^mg}_1po)IRFuj5+<SVfgz
z_X9huM)vjbjTtT86XGUcFX<i>lMnh(ZnZzahFEyIAXm+USRFse-uYMzf^XmJ(+Vvu
z<4oj*il_JPNiP+RfA<<%&9QlSl!Tts;!NJ*c-YjuGw+mA7^jE*-kzo)q&`bfYdFUF
z_cU?FPto<9|CZSH+o0iBo_`PPR*1)2>%%vegn$6~L_zD2tzq;wax0bm?09|^C1_@h
z5UsKwAf@zDew{Jp5G=q+;kDT0>SbL+c{czIx4t)2Jtcu%&J0*d7Zf!IT(llyzf*I>
zK%M;#aZnzpH%1)zD#T*hy*gn3r@QxzhpT&|hEs?^#28Vc50Vg!F1i@R3=u)1_ZmHj
zZnz_Q9le`GOT-YJQKNTa61_zyTJ+9)+_|6s^YQ)szMss`aLztw?|ofst-bcXgn8fr
zLQawl-!0SZHP>7>0sLOr8X?)4a@H-6j}lu-cD_1F1wg<BvBfU^$CnclUs-tixm6BZ
z+t-IC?d_iJy=|RdAF2t7%E*|S&eSQ?P0ety{%KQDhn9uk2#70gCMAG?wkSXk>kdJH
z3jn051_-92r&7U6uA$VB+>?Tn%UKj_>DuEIBj1$3&fvrJUPDJfLk@Cmk;Zr~-BbOh
z&HOP{%q8zIp@clPB5yC5c#uI?sTdI)bze*OkW5F!$118%RNYvEd~u><!o^?z70%cm
z<o`-t=P=`LDCR=C?v4z$W;2R+<{`b0(MV^ccJROlSlz{sN_Ux?hD$+>#nNLbwv3t<
zqX#UCAnH?WQN5Y4$+_b)gj)J53C7PV%EY8TEY)k`Ew0s2FV*4k&KLXXF1T$i>r~OL
zeDg*-%BG&z(&=d+<^mJuh*0hNde#=|49=a6Yz5HvYdkk#&?6xwH4qI83!{@3=B13i
zH5l)EyklV$4Vlc8@~+b&74rlmiV?BmZtJhth6`Qp%?*;T+jgR%2LSh}Erz;u(zx@o
zK0nK0Cl;CzytPWXDEVPEvvj`1tix_+p-aT|_e)+vRujc2hV9Y?Kyd!GN`1PH&kY}7
ze8)PJ^|DJ_Xuqrv=dvuhn8ki?KZtk`UmkBv_423g*4Hxo&L}%&t}jlWPhh1=HibD~
zU_P4mpYV^?-DE2mYYZGbXL%_IIJ0xw?*tuoD%*@Y^aYyg-ECb|2bUt=Ttng#HSDeM
zT&VR_77ne_0?CvwMTJ#m_g=v`xdvz^3eRkq>Ay6)+rp?P92@HFx4!lj$C=#mabw3d
zQ)j|<Uh;e@A3l6Vxo$tuCy?g%<$GMde^~7$h?_*cdeJ7I=QbvKGS2ENuks<gZBu^M
zAMrlTKom^c;I+47JdR;jkuy;E;yCM%n2V)!?`P473gL+TSEGsS>+(v06?!Qq%FUCc
zE$$M{zK2tfPNU+9p-haaJlgTUISTBjYKCSMSquxbzPb_1IwRZ=nBgLWwJqj=&qSmt
zS!amQ5|`zEm~4&;f^1QeJ?bsVb{02c{O*)>r|MEi1BJ{|=RpWXmg~itC-1%3cz!0D
zN9<8MY*Lzoqjt*k(yO%oZKCV+*Uh51)ifHxg|f;Z>U{jW9D$@r%6ux=y&QR*g{$TZ
zL&x0N{ogFl4Ti18PaKst3aM5rxjGRFeT+%z2L*!bK9&h&GYPi!B9^+1Uj++WQg18Y
ziG`f+zql7*)BW+r8jiDvgzNYF@}Y^*b5D_rCx+-;=e0W6kD$%Yl6QJ#_EWi#B)%C~
z$b^>c=*7rSy@RL8GZ%V`Fy*bH?&7A2(!z<LXK8Ofuz-v*dWOBpFzyBzi!#-_x|ZP9
zK@%BA9@R3{%H`35aP^H8oi11yslVj8jjp=(;~%%|yDCM(fB5$%98E4|aF>3ZaJGAq
zJTSra!(bg<z!|(#*z$Ytk7v~WX!4?qeWUmfO+sRQs{X;oe&v!}tMI}~lM8r=Vz^}z
zh$5McUgW5(DC?=qlP4S<7M7MZ3~E7g#@e4sLe9Z441-mHlKlP2{ANBz@!N);i&UzK
zD<8)j{Td&dffzz*`qm{e;TK%ea=jeKF(Od8i1z?u#m?lZ(5p7AaLRojue4v2(v485
zX{)mu$lM^NKDYemb<968IfHAtdrIXGc%a&yy?DVkm;!Qk>)jj+ZRRGoic7xi>qG);
z4;Rmxhawrn7S*&dJ8#Lpb`ZYPp>JKNxNlv#>y^StzE(#OVEMB_l8fA*pmTHub$oD<
z`b;%(ln5?j<5<)urDi<9`>Z0{L;}xo;U9K`<zl=#Q*UE#?-iQKP$M?YgKwrkPiuUA
zK5$s1*S780H0d*M6!j=B;!kw>`SCD6!$3NV&Q}<+s!vOar?IZzlA){0YWabl`o$Dv
z)^VAAq9M&fHghv<vS2oOz)I7rS;0Df-qX{`W>odvMgzryz<M}l&pwxGWHg^I_)ybQ
z`;bL1o?a`R>!M4_6duz0Y0RH+Y-|ih2fFM2dpk+WS>bmJ8$F^F%}%f^%RG23{us@8
z@&!>3E-SMd82|oJ&fo(zOn+srHJjeUOOhCZZ{4jtO2;$dTP0Tp=1`{x8&V%x6HF!9
z9gcSv4Fw{Y0>U~6_4WZ|q5J81#+k5xhxR1ly#zTO8l3zdxQd8M5o#){OiZ1N6OqkZ
z;haNRA|n}<Io-QbJ+a>s37wu4t2fV3cD57IBg(?wPv&@rqJ0Z5`HvGxUv?DNQRfhh
zeS8Z74Ue)&Wei^+i=`(rY}pPLyu^Q68{~!e9@ttKCZ1^)H#-Y{ZJ*Z5unvE}5L0}<
zi=8-tgG-;=3a<C@H8vPo)%vJC^>G@U8kis$qpx8bIYg$qvVk=0le^n{a)&Kffp>kz
z65~k32_H9h1oN~{xz_)53-I)*hW12XGUrV?hnk;Dr<JX{%}(vldKp%noA`b?52hG7
z^Wab<fifAGvI0&ncL*#0<YEV-cl-jH$vh}9$Q=e!dFM2Ci#Ti{FyQtWt2O)^no<4p
ziW=#lh);jBt+bgzYyNf(xNzo3&=?ch5!L>LK__}7M>of0FJT)8E+qDI(94oX{FZZs
za6Z>@%^<yVzr<lp(EjOr<9Z4LuENj5{Q<5rpq)W8jYP7^#0?A4Sk~4sY3@yIwqiK@
zr&$>jUW(`9$&OptXYNhiyk9FWfN-(W&p`7Ce_zRsT_?wEa4L)&0USc8U==1+0rwXn
zz?sogFX2vaImaK^Z@n@+O6Nz+aahMb9ZYUmc^f0u$TD<VCt0E!Ycpf6<vH;4H|hP%
z7ix2I4{+~y>_j!y3;AV>sWF^8yRsTSC~eFG?@E+~Q|kGaH8L|<?NQ{y3()oo1+csI
ziFoyUbk4&X`e;03Zh3INPmo=V8#H#$d9Y)jj}e2otqU*yCnxmjhP%Hu_ic6OUz#}k
zMqQf?fAFABlztt9JgYE>dQM(Wvg=MWe9o0GfAXT5uPu+U|IpH@63KO;0cjIAGJ=)N
z^r;*yIUVe`VkcnQMn;_5hIxIn4^f6K?$av%XhD(2R6WLkhkeRkArrqg#tx=`-)<~$
z($KEd=P6N^eLG5h-Be}`M(tfDMs~~_<O!syHB2MD`P$<jaoqVI#(Tp3n4_+LG&_f_
z3E1~e>u)W3aoW8X>L+nNo_RP^I&io&*4C?}`m24jXE%1fl*M%YJyT)+Y<2KPx2x>@
zBx=SW9v%{mNhYCYVUE9!Og<VrqPRm&%0O;StFkGXR={bY3N=*#X3u2>UMt`Xtu)9X
z{YEcJMLd3s7-I3nFzz-~+4emc#ULNt@tB1&2a%(XdTezsa@Nd0!2I##6iuY6jY8NE
zZ|B&jT4%e?D2Aka>YrpyjBZw%d#X~KJ$0YmZj=mO3ulv^^sg><#D9{VaKR4bai5B=
z+oEXSKlM=;O<g$k$yg-Y5NdTHVvk%yRRx%lU{G}Iui?phn${{u4ZXMQ$jk!fS7?^{
z(pR~%$?cp)ha1w$>Qy6f_9uBiDGN|0z3=o~*0cXiwcb3=v{WOJV(2Hww|i#mcS{C>
zqnY?=xS{fE-_`x8n%F2gcA@;-$5gY-&t%;Y)nGou-RQ`jRB_(6?biXIVWjmaHLm7y
z+bqw(;M|>th&ehx>~(8eQqvZ<PO`<S_BUE=q15w&w@8uHk-xi4uy__VpLVyi#dc9^
z6Ukw#JCeYO#Ou6bXN<ut)WQ2Hk7t&H%{sY@_Qj|OuA2`qFrS*CnB>%G`(=Mt8|oQt
zxmeAt7l=eq_C=m+l=j}9nQ;LD`HX-#5lpP4OqvLWhhU-zltTy<{O<>Vx5NK`@lp91
z;aY!&gr=^pjn-Gg3XM<C$HvO6czAgFY;0}mhr#ex65#pat-Sn{-0Z*S+QLQrE_?td
z!GPVjf3AzX{?0-#<6CDxS*=EM4Qd)epbUb}B_)G2Jw0*uW2J3DcNlG4mU>HW65SaE
zkm~y0>W@m#T}ygln|PIEzNR95oaz4lKAD~{8NMVnm9Fu#kj3rFf})~>z!4e3%7TJ|
zvhHrBTqjlsv@tPM{tR!|1ebiCDQOL?=$7=nR8t#tm%jzYxvnLuqzJU-sbU<CkB`Y_
zgvekI5DaGKR#ulExcNWD#zJTWa$cXG>{nX<c)-QQWve~kVd8Uu?4tartfW*5JnuxV
zauVGzc#aq7)T<}3B-M0qC{oD~AEM^bUGSToQ8qNpRPL&<9g*xBFSCmNgjBgNDEOns
zeaitb1Vn7iG+s(@Qo{o!0j#1jGtwEuwlP{_mRV%b=sV>wS#3f^MFsPTN#CX;Hp3$F
zzyiO{EA1!j=2}A=wwjyas*9qA#<$ze(pIXEBlvZWqENfKA&F1^9c9X8fJh<cvJ?RT
zs$Pfby0Jg2252(;qgLCc-js_}L+)5CLY?U@!OGG0{BVI5?<v47>IcFDNWjUv%L5a2
zp1XFNlQ_4P?@&D)u(M>ll~TmK6YN<2>18NG35!9D{Gi}dL1{=e>eP+dY^ui9w<IgQ
z>*A`m#jyvwHoI#lbw}SR6_@6b2)jE2GmT{XM1^fqbc=gBCNEwn(BlQWHXKCJD5PAB
z@I!}QoS*8+%Dz*+b;DmD%0o&6+nX*}STLvgn5`JCJJWzVM`=9CLv(SFmo~n;Ni@FL
zlVqS@ZC2vGH9h@8HN|<X)MA?G0PrV`0mf5vfcKODKBS*dqnS3~KPzmtdOAD*EQHG2
zw@2KA>Hf%5DRY`{$Gzlt3@Fm8ayVFsQyupwB$X64+dPvml0IIboS6aoU;{X$_-#se
zceissur#-PmNk;AOoQRVkW$$G*L1yNxAoCke+A;m91t-)2a$q~{`vDI4J?uJ;q&U-
zQw^wElK`Uk{D9l%=1it<k?;A*abRwB_2}Va(^gOtAA1x8x~B1*y>O1T^$<jD(F}0E
znz!2q(M(cj!V|IDF{Vz3Y#7DRiC<0c&*uUI_z&y7566EG6`Tv_BKogSY-g5-J@q?~
z?b>M$B!yY$*uY!q{?52Q2zS6OHE0D=RrT<$?J7POMj!V;#W^Od+bn(vOd<b?GxW~H
z)^z;@li!(>>U%^K#{^V>lamuBk6@ZtWRcDgcP#|~9EwXj=aqhdWnb!IKAnZkLa1wY
zeE1?@+bF%mD1OACRj9j|PxX}oD~&oC1tNg~(>*{WWmx5<m-eatq!+LJP&IQsOA#MP
zTN(*2dHTOWiF<-YCjk?p=1q+GU}u!RymOn^<gw!A&~Tw%<HkELFqo>9MD1gGM}|-Q
z1#loZ&sHcrlVf)9ML*#~rDAdS&2`iE1`imGi@8HEIrBjY2Pf-$pP<)~_XOLc1DD+@
z9A~DL0RgzQ(-zOs9UOu4Id-Obq!hUx-J#BRYghJ~bwo5lcr5!34tZ?M-{8RAbVL5e
zDoa~dK=2Cs0rb^3+lw8eI**bb($bv|EUzcu9RY`lpNxVSFfrmW0#NZBx%iu&DvuPh
z+NIF~2Z}m;5N;-@?C-$6I>3ZAeNEL9tiwt%?{vq0qO!tmWBfS%-YIZ2`(Y`Iln%Rg
z=Uo?5jQ%M2X{EviSg8Nzs)1RPy8nIM8~^nkH8%?(`~#X)o%tk%gPfH%N4%40@iBX@
z6X#Zku|efWhLNLwIeFW@RN)I+!tU6~HpMS(7Zlt~F;8p)j=tX=5G>ZFInI6@CUN%K
zJo==vx)$w9!L!so8h;5EW;%TGUh4dnouU|;lpbX%gex;zQiOMm(u>&rK?%SjFNCIk
zpn3n#dx20ku@=G&5nhNeFu7N@_6l<Djs(;E_q({TCod82v*fw`mz*2sU3^RZ65BCQ
zUAqYn1M2CrYg@=R?W*mQ!5aNm4#83>jG~3A@6+aX@oy*CjvLq?9`sPt(Er7If*Wm9
z?vpBrF?8M*$F{6=02ny_{3=TV`K5qg?FM_m>wACaTX{0jTe{SLUlW8I3c36Lr;j`j
zwB0u+tv&7sye9tpysi4hHa0fgVq#;!<g!XhNzpVin)wq6W=%vC2Y^|9L-UQH8X-f)
zCM{S%n-H<=rBy~Et=&@F4kD9Q%JOzJDy{A5n6tq$0sp;h66)2Vh<k!|_#ET`V51oQ
z=lV^%mLM`2u{O965a;yqMMjMdj~yn9Cnxo}cz7!I_TCnJ{`^{dw`11yrMC8pi=B0r
zCk+kFV`Sp*-@nh`UHm(`A<Xdq^;Tu&a3Zgf1IG6xzfiZL`{ZE57GQy=UH*Z$3ym75
z0X1vIjEqTgRK$LKfpaWf%!QkibM+lzkbRy?nq_`|J{hK*VQ6Tm(sfN!ul%)IoIJ6~
z!jU#u2<i*^+td71+~yA@BqlVlfWNU{vq*o{`iE+6X(_%Z0yNz8o@fI=2`~hZ$$?2H
z%*Dy+ly4@rkn{O-C$D(STd12_Y`OQLgEvrXVWT^N>%xEl5)3Y3a<Pz<HcQ*tab|wM
zrNerZiP`}s<h;vL>zU<1ru`LOi0%-_4xEjWZ)NjmZ;T~wA=X6OU)QcwXW^zK5@U-L
zY5r>+B{%E>LG0{wcI1?lB52jG4P>;QCRJn!I21@YV`!+HzW%i)794yU9MhA;I{~y7
z<q3E>?VJ1w8(^okUi)7F7m3wyzQ#j(q1WicKsB2PW9<3q;Y93x<@MbGnW|{%lg@+9
zDO(Bm&2opSnq#Xf$C-n}_2^?3_|-whfuuAw3-a@CO62Ce_Et=$YTXadOB{y>dV0!q
z$}Dw)?=adO{h5_^Y@e)l%Epwv?rjUFIrX6>!kN`_YUCZc<+w9&S@Z)<KRLe7xgdxf
z&i>y#rKUNGd#GCTtsIE1<K@<7jc1Fzg+P1*R5FRJwi=+zTE@xm(4dJaA9(mH<Zu7X
z*GP<sF;R?Wa*Yx5KEMK~rsZOr`EpQ0Femt&&4XQbJ&7Q~wZ?7ZcRn4S>Rmv|6yVsj
z2L`fhiZ|d)(AVeKhU#!>VvC0gv}zZ=-wdkTmLh%?-|ut=f|x3Vz6Ijn!RgH9^kH;>
z({%=Z(|{|~ShcucYSDuQU;)eru?lDuC>S@;>;nnDjwnW3088#|fF<#d<;i9jn!8J&
z@Ak4o70LhWJqm7hs#fFQKl3w>(9J9gAPV^VY8Fm*DV2AmAhKP+)0rGS0>Gpz6vHUt
z)@yOAX&lJ#S0xN!FWH|l`yPGlA;pxDVc67dM~e0X)(o3i$xQW`c%0^1iJ8MMfO-!(
zrk!_?4D+l8A*@Imj6#Q8zT?@^w(m!|Z;0G0tm3XwDiaVV6z=kE;1H0+C*mV8G`xm;
zxC|M;i;3M%{b}D*`z=N`Msw!%Q^2~i?L+}Hk95`6lJxp7AcPvLm1fU?N?7}3X=~oD
znm%@%-a8cf64x$N!OZoD;$UrLAdU;q;uQ<Vwi8pYLSl)q;X*O&`|D#r6o@&_`9FCR
zhRcIiKf2#;GRXis_qc5h*wc6-0yTXW5H7%kA35?5I(u;<*DGqcq(Uh@&uTg#b6K~)
zH8b-=G>S+JzCyd)!`oPXyt`bBR#=odXkiegj>Uo?*s5u-o`L<=P|EXk0ZjW^h$7M7
zm)=LseG-hO!QW*EHL+OBGJz@8nOX_2LkDe?!l(do?pY4}pS$PD#!wXyN&X9VPec!J
z{WB~7z+Xbt+)AM_#!zWC#i%{Q&r;q%1sG}6nK#TP;$D;3lT41WL6`QnsQs0+EG)vb
z0-z2_a#8QM(E<?uC1uWp1}<}O6Km5PE%MV5(qBQ9nze^t!Tnxou}puQ$KL<t47BJQ
zIS*p*T+A)=`mo>7COZC*Qdg3EMjO)dSuOjFf=o?LO#SUbCxvQibpiMuTpmouQjygg
zq#d*OLf!1PFHkt3Yz7yOE~yqByo^ssSX>k}kIekU5tzjg4BnRV59Ahhh$m|Q$b0+P
zgwY(RXSWdgGiq0EC*aMXOj}u#D7jE=Ss$=~we&THV}T@}Jz*|g!11J5^cLN?Snysf
zzld3(UR6<7*9Q;L|Juym#2U%^DipSd03pBE1N64k-+b`<`3Dwgj?x}&4CMN$`7?IX
zZKSgD?kyLX$dmUHtp1ZwxN;I~AI})=X<U!^`A>;<k^s{x#Kla?JQx+{w#`@?*vewp
zIdFLYsm~Q3@H?Qo;d=DPWG2xm`5`fND6PtFj_!JznJN83#BuD)?SF;=0Dt7YB<Gp1
zQH|cYrtVdD6tQ!^-m)hA&){DQ43LxXg<JPnGCqo>OB`)h)t&q<FdUXMOue!5=IfK<
znU$0mkw$Xm(px&!AgD~FjN`NUf$Wl_E^lc?f3SG!f;CnVze%*lX0sm6@4?(8%Kmat
zpVi|WwUvF$rfb*X#P>kntmJF^M3^G!e<KY>!Fmk@I@gk^L@%)Lg%WfqcDJ(8csNk0
zv&l=cG(q4YN4aDE`^9o$t$`7ER++#Mn!jlnm|KYd$jblMKZ3C;X(D4l+ToFqsGZe-
z0x0XBD=p$a1Z({x4|#<u`a|-Khek&9?ClGIR6Ld;;eLivQHgA%fwuxl-(~_(+6%Qy
zns;`0>7}Uv0!QBZtQh>IxA)luKyDeu-*#R$H~OB}T#}vwv=XKZ4;gKeF$Pw<c(}Nf
zFHry$Pp1%U%IZoqL|+*x4}i7yv7N=94IsH49&Xj`MqLE*$dfk7I0OL70S!MT7LXNm
zMv4sVe|>u=@^<CL+Q?UoN~Yu(5Z&f5+q@fj&4KTyV*$Q33eduJfGA~#snJ=(_P*wP
z`gB@{xRH8u*Zet<Br5?bZ}11WXozBZGO?zTQWy$Y7!`5f)K3$4{lfc66;lb+srVsc
zH~J?|i5AfVFsh9NEyEIkl8s-%Bp}-WLdUpWXjf-vF_0@qH>Yar9kF73G~Gh~N(#m<
zfhr*2g@&p;^Dcf}sUQFtJ=wO}SfQ*#;@$`As<Bak9zieVRqnbqeMRhNAsYJn>nghl
zH8r)E#l^+r0YvO*9v0h6LPB!!tkt8>J)Vo#u<kXG{i|HphL0<`b95p)#Cwx4YP#*G
zVPPbG0~aYoYfpEPDk}TxE7SGfD1%|MJ6O3dRKgd6jXOI#j#bO91Q5Eucl+9yfn=hN
zPLbZ-X%s2YM%IRq6yxjUQVamdARPu44Y>i)=8C1#U=jbM-iYP*J@cR!Fb@eQDt-6j
zPh3t2-V9LeeJ}u@+e2|1)ckxJL2CkV(aQVEi5{F_G!sE&sYR8;6c*5duJ8axaE*`2
zq7T^CG7`r_cL3~QQJ$!B#PmR<ECFSq3W(UF0R6KYEjAhcC`ZH_96RlVty?aFwNI3o
z1#c~%AI?+(C0BY0Db#f9y(%IZC5E3yF|3}>L1RF)9j%q=674$0#_ve)vUW;~YC3cP
z*|F|nAj4q*F(m+&k0l_SSN+^5$xnj?Fk$UyI{+A1ECYsGH;U@FtLiPf<ae@~EA7Y2
zopi<l9MnUWs~F4QF5|WLIUH>2Z|4JS9=Os3PHOh#6^O~Lhk?Z={g>4}PSbUs(p6Wy
z_3V$BdW%7H=LoQ&$pRRA<!aeaJ?9iIX-cbYM_`w?$Hr=03&N>6>FZ58@79}!K%5oC
z+ucB{WS2M`PP$R%VmlfTaYT}eqZlQ;h^b`dNyHwsD>R5WPOskwj!ggLw?hvC1g<%k
zD<Zu$|7W%ZU^_s!-La-<%F?nK%u+a*3+EjN4j!2G|K_ej*aUaJI;7uAEZUsp-Nyk^
zYv?ODtjMt52H^1fTi|=_4{B`rW66~~9P9TJm5Hr~`_dj8bfa0!*MU8*+x#*2m-=V{
zMEO?j1faQg{pn&2eyvN3Nk#|uI#s|WV91=eKpZ%LK=bLl?%r2W7hW3rq{>_ih-ZF^
zUTr1YQ#r^u$$wYm!=bxYo>%B?4$TMQiHflYR9O8+-+E>lvnz-K#MrDh2zM+^w-f04
z)~ce-qj*q9B>ghVpp)QSiM!0QZ%61+jbKa;Nxm5dD9<TBqrmbw2Oa{3H;cqmQ*hHQ
z$MCB2Kynhew5}we`rwFil8<uLh<HTfN(J0Ekw<SSI-3P$>eKB8qIUTpCiBR8M{1c6
z3ID8p#4u>a&_4*!AIW^PXG`De&`;XsKF7w!`k*$y<cw?pMYP<SvL!izL;%Qm;nb^5
z@XxQEKh-IUh3^IJXlnq~jkVyJD~dN-17hi{Db5i&@_R@%@ob||-%ss3R81GiG{i7%
z_}j2$*Fnlap>0OifNxNjnD0D>b)%F#Cz)U-cH)?<2t`$@Q`uH<#%H2%=LezmixR0n
zJO}vSEVJ$?JPP6%q-@8*@f<3pQj1Dap{<ej6x>l%@7M}WpW(%nB6?E-NVl(=Cw~Uk
zXo5plEV6u_rpk*&Fx>|VpeN?Rkr5qIXr@8XogCp#$SUo8tOJy{K(o*p3NL!CuK1iz
zF58R!ekWw&3bSS^LAm2uXS}zhE*bJ`-^}{=FsN)?p}B|8K+HRG;tKC2JCsi3F;uZb
z*^1;wm>_rg=tI!MUAcHPKZM__IQeFDrm<8j>DZj`0NK36(m&6jehd#o=}#>)5%*3X
zG{NiQ0k#e#7=>qqS1d4dlZALsd@xz%k(~d&hEf3NPT#yxr-p;=?dJ9i#0NxVmZHFm
zakDh<5h8+6Uk(Ug>ij^4#IieS>@|KSVuq}C@tE&Wn@I{}Xw<e&7Qh@*<o2`)Q@3Jd
z+S%S^RfRwBVrmX!C}G5hwnDx4)MB(t0C;NI`_9Z1W7pylFO2K~3>9Ovab_Q8F)r-?
z4n@{HpkVR~>KsLq)hEWU85D)GmXX4NL`X}zuav~!qn#REeeF)Y8&6A6Qxb;k+G^y(
zhxRibY2J;FXUFHm6hKF`8f5}2GWaL4^7&COgIWpmKm2@1QLVSLaCww!<*@2=l@Q2z
z0oJ<R!tx67FdPj04-;@H;70(M|6fH6NTFu`@4slE!glx_l#yqiJ-)2m`s`<&6f5JL
zKGqtlTP~U2lY<1<Gub8a)m2ND^_ogC=e^~xJ=qf*Pq@kqYUwU0uWoD_O`zP9UG?ug
zEC&=Tp6F@TtI<B#j3_Rb^!iu7mM3-bYdT45<X;=^!+N{(=t8`Yj|Uo0t@N%)epVo^
z(fE9h#xfy+tbjP?+u6y;%y}8l|G7wO3vdTubaJsZLC9tP4OxYNt}l7^_m%<>?(ILo
zSHK;+&psFry?QyG5kwV;(Ej)FbyH4BG*=rharWW~W^D=kWCbKKAO8EtLn>@}<FVf9
ze0)LT%NN;qmDxr9UcHx`WSBY6pll*gn5<wLBhmED=J%$y!TDhU?aWBf*5+Y7m?!LS
zn|53Lh0i+(3t*!^hSDFU`F#E+VgRf7GQO2~cPn5kZl}P$eei}J>f@-=qcyq)imZey
zJRR`b0`P}e4DE|-nSZP=6PP;j$=HCr(luDle}y{2ta%QJ_-IA#PsUqM0gjEwW3R~c
z+L?Cv4^H_8V>>7_z6P(ypNsu%>a#M!g3qPXc?^$=QxtbM5YD*$nOF<b=TzfOInEQF
z^}RtG-4&rkyX(%+bIHaN%^qrSF&+6oSKzPs+zzvRrDL%%Rrtu}_lBuu?)_j-HD`8c
z53I04*(77l^Oc);JwA+?@4g%iA8y+``Nd~4@gEc)^ODv}iq^8(UFMr&eIy;O0)@@a
zExe&ltQ=L-k3LuG9S_OmuZP{m5HDK~L^@BPvU{Hg%pj3Naz29Z|Gu*yc1@3N@9;VJ
zWk!-K>!LqK&cthfRnZx?whwZ>(-R_v%hWX>-T7gylE))$V4gtEA-LztBcWx^%ZqgR
z_z$UUQD#b<9h-kOlq6&XJ5M;ww(cS~dYC>Rn7G5{67@}GiRj*XDXb;!Snmb_=$&=d
zqn4=LcyHvsta0t`thN;sS8>nmnef49Jd0fVh^qUtwx=kOO5jY#E~&;wJ>Mtkw9>+j
zu(xU6S>Fei<^EMF<hg)0cR$Ln*rYFACpXF+MKg*GJGxYoO{JJ&Ho8b}plxqf1rAg$
zjQ&$Nc2JOy6tPn*qLMOh4v1h-&M)q;oUXiC)s3yGoEFi4RB|bF5>!u}!<Aj#et0?C
z&Ykv_Z-)GVSO_Ewt)XiRxW1&s#61coOIy6E$ui-w^098*xMpecEWCq7&6FMDJ)-vx
zdxAGz$LK5BU+Aw9bGk|C{$aYcjOOIXoSAjaBiPrv{<z|ns-6vxWJh1m(UB>+Km5@F
z=XIs*Q+I;-d;A#&;|^4kM`nvLTw<>@8Ra2}FWQF)+Tdd?k%;IQC0o6GnC#hFgU8+L
z*>5tD1Y(+%jmfW8^PxMf>BkI%?B{HRJ)~xev2M_^?h8Jdp@V7e-TfuZqf#2`JkKu*
zHf~Z?<IjWUJ8yUNYWF(%i3UfsY{A4u`pG-qvKHctg6!2>E<_(%&+6-wZm9<E3o41q
zxQ|HCMMdtuq>(Jj`O<$VN7BLXGELgD6}amjc8)$!kg$RMZ@hEKbhcU5?l!kcPb_6}
zmoHQ2c(t5fyeXM+uJ|ebwXZy?K+wLULcrV2@Cz`77HKAl2t7URty3dq(93f>ZG-Sr
z89|2$z}a$2cxLIFP+ub12h3R~lMm$U`rts%ha?+|3i%?U2*d=78Jqj!Em@p51;&?s
zX8ET??_!mU`uZzK>6?!a8RhhAiUxMx5}8P*sm&5keXhr8GUeE`;aD%D+I`LQ+_n8S
z+Dz$dc?W8WdPtP>nB8C2gcGa{<*vF3b>7VXN#BFVDvv5w6>sYG{6I0ZMtZuEEU%pl
zr&LOZu;aI7(ORubPYn}DUnTu9*m@J8>XWj*qjc<qlCud}sWi%<=y%OG05vNJbd;b<
z1xH{OTE1zS2Dkm&wnAqpFm~i?jgVo96kTh!_irkRm%Tk`=}qR_1Ie59#lAAzb(VJ#
z?PB@Pn08v2(@kof*E6W@Ni#$EA;L?N0wMdh;XmvUwC^G8k41~02lG{3pB*6fS4us^
z&%I<mJb%;69N@w)o<83&>r?6n5hf6P@LxdXUulAClh}=ou}Yv{T3+%kCKiest*_qX
zROnz~+X^Iou=*@IQs+Pc9g-KH1-`qGXI3qWA$4vhJc-K?^L2XqrTQN>iX{IR*jnwm
zxi=gk*H_2BetI~T$HL6jPvvb|_7DU(C%r%uUr2!(T@{mQyGHu)mL2L`cAW<dYmLGa
z&vRdSU5-j{3EKUh^`XH&eh-Rq-k*xK2Rsrn>MPxE((My-y}b^e9^phH?&TuXbbo3W
zk9N#XP#yFjt9+i}>AGF){QkIkCM$m7k$kma4W!V;kx>m74f~!1^)zs65N?yWL%I3j
z(%+a>A2I7aJL%)O?l42YYI67{lQT*BplySNPX`v-HVbTag6HU_N88I1AV0PT;aDs|
zuTO_oWfRpUIn5-ayiJptO{<sSp%~kM2zvTy5|`!u20e>|)33lWevUz6?)q`FTZch7
zR(-t|Us0m7d!D%2!%8-vL!$?ix78D@jEF){r?3kwwyO=QzKsa#dRKmA$$$CIl9)Pj
zG(NA!zH_g12p93DgdAS6@+`)H#Q#Z`^{+$*`VzqrjROAD9er)4a(R%xabttJsh>95
zlvI^QciA<?jYIzonS{`*mMbwrGquZm85+bg!Il<HjE*x2VzhIE!_UHJn;RrUh8I{!
z5s)=D*&lakMkP%8>01<-aZfBqAF6E4lP`EHm2aw-JX8S<1=9-}h(8F}I%@C(H!zMU
zZ}eGMXZAx?a+G3dCV{0uZ9fpigRhgL?>D<kCz*=_O+b-LvLL?mjAOeVybvAm#T}f>
zIXkKLfF~b&X!eVtcry-|zda^W{bc!!{w*b}a_P0+i~w8tjvhQHz@w%S^c~N5=^G!W
zPLB|nC|pAhu+&!%pV;+Rat3c^w(!gLiU#3XdgFD){2uRqK}mYGR;R@?l~B$m%Z#U6
z*td9|4wbVf30~BlDJQq=Pd>Vo8?~29L@~+J9Y4@H9r5hCSPo62O^y67nQ=FLDXg8R
z@laCi3LMIOi7sVfxs;R`yP$>r3L&<5y!n%je-@qw3HZeM{nrH?99+r8SvWN{GRNWs
z_)P()-KSB&nm0{3q+Q&;IZ(ApUsk^ydXb+*{b{VUtSz&h#T)_l7Z&Smo{(kTB+(2S
z*w$+jPhR$S713YebgE~JiZs71`vi1y%Tu2!C!C3sZZLSOd*AE<zntW+Qvy<J(<q_s
zGQU`XlSB@Uor|&K{An5m)2B5{_rI}d|A@L<Z45Q4Z}vPB1q~nY&5Za<7U8tl)s=Sw
zlcCSpT_=hH=eJYNhzZtG-b{lvy?$1+mE{#lN1!^qg64Btd-x0MUNA(7wJa0vY3z^1
zF1pAUx8D+5I6`zt6T5^G6ll@jJeE%c@`L+e8kMhN{2QY?jluUiNbIbRTz2=gIHz~p
znBfGmwJH<>C!3k6NprbsSF&1&e2yovW_2~5`?)i`D>585&@|`YJLP}sm=H+nkbtV;
z>R2=$pY_=q_^3a6cSSYp=RT%my7=QP+>jc!!me=X?G<}ILj2f37oFgmq*O-}BJg9`
zdk3qWOq2D*OxT)?_-?Ks>?nk2bz)8Snjf?I`<D?<ecBsiRpwoBhjM_W@>i}Pp6Vd5
zw`2;K{ml*dbvv)X$F^*0y`dLhC}wH1+g%A3UeJ=}i_`g*GTmsqNZzexVRgLKlzoQV
z(!?driDSC}<7<nge|+iY5?3zFk#WRwbhTKfGIyI<ZK33D{Er9B{k!`}6k6w?1!p|r
z%@~N1WE9=fzjo~!K>`w}k4g}9E*uo(*6QSg)_`E+tWDNgN(7^+PPXFTM$3o0C_=hy
zqf(Z9+g+Nvziy}9;W$@gHH63?t-dL$j*E4<^lPabb35G^Ncs~ItIJF1OM9T458*W1
z^y&DEaYGS+Qfh1DtCNB9EdLhAcH&k2E$#s-&R{i^$UOl?vGCh{mQ{I`0}`J1jh0<u
zpikK?l$DXS%~K`>MB@qjF7zf2jTVAR8D((4?P8^v^*&J12^)$3wz5h`$DTL!<*jP4
zI!S>6HB#N{mh6-Mr@{Liyu-so-an4Hl+{tUHx11t6VvgvQcn#=taLB?#)i4<ly@L`
zD=gZblzo#SWTf@4_Y`8TsXu3A$Z>E)5B9GK*cqeq$VX<RRM&}gWQAzs&i9Fx8(I9f
zf;{8cp_m-cjTYPoS)Xr}3|mffhu?6b9<}QO1mVkpG2(dJVOj`QO*Vr1me|v`i0ze6
z*#x~Rw^5ImN3noe)c`rdL4*G(V`o)#x#{iLzr!AdhekL48n`ZH8e-G<XG(E)6s^b3
zz?p|*99w!y?E6qsCKBZw<pG>N$#q3MVnP7B$v<n%Rm*W_X9JwbVNU%wNLGZ&$t{Xs
z&B$@NW?BCx!t(q#F+3b!_roh>Za~-L0vAGRj}hV3w`l@M_bVp9IBIZhYR<=8^BGtk
ztYi@Cn-gl;6<fXSj)gi%j=y{Ap@fM{!`@5Vp*QXDz;^iiY$FIyg4}{OJkD-l6pB&S
zuQCqlw&Ma(v76sp+Ougm3iuz#vTRl^zz}%$*4X)7XUk;zwT&94CC1@egBSC;PY9xL
zyRUCn=IUh5*PhY_JWBfLEh~<!rLE%c4R#5l6@;-M_wY{7lZ~7#>X`xS${qEvpXzxF
zhbjVXqtZ`BFMCs5y7}MyxaMNsI3}wk7R_#-t{jjyzpW@5(3B!^U+dD3;E#?F<-hY;
zGY>EU>%VbP+7d~L`{LsyG!u7^Y2t~T5c!S8D5(J1vrz3$xn~49@A4u7?bJ!`6Xy6x
zys?eCoMGLz`Y2ZH$sOHwWvKvolkbb-%!~tLe=6Co@SpDp{9gtNy}xv^QU~KHw*NdK
zQAn-aSIU2k-Tm{EV?Rvd|589NFgB^7dei^DFys)DK&&%on0fz-FaOIAw;NA!Jfdi8
z!kHf}Z1QmEUottVRlEsobk)?*oL<kQgI>)2k2Z3X`dcK-)JGbH1jzqOU=w1DLxY+B
zJ}N-JnSB4=_#Sbh$I*WcXV;#aRs8$MS8R7`CS`FsEg{KvFm|-(tMC4l%*4L{m#6of
zFg*Ob(PafSPiW&GtK&?WiB}WuCzrf=fbpyR^&lRiY@-$_C472Hpd6kU>~_qRCS_`&
za>=9f>gww(1!Zi~b(2*bfA;Uj$XdhuP57NoZujQWUn7otN6}_QGDQmES63?U6xcbL
z_mem~nZM%fy%2)6=fEa=L4fOL<sLVX#!&N+&;KRz;%Dntm&^nFs5sVsI(HyKT|+87
KmoI`F`~N?4c2PwD

literal 0
HcmV?d00001

diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index fe47323f40..90a9961063 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -4,10 +4,10 @@ description: Overview of the Windows Insider Program for Business
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
 ms.localizationpriority: high
-ms.author: daniha
-ms.date: 10/27/2017
+ms.author: jaimeo
+ms.date: 02/27/2018
 ---
 
 # Windows Insider Program for Business
@@ -19,41 +19,28 @@ ms.date: 10/27/2017
 
 > **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-For many IT Pros, gaining visibility into feature updates early, before they’re available to the Semi-Annual Channel, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for Semi-Annual Channel devices. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test devices, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to the Semi-Annual Channel, organizations can test their deployment on test devices for compatibility validation.
 
-The Windows Insider Program for Business gives you the opportunity to: 
-* Get early access to Windows Insider Preview Builds. 
-* Provide feedback to Microsoft in real-time via the Feedback Hub app.
-* Sign-in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
-* Register your Azure AD domain into the program, to cover all users within your organization with just one registration.
-* Starting with Windows 10, version 1709, enable, disable, defer and pause the installation of preview builds through policies.
-* Track feedback provided through the Feedback Hub App, across your organization.
-
-Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App. 
-
-The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. 
 
 ## Getting started with Windows Insider Program for Business
 
-To get started with the Windows Insider Program for Business, you can follow a few simple steps:
+To get started with the Windows Insider Program for Business, follow these steps:
 
-1. [Register your organizational Azure AD account](#individual-registration) to the Windows Insider Program for Business.
+1. [Register your organization's Azure AD account](#individual-registration) to the Windows Insider Program for Business.
 2. [Register your organization's Azure AD domain](#organizational-registration) to the Windows Insider Program for Business.</br>**Note:** Registering user has to be a Global Administrator in the Azure AD domain.
 3. [Set policies](#manage-windows-insider-preview-builds) to enable Windows Insider Preview builds and select flight rings.
 
 >[!IMPORTANT]
->The **Allow Telemetry** setting has to be set to 2 or higher, to receive Windows Insider preview builds.
+>To receive Windows Insider Preview builds, set the **Allow Telemetry** setting in Group Policy to 2 or higher.
 >
->The setting is available in **Group Policy**, through **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds - Allow Telemetry** or in **MDM**, through [**System/AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). 
+>In **Group Policy**, this setting is in **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds - Allow Telemetry**. In **MDM**, the setting is in [**System/AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). 
 
-Below are additional details to accomplish the steps described above.
 
 ## Register to the Windows Insider Program for Business
 
 The first step to installing a Windows 10 Insider Preview build is to register as a Windows Insider. You and your users have two registration options. 
 
 ### Register using your work account (recommended) 
-•	Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other PCs in your domain.   
+Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other devices in your domain.   
 
 >[!NOTE]
 >Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant).
@@ -62,42 +49,46 @@ The first step to installing a Windows 10 Insider Preview build is to register a
 Use the same account that you use for other Microsoft services. If you don’t have a Microsoft account, it is easy to get one. [Get a Microsoft account](https://account.microsoft.com/account).
 
 ## Install Windows Insider Preview Builds
-You can install Windows 10 Insider Preview builds directly on individual PCs, manage installation across multiple PCs in an organization, or install on a virtual machine. 
+You can install Windows 10 Insider Preview builds directly on individual devices, manage installation across multiple devices in an organization, or install on a virtual machine. 
 
-### Install on an individual PC
+### Install on an individual device
 
-1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 PC, go to Start > Settings > Update & security > Windows Insider Program). Note: To see this setting, you need to have administrator rights to your PC.
+1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 device, go to Start > Settings > Update & security > Windows Insider Program). Note: To see this setting, you need to have administrator rights to your device.
 2.	Link your Microsoft or work account that you used to register as a Windows Insider. 
 3.	Follow the prompts. 
 
-(images/WIP4Biz_Prompts.png)
+[![Settings UI showing Windows Insider Program item selected in lower left](images/WIP4Biz_Prompts.png)](images/WIP4Biz_Prompts.png)
 
-### Install across multiple PCs
+### Install across multiple devices
 
-Administrators can install and manage Insider Preview builds centrally across multiple PCs within their domain. Here’s how: 
+Administrators can install and manage Insider Preview builds centrally across multiple devices within their domain. Here’s how: 
 
 1.	**Register your domain with the Windows Insider Program**
+Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+
 To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later. 
 
-**Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+**Register your domain**. 
 
->[!Notes]
->•	At this point, the Windows Insider Program for Business only supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis) (and not Active Directory on premises) as a corporate authentication method. 
+>[!Note]
+>•	Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
 >•	If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
->•	If you do not have an AAD account, install Insider Preview builds on individual PCs with a registered Microsoft account.    
+>•	If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
 
 2. **Apply Policies**
 Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business).
 
 ### Install on a virtual machine. 
-This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a PC.  
-•	For guidance on setting up virtual machines on your PC see: [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/). 
-•	To download the latest Insider Preview build to run on your virtual machine see: 
+This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a device.
+  
+For guidance on setting up virtual machines on your device, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/).
+ 
+To download the latest Insider Preview build to run on your virtual machine, see
 [Windows Insider Preview downloads](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced) 
 
 ## Manage Windows Insider Preview builds
 
-Starting with Windows 10, version 1709, administrators can control how and when devices receive Windows Insider Preview builds on their devices.
+Starting with Windows 10, version 1709, administrators can control how and when devices receive Windows Insider Preview builds.
 
 The **Manage preview builds** setting gives enables or prevents preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
@@ -114,60 +105,63 @@ The **Branch Readiness Level** settings allows you to choose between preview [fl
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
 * MDM: [**Update/BranchReadinessLevel**](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel)
 
-![Select when Preview Builds and Feature Updates are received group policy](images/waas-wipfb-policy1.png)
+![Group Policy dialog showing the "Select when Preview Builds and Feature updates are received" configuration panel](images/waas-wipfb-policy1.png)
 
 ### Individual enrollment
 
 If you want to manage Windows Insider preview builds prior to Windows 10, version 1709, or wish to enroll a single device, follow these steps:
 
 1. Enroll your device by going to **Start > Settings > Update & security > Windows Insider Program** and selecting **Get Started**. Sign-in using the account you used to register for the Windows Insider Program.
-2. After reading the privacy statement and clicking **Next**, **Confirm** and schedule a restart.
-3. You are ready to install your first preview build. To do so, go to **Start** > **Settings** > **Update & security** > **Windows Insider Program** to select your Windows Insider level. The device receives the most recent Windows Insider build for the Windows Insider level you select. 
+2. Read the privacy statement and then click **Next**, **Confirm**,
+3. Schedule a restart. You are now ready to install your first preview build.
+4. To install the first preview, open **Start** > **Settings** > **Update & security** > **Windows Insider Program** and select your Windows Insider level. The device receives the most recent Windows Insider build for the Windows Insider level you select. 
 
 >[!NOTE]
->To enroll your PC, you’ll require administration rights on the machine and it needs to be running Windows 10, Version 1703 or later. If you are already registered in the Windows Insider Program using your Microsoft account, you’ll need to [switch enrollment to the organizational account](#how-to-switch-between-your-msa-and-your-corporate-aad-account).
+>To enroll your device, you’ll require administration rights on the device, which must be running Windows 10, Version 1703 or later. If you are already registered in the Windows Insider Program using your Microsoft account, you’ll need to [switch enrollment to the organizational account](#how-to-switch-between-your-msa-and-your-corporate-aad-account).
 
 >[!TIP]
 >Administrators have the option to use [Device Health](/windows/deployment/update/device-health-monitor) in Windows Analytics to monitor devices running Windows 10 Insider Preview builds.
 
 ## Flight rings
 
-Flighting rings are used to evaluate the quality of our software as it is released to progressively larger audiences. We will flight a Feature Update, application, etc. to the first ring if it passes all required automated testing in the lab. The flight will continue to be evaluated against a set of criteria to ensure it is ready to progress to the next ring.
+Flight rings are used to evaluate the quality of our software as it is released to progressively larger audiences. We will flight a Feature Update, application, etc. to the first ring if it passes all required automated testing in the lab. The flight will continue to be evaluated against a set of criteria to ensure it is ready to progress to the next ring.
 
 These are the available flight rings:
 
 ### Release Preview
 
-Best for Insiders who enjoy getting early access to updates for the Semi-Annual Channel, Microsoft applications, and drivers, with minimal risk to their devices, and still want to provide feedback to make Windows devices great.
+Best for Insiders who prefer to get early access to updates for the Semi-Annual Channel, Microsoft applications, and drivers, with minimal risk to their devices, and still want to provide feedback to make Windows devices great.
 
-Insiders on this level receive builds of Windows just before Microsoft releases them to the Semi-Annual Channel. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider PCs.
+Insiders on this level receive builds of Windows just before Microsoft releases them to the Semi-Annual Channel. Although these builds aren’t final, they are the most complete and stable builds available to Windows Insider Program participants. This level provides the best testing platform for organizations that conduct early application compatibility testing on Windows Insider devices.
 
-* The Release Preview Ring will only be visible when your Windows build version is the same as the Semi-Annual Channel.
-* To go from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for PC) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
+The Release Preview Ring will only be visible when your Windows build version is the same as the Semi-Annual Channel.
+
+To move from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for device) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
 
 ### Slow
 
-The Slow Windows Insider level is for users who enjoy seeing new builds of Windows with minimal risk to their devices but still want to provide feedback to Microsoft about their experience with the new build.
+The Slow Windows Insider level is for users who prefer to see new builds of Windows with minimal risk to their devices but still want to provide feedback to Microsoft about their experience with the new build.
 
 * Builds are sent to the Slow Ring after feedback has been received from Windows Insiders within the Fast Ring and analyzed by our Engineering teams.  
 * These builds will include updates to fix key issues that would prevent many Windows Insiders from being able to use the build on a daily basis.  
-* These builds still may have issues that would be addressed in a future flight.
+* These builds still might have issues that would be addressed in a future flight.
 
 ### Fast
 
-Best for Windows Insiders who enjoy being the first to get access to builds and feature updates, with some risk to their devices in order to identify issues, and provide suggestions and ideas to make Windows software and devices great.
+Best for Windows Insiders who prefer being the first to get access to builds and feature updates--with some risk to their devices--in order to identify issues, and provide suggestions and ideas to make Windows software and devices great.
 
-* Windows Insiders with devices in the Fast Ring should be prepared for more issues that may block key activities that are important to you or may require significant workarounds. 
-* Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features may work on some devices but may fail in other device configurations. 
+* Windows Insiders with devices in the Fast Ring should be prepared for more issues that might block key activities that are important to you or might require significant workarounds. 
+* Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features might work on some devices but might fail in other device configurations. 
 * Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked.
-* Please remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community forum.
+* Remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community forum.
 
 >[!NOTE]
->Once your machine is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your machine will be auto-targeted for the next available flight for your selected ring. For the first build on any given machine, this may take up to 24 hours to complete.
+>Once your device is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your device will be auto-targeted for the next available flight for your selected ring. For the first build on any given device, this might take up to 24 hours to complete.
 
 ### How to switch between flight rings
 
-During your time in the Windows Insider Program, you may want to change between flight rings for any number of reasons. Starting with Windows 10, version 1709, use the **Branch Readiness Level** to switch between flight rings. 
+During your time in the Windows Insider Program, you might want to change between flight rings for any number of reasons. Starting with Windows 10, version 1709, use the **Branch Readiness Level** to switch between flight rings.
+ 
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
 * MDM: [**Update/BranchReadinessLevel**](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel)
 
@@ -179,57 +173,6 @@ To switch flights prior to Windows 10, version 1709, follow these steps:
   * [Windows Insider Slow](#slow)
   * [Release Preview](#release-preview)
 
-## Explore new Insider Preview features
-Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration: 
-
-**Objective: Release Channel**
-Feature Exploration: Fast Ring
-Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration. 
-
-**Objective: Users**
-Feature Exploration: Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary machines.  
-
-**Objective: Tasks**
-Feature Exploration:
-•	Install and manage Insider Preview builds on PCs (per machine or centrally across multiple machines)  
-•	Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications 
-•	Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary current features. 
-
-**Objective: Feedback**
-Feature Exploration: 
-•	Provide feedback via [Feedback Hub app](insiderhub://home/). This helps us make adjustments to features as quickly as possible.
-•	Encourage users to sign into the Feedback Hub using their AAD work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.) 
-•	[Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/en-us/how-to-feedback/)
-
-## Validate Insider Preview builds 
-Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. This activity can play an important role in your [Windows 10 deployment strategy](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business). Early validation has several benefits: 
-•	Get a head start on your Windows validation process 
-•	Identify issues sooner to accelerate your Windows deployment 
-•	Engage Microsoft earlier for help with potential compatibility issues 
-•	Deploy Windows 10 Semi-Annual releases faster and more confidently 
-•	Maximize the 18-month support Window that comes with each Semi-Annual release. 
-
-(images/WIP4Biz_deployment.png)
-Windows 10 Insider Preview builds enable organization to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
-
-**Objective: Release Channel**
-Application and infrastructure validation: SLOW RING
-Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production machines by skilled users.
-
-**Objective: Recommended Users**
-Application and infrastructure validation: In addition to Insiders who may have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample. 
-
-**Objective: Recommended Tasks**
-Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes. 
-
-**Objective: Feedback**
-Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues.  
-
-**Objective: Guidance**
-Application and infrastructure validation:
-•	[Use Upgrade Readiness to create an app inventory and identify mission-critical apps](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-identify-apps) 
-•	[Use Device Health to identify problem devices and device drivers](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor)
-•	[Windows 10 application compatibility](https://technet.microsoft.com/windows/mt703793)
 
 ## How to switch between your MSA and your Corporate AAD account
 
@@ -243,11 +186,11 @@ If you were using your Microsoft Account (MSA) to enroll to the Windows Insider
 ## Sharing Feedback Via the Feedback Hub
 As you know a key benefit to being a Windows Insider is Feedback. It’s definitely a benefit to us, and we hope it’s a benefit to you. Feedback is vital for making changes and improvements in Windows 10. Receiving quality and actionable feedback is key in achieving these goals.
 
-Please use the [**Feedback Hub App**](feedback-hub://?referrer=wipForBizDocs&tabid=2) to submit your feedback to Microsoft.  
+Use the [**Feedback Hub App**](feedback-hub://?referrer=wipForBizDocs&tabid=2) to submit your feedback to Microsoft.  
 
-When providing feedback, please consider the following: 
-1. Check for existing feedback on the topic you are preparing to log. Another user may have already shared the same feedback. If they have, please “upvote” the existing feedback to help prevent duplicate submissions. Adding additional comments to existing feedback can help others by providing clarity to existing information or additional scenarios to review. 
-2. Provide as much information to us as possible: include reproduction steps, screenshots, any detail you think would help us experience the issue as you have, so that we can work on a fix and get it into a new build as soon as possible.
+When providing feedback, consider the following: 
+* Check for existing feedback on the topic you are preparing to log. Another user might have already shared the same feedback. If they have, “upvote” the existing feedback to help prevent duplicate submissions. Adding additional comments to existing feedback can help others by providing clarity to existing information or additional scenarios to review.
+* Provide as much information to us as possible: include reproduction steps, screenshots, any detail you think would help us experience the issue as you have, so that we can work on a fix and get it into a new build as soon as possible.
 
 >[!TIP]
 >You can then track feedback provided by all users in your organization through the Feedback Hub. Simply filter by **My Organization**. 
@@ -259,7 +202,7 @@ When providing feedback, please consider the following:
 
 ### User consent requirement
 
-Feedback Hub needs the user’s consent to access their AAD account profile data (we read their name, organizational tenant ID and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
+Feedback Hub needs the user’s consent to access their AAD account profile data (we read their name, organizational tenant ID, and user ID). When they sign in for the first time with the AAD account, they will see a popup asking for their permission, like this:
 
 ![Feedback Hub consent to AAD pop-up](images/waas-wipfb-aad-consent.png)
 
@@ -282,7 +225,7 @@ To do this through the **classic Azure portal**:
 2. Switch to the **Active Directory** dashboard.  
    ![Azure classic portal dashboard button](images/waas-wipfb-aad-classicaad.png)
 3. Select the appropriate directory and go to the **Configure** tab.
-4. Under the **integrated applications** section, enable **Users may give applications permissions to access their data**.  
+4. Under the **integrated applications** section, enable **Users might give applications permissions to access their data**.  
    ![Azure classic portal enable consent](images/waas-wipfb-aad-classicenable.png)
 
 To do this through the **new Azure portal**:
@@ -298,7 +241,7 @@ To do this through the **new Azure portal**:
 
 ## Not receiving Windows 10 Insider Preview build updates?
 
-In some cases, your PC may not update to the latest Windows Insider Preview build as expected. Here are items that you can review to troubleshoot this issue:
+In some cases, your device might not update to the latest Windows Insider Preview build as expected. Here are items that you can review to troubleshoot this issue:
 
 ### Perform a manual check for updates 
 Go to **Settings > Updates & Security**. Review available updates or select **Check for updates**.
@@ -310,25 +253,25 @@ Go to **Settings > Updates & Security**. Review available updates or select **Ch
 Go to **Settings > Updates & Security > Activation** to verify Windows is activated.
 
 ### Make sure your corporate account in AAD is connected to your device
-Open **Settings \ Accounts \ Access work or school**. If your PC is not listed as connected to your account in AAD, click Connect and enter your AAD account.
+Open **Settings \ Accounts \ Access work or school**. If your device is not listed as connected to your account in AAD, click Connect and enter your AAD account.
 
 ### Make sure you have selected a flight ring
 Open **Settings > Update & Security > Windows Insider Program** and select your flight ring.
 
 ### Have you recently done a roll-back? 
-If so, please double-check your flight settings under **Settings > Update & Security > Windows Insider Program**.
+If so, double-check your flight settings under **Settings > Update & Security > Windows Insider Program**.
 
-### Did you do a clean install? 
-After a clean-install and initial setup of a Microsoft or corporate account (even one that has been used previously for flighting) the appropriate targeting needs to take place for your PC. This background process is known as Compatibility Checker and will run during idle time on your PC. This process may take up to 24 hours. Please leave your PC turned on to ensure this occurs in timely manner. 
+### Did you do a clean installion? 
+After a clean installation and initial setup of a Microsoft or corporate account (even one that has been used previously for flighting) the appropriate targeting needs to take place for your device. This background process is known as Compatibility Checker and will run during idle time on your device. This process might take up to 24 hours. To ensure that this occurs in a timely manner, leave your device turned on. 
 
 ### Are there known issues for your current build?
-On rare occasion, there may be an issue with a build that could lead to issues with updates being received. Please check the most recent Blog Post or reach out to the Windows Insider team on Twitter for verification (*@WindowsInsider*). You can also check the **Feedback Hub** for announcements and known issues.
+On rare occasion, there might be an issue with a build that could lead to issues with updates being received. Check the most recent blog post or contact the Windows Insider team on Twitter for verification (*@WindowsInsider*). You can also check the **Feedback Hub** for announcements and known issues.
 
 ## Exiting flighting
 
-After you’ve tried the latest Windows Insider Preview builds, you may want to opt out. In order to do that, go to  **Settings > Update & Security > Windows Insider Program** and select **Stop Insider Preview Builds**. Follow the on-screen instructions to stop flighting to your device.
+After you’ve tried the latest Windows Insider Preview builds, you might want to opt out. In order to do that, go to  **Settings > Update & Security > Windows Insider Program** and select **Stop Insider Preview Builds**. Follow the on-screen instructions to stop flighting to your device.
 
-To go from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for PC) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
+To go from a Preview build to the Semi-Annual Channel, use the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) (for device) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) (for Mobile) to reinstall Windows.  
 
 ## Unregister
 
@@ -352,9 +295,9 @@ Collaborate and learn from experts in the [WINDOWS INSIDER TECH COMMUNITY](https
 
 ## Additional help resources
 
-* [**Windows Blog**](https://blogs.windows.com/blog/tag/windows-insider-program/) - With each new build release we publish a Windows Blog post that outlines key feature changes as well as known issues that Insiders may encounter while using the build.
+* [**Windows Blog**](https://blogs.windows.com/blog/tag/windows-insider-program/) - With each new build release we publish a Windows Blog post that outlines key feature changes as well as known issues that Insiders might encounter while using the build.
 * [**Microsoft Technical Community for Windows Insiders**](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) - Engage with Windows Insiders around the world in a community dedicated to the Windows Insider Program.
-* [**Windows Insider Preview community forum**](https://answers.microsoft.com/en-us/insider/forum/insider_wintp) - Answers is Microsoft’s forum platform and there is an entire area dedicated to the Windows Insider Program. Insiders can filter between PC, Office, Edge, and many others.
+* [**Windows Insider Preview community forum**](https://answers.microsoft.com/en-us/insider/forum/insider_wintp) - Answers is Microsoft’s forum platform and there is an entire area dedicated to the Windows Insider Program. Insiders can filter between device, Office, Edge, and many others.
 
 ## Learn More
 - [Windows Insider Program for Business using Azure Active Directory](waas-windows-insider-for-business-aad.md)

From 79c03b438d158c45df9dccdf409d1b09916f4c4f Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Wed, 28 Feb 2018 14:43:44 -0800
Subject: [PATCH 055/119] fixing bullets in note

---
 .../deployment/update/waas-windows-insider-for-business.md  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index 90a9961063..ec4bd495f6 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -71,9 +71,9 @@ To register a domain, you must be registered in the Windows Insider Program with
 **Register your domain**. 
 
 >[!Note]
->•	Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
->•	If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
->•	If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
+>- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
+>- If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
+>- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
 
 2. **Apply Policies**
 Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business).

From c5eccb8e9891cda99bcd2b510b7bc2cef0b8ebc3 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 1 Mar 2018 08:44:09 -0800
Subject: [PATCH 056/119] many editorial fixes; fixed link formatting

---
 .../olympia/olympia-enrollment-guidelines.md  | 32 ++++++++++---------
 .../waas-windows-insider-for-business.md      | 19 ++++++-----
 2 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index 7fc29c58f5..c44e3b60c4 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -6,14 +6,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/10/2017
+ms.date: 02/28/2018
 ---
 
 # Olympia Corp
 
 ## What is Windows Insider Lab for Enterprise and Olympia Corp?
 
-Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features*. To get the complete experience of these Enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features.
+Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release Enterprise Privacy and Security features. To get the complete experience of these Enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features.
 
 As an Olympia user, you will have an opportunity to: 
 
@@ -23,15 +23,16 @@ As an Olympia user, you will have an opportunity to:
 -   Provide feedback.
 -   Interact with engineering team members through a variety of communication channels.
 
-\* Enterprise features may have reduced, or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
+[!Note]
+>Enterprise features may have reduced, or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
 
-For more information about Olympia Corp, please see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
+For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
 
-To request an Olympia Corp account, please fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia).
+To request an Olympia Corp account, fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia).
 
 ## Enrollment guidelines
 
-Welcome to Olympia Corp. Here are the steps needed to Enroll.
+Welcome to Olympia Corp. Here are the steps needed to enroll.
 
 As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Enterprise from Windows 10 Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows 10 Enterprise, we recommend you to upgrade.
 
@@ -45,9 +46,9 @@ Choose one of the following two enrollment options:
 
 ### Set up an Azure Active Directory REGISTERED Windows 10 device
 
--   This is the Bring Your Own Device (BYOD) method - your device will receive Olympia policies and features, but a new account will not be created ([additional info]).(https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-registered-devices-windows10-setup)
+This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information.
 
-1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
 
     ![Settings -> Accounts](images/1-1.png)
 
@@ -66,7 +67,7 @@ Choose one of the following two enrollment options:
 
 5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
 
-6. If this is the first time you are logging in, please fill in the additional information to help you retrieve your account details.
+6. If this is the first time you are logging in, fill in the additional information to help you retrieve your account details.
 
 7. Create a PIN for signing into your Olympia corporate account.
 
@@ -81,9 +82,9 @@ Choose one of the following two enrollment options:
 
 ### Set up Azure Active Directory JOINED Windows 10 device
 
--   This method will upgrade your Windows 10 Pro license to Enterprise and create a new account ([additional info]).(https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-joined-devices-setup)
+-   This method will upgrade your Windows 10 Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup) for more information.
 
-1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
+1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
 
     ![Settings -> Accounts](images/1-1.png)
 
@@ -106,15 +107,15 @@ Choose one of the following two enrollment options:
 
 6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
 
-7. If this is the first time you are signing in, please fill in the additional information to help you retrieve your account details.
+7. If this is the first time you are signing in, fill in the additional information to help you retrieve your account details.
 
 8. Create a PIN for signing into your Olympia corporate account.
 
 9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
 
-10. Restart your PC.
+10. Restart your device.
 
-11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your PC will upgrade to Windows 10 Enterprise*.
+11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your device will upgrade to Windows 10 Enterprise.
 
 12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
 
@@ -123,5 +124,6 @@ Choose one of the following two enrollment options:
 
 13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
 
-\* Please note that your Windows 10 Enterprise license will not be renewed if your PC is not connected to Olympia.
+[!Note]
+> Your Windows 10 Enterprise license will not be renewed if your device is not connected to Olympia.
 
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index ec4bd495f6..3b3f5cb1ec 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -53,25 +53,24 @@ You can install Windows 10 Insider Preview builds directly on individual devices
 
 ### Install on an individual device
 
-1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 device, go to Start > Settings > Update & security > Windows Insider Program). Note: To see this setting, you need to have administrator rights to your device.
-2.	Link your Microsoft or work account that you used to register as a Windows Insider. 
-3.	Follow the prompts. 
+1.	Open  [Windows Insider Program settings](ms-settings:windowsinsider) (On your Windows 10 device, go to Start > Settings > Update & security > Windows Insider Program). To see this setting, you must have administrator rights to your device.
+2.	Click **Get started** and follow the prompts to link your Microsoft or work account that you used to register as a Windows Insider. 
+
 
 [![Settings UI showing Windows Insider Program item selected in lower left](images/WIP4Biz_Prompts.png)](images/WIP4Biz_Prompts.png)
 
 ### Install across multiple devices
 
-Administrators can install and manage Insider Preview builds centrally across multiple devices within their domain. Here’s how: 
+Administrators can install and manage Insider Preview builds centrally across multiple devices within their domain. To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later. 
+
+To register a domain, follow these steps: 
 
 1.	**Register your domain with the Windows Insider Program**
 Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
 
-To register a domain, you must be registered in the Windows Insider Program with your work account in Azure Active Directory and you must be assigned a **Global Administrator** role on that Azure AD domain. Also requires Windows 10 Version 1703 or later. 
-
-**Register your domain**. 
 
 >[!Note]
->- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
+>- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
 >- If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
 >- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
 
@@ -81,10 +80,10 @@ Once you have registered your enterprise domain, you can control how and when de
 ### Install on a virtual machine. 
 This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a device.
   
-For guidance on setting up virtual machines on your device, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/).
+For guidance on setting up virtual machines on your device, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/).
  
 To download the latest Insider Preview build to run on your virtual machine, see
-[Windows Insider Preview downloads](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewadvanced) 
+[Windows Insider Preview downloads](https://www.microsoft.com/software-download/windowsinsiderpreviewadvanced) 
 
 ## Manage Windows Insider Preview builds
 

From d3f0a2a9fadc11faad285d8d691f04ccce93243b Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 1 Mar 2018 09:07:25 -0800
Subject: [PATCH 057/119] fixed more glitches; removed a bunch of en-us

---
 .../olympia/olympia-enrollment-guidelines.md       |  6 +++---
 .../update/waas-windows-insider-for-business.md    | 14 +++++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index c44e3b60c4..b62d56b89b 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -38,9 +38,9 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Ent
 
 Choose one of the following two enrollment options:
 
-1. [Keep your current Windows 10 edition](#enrollment-keep-current-edition)
+- [Keep your current Windows 10 edition](#enrollment-keep-current-edition)
 
-2. [Upgrade your Windows 10 edition from Pro to Enterprise](#enrollment-upgrade-to-enterprise)
+- [Upgrade your Windows 10 edition from Pro to Enterprise](#enrollment-upgrade-to-enterprise)
 
 <a id="enrollment-keep-current-edition"></a>
 
@@ -124,6 +124,6 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
 
 13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
 
-[!Note]
+>[!NOTE]
 > Your Windows 10 Enterprise license will not be renewed if your device is not connected to Olympia.
 
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index 3b3f5cb1ec..261e6495d9 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -35,7 +35,7 @@ To get started with the Windows Insider Program for Business, follow these steps
 >In **Group Policy**, this setting is in **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds - Allow Telemetry**. In **MDM**, the setting is in [**System/AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). 
 
 
-## Register to the Windows Insider Program for Business
+## Register in the Windows Insider Program for Business
 
 The first step to installing a Windows 10 Insider Preview build is to register as a Windows Insider. You and your users have two registration options. 
 
@@ -43,7 +43,7 @@ The first step to installing a Windows 10 Insider Preview build is to register a
 Registering with your work account in Azure Active Directory (AAD) is required to submit feedback on behalf of your organization and manage Insider Preview builds on other devices in your domain.   
 
 >[!NOTE]
->Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant).
+>Requires Windows 10 Version 1703 or later. Confirm by going to Settings>System>About. If you do not have an AAD account, [find out how to get an Azure Active Directory tenant](https://docs.microsoft.com/azure/active-directory/develop/active-directory-howto-tenant).
 
 ### Register your personal account
 Use the same account that you use for other Microsoft services. If you don’t have a Microsoft account, it is easy to get one. [Get a Microsoft account](https://account.microsoft.com/account).
@@ -66,7 +66,7 @@ Administrators can install and manage Insider Preview builds centrally across mu
 To register a domain, follow these steps: 
 
 1.	**Register your domain with the Windows Insider Program**
-Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/en-us/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
 
 
 >[!Note]
@@ -75,9 +75,9 @@ Rather than have each user register individually for Insider Preview builds, adm
 >- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
 
 2. **Apply Policies**
-Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business).
+Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business).
 
-### Install on a virtual machine. 
+### Install on a virtual machine 
 This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a device.
   
 For guidance on setting up virtual machines on your device, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/).
@@ -274,11 +274,11 @@ To go from a Preview build to the Semi-Annual Channel, use the [Media Creation T
 
 ## Unregister
 
-If you no longer plan to manage Windows Insider Preview policies for your organization, you will need to [unregister your domain with the Windows Insider Program](https://insider.windows.com/en-us/insiderorgleaveprogram/). 
+If you no longer plan to manage Windows Insider Preview policies for your organization, you will need to [unregister your domain with the Windows Insider Program](https://insider.windows.com/insiderorgleaveprogram/). 
 
 Unregistering will not allow any other administrators at your organization to continue to set policies to manage Windows Insider Preview builds across your organization.
 
-Your individual registration with the Insider program will not be impacted. If you wish to leave the Insider program, see the [leave the program](https://insider.windows.com/en-us/how-to-overview/#leave-the-program) instructions.
+Your individual registration with the Insider program will not be impacted. If you wish to leave the Insider program, see the [leave the program](https://insider.windows.com/how-to-overview/#leave-the-program) instructions.
 
 >[!IMPORTANT]
 >Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable users to control it from their devices.

From faadb2f3198fda3fce3e320e1c3318caec2986cc Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Thu, 1 Mar 2018 09:40:27 -0800
Subject: [PATCH 058/119] still more small fixes and updated TOC

---
 windows/deployment/TOC.md                         |  1 +
 windows/deployment/update/WIP4Biz-intro.md        |  8 ++++----
 .../update/waas-windows-insider-for-business.md   | 15 ++++++++-------
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index c2d63ceca8..df889e6bbf 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -224,6 +224,7 @@
 ### [Manage device restarts after updates](update/waas-restart.md)
 ### [Manage additional Windows Update settings](update/waas-wu-settings.md)
 ### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md)
+#### [Introduction to the Windows Insider Program for Business](update/WIP4Biz-intro.md)
 #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
 #### [Olympia Corp enrollment](update/olympia/olympia-enrollment-guidelines.md)
 ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 4623481b66..08b8659f6e 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jaimeo
 ms.localizationpriority: high
 ms.author: jaimeo
-ms.date: 02/26/2018
+ms.date: 03/01/2018
 ---
 
 # Introduction to the Windows Insider Program for Business
@@ -35,7 +35,8 @@ Microsoft recommends that all organizations have at least a few devices enrolled
 The Windows Insider Program doesn't replace Semi-Annual Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
 
 
-
+[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the Semi-Annual Channel Targeted ring for Pilot deployment, and the Semi-Annual Channel for broad deployment](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)<br>
+Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
 
 
 ## Explore new Windows 10 features in Insider Previews
@@ -57,8 +58,7 @@ Along with exploring new features, you also have the option to validate your app
 - Deploy Windows 10 Semi-Annual releases faster and more confidently 
 - Maximize the 18-month support Window that comes with each Semi-Annual release. 
 
-[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the Semi-Annual Channel Targeted ring for Pilot deployment, and the Semi-Annual Channel for broad deployment](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
-Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
+
 
 |Objective |Feature exploration|
 |---------|---------|
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index 261e6495d9..52a170184a 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -66,17 +66,18 @@ Administrators can install and manage Insider Preview builds centrally across mu
 To register a domain, follow these steps: 
 
 1.	**Register your domain with the Windows Insider Program**
-Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+Rather than have each user register individually for Insider Preview builds, administrators can simply [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.
 
 
->[!Note]
->- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
->- If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services – you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
->- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.    
-
 2. **Apply Policies**
 Once you have registered your enterprise domain, you can control how and when devices receive Windows Insider Preview builds on their devices. See: [How to manage Windows 10 Insider Preview builds across your organization](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business).
 
+>[!Note]
+>- The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
+>- Currently, the Windows Insider Program for Business supports [Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/active-directory-whatis)--but not on-premises Active Directory--as a corporate authentication method. 
+>- If your company has a paid subscription to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services--you have a free subscription to Microsoft Azure Active Directory. This subscription can be used to create users for enrollment in the Windows Insider Program for Business.
+>- If you do not have an AAD account, install Insider Preview builds on individual devices with a registered Microsoft account.
+
 ### Install on a virtual machine 
 This option enables you to run Insider Preview builds without changing the Windows 10 production build already running on a device.
   
@@ -289,7 +290,7 @@ Windows Insiders are a part of a global community focused on innovation, creativ
 
 The Windows Insider program enables you to deepen connections to learn from peers and to connect to subject matter experts (inside Microsoft, Insiders in your local community and in another country) who understand your unique challenges, and who can provide strategic advice on how to maximize your impact.
  
-Collaborate and learn from experts in the [WINDOWS INSIDER TECH COMMUNITY](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram)
+Collaborate and learn from experts in the [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram)
 
 
 ## Additional help resources

From 444cc522a85bbc6021433a789d9cb846cfa02c88 Mon Sep 17 00:00:00 2001
From: "Andrea Bichsel (Aquent LLC)" <v-anbic@microsoft.com>
Date: Thu, 1 Mar 2018 21:48:52 +0000
Subject: [PATCH 059/119] Changed title, changed first sentence for voice &
 tone.

---
 ...ion-management-reference-windows-defender-antivirus.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
index ad3743b16b..a44c4d99bb 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender AV reference for management tools
-description: Learn how Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the comman line can be used to manage Windows Defender AV
+title: Manage Windows Defender AV in your business
+description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the comman line to manage Windows Defender AV
 keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -14,7 +14,7 @@ ms.author: iawilt
 ms.date: 08/26/2017
 ---
 
-# Reference topics for management and configuration tools
+# Manage Windows Defender AV in your business
 
 **Applies to:**
 
@@ -24,7 +24,7 @@ ms.date: 08/26/2017
 
 - Enterprise security administrators
 
-Windows Defender Antivirus can be managed and configured with the following tools:
+You can manage and configure Windows Defender Antivirus with the following tools:
 
 - Group Policy
 - System Center Configuration Manager and Microsoft Intune

From 61c363e5c2c0cace9f0eeb7bb664049671c75227 Mon Sep 17 00:00:00 2001
From: "Andrea Bichsel (Aquent LLC)" <v-anbic@microsoft.com>
Date: Thu, 1 Mar 2018 22:17:05 +0000
Subject: [PATCH 060/119] Updated author info.

---
 ...ation-management-reference-windows-defender-antivirus.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
index a44c4d99bb..09fefe72e5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 08/26/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 03/01/2018
 ---
 
 # Manage Windows Defender AV in your business

From 92d38083696d7baadafc2027bc879c5ac222321a Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Thu, 1 Mar 2018 22:43:18 +0000
Subject: [PATCH 061/119] Merged PR 6119: MultiSIM CSP - new in Windows 10,
 version 1803

---
 windows/client-management/mdm/TOC.md          |   2 +
 ...onfiguration-service-provider-reference.md |  28 ++
 .../mdm/images/provisioning-csp-multisim.png  | Bin 0 -> 13445 bytes
 windows/client-management/mdm/multisim-csp.md |  58 ++++
 windows/client-management/mdm/multisim-ddf.md | 291 ++++++++++++++++++
 ...ew-in-windows-mdm-enrollment-management.md |   4 +
 6 files changed, 383 insertions(+)
 create mode 100644 windows/client-management/mdm/images/provisioning-csp-multisim.png
 create mode 100644 windows/client-management/mdm/multisim-csp.md
 create mode 100644 windows/client-management/mdm/multisim-ddf.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 1ac5a9f388..ca5fd03714 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -155,6 +155,8 @@
 #### [Maps DDF](maps-ddf-file.md)
 ### [Messaging CSP](messaging-csp.md)
 #### [Messaging DDF file](messaging-ddf.md)
+### [MultiSIM CSP](multisim-csp.md)
+#### [MultiSIM DDF file](multisim-ddf.md)
 ### [NAP CSP](nap-csp.md)
 ### [NAPDEF CSP](napdef-csp.md)
 ### [NetworkProxy CSP](networkproxy-csp.md)
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 16f80bc1f1..e7ed3131c8 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1295,6 +1295,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[MultiSIM CSP](multisim-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [NAP CSP](nap-csp.md)  
 
diff --git a/windows/client-management/mdm/images/provisioning-csp-multisim.png b/windows/client-management/mdm/images/provisioning-csp-multisim.png
new file mode 100644
index 0000000000000000000000000000000000000000..86473079f4eef12f8df06c8861fb74e7361b9476
GIT binary patch
literal 13445
zcmch8c{tSl+xAEyLUL!xR#Yn6lp^c66B3b>HO3H<WiXcPlr`H;#Yjl9HP$eUZE9@E
zpt5hHEMq6zFxK}oazDT4c%R?%KI`%R(NQyfzn}HG&g(kQ>zat$IvT9ZCzv4+2&?9e
z>vtfK1K|(|-B+dq;G2BGBh%n7I@BGFYmkCA{weU`pzWWx{)9k^V_CKkhrs8<&Nqxv
z5C~fx?GIfOGUovVa`}Yj^*`@EHlG_>KyezT<}6YdC~9Q2_aE+ged^Bd%)(ZXl3u<0
zeD{Xg1<!bE=B&F(gRKud;}2^mT&=37|CxRGpqNY1r}+NHt4{(s56}toN}CrL4-~gx
z?2Xr6&v)Eei!<rf@OziAN$o7Z<BI7z=9DO;)A9+1p@Rh0pCm#cr<o88kduG*hj>|A
zkI&aAbTnvQJR}NN>DMM#m%wCY%dyz3T5$+Ori^WQv?-QFANOr5WKFWx<;S4YMIRmI
z<)sKb;?9-A6#q7bO(8!jr9xWXJ-?{5^j+<B2*hI&QE>NyzI0n(i^f`tzxk$2>pNeP
z;^s9OnC~`OyUgSsToMvk5kjc0tdzfar8Zz)ZBF4*UFQUQ+Jbw*xQvWUCpRnPq(L;a
zu&@xGRK3zaHBpMJKavq`Bp)eL;=};qyNhm+HD1g&@U82rJtVE&!ZAahk+rRs5`?Hk
z-9;~uHg`t91$5U^J>+$qN)q@wWhfq%zvAV6pB?o7E==C4Uu<YlTbN;l9OdRE-^{%9
zGpcC^)$??`-$pLOsq={ye`-*iwYzr7;hJ~j>Du)*0=I0fyI^*=3Pq(&;|HEfDJxuF
z2ylvw>CX`~7xLm?E8!lTywx#*h+N)CGHbicT}pS-<`R+Jzk2s4w*aGNns%|liRLc@
zCcg%4a;mU$0-?CY_(9)Cg?|nXFeOvn{viJny%nmj@WMB4xg}HO){sOA{k-EMRd3Ti
z4dvKBT(ycrE3A$+b1sM-h8$(#CFk;rQqt-ZSQKD_t-ODkYI8qo<n-12nTq4=xiZEU
z)3Kt-cPxP88+>f(tHm#N;lvh+orI1QC?17a$X}>ktc?c-x^7%%B5~Dgj?bw{BoVv%
zw)C^gInhsAc|nKZMT7oxgfM2sqVdMtCsn01qbPsGX*ls;cM_NXFgZ_AVdLX|t|e0P
z393=U<7qwnIF{K@uvFJ%U5e8+qc@$3<k`qJ+#Q|l*dgV|R=@JQQds)}0&!VS+QPqk
zeGyEUEuz{rc^h-&^XrP9=pi@inoPWi*5F&CAk`4TbJ%i)SLk0_OXZzuZ+E=wuM5-<
z&BLzO#{cjr!zVf}M64L{JVZIm2AKGNe<JlApWoHLeLo`O%63^@z%<z|V4-`WOTV4#
z>|tq0{gkbimR8?Z5rwt9?py6b`IkT;!fk<?Ia1h%NAE8O`JD*+E;Ok#_RXX=^rQa4
zLRh(<X0&Yj4Er}qA(CBCKW0~>8;OZne|N?F-E48yQ$ZWgu|}2I@wy=spN<`zeA2b_
zH@|n**Wce?A^qO3e9mEI8XTmO&64`LQ>)K9mpNx|kKXpC3`QuLL>_&XD`d=%Egp<g
zym1{}W@yPnp45FMuQS?b8fqM~`K1PSV{-+I_nax27?VB}c6@IKe0+RfqS=0Ra}QTe
zmVFK!9LdZypZr+!sM9Q+Uxuw~DM(Ml-dpog=Z^5RAPu$J)5&6FkF?946RuWapP`Hi
zJ#!rc;2PR%JKDLkT&J~w{V-DX``Ws;W^6s|hEe6x9~eKWIa;kwArITA`1hVm+UyO#
z@mcjHiUVmF25zG&#oq6-*K2SgO%leFyUKU?OlwZ#YShp}&hJNCZbZV&tbBeQXGm3J
zM=gsT+0q;u2vR*%CywlazxUOg=H&Bzyj%*lv`nEIIuW12m?0-+E)ijac+^#&+ncFX
zDK1*%%(q>x`tF&^>CDeugh;)oikx3$9zJvW{vYMOq{}ig0uru=#5F>1ZSH1`mHKMx
zAqv)dhxADWyBr4!p)1*JVRF;Y4R%!zJrh$my~wCs6YbZZUA|pon)ZBDgNuu+y6`ka
zMf?HU(9p1n*?7*Upzk`|dam#EuQPVfw+wq-%@wxq`@22~pt3+l&eVzD$IC5;wXZ!I
z_9}<{ykaeUHb_b{c??hJmUf%k#^FA!t<ponBbiIKCO%|0Qd44yTw%joOpt^eC<|%#
zEB|KU2MZ6<titxz%iO~5o}R8mHpofkXedj7+2a-KpNca!S*_t^A99war{8b9rGwO8
z_`?QaZGA@8o%(dvKcOv3rZCmpWAgiETN%H-HKa&`y`-qPcyW7Z!0@$JQzKiA`_A|a
zsW$<Oi2+;V@E!93^n0&uVnKO3-j%ZSZE$QHhr6^OMjv=jf-uX0d8-jCXoi>5M-z{K
zf8_A?7mO`nx#bhz^yppJ0y2`wB?R*q-)YRMy$XSJUk~La5L~T$(vzjwhYW=1Ar`y{
zr!Xizq%sOxu8O9En5m-&P7xu2k|M;pqc#wgL=LhClQiT_3lmBqm>2TZIv6KFI0Bix
zL>OcP;l=Hrygp@u?&<DMNJ!w~=GH1&SR8E{DQQI(9Q;cgygNXP8lDS7=e5ThQ@%O)
zuLGE_6Jg{XKv9<T7W)Ln9<V&e4S3dOeuW$hftFiI5xX9(wy~FszFq{Osd!;!xgTlr
zpi&w{rTHP2&Fkq%zcp680*lJEqht^95M%Kd*)~f;{&9V%C0>c++PdTv7N2Fq!Xh_@
zzYc=w`4Hx&rY*P3NU*K9-3(dfC1AkB*O8^XD(zsSmh7l96Zb4sVOn42y&z3OwZ{f7
zB6sm-=G!(d$jSkPlPCoW-!~m4i+JhHF!<|NE}eY`0?khn=j!>$U0q$p*9^q|3~05$
zVU61!@_F{YPP<xLQIXTe3vm+w1CXG)+@kES2lB1oB#V@o*z0u@9W<Tbf?tBmWp&-q
zjOq#Wp4MUH2D+j1@{iJfSSbXYq1X&hO|a<8xwk>y%z$gS7>c`-tNn+hJ?rFB4u7}n
z)AYF{%X}I9{eCBOT^w6zpVE)nK)jifStQi+*Uh}PhdYEXU!KXMAYaXbaVb1?)kQ_l
zu3O<;fs(Pwji>Z(<6q5RmE$1%S$ucy95E=aW&HaMgJIH2Z;W|F7xh;p@u|=PMw$^a
zq=p`dxJb;rGxh89pArx=L8<5^SC==wmKix#k2CJ?bW8o&V!oke3M-i3=&iXU(bVer
zrpooFDbm^RfP%yJ%M}|Eu4t{>b2w*zFgv#8fc$N|DSN<oa{bB^ncYh!J9D_rPgHo5
zQ?19W6>W}}jX$1s<7-->Gv%x7<Ejrzp0bQ^#rkcCO||l0E%&LsnyVuRapOifHL;-X
zFJm&Y%OGxETbIAgdpEy0?q<b{LJ!3?z3_5c?#-@^CmlgBd{qT!@THN=B1GzUzY+Cp
z2IjkxkNty7`ZCqfu|bhC#OZj?kGe4gi{3I|QAx~>Q}60m4|EJRj=9f>S;6|x>YHmK
z$#ctvgJ_BOQU@TDl7zuC%gf6e_zgp_;8c|p;{zWXTr(=L1b!n<4MprWSZcNBVszEo
z{QkzP9{BlfKa<Wn^rj^v`{FMV6BD*FXZ28Am+Dyhmfv6w#xriUi2<pBk5AQ>fmMTi
ztBs$w$NAJ;`w-do+Ba9;By$oG&?L)Ou9K_1w?0(!4+#@V*3;hlrlkftqvuxyup2ik
zm4J&#!sPVw4Z7^;1LuW_LnRdzkNrm~66ns_?c<!hE##|vFb?Bg`_QJJy~P@$q=Bxw
zS=*uLH3j19BVglDS|SJ_ZI?$hkOaoSmX=;NS-+o0EWH4&5zrft#OVXjd)LMZSz$uV
z(-oghMxWRn!oeRpT6kYUruzN7gBXJeN##f%gw&{_eKPLk5(m*-T9=mw2l`-JBOrOq
zE;w#rXxN3L3rrOz)~tX8C~l(qc?&s=J(hpAiaLP`*a{QTArsTe=KL;>Ak{cST0qtb
z64ov%B=F!#VoiB*adBzs-D%ZbN>_?mnA5Y}_pzJL)=l*?@90fHAjh6U>jopH4sqBl
z!dEXs-dF|mk^!RC$3W}&5e$L795!eXBIKw7;Rp%<oTUaD5d)=HnPrkDa@at^1rVWf
z0Pl)Lh)@kQ-ANDdawR{xtgP%zZ?^If#5)*T_j(R$c;O`g;nqR4WW^q;p^KGBwgb3V
zc%KC}e9DPQWiU8}a6jK*L8(IFqMX0O>`{CmMwFIFE|~dRT@Ltjt05d-bI6SoOs9n~
zhr>M!#$$Y`n})hdn64*NJK=a9vkOr#$bvZ?^dB#Q(PRkXT(*X1rE0t=ha}jw*=^gK
zZFS6*T{pv!U780hz&N<xI`Qr=hFP`Vb1Ntl9`tEqaWT8U_^@F%bKn)QjS*HF*cFT$
ziHUlBpd$Po_==*Tb@!_gsmWsOX5MgsVmetynBxMDqdGi`J!cmaMHdav0T41$K_es^
zp^*!#)aD3tv-&n-f{cAx>v(#Uf6vFyuD1rSz!Z*>NFE<lm&?B2z}jufXw+WVJ(FwL
ziypLiJW<eET&x-^sB|ZrHSiEvhvkvwk&zK<#Ha~<rOZ=nz47n9`g4PqpUn;2-;u`|
z5zfQ!$#wXe`t@eW2<^K(AA|*5PXiCxbl7jXEu;p#dBxRO5vK4C9zfx$ZNnzwKfQEf
z9Id&4%oMDii>@}Qt#SADeeUTB60K<>T{s^&9-cZy_x!I_LYv3pIH$Tsv$=Bnmkj+U
z;ks<%2)@KuiDBwrK8=2U(!Fq}jH{Wud?qY@pz8|i;trhc3G#0F;|>#3RZrA92lV3w
za2=}8W3Qv(8)KWpsa3;2qb9s53@D|V^iC?Dwaa$2lizk%$$edn5kt98hye%dET_q;
zw<bk?ZeBm&#^{yDGpmg#JMMy^zt+wXZKZ_#w$_U`gds;|!N3cC_qY%-*32PKC_{LA
z5&dbI5B?%W*H|Sp%B=0TC2>mC*C|g<_&T6IZ+{IP8Dc{HXb5)N?671VDwC7*e}FiZ
zD%8OEH42&`!tJD3Yi^EP{gusTOGxVV-0+fs3?%_VI{22mlB!X;RW;@jV8=JuDpBC+
z-p_~6_-PTwHc%l};mb}k$iSlu+Q1z}Mn+DHK~x5rq>mvUH3AQQ%N1Cl-SO(N!ML&0
zqP_&uULtSpYIP0A>SvEot}53ngW*ow1wSy%VS~dG)tMOSSNM;}lmoM;h&O^6VWiz(
zk-y#+X^99M!WX_Ae3t2$;q|HF%fRXzhVMpFrH11h6pPNMBIRM%NRKNU%|1P5L~gRU
zIMNL@c&&Dpc-cM)usT>21{L9`XV%WED`jxAdfQz!{}4G}xxk8<`Tpq;rpL<DO8uQu
z=?Tgj`?j0WC^~&oW}dm8w8`@4vI_vHw1Dx(yvJP-2e6=LsXIdYL<8Hrzs7r{=?yq+
zPOBkz7o}{(mb<Bmg~PA)M2`dt1oIwtwW7?xVz$&H>7M^ZTL<vM{K7&^$)S&Igs6kL
z2AGbXl=3$GyE8#k)bI<jT*?z+#X*uMi8m6WqoeJ6vb|S0`?Y6i37yLX%MP#38wDom
z_(_oCG%@$lPk7jeSX3$k>~^B%hh1C!{jcO@A>ty$8#y4mm>L<o{&NX9(1LldsBo*B
zqrc}ocbEoS3|Z=rvnUkG+WjWP?GQr!?Y%uj8me8+4|f}G4Qb&N)sRx?;dk^|vL!dV
z<=!0;uzn-TByG`xY#$nSpCl7p)%=b?OjXcyrT`r2gL#WWp!CrH?#DBYP^t8Qyn=%F
z9Sl6Dh=CF=AykkD8ZwXeZ9zM@^_`bqGAC+U0HDRzA18-|gn%r*6#n`1X^(=dRx>j*
z(_?f40B%j0Q1W5W4As5WWTTj*<*)yHU*6%c5iK`vVSU7B_3D$WW69a9%kf<cH<ymu
zxP^mRX5T?u)Dxup)#Y45y(}Kc{Sxm>r>e)-d7kn4d(>rpQQux?KUIyh#2XxhBfZzq
zY4UMl$3<eQ6<>Ulq1637QZKY6lDJcaFS#{i;%@lR>Ra<4Gwg@WQw;dJKFzcXBd-r0
zUlbo%&*W(GK`8m_zWTlX@iI<NHT3S<l+W9*DMX}>-)^$5M%luSnP5%iG&a$+Fy_--
z!1E*t>Wo=o#)X8Xt3mG0KZ<S%g&Gof%=Fri`JPb{Bt)@s*nCWY?=(4bkd4R-u&s?u
zPFT-@udQ~crB|elgS7hkJ&=dRU@y)~$nQ{oWiB{|$t@W_K=ZYK?>I%AJc?j&;D|K)
z);XB6TM2ML=d34YD^W|xet5e|G5SGh%L%p;qms}@3F}#e6IDEzSAh|{u}G-yAX$;7
zpW&1Z42i3!h`n+&yJ<U8lKhd{N9Sdl53l(eO4?>6b`S<fq8|jbb9t&Mu^<}T{sfoh
z@euvgFdy}F$wR5s>B_bk@sou{2+rl)+7DBvl8T`vV<u@2HgMV>o)d@;et+M^fBM@0
zVIaWd0zAgogHTmTwde@KRfIatytVGr68<WKYI(EQ4>l~F{C#Rn^4~vabPxhNix4A1
z?f^5#0;0nJ9%ex>SOoqzKZ1!03^2e0&#Xj*gdB1wLqvepo+*GvB3Jq%+Sy|H!St?e
z2l4d>QcePgxEPuQ-|W?>EA+b_wl}rT#J+(YCA+a9)c+q}Qfw_A;0)YKqfG_(O}^o}
zBT|}yy>DlKh!sOLV@p}9tNMUZ8qvY7#DIl}T~bE}InriUkRZ0GCS}c;@)3?W(1T+*
zMFj6z@X=07D9o6Fh<`LkxhhOdvb^<&;Z6^}R)TMqBpLl+rpgOZu#h#JnR*UQoc-$S
zH_@kZD+AloM^4XU{k`B8v8MTOXwxO17;@>tPO+{C@xy~p9$&tZtSE_ibNiak+<9-$
z=8P-X=FjL0bSS-8JL*}rTOOpc`E=l^E=QSJmAzQlhpWN70>WUOQtW<(t6h(GCNw&v
zQr2-?fsaLtEEDLG(*&4E10D@|$_^%|u=l(bFXmu3cliQ)=lydW3xzH`@>w?1ReI67
zZ|_qRYiMhQp@!o3ugai4?caHDW-YecbvbjESf6vrs_1X0XvW9szpj;_jg@PIR&lJ>
z@!uyics?v6M)#9^4gLBR>-+!q{b1-OVn&gu>lZ5rT`HP3sr02ADJJdc4Kz5c-R9bd
zs!VvDc=83QL$Z=gm{&3~3|hD{XrelQVWi~~Ez`oj)kUGV!qZN1<!M;6HW_wn$9<#U
z5F={e-(S!*bcfvjF$Bw{{3pM>7%Hc**!MH;sWx1@E$Jk2^5Ab9AF1*^ylv(0Z=NFe
z5lF)SyJqi6(|0#O(!N^wC!rRH!)0ck*}3A-3$z5&JQ`8;4OsI)T#z;RY)(x1?jL)=
z3aPxYGzW<PGie$3e5kA;aGU8Dkc+e^K_U1qd>T4zyY+N-$1gjr$A98vN1501EQ@L)
zsa;n`TvGBqCw+YoaM50-<;KRwo?&ev>e3pZC>icgrkZJVeVMZf2*c(nr)YV8(HRQV
z5OZ(BWPaCo$3CA`yL|#y>%G=J$2YA=mqMGdILtWjWv;8`L~k!6EMWnof5?r70D#Kl
za7$k^*UEUH5wD7`dAPgZOM!m;gLZlsi7#(jTRz$<>u9$-GnvRM-Xqh(>p0q$Je;!G
zK#aBn8L~cY>P9GReQ_rYzM|Pn%Y^&06x1{vwKdTV50>kIVmVz(r%rRZC`9Tj7YaK*
z=gP^r=jXd0Edy0}E+}q%@J*GU7=pyRsQg-Ky>46K@8|C$5_*bR63ZZ`-NsyTAjp+x
zixPogF@C=lu=M?43lx8AKq^>N?r0RClQ&Pq6c}k@?1z%CAT<RBkM(vmUy+eyx9+Ut
zR03zG?+h&P8n`cW!430Z+_Km5dQVgBhNlFiSpc84bI4IH2wKHT=@2W&$jIiSMYx8W
z(;^7tH_wEwN&RI4wmSaO%CofoRqIT^`P37ek(43WPY}s)UQW*nh}izgnEMDHm`GNb
z+=_=g>=von(ZL}{>VU;2ZTA<XtQi}(7aa=o)DZ@2l|c*1nbL_Lz5&YBd(05su%snU
zD21%lea3XBg!Bnfb9NpsC)>i&l?JzM*`TyFk1&^fmD;U(QT@a$*8WXa&}3z#MSu`)
zXg9auhoj%d#J0_j=XtliM1zNXXR0YyWBA*Nzld>uj+Hz7=BzzZx5KpV?<Q(iD_Qq!
z4;|Pw&?JNfyyQ#~0mcD@7L$CksOZL8+L(58H4x=M`Jq#eUYiz$dFsR!eT{b9w%Sb&
zqsNG;&)cIE;05{lxtt7W8hkB=8dp%~Rs(Pqx-%eAl=GvG0*d(lZvzt~KPvNHwWn1>
zy5c{s_{K#0In%hC*8zE&>sYdvoa_g66k_&hfIrAFP598ML?Gr`FW1q`RQjM>)SefV
zO#G~Kby`|#%2)`$@G!-qQiic@PFc>s9`|ZuO;Ok!+)jfzIs_!1ccwJ-Ld4q8M#T}=
z_yy&9HI_d$5Mlf-{@cwH{gknGklc@Orh2+|G&IxVmvZ3xQJark7({_79L_B!qZfV$
zj`QEtSZt<_<A?7Et;K@k%HrV(cwMLxm?TpHF|R+;A*?L-TUY!Aj);pe$bevYOB?2Y
z|6l3=cxr2vVKDfGm-D15X%OBWV%HTT+p+7f3&Aa*0_SK~7>r{bK$sgD{qnDC`c}BJ
z`s?$j{R&qjCA__4-667_S|NQwd6!)%p^N&_<M(1iYoL*3{heim=0%Y$9U>`aeJenI
z$2M-FtLvV-QxRa#AUiHcoG0#5A0q~-BdsM;595H|A>5wGEV3tu9L4S>5@Z>NVB@=9
zrvu0|IR!`}3c%k`{v%f%N%FwNub~IRm53M&#?t!ii8nOGF?>0`m0e0gBDW+2yO$O?
ziI4z<b#0B++h?bBc>ndQ8L;iduuHcFJjcRIMB3u6>QBEubz(1!JN^T<j-7V6)L`P+
zk?h(yaMj3ZkTi18R1(<}dtOwQha_kBZ{D++c%<A1dn$neB>D$QkjEGV{2IR1=(vph
z_fI8yDkWjs9?1=FanL0Fi6h_kSJnsxCmpSjVL~5&MW^82CF}gi7_45Jv)@w*<h(a@
z_izd*D877o+?{-shS^8SGJxxEZEb;zxW}UM0Z3lCpFkS^s@%<^X-Fg5&=U6)uXbFv
zcZthPwnBz9PMvHipCFSvlT;7>KCEAat;pT=`R=+j`PUd(+u^G9P_Dpt(LO11_iyQq
ze64Eme>Wt^IL#OCSv0<c#WE+_PX>okfdULf;^+-wmHlCiwil)gRLghff8AO<KkXdj
zo60#n4*=Drli8^2a#3YhcWsb;=TG||8@m2eux~?_tSO~bplJc+$^d>ae2)~Ne1xLf
zBXsp9P)pw*1OR!^A)9aL^9I9a<!ahie1?!{#NVtDPPg~Qb!jFP_lujEK<oxnxlb#x
z<vEqT`NH0{`bZCc94YrHjlxW#WTkFxB%E%m;-=83n>=cNGEZ@F@z?yYw}(z%6k+av
z{Jhsss?X8+*N~<0$dBYNdaJCZif#k=8>zFNi8XRE9+Tfhb{yNXY1v*dP63o!mvnSk
zRGu`>6};MTw=2Hr9No`~?H8?>UM;UW%%1m7wJC4m2kb&Ks(}}HyP+)`$KDOkzXEti
zlHdK%4LNI960qKo%d3$hef_sz*#prIlv*U{wZHF|THV`@M(<s-)3Hc0%$FnuOHOH&
zb9P#DbGefuQK|-DjR_@tZ!aFxJcgz&ZtB3&@ZQ!|R;vH<L?R&5kqbLOTkm}TamAy4
zIHBPF_Omo<|8I|}(#>nmvRTro-P#72`_Rjx5;h|4yRO!VOUU>#Knn>>DBZi5E+6)J
zovWh(C#a5ac%T1Nhi#dJ-(?Ud&nWMLB8#Vgg+yDpyln4@J<IaRxsy8>;EbF$N&hic
zLj75rT*s}^z#Y3@h^>)Q_ianTcr8+G(;Y(h_ILVdOIfC}+hxOJaK#b)^k^;N816Sm
zt?LCs<6?uz4n|r1)gG1{u?m)J-8;?Di-gxUd&p78gV2%Qn->uU&F0<nU8p*`g9hnG
zZFoe8cIvckNJnvyFYg^TZzB`x)gGe$tKo_(Xo4bg@PZDvD4;y{4H$cS``_am0oDVD
zr=5!ef?4uZBz5-7BEa<DGm1At;VzA(!_9zf>%<6wBuFioHa;NQ^d20v*{ArylWJ(%
z+5qLY;6{WN-wp0-b_A7%{zkM-(fxtEi1X18R;%I_!E}+(x?UaT5{CzJ8ICVFZTBh|
z?ePMykf-H*4L|(Lpt>o)5Ou4p0!dJM5F5ZOx+$OQo^fcH3x0XXw~5%FM}W`9E3PkK
z%@b>9hM8w}6qir3+&=XQ)A1-n{_(c)Saf)maH<+V{_@CUsl28IO-`GSl7u5x=IGta
z2DLOso3;L<Iik?D-*Z<omZauB(2{T1^n-#2pt-eL(4%);%j@+=`K!*oS?qOUHoFBm
zwufuu1=$e{v%*9urK#}CNTg^1wJANZ6yk<D(R^fE+u+9?EOyA0@P*y_W@HRr$#=?U
z01@NM#Y=81S#jH6c1BwU(4A{mn%71!InSxtC9rB2U$SA^PCi$lla5Hz&kvzMi_J@S
z(c<+%n<@jIc}LaP^fVD#B0c=CnYGFzaQy@6u&pzkS78b#k(gBscmLNae2|w3+O#@u
zcA;+sEcq01|2YJkd087PkjuVScC8db8J`LqCpV@KK1H4)j(D{E%X69t8?5s0n*xRh
zXy)FT?ePk_sy!<Mgmdo%fDHoLLA%m_`e4Ix&_*$G_0UQji2eK4Q~=Eo`oAsnf7#Ig
zF&waKQg5$w!TW$<UcZmcg?V}VKIRgVG%VQ#uR|stpxxwuun!Iz!`|QUHZPBH0Zrph
zX!>p8>KF9}2BJQxVqw2e!YClb3z)pPZE5r>E%w@%eRL2*2J@=;f}@)&g-WqozrrE`
ziK8V<z^(z8hAf^ULc5y~33SVaCRIu?OsFg)&W4w}tA)rGhN^Nck-iNlbM#ErlxMCe
z^I2(y%kW_@ncE#XbFNsgbM_$pquq)C{z9F2ZSeJEg(R!z%K`EW)ovpbCXkU7b+mQ!
zlerfeHBGZp0X5y;x%xw^^YI$?!Gl^^@>xFT7EaB3>>}xdD2(NdX~K`HJbDb+tX=jk
z)e|osDV17b^W!<(o-W+;fS3($5w$PqM~$N)ak?(+if7I%pd#&Ltl;Uw=jOxuDI4i;
zv9iOfovMBNs36{We7UOb`H<<wmbf`L?xy#Tx(TyNT2^Bo5^1aK8Q93a`E-Z<<30Q8
zLha-FfUc%2Z)zR<!-Eg4E}?zVIYQ(gmt-qcG1g9<6mr#c2l-St09G3K3>-#K>bkwq
zX&Ztli!nr3nH%*$y;aTj?_tIFhwUyzB;0zL_=Jx;_}(o(zNeXkCTJ~@m>#u@pEC1%
zW;fQ^^*G$iKM&{*NZKZceUSN=i%g2J|9uX?q}l-Tnf-^z_fH>;6eEH<LfZp6zXx`9
z5x+qjd^f29CJNc}o&Pzy|HJ72S+L+TL{rN@Y_jbd$XIXye6Ao6k%`lVKg+e~{yhx;
zr#lfL_8&>GPacoLe*1D2*J|Q)d!RRe|6n{+&}s4CfzXqWoznScS6OZcY@CM%P*aGu
zKkUnZ_P0j)_<5;A^&ywda}5p~3r0{R!`9V_C$?n9Ido7aK_7u7s1-S6hZuM3m{pMO
z3x25(BZohDcBm9@d-AWKj55-xQnPv9!8yBF$NPp-(Zpjm78AgKJ+|H-DOo>u%yIrf
z%&j)Of+F>MM4CO_B;oR%epkQQ?0)>4xoAEeSZ`8ays3-V0L-M5Eq%_?cENAvE1V6x
zVzh=l63pA13*4w?)7sc~vHl8u+Lj563isKg4L=mVq{q1*3B9db@%YWgZ2^f#Vd3_p
z=}_ci@%=9h9#9ZZE*7A7-AGf5&x~WrkGU5fx2L`^TPc|%Q4GGX9?tj6@CeVb(?^&8
zG9nzAwE#ABU4JiE*yz1G0)!+RUHg*icz!07K5po6Fs_S@V<4GO9nu6gw|7ETb+ZOV
zMv_<NnKR{AWSpJ1GSudd_Dgy=<&|uE=4J@-ReYC(ry7CaW)TJs1Din*@8GNTo*lwq
zA7YGT)1tTUiSTJe_MUPsQ@jm7-k+_6txfI~M*jUgJ%PvrD&7A@Ap9HojesEWuM!6r
z!V#nEXoPqH6zSk_f0sNnHFCOx8<qdq-P-!MbjtJp!}LMc0=R}mx^7-xUby~#dbAgh
z?x2ab%XQjt;!DE%$cXUoWQyh=WwF~=w)!>xyTLB=A`x&CK%r9JcDNzs_W?=^j+O?z
z%HQK-jS}?3Yd*JfcAEcaTa<T~Gz`W69W$m0drpv7n*yZ|2esH@w*qvX%kdc-cWYCf
z(Sjcy#YLnMCsO0P{nW#w)2npmYks0K)!g^E`=wnsN|<a+`_^;^zU#nW^)9aF8rv-W
zuCEdZm&#W?-^{FG2lH#sNSpQpkGed6Yn~R;7ailEb;NAL@n>@T8O&*q2iNKC2Pr){
zGYwsy9a2$|<Bua}#t#1m@^29><-0R`RBGg@sA%mMyW#EU%JZ?dJ~L!41l!gx>}$|k
zMsdlO^8cQ^ht4ba19k$4OV`|Hpj8d|q8=?`<XYanRPh^X`<P8queb4da_a@mhl)?-
zVX6p^0P{RS@(-t<Yv|2~d$6nCzWVK%apOHR4>oa+8Sc#OFB`~fRaLFzyRpe0EW3BH
z=$-XX4u6m6bzT8<4A5escMNo`XD@AuN);h))9803G-HAZ6~MY@=96-SLHNIYl=Gh$
z@;4M{Cu+<eadU~Eio_XIS7Nchjp=_}^7^}6R>=jFoyuS*V`F2zG*3_xJko2aKm>Ku
z^4iTTXp+=bs)Ijzsx1l>?1FO#hkQI~%@56x5t`~V8$xY<E~?+dJRurGYvaUZr*`?H
z_&Y-SJU6I7x3~yYRJ>dX=-bsfa+Hxa@_AzULK{$4y@5z-asg;WrW0^M&)UaZ0lWGs
zf_oZhgE|^X^xytAxlkqptw{kL1q$&n{Zy&k=Lg+re5PKIEF?Hc9s4d+b^)r1RuWBX
zCWj>^By{E;kf%}I5!U7BqPmh~9XndfljV@&MLF}_`dyJjH$VZQ_m~wL)Ae3D#b=u+
zDZ#LP<#&6n<DllU6!+TD7Nt_&Ht_uK=Y*8J-5h5BN(dsw<T>OkXU65#sxGf1fY{&!
zpUj^BYmnDdoqEb~uU=QrLk6WzP|PV~Sn+t$G7PF1VvahhXxNtU@{gv?e~6(VAN(w5
zNO|q6Zm)tA^)-{%&+B@oGfGO}^#9!Udb>_ar}ZkR`0q)rfE5`V^R~jj9{9Q(!B$d5
zx|djidb+b?In90;CR2pRUo29s|MvPdz8H&Be36S>SPjR+j=!#!M+MRff*;m8s)UJn
zIh5`nmCwCKS5jn^Yu+AuGr<{!sm_1TTgfcYE9f0g8v3|nKC~@xZS4yS+5BmV>awYi
zVU_59??EJ_7xaSkE=^~9UPoIcal^!G_tH9V1t+(e(H=v|2Tw6$U(d{gn*WWw{y*`C
z{H>d}1wH&d-qZ%XwR!7|BkW!dVFSMKmTx@GNom%tfMmSxFd{uy70{l|(euMWmbkI=
zQ^^|rl$tmybW5;rD83>Sm45qnwh)j@gWhqrNEI`6)NZc%jvQX57!dQ-m93uiZ_yf>
z?~$z3HJGHoGBWGqXyW^cuLE`hHpo*m$i&Tq{+BRn=<;Pj)J)&a>Z+>?_j`S2s*s&_
z^ifA`-mnkWcuv$rA|J9&&K(?ie`{N~WM}z%K7pS!Jj~Pk$r0tph?J8wY>tjzJ??dk
zY&qWv4C?Q9KV$mZ9)I64v{6q6y-iT}Xj$|(U@$9T3k#&3lT~mry5~6vT$B-*2L@<;
zZqnAyPi`Q~A5N-+^KZ@1=gFI@FoI>vjvboIEvB_c(dzD7KbLEI3UqUq_iTI{bX?Uq
zJ6?OB!b0DH0j+^au^PM7jn<?`W$$&4eFY%4k`x`y8W&W2jRIP`fR<M&2Rbw<pbP<u
z5%V<*pgU<q1szmdT3P9Bg*9?s0$mzPimpXM6Fq6ZJIT7cZyje7fn}Z3Cgbrw$pL<x
zpkYWw2xEYW6@p2wrq7fI41yxN)b4h|M#V6QVL2#BJrGMKgF?oiF)g>KmUlHld;zIo
zKWcN58FZ=92lIvlEn@|;C!j)<z~txt3;%sF)C*KBwiS{-QfRFSh3{xT2=G4HNNYZX
z@%q6x&u|_oc`4^I^%-=E>%lc6K&f^`r5d5^>{L!s;N=B951_3Ev_qXH5KjYg4mlT`
zq)7nG<~Eb`^I(wIy*X-g_Ar1fm8lNsUIdK7UL;Ks^xf<k)D!I0GzQMu4g{$0mnTPg
zKnK-Lp<p?{bTE#U`h}5*E2aV$9$7M%M7>>fxm0pyp=-m6OO4<FO7)XL^<i?riOIH%
zg9F0Q_spi}Z+0l>vmd`=gK+Y`+k^m$!DYu`@=+Tgxu~$8RwBAao1SQ%9=Ju|cge|#
zI8PK{Ma)YOj=W*quxuFQk9F1?yk|FQiFDTTYwr$wwCXIU>+>vYZam#U_k^NO)zd!&
z*2bIdw&qR=6XP~D6xGIdOgE%u3U(9KZ9sdu5q4vkFTis>>mf?K#CGy83ae~r9Og1F
z!|sJr{u+-@%p2oOhD|A4Va!U3JcOKVrr8WwnbAubST6p|lKcCrE%Pr`TRkV!wAA!s
z@YB)#aHqn;DEh+FrFb7ASyyjzTy2ZDrj*kLQk46ln2OPLviG}^3i5y(o1uI?>k*GG
zJo9(C*H{;+|3*Iju)s}FjTIDRN?rSv<7Z;VhxETwc4ou<(VwjIyi5<Ah1b|)xOy6Q
zBw%W$Thi)^h7;h1PWpH6dY<P!T-NLOhxH~RK_B+QC!_ZCYSz6{lev!fcUpDdW3S`e
zuGZz%bk2py{ZjE9Q|@nZTGfcLrgh1+d!vUw)^n0K(jWY_a<5SK=fkr8>@Esf^q%Qk
zxUB=iW7K3=5NF9Yi=BgsfOa}%OHlNcTy1N<kaOeUhA4~Su!hr`7FV^z*^%3qOrqz4
z4lAm4DuZM_Ku=*#vu18yIj&IpQmH^lpP&4y(VF{4n!K0x?z-u^^q0|`^0A>&a5R&A
z2?oSVg7YuCyiGbA)zt=>yf}$yX3eW%kJ>+8xb2QnZvFObP;{k})FzR3cPQp@ieCCX
zj#VMyrh(d*+e2w@oPu$eN7kjpmpXVBZS!^`>bbnCc5GvTx&=14lj&g71ej&uI)_c;
zW7=1-Q0d0KlM7C|C<sh<QG^(^2#h~m2w@Wi6fKpl>uBIbyPyv?v~T`(g<CNAjtCl_
zZwBUq3c>2j7d*gq0uKT|`TIvWU|7gu;Lwm8Q6_V{^n}|ap0mBW8{nry5KT3m>jl>=
Gp8OvgG%=<C

literal 0
HcmV?d00001

diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
new file mode 100644
index 0000000000..9467b896ff
--- /dev/null
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -0,0 +1,58 @@
+---
+title: MultiSIM CSP
+description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 02/27/2018
+---
+
+# MultiSIM CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
+
+
+The following diagram shows the MultiSIM configuration service provider in tree format.
+
+![MultiSIM CSP diagram](images/provisioning-csp-multisim.png) 
+
+<a href="" id="multisim"></a>**./Device/Vendor/MSFT/MultiSIM**  
+Root node.
+
+<a href="" id="tbd"></a>**_ModemID_**  
+Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem.
+
+<a href="" id="modemid"></a>**_ModemID_/Identifier**  
+Modem ID.
+
+<a href="" id="tbd"></a>**_ModemID_/IsEmbedded**  
+Indicates whether this modem is embedded or external.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots**  
+Represents all SIM slots in the Modem.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_**  
+Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
+Slot ID.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
+Indicates whether this Slot is embedded or a physical SIM slot.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
+Indicates whether this Slot is selected or not.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/State**  
+Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)
+
+<a href="" id="tbd"></a>**_ModemID_/Policies**  
+Policies associated with the Modem.
+
+<a href="" id="tbd"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
+Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.
\ No newline at end of file
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
new file mode 100644
index 0000000000..ccdbecbaee
--- /dev/null
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -0,0 +1,291 @@
+---
+title: MultiSIM DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 02/27/2018
+---
+
+# MultiSIM CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **MultiSIM** configuration service provider.
+
+The XML below is for Windows 10, version 1803.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>MultiSIM</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Subtree for multi-SIM management.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/MultiSIM</MIME>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName></NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Node representing a Mobile Broadband Modem. The node name is the Modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded Modem.</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrMore />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>ModemID</DFTitle>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>Identifier</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Modem ID.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>IsEmbedded</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Indicates whether this Modem is embedded or external.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Slots</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Represents all SIM slots in the Modem.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName></NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.</Description>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrMore />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFTitle>SlotID</DFTitle>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>Identifier</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Slot ID.</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IsEmbedded</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Indicates whether this Slot is embedded or a physical SIM slot.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IsSelected</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>Indicates whether this Slot is selected or not.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>State</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>Policies</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Policies associated with the Modem.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>SlotSelectionEnabled</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 4ff04b5dba..46bd55a93f 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1436,6 +1436,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 <p>Updated the AssigneAccessConfiguration schema.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
 </tbody>
 </table>
 

From db84b10467d243b3d1d90b8c52533f3a51b599c8 Mon Sep 17 00:00:00 2001
From: "Andrea Bichsel (Aquent LLC)" <v-anbic@microsoft.com>
Date: Fri, 2 Mar 2018 00:14:42 +0000
Subject: [PATCH 062/119] Changed topic title.

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index fdfc93411b..5734a9da08 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -245,7 +245,7 @@
 
 
 
-### [Reference topics for management and configuration tools](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
+### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
 #### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
 #### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
 #### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)

From 26c7dbceed80822f52fc7e2235ee5579550fa84f Mon Sep 17 00:00:00 2001
From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com>
Date: Fri, 2 Mar 2018 13:54:38 +0000
Subject: [PATCH 063/119] Update wcd-accounts.md

Replace %SERIALNUMBER% with %SERIAL%
%SERIALNUMBER% does not exist and if you use it the ppgk fail. in WCD tool it is %SERIAL% that is documented and works.
---
 windows/configuration/wcd/wcd-accounts.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 5be53d2953..2df8e81ee7 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -42,7 +42,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
 | --- | --- | --- |
 | Account | string  | Account to use to join computer to domain  |
 | AccountOU | string  | Name of organizational unit for the computer account  |
-| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer less than 15 digits long, or using %SERIALNUMBER% characters in the name.</br></br>ComputerName is a string with a maximum length of 15 bytes of content:</br></br>- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.</br></br>- ComputerName cannot use spaces or any of the following characters: \{ &#124; \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.</br></br>- ComputerName cannot use some non-standard characters, such as emoji.</br></br>Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](http://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
+| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer less than 15 digits long, or using %SERIAL% characters in the name.</br></br>ComputerName is a string with a maximum length of 15 bytes of content:</br></br>- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.</br></br>- ComputerName cannot use spaces or any of the following characters: \{ &#124; \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.</br></br>- ComputerName cannot use some non-standard characters, such as emoji.</br></br>Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](http://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
 | DomainName | string (cannot be empty) | Specify the name of the domain that the device will join  |
 | Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain.  |
 
@@ -55,4 +55,4 @@ Use these settings to add local user accounts to the device.
 | UserName | string (cannot be empty)  | Specify a name for the local user account  |
 | HomeDir | string (cannot be ampty) | Specify the path of the home directory for the user |
 | Password | string (cannot be empty)  | Specify the password for the user account |
-| UserGroup | string (cannot be empty) | Specify the local user group for the user |
\ No newline at end of file
+| UserGroup | string (cannot be empty) | Specify the local user group for the user |

From 8e180c493aad40d08eecad5f9ec63d5702c58412 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Fri, 2 Mar 2018 16:50:06 +0000
Subject: [PATCH 064/119] Merged PR 6127: Added note about ShellLauncher in
 AssignedAccess CSP

added note about ShellLauncher in AssignedAccess CSP
---
 windows/client-management/mdm/assignedaccess-csp.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 99f4d3a1a1..554704a16d 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/22/2018
+ms.date: 03/01/2018
 ---
 
 # AssignedAccess CSP
@@ -62,7 +62,8 @@ The supported operations are Add, Delete, Get and Replace. When there's no confi
 Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
 
 > [!Note]  
-> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.
+> You cannot set both KioskModeApp and Configuration at the same time on the device in Windows 10, version 1709.  
+> You cannot set both ShellLauncher and Configuration at the same time on the device.
 
 Enterprises can use this to easily configure and manage the curated lockdown experience. 
 
@@ -98,6 +99,9 @@ Supported operation is Get.
 <a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**  
 Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
 
+> [!Note]  
+> You cannot set both ShellLauncher and Configuration at the same time on the device.
+
 <a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
 Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
  

From d66a0c4bf4862491ddf5fc4bf1b70ad1de971e26 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 2 Mar 2018 13:08:05 -0800
Subject: [PATCH 065/119] adjusted headings further and fixed broken note

---
 .../update/olympia/olympia-enrollment-guidelines.md    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index b62d56b89b..fadfe3f2c5 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -23,7 +23,7 @@ As an Olympia user, you will have an opportunity to:
 -   Provide feedback.
 -   Interact with engineering team members through a variety of communication channels.
 
-[!Note]
+>[!Note]
 >Enterprise features may have reduced, or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
 
 For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
@@ -38,13 +38,13 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Ent
 
 Choose one of the following two enrollment options:
 
-- [Keep your current Windows 10 edition](#enrollment-keep-current-edition)
+- If you need to keep your current Windows 10 edition, follow the steps to [set up an AAD-registered device](#enrollment-keep-current-edition). However, you will not be able to log on to the device with your Olympia account.
 
-- [Upgrade your Windows 10 edition from Pro to Enterprise](#enrollment-upgrade-to-enterprise)
+- If you want to upgrade your Windows 10 edition from Pro to Enterprise, follow the steps to  [set up an Azure Active Direcotry-joined device](#enrollment-upgrade-to-enterprise). You will be able to log on to the device with your Olympia account.
 
 <a id="enrollment-keep-current-edition"></a>
 
-### Set up an Azure Active Directory REGISTERED Windows 10 device
+### Set up an Azure Active Directory-REGISTERED Windows 10 device
 
 This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information.
 
@@ -80,7 +80,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
 
 <a id="enrollment-upgrade-to-enterprise"></a>
 
-### Set up Azure Active Directory JOINED Windows 10 device
+### Set up Azure Active Directory-JOINED Windows 10 device
 
 -   This method will upgrade your Windows 10 Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup) for more information.
 

From 007ba53bd749048378f382a0c6d576045da9c4a1 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 2 Mar 2018 13:28:16 -0800
Subject: [PATCH 066/119] fixed typo

---
 .../update/olympia/olympia-enrollment-guidelines.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index fadfe3f2c5..960b9a929f 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -5,8 +5,8 @@ ms.author: nibr
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: nickbrower
-ms.date: 02/28/2018
+author: jaimeo
+ms.date: 03/02/2018
 ---
 
 # Olympia Corp
@@ -40,7 +40,7 @@ Choose one of the following two enrollment options:
 
 - If you need to keep your current Windows 10 edition, follow the steps to [set up an AAD-registered device](#enrollment-keep-current-edition). However, you will not be able to log on to the device with your Olympia account.
 
-- If you want to upgrade your Windows 10 edition from Pro to Enterprise, follow the steps to  [set up an Azure Active Direcotry-joined device](#enrollment-upgrade-to-enterprise). You will be able to log on to the device with your Olympia account.
+- If you want to upgrade your Windows 10 edition from Pro to Enterprise, follow the steps to  [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). You will be able to log on to the device with your Olympia account.
 
 <a id="enrollment-keep-current-edition"></a>
 

From c3e38ffe79b151d532ebb6dce1bbfb4fa3b3db11 Mon Sep 17 00:00:00 2001
From: Oliver Kieselbach <oliver.kieselbach@outlook.com>
Date: Mon, 5 Mar 2018 10:02:01 +0100
Subject: [PATCH 067/119] Update policy-csp-deliveryoptimization.md

verified with the latest RS4 build the DO settings have changed to a better naming scheme:
DOPercentageMaxBackDownloadBandwidth -> DOPercentageMaxBackgroundBandwidth
DOPercentageMaxForeDownloadBandwidth -> DOPercentageMaxForegroundBandwidth
---
 .../mdm/policy-csp-deliveryoptimization.md             | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 1a7ca48cee..94134afb5a 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -76,13 +76,13 @@ ms.date: 01/30/2018
     <a href="#deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
   </dd>
   <dd>
-    <a href="#deliveryoptimization-dopercentagemaxbackdownloadbandwidth">DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth</a>
+    <a href="#deliveryoptimization-dopercentagemaxbackgroundbandwidth">DeliveryOptimization/DOPercentageMaxBackgroundBandwidth</a>
   </dd>
   <dd>
     <a href="#deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
   </dd>
   <dd>
-    <a href="#deliveryoptimization-dopercentagemaxforedownloadbandwidth">DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth</a>
+    <a href="#deliveryoptimization-dopercentagemaxforegroundbandwidth">DeliveryOptimization/DOPercentageMaxForegroundBandwidth</a>
   </dd>
   <dd>
     <a href="#deliveryoptimization-dorestrictpeerselectionby">DeliveryOptimization/DORestrictPeerSelectionBy</a>
@@ -1015,7 +1015,7 @@ The default value is 20.
 <hr/>
 
 <!--Policy-->
-<a href="" id="deliveryoptimization-dopercentagemaxbackdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth**  
+<a href="" id="deliveryoptimization-dopercentagemaxbackgroundbandwidth"></a>**DeliveryOptimization/DOPercentageMaxBackgroundBandwidth**  
 
 <!--SupportedSKUs-->
 <table>
@@ -1063,7 +1063,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
 
 <!--Description-->
-This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead.
+This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead.
 
 <!--/Description-->
 <!--/Policy-->
@@ -1071,7 +1071,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
 <hr/>
 
 <!--Policy-->
-<a href="" id="deliveryoptimization-dopercentagemaxforedownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth**  
+<a href="" id="deliveryoptimization-dopercentagemaxforegroundbandwidth"></a>**DeliveryOptimization/DOPercentageMaxForegroundBandwidth**  
 
 <!--SupportedSKUs-->
 <table>

From f98eada4800bc319badedfb530894464a0ef209c Mon Sep 17 00:00:00 2001
From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com>
Date: Mon, 5 Mar 2018 16:33:35 +0100
Subject: [PATCH 068/119] Update manage-settings-with-mdm-for-surface-hub.md

Reboot the device immediately is now supported in intune
---
 devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 7e530429bf..735c1a071f 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -147,7 +147,7 @@ The following tables include info on Windows 10 settings that have been validate
 
 | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
 | --- | --- | --- |---- | --- | --- |
-| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | No | No | Yes |
+| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
 | Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
 | Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.

From 16b8330ae34681a99fadc0f8a622c94323f6ee30 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Mon, 5 Mar 2018 09:50:56 -0800
Subject: [PATCH 069/119] adjusted text per PM; fixed reversed acronyms

---
 .../update/olympia/olympia-enrollment-guidelines.md       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index 960b9a929f..d0f1443d45 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -17,14 +17,14 @@ Windows Insider Lab for Enterprise is intended for Windows Insiders who want to
 
 As an Olympia user, you will have an opportunity to: 
 
--   Use various Enterprise features like WIP (Windows Information Protection), ATP (Advanced Threat Protection), WDAG (Windows Defender Application Guard), and APP-V (Application virtualization).
+-   Use various Enterprise features like Windows Information Protection (WIP), Advanced Threat Protection (ATP), windows Defender Application Guard (WDAG), and Application Virtualization (APP-V).
 -   Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness.
 -   Validate and test pre-release software in your environment.
 -   Provide feedback.
 -   Interact with engineering team members through a variety of communication channels.
 
 >[!Note]
->Enterprise features may have reduced, or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
+>Enterprise features might have reduced or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the Enterprise features at any time without notice.
 
 For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ).
 
@@ -38,9 +38,9 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Ent
 
 Choose one of the following two enrollment options:
 
-- If you need to keep your current Windows 10 edition, follow the steps to [set up an AAD-registered device](#enrollment-keep-current-edition). However, you will not be able to log on to the device with your Olympia account.
+- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympa) account.
 
-- If you want to upgrade your Windows 10 edition from Pro to Enterprise, follow the steps to  [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). You will be able to log on to the device with your Olympia account.
+- If you are running Windows 10 Pro, we recommend that you upgrade to Windows 10 Enterprise by following these steps to  [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account.
 
 <a id="enrollment-keep-current-edition"></a>
 

From b4c335d82a5cf9b0072ca3448fd127098bea4f67 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Mon, 5 Mar 2018 10:14:24 -0800
Subject: [PATCH 070/119] fixed another typo

---
 .../deployment/update/olympia/olympia-enrollment-guidelines.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index d0f1443d45..dea0940ed3 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -38,7 +38,7 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Ent
 
 Choose one of the following two enrollment options:
 
-- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympa) account.
+- To set up an AAD-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account.
 
 - If you are running Windows 10 Pro, we recommend that you upgrade to Windows 10 Enterprise by following these steps to  [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account.
 

From e988832a49d35c7e737169d951f6d84466dd7d83 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 5 Mar 2018 13:04:32 -0800
Subject: [PATCH 071/119] add data protection and encryption

---
 ...privacy-windows-defender-advanced-threat-protection.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index a15378b6ad..de6f546342 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -40,6 +40,14 @@ Microsoft uses this data to:
 
 Microsoft does not use your data for advertising or for any other purpose other than providing you the service.
 
+## Data protection and encryption
+The Windows Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
+
+Among the various data protection technologies used ensures that customer data is <u>always</u> encrypted. For more information on the encryption technologies used by Windows Defender ATP, such as encryption at rest, encryption in flight, and key management with Key Vault and other technologies, see [Azure encryption overview](https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview). 
+
+In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
+
+
 ## Do I have the flexibility to select where to store my data?
 
 When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not under any circumstance, transfer the data from the specified geolocation into another geolocation.

From be808fcc29247e593c8855f1636061fac77bebad Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 5 Mar 2018 14:16:04 -0800
Subject: [PATCH 072/119] update second sentence

---
 ...orage-privacy-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index de6f546342..9527ae1022 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -43,7 +43,7 @@ Microsoft does not use your data for advertising or for any other purpose other
 ## Data protection and encryption
 The Windows Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
 
-Among the various data protection technologies used ensures that customer data is <u>always</u> encrypted. For more information on the encryption technologies used by Windows Defender ATP, such as encryption at rest, encryption in flight, and key management with Key Vault and other technologies, see [Azure encryption overview](https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview). 
+Among the various data protection technologies used ensures that customer data is <u>always</u> encrypted. For more information on the major areas of encryption, including encryption at rest, encryption in flight, and key management with Key Vault and other technologies used by the Windows Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview). 
 
 In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
 

From 3920896b23a318ad173ddb659f34da788244b678 Mon Sep 17 00:00:00 2001
From: Barry Langer <barlan@microsoft.com>
Date: Mon, 5 Mar 2018 15:16:28 -0800
Subject: [PATCH 073/119] spelling error in article description

---
 ...nfigure-real-time-protection-windows-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
index 96199b29be..ab4cd78ac7 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
 title: Configure always-on real-time protection in Windows Defender AV
-description: Enable and configure real-time protectoin features such as behavior monitoring, heuristics, and machine-learning in Windows Defender AV
+description: Enable and configure real-time protection features such as behavior monitoring, heuristics, and machine-learning in Windows Defender AV
 keywords: real-time protection, rtp, machine-learning, behavior monitoring, heuristics
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -100,4 +100,4 @@ The main real-time protection capability is enabled by default, but you can disa
 ## Related topics
 
 - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
-- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
\ No newline at end of file
+- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

From 78d02f6453c9443d19e3080d870876e07cf0c424 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 06:35:12 -0800
Subject: [PATCH 074/119] add threat analytics

---
 ...ows-defender-advanced-threat-protection.md | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md

diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..13b4081355
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,51 @@
+---
+title: Windows Defender Advanced Threat Protection Threat analytics
+description: Get a tailored organizational risk evaluation and actionable steps you can take to minimize risks in your organization.
+keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 03/05/2018
+---
+
+# Threat analytics for Spectre and Meltdown
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+[Spectre and Meltdown](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/) is a new class of exploits that take advantage of critical vulnerabilities in the CPU processors, allowing attackers running user-level, non-admin code to steal data from kernel memory. These exploits can potentially allow arbitrary non-admin code running on a host machine to harvest sensitive data belonging to other apps or system processes, including apps on guest VMs.
+
+Mitigating these vulnerabilities involves a complex multivendor update. It requires updates to Windows and Microsoft browsers using the [January 2018 Security Updates from Microsoft](https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99) and updates to processor microcode using fixes released by OEM and CPU vendors.
+
+## Prerequisites
+Note that the following requirements and limitations of the charts and what you might be able to do to improve visibility of the mitigation status of machines in your network:
+
+- Only active machines running Windows 10 are checked for OS mitigations.
+- When checking for microcode mitgations, Windows Defender ATP currently checks for updates applicable to Intel CPU processors only.
+- To determine microcode mitigation status, machines must enable Windows Defender Antivirus and update to definition version 1.259.1545.0 or above.
+- To be covered under the overall mitigation status, machines must have both OS and microcode mitigation information.
+
+## Assess organizational risk with Threat analytics
+
+Threat analytics helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of the following mitigations:
+
+- **OS mitigation**: Identifies machines that have installed the January 2018 Security Updates from Microsoft and have not explicitly disabled any of the OS mitigations provided with these updates
+- **Microcode mitigation**: Identifies machines that have installed the necessary microcode updates or those that do not require them
+- **Overall mitigation status**: Identifies the completeness by which machines have mitigated against the Spectre and Meltdown exploits 
+
+Click a section of each chart to get a list of the machines in the corresponding mitigation status.
+
+
+

From 35d0918f3f3910aab6ab805b3ee18def2258954f Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 06:38:36 -0800
Subject: [PATCH 075/119] add ta in toc

---
 windows/security/threat-protection/TOC.md                     | 1 +
 ...t-analytics-windows-defender-advanced-threat-protection.md | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 5734a9da08..455e43f8c8 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -40,6 +40,7 @@
 #### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
 #### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
 #### [View the Security analytics dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Threat analytics dashboard](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 
 ###Investigate and remediate threats
 ####Alerts queue
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
index 13b4081355..407b49a995 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/05/2018
+ms.date: 03/06/2018
 ---
 
 # Threat analytics for Spectre and Meltdown
@@ -23,7 +23,7 @@ ms.date: 03/05/2018
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-[!include[Prerelease information](prerelease.md)]
+
 
 [Spectre and Meltdown](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/) is a new class of exploits that take advantage of critical vulnerabilities in the CPU processors, allowing attackers running user-level, non-admin code to steal data from kernel memory. These exploits can potentially allow arbitrary non-admin code running on a host machine to harvest sensitive data belonging to other apps or system processes, including apps on guest VMs.
 

From 1042e5d0460186a106a7177679122728bc794fd0 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 06:40:41 -0800
Subject: [PATCH 076/119] typo

---
 ...eat-analytics-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
index 407b49a995..6fa550565a 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
@@ -30,7 +30,7 @@ ms.date: 03/06/2018
 Mitigating these vulnerabilities involves a complex multivendor update. It requires updates to Windows and Microsoft browsers using the [January 2018 Security Updates from Microsoft](https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99) and updates to processor microcode using fixes released by OEM and CPU vendors.
 
 ## Prerequisites
-Note that the following requirements and limitations of the charts and what you might be able to do to improve visibility of the mitigation status of machines in your network:
+Note the following requirements and limitations of the charts and what you might be able to do to improve visibility of the mitigation status of machines in your network:
 
 - Only active machines running Windows 10 are checked for OS mitigations.
 - When checking for microcode mitgations, Windows Defender ATP currently checks for updates applicable to Intel CPU processors only.

From e97a0505df283507ebf864f7e3151ef537db40f8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 15:10:51 +0000
Subject: [PATCH 077/119] Updated TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 455e43f8c8..e0c3ba2050 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -40,7 +40,7 @@
 #### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
 #### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
 #### [View the Security analytics dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Threat analytics dashboard](windows-defender-atp\threat-analytics-windows-defender-advanced-threat-protection.md)
 
 ###Investigate and remediate threats
 ####Alerts queue

From c2d82b4081e68940da5b35ff2518db97517c1ed5 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 08:07:55 -0800
Subject: [PATCH 078/119] update data encyrption

---
 ...ge-privacy-windows-defender-advanced-threat-protection.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 9527ae1022..a650f8fe1f 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/14/2017
+ms.date: 03/06/2018
 ---
 
 # Windows Defender ATP data storage and privacy
@@ -43,7 +43,8 @@ Microsoft does not use your data for advertising or for any other purpose other
 ## Data protection and encryption
 The Windows Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
 
-Among the various data protection technologies used ensures that customer data is <u>always</u> encrypted. For more information on the major areas of encryption, including encryption at rest, encryption in flight, and key management with Key Vault and other technologies used by the Windows Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview). 
+
+There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Windows Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview). 
 
 In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
 

From aec2f06ef702205ab315941fb0a4df43c4535233 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Tue, 6 Mar 2018 17:25:43 +0000
Subject: [PATCH 079/119] Merged PR 6178: fix format

---
 .../provisioning-packages/provision-pcs-with-apps.md      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index d933b0bc8f..4c5d461287 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -73,7 +73,7 @@ When you add an app in a Windows Configuration Designer wizard, the appropriate
 
     ![enter settings for first app](../images/wcd-app-commands.png)
 
-### Add a universal app to your package
+## Add a universal app to your package
 
 Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer. 
 
@@ -108,7 +108,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 
 
-### Add a certificate to your package
+## Add a certificate to your package
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. 
 
@@ -123,11 +123,11 @@ Universal apps that you can distribute in the provisioning package can be line-o
 5. For **KeyLocation**, select **Software only**. 
 
 
-### Add other settings to your package 
+## Add other settings to your package 
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
-### Build your package
+## Build your package
 
 1. When you are done configuring the provisioning package, on the **File** menu, click **Save**.
 

From d6ac216e4d1a770e9dc4e490bec7ddb11e72b333 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Tue, 6 Mar 2018 18:32:08 +0000
Subject: [PATCH 080/119] Merged PR 6182: Add section for new diagnostic tool

---
 devices/surface-hub/change-history-surface-hub.md         | 8 +++++++-
 .../create-and-test-a-device-account-surface-hub.md       | 4 +++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index b82d427482..d0cb5eb932 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 02/16/2018
+ms.date: 03/06/2018
 ms.localizationpriority: medium
 ---
 
@@ -16,6 +16,12 @@ ms.localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## March 2018
+
+New or changed topic | Description
+--- | ---
+[Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Added section for account verification and testing, with link to new Surface Hub Hardware Diagnostic app. 
+
 ## February 2018
 
 New or changed topic | Description
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index 470db2937e..cc5d233b08 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 07/27/2017
+ms.date: 03/06/2018
 ms.localizationpriority: medium
 ---
 
@@ -57,7 +57,9 @@ For detailed steps using PowerShell to provision a device account, choose an opt
 If you prefer to use a graphical user interface (UI), some steps can be done using UI instead of PowerShell. 
 For more information, see [Creating a device account using UI](create-a-device-account-using-office-365.md).
 
+## Account verification and testing
 
+There are two methods available that you can use to validate and test a Surface Hub device account: [account verifications scripts](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts) and the [Surface Hub Hardware Diagnostic app](https://www.microsoft.com/store/apps/9nblggh51f2g). The account verification script will validate a previously-created device account using PowerShell from your desktop. The Surface Hub Hardware Diagnostic app is installed on your Surface Hub and provides detailed feedback about signin and communication failures. Both are valuable tools to test newly created device accounts and should be used to ensure optimal account availability.
 
  
 

From 9f842442dfdad4df35b8d057d49a95758705a675 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 6 Mar 2018 19:36:07 +0000
Subject: [PATCH 081/119] Merged PR 6187: Added two videos about setting
 ADMX-backed policies in Intune

---
 ...ew-in-windows-mdm-enrollment-management.md | 25 +++++++++++++++++++
 .../mdm/understanding-admx-backed-policies.md | 10 +++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 46bd55a93f..4528a29fd8 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1389,6 +1389,31 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### March 2018
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top">[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)</td>
+<td style="vertical-align:top"><p>Added the following videos:</p>
+<ul>
+<li>[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)</li>
+<li>[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### February 2018
 
 <table class="mx-tdBreakAll">
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index f88849e2b1..6e079fbf78 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/11/2017
+ms.date: 03/02/2018
 ---
 
 # Understanding ADMX-backed policies
@@ -47,6 +47,14 @@ An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policy
 
 Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX-backed policies supported by MDM, see [Policy CSP - ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#admx-backed-policies).
 
+Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune.
+
+<iframe width="560" height="315" src="https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121" frameborder="0" allowfullscreen></iframe>
+
+Here is a video of how to import a custom ADMX file to a device using Intune.
+
+<iframe width="560" height="315" src="https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73" frameborder="0" allowfullscreen></iframe>
+
 ## <a href="" id="admx-files-and-the-group-policy-editor"></a>ADMX files and the Group Policy Editor
 
 To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX-backed Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named “Publishing Server 2 Settings.” When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. 

From 506ade4afc88786a6ec1ff1e22e14fe56cce7cf3 Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Tue, 6 Mar 2018 20:31:57 +0000
Subject: [PATCH 082/119] Merged PR 6191: fixing index refs to recently changed
 deliveryOpt policies

fixing index refs to recently changed deliveryOpt policies
---
 .../mdm/policy-configuration-service-provider.md              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4b54639bbb..58bb01a6d1 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -832,13 +832,13 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap" id="deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackdownloadbandwidth" id="deliveryoptimization-dopercentagemaxbackdownloadbandwidth">DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth</a>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth" id="deliveryoptimization-dopercentagemaxbackgroundbandwidth">DeliveryOptimization/DOPercentageMaxBackgroundBandwidth</a>
   </dd>
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth" id="deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforedownloadbandwidth" id="deliveryoptimization-dopercentagemaxforedownloadbandwidth">DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth</a>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth" id="deliveryoptimization-dopercentagemaxforegroundbandwidth">DeliveryOptimization/DOPercentageMaxForegroundBandwidth</a>
   </dd>
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby" id="deliveryoptimization-dorestrictpeerselectionby">DeliveryOptimization/DORestrictPeerSelectionBy</a>

From f93cf1b83bc6cde83459af9cf5513bef051465a4 Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Tue, 6 Mar 2018 20:58:05 +0000
Subject: [PATCH 083/119] Merged PR 6194: Adding GP properties to known MDM
 policies.

---
 .../policy-configuration-service-provider.md  |  775 +++++++-
 .../mdm/policy-csp-abovelock.md               |   10 +-
 .../mdm/policy-csp-activexcontrols.md         |   12 +-
 .../mdm/policy-csp-applicationdefaults.md     |   11 +-
 .../mdm/policy-csp-applicationmanagement.md   |   74 +-
 .../mdm/policy-csp-appvirtualization.md       |  114 +-
 .../mdm/policy-csp-attachmentmanager.md       |   16 +-
 .../mdm/policy-csp-authentication.md          |   10 +-
 .../mdm/policy-csp-autoplay.md                |   14 +-
 .../mdm/policy-csp-browser.md                 |  295 ++-
 .../mdm/policy-csp-camera.md                  |   10 +-
 .../mdm/policy-csp-cellular.md                |   42 +-
 .../mdm/policy-csp-connectivity.md            |   74 +-
 .../mdm/policy-csp-credentialproviders.md     |   12 +-
 .../mdm/policy-csp-credentialsui.md           |   10 +-
 .../mdm/policy-csp-cryptography.md            |    8 +-
 .../mdm/policy-csp-datausage.md               |   20 +-
 .../mdm/policy-csp-defender.md                |  280 ++-
 .../mdm/policy-csp-deliveryoptimization.md    |  215 ++-
 .../mdm/policy-csp-desktop.md                 |    6 +-
 .../mdm/policy-csp-deviceguard.md             |   28 +-
 .../mdm/policy-csp-deviceinstallation.md      |   10 +-
 .../mdm/policy-csp-devicelock.md              |   12 +-
 .../mdm/policy-csp-display.md                 |   72 +-
 .../mdm/policy-csp-education.md               |   10 +-
 .../mdm/policy-csp-errorreporting.md          |   22 +-
 .../mdm/policy-csp-eventlogservice.md         |   20 +-
 .../mdm/policy-csp-experience.md              |  107 +-
 .../mdm/policy-csp-exploitguard.md            |   11 +-
 .../mdm/policy-csp-handwriting.md             |   10 +-
 .../mdm/policy-csp-internetexplorer.md        | 1691 ++++++++++++-----
 .../mdm/policy-csp-kerberos.md                |   34 +-
 .../mdm/policy-csp-licensing.md               |   18 +-
 ...policy-csp-localpoliciessecurityoptions.md |  308 ++-
 .../mdm/policy-csp-location.md                |   10 +-
 .../mdm/policy-csp-lockdown.md                |   10 +-
 .../client-management/mdm/policy-csp-maps.md  |   10 +-
 .../mdm/policy-csp-messaging.md               |   10 +-
 .../mdm/policy-csp-networkisolation.md        |   63 +-
 .../mdm/policy-csp-notifications.md           |   10 +-
 .../client-management/mdm/policy-csp-power.md |   63 +-
 .../mdm/policy-csp-printers.md                |   14 +-
 .../mdm/policy-csp-privacy.md                 |  682 ++++++-
 .../mdm/policy-csp-remoteassistance.md        |   18 +-
 .../mdm/policy-csp-remotedesktopservices.md   |   30 +-
 .../mdm/policy-csp-remotemanagement.md        |  166 +-
 .../mdm/policy-csp-remoteprocedurecall.md     |   16 +-
 .../mdm/policy-csp-remoteshell.md             |   69 +-
 .../mdm/policy-csp-search.md                  |   91 +-
 .../mdm/policy-csp-security.md                |   10 +-
 .../mdm/policy-csp-settings.md                |   28 +-
 .../mdm/policy-csp-smartscreen.md             |   27 +-
 .../mdm/policy-csp-speech.md                  |   10 +-
 .../client-management/mdm/policy-csp-start.md |   26 +-
 .../mdm/policy-csp-storage.md                 |   14 +-
 .../mdm/policy-csp-system.md                  |   92 +-
 .../mdm/policy-csp-systemservices.md          |   38 +-
 .../mdm/policy-csp-textinput.md               |   12 +-
 .../mdm/policy-csp-update.md                  |  367 +++-
 .../mdm/policy-csp-userrights.md              |  176 +-
 .../client-management/mdm/policy-csp-wifi.md  |   18 +-
 ...olicy-csp-windowsdefendersecuritycenter.md |  158 +-
 .../mdm/policy-csp-windowsinkworkspace.md     |   19 +-
 .../mdm/policy-csp-windowslogon.md            |   18 +-
 .../mdm/policy-csp-wirelessdisplay.md         |   18 +-
 65 files changed, 5768 insertions(+), 886 deletions(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 58bb01a6d1..4f14d81f4f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/26/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP
@@ -95,7 +95,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operations are Add, Get, and Delete.
 
 <a href="" id="policy-configoperations-admxinstall"></a>**Policy/ConfigOperations/ADMXInstall**  
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed polices for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
 
 > [!NOTE]
 > The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](https://technet.microsoft.com/en-us/library/cc179097.aspx).
@@ -130,7 +130,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 <p style="margin-left: 20px">Supported operations are Add and Get. Does not support Delete.
 
 > [!Note]  
-> The policies supported in Windows 10 S are the same as those supported in Windows 10 Pro with the exception of the policies under ApplicationDefaults.  The ApplicationDefaults polices are not supported in Windows 10 S.
+> The policies supported in Windows 10 S are the same as those supported in Windows 10 Pro with the exception of the policies under ApplicationDefaults.  The ApplicationDefaults policies are not supported in Windows 10 S.
 
 ## Policies
 
@@ -3627,6 +3627,775 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
 -   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
 
+## Policies supported by GP
+
+-   [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
+-   [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+-   [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
+-   [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
+-   [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
+-   [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
+-   [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
+-   [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
+-   [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
+-   [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
+-   [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
+-   [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
+-   [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
+-   [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
+-   [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
+-   [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
+-   [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
+-   [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
+-   [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
+-   [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
+-   [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
+-   [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
+-   [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
+-   [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
+-   [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
+-   [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
+-   [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
+-   [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
+-   [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
+-   [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
+-   [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
+-   [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
+-   [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
+-   [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
+-   [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
+-   [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
+-   [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
+-   [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
+-   [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
+-   [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
+-   [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
+-   [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
+-   [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
+-   [Authentication/AllowSecondaryAuthenticationDevice](./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice)
+-   [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
+-   [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
+-   [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+-   [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
+-   [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
+-   [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
+-   [Browser/AllowDeveloperTools](./policy-csp-browser.md#browser-allowdevelopertools)
+-   [Browser/AllowDoNotTrack](./policy-csp-browser.md#browser-allowdonottrack)
+-   [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
+-   [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
+-   [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
+-   [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
+-   [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
+-   [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
+-   [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
+-   [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
+-   [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
+-   [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
+-   [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
+-   [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
+-   [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
+-   [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
+-   [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
+-   [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
+-   [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
+-   [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
+-   [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
+-   [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
+-   [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
+-   [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
+-   [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
+-   [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
+-   [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
+-   [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
+-   [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
+-   [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
+-   [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
+-   [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
+-   [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
+-   [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
+-   [Cellular/LetAppsAccessCellularData_ForceAllowTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps)
+-   [Cellular/LetAppsAccessCellularData_ForceDenyTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps)
+-   [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
+-   [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
+-   [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
+-   [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
+-   [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
+-   [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
+-   [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
+-   [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
+-   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
+-   [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
+-   [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+-   [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
+-   [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
+-   [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
+-   [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
+-   [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
+-   [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
+-   [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
+-   [Defender/AllowCloudProtection](./policy-csp-defender.md#defender-allowcloudprotection)
+-   [Defender/AllowEmailScanning](./policy-csp-defender.md#defender-allowemailscanning)
+-   [Defender/AllowFullScanOnMappedNetworkDrives](./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
+-   [Defender/AllowFullScanRemovableDriveScanning](./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
+-   [Defender/AllowIOAVProtection](./policy-csp-defender.md#defender-allowioavprotection)
+-   [Defender/AllowOnAccessProtection](./policy-csp-defender.md#defender-allowonaccessprotection)
+-   [Defender/AllowRealtimeMonitoring](./policy-csp-defender.md#defender-allowrealtimemonitoring)
+-   [Defender/AllowScanningNetworkFiles](./policy-csp-defender.md#defender-allowscanningnetworkfiles)
+-   [Defender/AllowUserUIAccess](./policy-csp-defender.md#defender-allowuseruiaccess)
+-   [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
+-   [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
+-   [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
+-   [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
+-   [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
+-   [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
+-   [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
+-   [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
+-   [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
+-   [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
+-   [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
+-   [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
+-   [Defender/ExcludedProcesses](./policy-csp-defender.md#defender-excludedprocesses)
+-   [Defender/RealTimeScanDirection](./policy-csp-defender.md#defender-realtimescandirection)
+-   [Defender/ScanParameter](./policy-csp-defender.md#defender-scanparameter)
+-   [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
+-   [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
+-   [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
+-   [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
+-   [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
+-   [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+-   [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+-   [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
+-   [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
+-   [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
+-   [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+-   [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+-   [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
+-   [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
+-   [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
+-   [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
+-   [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
+-   [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
+-   [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
+-   [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
+-   [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
+-   [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
+-   [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
+-   [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
+-   [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
+-   [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
+-   [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
+-   [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
+-   [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+-   [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
+-   [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
+-   [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
+-   [Experience/AllowThirdPartySuggestionsInWindowsSpotlight](./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight)
+-   [Experience/AllowWindowsConsumerFeatures](./policy-csp-experience.md#experience-allowwindowsconsumerfeatures)
+-   [Experience/AllowWindowsSpotlight](./policy-csp-experience.md#experience-allowwindowsspotlight)
+-   [Experience/AllowWindowsSpotlightOnActionCenter](./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter)
+-   [Experience/AllowWindowsSpotlightOnSettings](./policy-csp-experience.md#experience-allowwindowsspotlightonsettings)
+-   [Experience/AllowWindowsSpotlightWindowsWelcomeExperience](./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience)
+-   [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
+-   [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
+-   [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
+-   [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
+-   [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
+-   [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
+-   [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
+-   [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
+-   [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
+-   [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
+-   [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
+-   [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
+-   [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
+-   [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
+-   [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
+-   [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
+-   [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
+-   [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
+-   [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
+-   [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
+-   [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
+-   [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
+-   [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
+-   [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
+-   [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
+-   [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
+-   [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
+-   [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
+-   [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
+-   [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
+-   [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
+-   [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
+-   [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
+-   [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
+-   [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
+-   [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
+-   [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
+-   [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
+-   [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
+-   [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
+-   [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
+-   [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
+-   [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
+-   [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
+-   [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
+-   [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
+-   [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
+-   [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
+-   [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
+-   [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
+-   [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
+-   [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
+-   [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
+-   [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
+-   [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
+-   [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
+-   [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
+-   [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
+-   [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
+-   [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
+-   [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
+-   [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
+-   [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
+-   [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
+-   [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
+-   [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
+-   [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
+-   [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
+-   [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
+-   [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
+-   [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
+-   [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
+-   [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
+-   [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
+-   [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+-   [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
+-   [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
+-   [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
+-   [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
+-   [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+-   [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+-   [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
+-   [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
+-   [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
+-   [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
+-   [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
+-   [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
+-   [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
+-   [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
+-   [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
+-   [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
+-   [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
+-   [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
+-   [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
+-   [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
+-   [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
+-   [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
+-   [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
+-   [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
+-   [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
+-   [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
+-   [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
+-   [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
+-   [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
+-   [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
+-   [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
+-   [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
+-   [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
+-   [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
+-   [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
+-   [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
+-   [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
+-   [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
+-   [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
+-   [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
+-   [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
+-   [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
+-   [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
+-   [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
+-   [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
+-   [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
+-   [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
+-   [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
+-   [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
+-   [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
+-   [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
+-   [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
+-   [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
+-   [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
+-   [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
+-   [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
+-   [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
+-   [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
+-   [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
+-   [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
+-   [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
+-   [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
+-   [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
+-   [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
+-   [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
+-   [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
+-   [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
+-   [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
+-   [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
+-   [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
+-   [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
+-   [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
+-   [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
+-   [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
+-   [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
+-   [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
+-   [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
+-   [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
+-   [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
+-   [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
+-   [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
+-   [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
+-   [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
+-   [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
+-   [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
+-   [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
+-   [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
+-   [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+-   [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
+-   [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
+-   [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
+-   [LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus)
+-   [LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus)
+-   [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
+-   [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
+-   [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
+-   [LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon)
+-   [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
+-   [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
+-   [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
+-   [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
+-   [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
+-   [LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallysignsecurechanneldatawhenpossible)
+-   [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
+-   [LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-maximummachineaccountpasswordage)
+-   [LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-requirestrongsessionkey)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
+-   [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
+-   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
+-   [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
+-   [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
+-   [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
+-   [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients)
+-   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
+-   [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
+-   [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode)
+-   [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
+-   [Location/EnableLocation](./policy-csp-location.md#location-enablelocation)
+-   [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
+-   [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
+-   [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
+-   [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
+-   [NetworkIsolation/EnterpriseIPRange](./policy-csp-networkisolation.md#networkisolation-enterpriseiprange)
+-   [NetworkIsolation/EnterpriseIPRangesAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative)
+-   [NetworkIsolation/EnterpriseInternalProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers)
+-   [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
+-   [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
+-   [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
+-   [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
+-   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
+-   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+-   [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+-   [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
+-   [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
+-   [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
+-   [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
+-   [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+-   [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+-   [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
+-   [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
+-   [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
+-   [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
+-   [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
+-   [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
+-   [Privacy/LetAppsAccessAccountInfo](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
+-   [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
+-   [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
+-   [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessCalendar](./policy-csp-privacy.md#privacy-letappsaccesscalendar)
+-   [Privacy/LetAppsAccessCalendar_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps)
+-   [Privacy/LetAppsAccessCalendar_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps)
+-   [Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessCallHistory](./policy-csp-privacy.md#privacy-letappsaccesscallhistory)
+-   [Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps)
+-   [Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps)
+-   [Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessCamera](./policy-csp-privacy.md#privacy-letappsaccesscamera)
+-   [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps)
+-   [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps)
+-   [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessContacts](./policy-csp-privacy.md#privacy-letappsaccesscontacts)
+-   [Privacy/LetAppsAccessContacts_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps)
+-   [Privacy/LetAppsAccessContacts_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps)
+-   [Privacy/LetAppsAccessContacts_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessEmail](./policy-csp-privacy.md#privacy-letappsaccessemail)
+-   [Privacy/LetAppsAccessEmail_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps)
+-   [Privacy/LetAppsAccessEmail_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps)
+-   [Privacy/LetAppsAccessEmail_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessLocation](./policy-csp-privacy.md#privacy-letappsaccesslocation)
+-   [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps)
+-   [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps)
+-   [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessMessaging](./policy-csp-privacy.md#privacy-letappsaccessmessaging)
+-   [Privacy/LetAppsAccessMessaging_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps)
+-   [Privacy/LetAppsAccessMessaging_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps)
+-   [Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessMicrophone](./policy-csp-privacy.md#privacy-letappsaccessmicrophone)
+-   [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps)
+-   [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps)
+-   [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessMotion](./policy-csp-privacy.md#privacy-letappsaccessmotion)
+-   [Privacy/LetAppsAccessMotion_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps)
+-   [Privacy/LetAppsAccessMotion_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps)
+-   [Privacy/LetAppsAccessMotion_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessNotifications](./policy-csp-privacy.md#privacy-letappsaccessnotifications)
+-   [Privacy/LetAppsAccessNotifications_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps)
+-   [Privacy/LetAppsAccessNotifications_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps)
+-   [Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessPhone](./policy-csp-privacy.md#privacy-letappsaccessphone)
+-   [Privacy/LetAppsAccessPhone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps)
+-   [Privacy/LetAppsAccessPhone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps)
+-   [Privacy/LetAppsAccessPhone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessRadios](./policy-csp-privacy.md#privacy-letappsaccessradios)
+-   [Privacy/LetAppsAccessRadios_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps)
+-   [Privacy/LetAppsAccessRadios_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps)
+-   [Privacy/LetAppsAccessRadios_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessTasks](./policy-csp-privacy.md#privacy-letappsaccesstasks)
+-   [Privacy/LetAppsAccessTasks_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps)
+-   [Privacy/LetAppsAccessTasks_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps)
+-   [Privacy/LetAppsAccessTasks_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps)
+-   [Privacy/LetAppsAccessTrustedDevices](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices)
+-   [Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps)
+-   [Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps)
+-   [Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps)
+-   [Privacy/LetAppsGetDiagnosticInfo](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo)
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
+-   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
+-   [Privacy/LetAppsRunInBackground](./policy-csp-privacy.md#privacy-letappsruninbackground)
+-   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps)
+-   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps)
+-   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps)
+-   [Privacy/LetAppsSyncWithDevices](./policy-csp-privacy.md#privacy-letappssyncwithdevices)
+-   [Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps)
+-   [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
+-   [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
+-   [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
+-   [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
+-   [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
+-   [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
+-   [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
+-   [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
+-   [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
+-   [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
+-   [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
+-   [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
+-   [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
+-   [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
+-   [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
+-   [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
+-   [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
+-   [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
+-   [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
+-   [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
+-   [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
+-   [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
+-   [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
+-   [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
+-   [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
+-   [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
+-   [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
+-   [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
+-   [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
+-   [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
+-   [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
+-   [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
+-   [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
+-   [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
+-   [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
+-   [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
+-   [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
+-   [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
+-   [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
+-   [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
+-   [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)
+-   [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics)
+-   [Search/AlwaysUseAutoLangDetection](./policy-csp-search.md#search-alwaysuseautolangdetection)
+-   [Search/DisableBackoff](./policy-csp-search.md#search-disablebackoff)
+-   [Search/DisableRemovableDriveIndexing](./policy-csp-search.md#search-disableremovabledriveindexing)
+-   [Search/DoNotUseWebResults](./policy-csp-search.md#search-donotusewebresults)
+-   [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb)
+-   [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries)
+-   [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready)
+-   [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips)
+-   [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar)
+-   [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist)
+-   [SmartScreen/EnableAppInstallControl](./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol)
+-   [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
+-   [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
+-   [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
+-   [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
+-   [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
+-   [Start/StartLayout](./policy-csp-start.md#start-startlayout)
+-   [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
+-   [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
+-   [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
+-   [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
+-   [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
+-   [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
+-   [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
+-   [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
+-   [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
+-   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
+-   [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
+-   [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
+-   [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
+-   [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
+-   [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
+-   [SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode)
+-   [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
+-   [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
+-   [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
+-   [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
+-   [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
+-   [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
+-   [Update/AllowAutoUpdate](./policy-csp-update.md#update-allowautoupdate)
+-   [Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork](./policy-csp-update.md#update-allowautowindowsupdatedownloadovermeterednetwork)
+-   [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
+-   [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
+-   [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
+-   [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
+-   [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
+-   [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
+-   [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
+-   [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
+-   [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
+-   [Update/DeferUpgradePeriod](./policy-csp-update.md#update-deferupgradeperiod)
+-   [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
+-   [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
+-   [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
+-   [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
+-   [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
+-   [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
+-   [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
+-   [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
+-   [Update/PauseDeferrals](./policy-csp-update.md#update-pausedeferrals)
+-   [Update/PauseFeatureUpdates](./policy-csp-update.md#update-pausefeatureupdates)
+-   [Update/PauseFeatureUpdatesStartTime](./policy-csp-update.md#update-pausefeatureupdatesstarttime)
+-   [Update/PauseQualityUpdates](./policy-csp-update.md#update-pausequalityupdates)
+-   [Update/PauseQualityUpdatesStartTime](./policy-csp-update.md#update-pausequalityupdatesstarttime)
+-   [Update/RequireDeferUpgrade](./policy-csp-update.md#update-requiredeferupgrade)
+-   [Update/ScheduleImminentRestartWarning](./policy-csp-update.md#update-scheduleimminentrestartwarning)
+-   [Update/ScheduleRestartWarning](./policy-csp-update.md#update-schedulerestartwarning)
+-   [Update/ScheduledInstallDay](./policy-csp-update.md#update-scheduledinstallday)
+-   [Update/ScheduledInstallEveryWeek](./policy-csp-update.md#update-scheduledinstalleveryweek)
+-   [Update/ScheduledInstallFirstWeek](./policy-csp-update.md#update-scheduledinstallfirstweek)
+-   [Update/ScheduledInstallFourthWeek](./policy-csp-update.md#update-scheduledinstallfourthweek)
+-   [Update/ScheduledInstallSecondWeek](./policy-csp-update.md#update-scheduledinstallsecondweek)
+-   [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
+-   [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
+-   [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
+-   [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
+-   [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
+-   [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
+-   [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
+-   [UserRights/AccessFromNetwork](./policy-csp-userrights.md#userrights-accessfromnetwork)
+-   [UserRights/ActAsPartOfTheOperatingSystem](./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem)
+-   [UserRights/AllowLocalLogOn](./policy-csp-userrights.md#userrights-allowlocallogon)
+-   [UserRights/BackupFilesAndDirectories](./policy-csp-userrights.md#userrights-backupfilesanddirectories)
+-   [UserRights/ChangeSystemTime](./policy-csp-userrights.md#userrights-changesystemtime)
+-   [UserRights/CreateGlobalObjects](./policy-csp-userrights.md#userrights-createglobalobjects)
+-   [UserRights/CreatePageFile](./policy-csp-userrights.md#userrights-createpagefile)
+-   [UserRights/CreatePermanentSharedObjects](./policy-csp-userrights.md#userrights-createpermanentsharedobjects)
+-   [UserRights/CreateSymbolicLinks](./policy-csp-userrights.md#userrights-createsymboliclinks)
+-   [UserRights/CreateToken](./policy-csp-userrights.md#userrights-createtoken)
+-   [UserRights/DebugPrograms](./policy-csp-userrights.md#userrights-debugprograms)
+-   [UserRights/DenyAccessFromNetwork](./policy-csp-userrights.md#userrights-denyaccessfromnetwork)
+-   [UserRights/DenyLocalLogOn](./policy-csp-userrights.md#userrights-denylocallogon)
+-   [UserRights/DenyRemoteDesktopServicesLogOn](./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon)
+-   [UserRights/EnableDelegation](./policy-csp-userrights.md#userrights-enabledelegation)
+-   [UserRights/GenerateSecurityAudits](./policy-csp-userrights.md#userrights-generatesecurityaudits)
+-   [UserRights/ImpersonateClient](./policy-csp-userrights.md#userrights-impersonateclient)
+-   [UserRights/IncreaseSchedulingPriority](./policy-csp-userrights.md#userrights-increaseschedulingpriority)
+-   [UserRights/LoadUnloadDeviceDrivers](./policy-csp-userrights.md#userrights-loadunloaddevicedrivers)
+-   [UserRights/LockMemory](./policy-csp-userrights.md#userrights-lockmemory)
+-   [UserRights/ManageAuditingAndSecurityLog](./policy-csp-userrights.md#userrights-manageauditingandsecuritylog)
+-   [UserRights/ManageVolume](./policy-csp-userrights.md#userrights-managevolume)
+-   [UserRights/ModifyFirmwareEnvironment](./policy-csp-userrights.md#userrights-modifyfirmwareenvironment)
+-   [UserRights/ModifyObjectLabel](./policy-csp-userrights.md#userrights-modifyobjectlabel)
+-   [UserRights/ProfileSingleProcess](./policy-csp-userrights.md#userrights-profilesingleprocess)
+-   [UserRights/RemoteShutdown](./policy-csp-userrights.md#userrights-remoteshutdown)
+-   [UserRights/RestoreFilesAndDirectories](./policy-csp-userrights.md#userrights-restorefilesanddirectories)
+-   [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
+-   [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
+-   [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
+-   [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
+-   [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
+-   [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
+-   [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
+-   [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
+-   [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
+-   [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
+-   [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
+-   [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
+-   [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
+-   [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
+-   [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
+-   [WindowsDefenderSecurityCenter/EnableCustomizedToasts](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts)
+-   [WindowsDefenderSecurityCenter/EnableInAppCustomization](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization)
+-   [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
+-   [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
+-   [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
+-   [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
+-   [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
+-   [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
+-   [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
+-   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
+-   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+-   [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
+-   [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
+-   [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
+
 <!--StartIoTCore-->
 ## <a href="" id="iotcore"></a>Policies supported by IoT Core  
 
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index bdcbc5f8c4..d0b77e50dc 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - AboveLock
@@ -127,6 +127,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Cortana above lock screen*
+-   GP name: *AllowCortanaAboveLock*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 4bea893b54..925504ac0d 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - ActiveXControls
@@ -63,11 +63,11 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.
+This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. 
 
-If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. 
 
-If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
+If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. 
 
 Note: Wild card characters cannot be used when specifying the host URLs.
 
@@ -79,14 +79,14 @@ Note: Wild card characters cannot be used when specifying the host URLs.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Approved Installation Sites for ActiveX Controls*
 -   GP name: *ApprovedActiveXInstallSites*
 -   GP path: *Windows Components/ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 0e45ce047c..dba53edc54 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - ApplicationDefaults
@@ -68,6 +68,15 @@ Added in Windows 10, version 1703. This policy allows an administrator to set de
 If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set a default associations configuration file*
+-   GP name: *DefaultAssociationsConfiguration*
+-   GP element: *DefaultAssociationsConfiguration_TextBox*
+-   GP path: *File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+<!--/ADMXMapped-->
 <!--Example-->
 To create create the SyncML, follow these steps:
 <ol>
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 9ee5181bd2..5822ec21c5 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -98,6 +98,14 @@ Specifies whether non Microsoft Store apps are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow all trusted apps to install*
+-   GP name: *AppxDeploymentAllowAllTrustedApps*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -152,6 +160,14 @@ Specifies whether automatic update of apps from Microsoft Store are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download and Install of updates*
+-   GP name: *DisableAutoInstall*
+-   GP path: *Windows Components/Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -204,6 +220,14 @@ Specifies whether developer unlock is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)*
+-   GP name: *AllowDevelopmentWithoutDevLicense*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -260,6 +284,14 @@ Specifies whether DVR and broadcasting is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enables or disables Windows Game Recording and Broadcasting*
+-   GP name: *AllowGameDVR*
+-   GP path: *Windows Components/Windows Game Recording and Broadcasting*
+-   GP ADMX file name: *GameDVR.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -312,6 +344,14 @@ Specifies whether multiple users of the same app can share data.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow a Windows app to share application data between users*
+-   GP name: *AllowSharedLocalAppData*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -479,6 +519,14 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
 Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable all apps from Microsoft Store *
+-   GP name: *DisableStoreApps*
+-   GP path: *Windows Components/Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -532,6 +580,14 @@ Allows disabling of the retail catalog and only enables the Private store.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Only display the private store within the Microsoft Store*
+-   GP name: *RequirePrivateStoreOnly_1*
+-   GP path: *Windows Components/Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -584,6 +640,14 @@ Specifies whether application data is restricted to the system drive.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent users' app data from being stored on non-system volumes*
+-   GP name: *RestrictAppDataToSystemVolume*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -636,6 +700,14 @@ Specifies whether the installation of applications is restricted to the system d
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable installing Windows apps on non-system volumes*
+-   GP name: *DisableDeploymentToNonSystemVolumes*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 5ec36f8881..bbb346e93c 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - AppVirtualization
@@ -154,14 +154,14 @@ This policy setting allows you to enable or disable Microsoft Application Virtua
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable App-V Client*
 -   GP name: *EnableAppV*
 -   GP path: *System/App-V*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -212,14 +212,14 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Dynamic Virtualization*
 -   GP name: *Virtualization_JITVEnable*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -270,14 +270,14 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable automatic cleanup of unused appv packages*
 -   GP name: *PackageManagement_AutoCleanupEnable*
 -   GP path: *System/App-V/PackageManagement*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -328,14 +328,14 @@ Enables scripts defined in the package manifest of configuration files that shou
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Package Scripts*
 -   GP name: *Scripting_Enable_Package_Scripts*
 -   GP path: *System/App-V/Scripting*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -386,14 +386,14 @@ Enables a UX to display to the user when a publishing refresh is performed on th
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Publishing Refresh UX*
 -   GP name: *Enable_Publishing_Refresh_UX*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -454,14 +454,14 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reporting Server*
 -   GP name: *Reporting_Server_Policy*
 -   GP path: *System/App-V/Reporting*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -512,14 +512,14 @@ Specifies the file paths relative to %userprofile% that do not roam with a user'
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Roaming File Exclusions*
 -   GP name: *Integration_Roaming_File_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -570,14 +570,14 @@ Specifies the registry paths that do not roam with a user profile. Example usage
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Roaming Registry Exclusions*
 -   GP name: *Integration_Roaming_Registry_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -628,14 +628,14 @@ Specifies how new packages should be loaded automatically by App-V on a specific
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify what to load in background (aka AutoLoad)*
 -   GP name: *Steaming_Autoload*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -686,14 +686,14 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Migration Mode*
 -   GP name: *Client_Coexistence_Enable_Migration_mode*
 -   GP path: *System/App-V/Client Coexistence*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -744,14 +744,14 @@ Specifies the location where symbolic links are created to the current version o
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Integration Root User*
 -   GP name: *Integration_Root_User*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -802,14 +802,14 @@ Specifies the location where symbolic links are created to the current version o
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Integration Root Global*
 -   GP name: *Integration_Root_Global*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -878,14 +878,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 1 Settings*
 -   GP name: *Publishing_Server1_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -954,14 +954,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 2 Settings*
 -   GP name: *Publishing_Server2_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1030,14 +1030,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 3 Settings*
 -   GP name: *Publishing_Server3_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1106,14 +1106,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 4 Settings*
 -   GP name: *Publishing_Server4_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1182,14 +1182,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 5 Settings*
 -   GP name: *Publishing_Server5_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1240,14 +1240,14 @@ Specifies the path to a valid certificate in the certificate store.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certificate Filter For Client SSL*
 -   GP name: *Streaming_Certificate_Filter_For_Client_SSL*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1298,14 +1298,14 @@ This setting controls whether virtualized applications are launched on Windows 8
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
 -   GP name: *Streaming_Allow_High_Cost_Launch*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1356,14 +1356,14 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Location Provider*
 -   GP name: *Streaming_Location_Provider*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1414,14 +1414,14 @@ Specifies directory where all new applications and updates will be installed.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Package Installation Root*
 -   GP name: *Streaming_Package_Installation_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1472,14 +1472,14 @@ Overrides source location for downloading package content.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Package Source Root*
 -   GP name: *Streaming_Package_Source_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1530,14 +1530,14 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reestablishment Interval*
 -   GP name: *Streaming_Reestablishment_Interval*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1588,14 +1588,14 @@ Specifies the number of times to retry a dropped session.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reestablishment Retries*
 -   GP name: *Streaming_Reestablishment_Retries*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1646,14 +1646,14 @@ Specifies that streamed package contents will be not be saved to the local hard
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Shared Content Store (SCS) mode*
 -   GP name: *Streaming_Shared_Content_Store_Mode*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1704,14 +1704,14 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Support for BranchCache*
 -   GP name: *Streaming_Support_Branch_Cache*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1762,14 +1762,14 @@ Verifies Server certificate revocation status before streaming using HTTPS.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Verify certificate revocation list*
 -   GP name: *Streaming_Verify_Certificate_Revocation_List*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1820,14 +1820,14 @@ Specifies a list of process paths (may contain wildcards) which are candidates f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Virtual Component Process Allow List*
 -   GP name: *Virtualization_JITVAllowList*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 3cd9a8202d..c80e44f614 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - AttachmentManager
@@ -85,14 +85,14 @@ If you do not configure this policy setting, Windows marks file attachments with
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not preserve zone information in file attachments*
 -   GP name: *AM_MarkZoneOnSavedAtttachments*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -149,14 +149,14 @@ If you do not configure this policy setting, Windows hides the check box and Unb
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hide mechanisms to remove zone information*
 -   GP name: *AM_RemoveZoneInfo*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -197,7 +197,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
+This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. 
 
 If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
 
@@ -213,14 +213,14 @@ If you do not configure this policy setting, Windows does not call the registere
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Notify antivirus programs when opening attachments*
 -   GP name: *AM_CallIOfficeAntiVirus*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 881ae7ff19..02a363e078 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Authentication
@@ -286,6 +286,14 @@ Added in Windows 10, version 1607. Allows secondary authentication devices to w
 The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow companion device for secondary authentication*
+-   GP name: *MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice*
+-   GP path: *Windows Components/Microsoft Secondary Authentication Factor*
+-   GP ADMX file name: *DeviceCredential.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index ea02a39c19..2e2ecaf426 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Autoplay
@@ -84,14 +84,14 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow Autoplay for non-volume devices*
 -   GP name: *NoAutoplayfornonVolume*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -156,14 +156,14 @@ If you disable or not configure this policy setting, Windows Vista or later will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set the default behavior for AutoRun*
 -   GP name: *NoAutorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -229,14 +229,14 @@ Note: This policy setting appears in both the Computer Configuration and User Co
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Autoplay*
 -   GP name: *Autorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 762300cba0..22fc158c08 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/31/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Browser
@@ -188,6 +188,14 @@ Added in Windows 10, version 1703. Specifies whether to allow the address bar dr
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Address bar drop-down list suggestions*
+-   GP name: *AllowAddressBarDropdown*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -241,6 +249,14 @@ Specifies whether autofill on websites is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Autofill*
+-   GP name: *AllowAutofill*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -366,14 +382,7 @@ The following list shows the supported values:
 -   0 - Disable. Microsoft Edge cannot retrieve a configuration
 -   1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -421,6 +430,15 @@ Specifies whether cookies are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure cookies*
+-   GP name: *Cookies*
+-   GP element: *CookiesListBox*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -487,6 +505,14 @@ Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turni
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Developer Tools*
+-   GP name: *AllowDeveloperTools*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -540,6 +566,14 @@ Specifies whether Do Not Track headers are allowed.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Do Not Track*
+-   GP name: *AllowDoNotTrack*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -600,6 +634,14 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Extensions*
+-   GP name: *AllowExtensions*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -651,6 +693,14 @@ The following list shows the supported values:
 Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Adobe Flash*
+-   GP name: *AllowFlash*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -702,6 +752,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure the Adobe Flash Click-to-Run setting*
+-   GP name: *AllowFlashClickToRun*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -755,6 +813,14 @@ Specifies whether InPrivate browsing is allowed on corporate networks.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow InPrivate browsing*
+-   GP name: *AllowInPrivate*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -811,6 +877,14 @@ If you enable or don’t configure this setting, Microsoft Edge periodically dow
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft Compatibility List*
+-   GP name: *AllowCVList*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -864,6 +938,14 @@ Specifies whether saving and managing passwords locally on the device is allowed
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Password Manager*
+-   GP name: *AllowPasswordManager*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -926,6 +1008,14 @@ Specifies whether pop-up blocker is allowed or enabled.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Pop-up Blocker*
+-   GP name: *AllowPopups*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -990,6 +1080,14 @@ If this setting is turned on or not configured, users can add new search engines
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow search engine customization*
+-   GP name: *AllowSearchEngineCustomization*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1043,6 +1141,14 @@ Specifies whether search suggestions are allowed in the address bar.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure search suggestions in Address bar*
+-   GP name: *AllowSearchSuggestionsinAddressBar*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1096,6 +1202,14 @@ Specifies whether Windows Defender SmartScreen is allowed.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *AllowSmartScreen*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1156,6 +1270,14 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Always show the Books Library in Microsoft Edge*
+-   GP name: *AlwaysEnableBooksLibrary*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1209,6 +1331,14 @@ Added in Windows 10, version 1703. Specifies whether to clear browsing data on e
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow clearing browsing data on exit*
+-   GP name: *AllowClearingBrowsingDataOnExit*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1279,6 +1409,15 @@ If this setting is not configured, the search engines used are the ones that are
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure additional search engines*
+-   GP name: *ConfigureAdditionalSearchEngines*
+-   GP element: *ConfigureAdditionalSearchEngines_Prompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1338,6 +1477,14 @@ Added in Windows 10, version 1703. Boolean value that specifies whether the lock
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable lockdown of Start pages*
+-   GP name: *DisableLockdownOfStartPages*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1391,6 +1538,14 @@ This policy setting lets you decide how much data to send to Microsoft about the
 If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow extended telemetry for the Books tab*
+-   GP name: *EnableExtendedBooksTelemetry*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1446,6 +1601,15 @@ The following list shows the supported values:
 Allows the user to specify an URL of an enterprise site list.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure the Enterprise Mode Site List*
+-   GP name: *EnterpriseModeSiteList*
+-   GP element: *EnterSiteListPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1604,6 +1768,15 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
 > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Start pages*
+-   GP name: *HomePages*
+-   GP element: *HomePagesPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1657,6 +1830,14 @@ If you disable or don't configure this setting (default), employees can add, imp
 Data type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent changes to Favorites on Microsoft Edge*
+-   GP name: *LockdownFavorites*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1708,6 +1889,14 @@ The following list shows the supported values:
 Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent access to the about:flags page in Microsoft Edge*
+-   GP name: *PreventAccessToAboutFlagsInMicrosoftEdge*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1761,6 +1950,14 @@ Added in Windows 10, version 1703. Specifies whether to enable or disable the Fi
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent the First Run webpage from opening on Microsoft Edge*
+-   GP name: *PreventFirstRunPage*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1814,6 +2011,14 @@ Added in Windows 10, version 1703. Specifies whether Microsoft can collect infor
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start*
+-   GP name: *PreventLiveTileDataCollection*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1867,6 +2072,14 @@ Specifies whether users can override the Windows Defender SmartScreen Filter war
 Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for sites*
+-   GP name: *PreventSmartScreenPromptOverride*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1918,6 +2131,14 @@ The following list shows the supported values:
 Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for files*
+-   GP name: *PreventSmartScreenPromptOverrideForFiles*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1973,6 +2194,14 @@ The following list shows the supported values:
 Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent using Localhost IP address for WebRTC*
+-   GP name: *HideLocalHostIPAddress*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2037,6 +2266,15 @@ If you disable or don't configure this setting, employees will see the favorites
 Data type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Provision Favorites*
+-   GP name: *ConfiguredFavorites*
+-   GP element: *ConfiguredFavoritesPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2087,6 +2325,14 @@ Specifies whether to send intranet traffic over to Internet Explorer.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Send all intranet sites to Internet Explorer 11*
+-   GP name: *SendIntranetTraffictoInternetExplorer*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2148,6 +2394,15 @@ If this setting is not configured, the default search engine is set to the one s
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default search engine*
+-   GP name: *SetDefaultSearchEngine*
+-   GP element: *SetDefaultSearchEngine_Prompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2205,6 +2460,14 @@ Added in Windows 10, version 1607. Specifies whether users should see a full in
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Show message when opening sites in Internet Explorer*
+-   GP name: *ShowMessageWhenOpeningSitesInInternetExplorer*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2261,6 +2524,14 @@ Added in Windows 10, version 1703. Specifies whether favorites are kept in sync
 > Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Keep favorites in sync between Internet Explorer and Microsoft Edge*
+-   GP name: *SyncFavoritesBetweenIEAndMicrosoftEdge*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2322,6 +2593,14 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow a shared Books folder*
+-   GP name: *UseSharedFolderForBooks*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 635f9d4118..02a242ec12 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Camera
@@ -68,6 +68,14 @@ Disables or enables the camera.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Use of Camera*
+-   GP name: *L_AllowCamera*
+-   GP path: *Windows Components/Camera*
+-   GP ADMX file name: *Camera.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 0a1606c00c..5b9aa0d665 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Cellular
@@ -90,6 +90,13 @@ If you disable or do not configure this policy setting, employees in your organi
 If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.”
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_Enum*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -141,6 +148,13 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -184,6 +198,13 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -227,6 +248,13 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -270,13 +298,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX.
 
 If this policy setting is enabled, a drop-down list box presenting possible values will be active.  Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page.
-
-If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.”
-
-Supported values:
-
-- 0 - Hide
-- 1 - Show
+If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.
 
 <!--/Description-->
 > [!TIP]
@@ -286,14 +308,14 @@ Supported values:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set Per-App Cellular Access UI Visibility*
 -   GP name: *ShowAppCellularAccessUI*
 -   GP path: *Network/WWAN Service/WWAN UI Settings*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index df9e662f31..249cc6cac3 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Connectivity
@@ -216,6 +216,14 @@ Allows or disallows cellular data roaming on the device. Device reboot is not re
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prohibit connection to roaming Mobile Broadband networks*
+-   GP name: *WCM_DisableRoaming*
+-   GP path: *Network/Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -545,6 +553,17 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether to allow printing over HTTP from this client.
+
+Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
+
+Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
+
+If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.
+
+If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.
+
+Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
 
 <!--/Description-->
 > [!TIP]
@@ -554,14 +573,14 @@ The following list shows the supported values:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off printing over HTTP*
 -   GP name: *DisableHTTPPrinting_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -602,6 +621,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether to allow this client to download print driver packages over HTTP.
+
+To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
+
+Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.  It only prohibits downloading drivers that are not already installed locally.
+
+If you enable this policy setting, print drivers cannot be downloaded over HTTP.
+
+If you disable or do not configure this policy setting, users can download print drivers over HTTP.
 
 <!--/Description-->
 > [!TIP]
@@ -611,14 +639,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off downloading of print drivers over HTTP*
 -   GP name: *DisableWebPnPDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -659,6 +687,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.
+
+These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
+
+If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
+
+If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.
+
+See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
 
 <!--/Description-->
 > [!TIP]
@@ -668,14 +705,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
 -   GP name: *ShellPreventWPWDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -721,6 +758,14 @@ Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) de
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Network Connectivity Status Indicator active tests*
+-   GP name: *NoActiveProbe*
+-   GP path: *Internet Communication settings*
+-   GP ADMX file name: *ICM.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -773,14 +818,14 @@ If you enable this policy, Windows only allows access to the specified UNC paths
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hardened UNC Paths*
 -   GP name: *Pol_HardenedPaths*
 -   GP path: *Network/Network Provider*
 -   GP ADMX file name: *networkprovider.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -821,6 +866,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Determines whether a user can install and configure the Network Bridge.
+
+Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+
+The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.
+
+If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
 
 <!--/Description-->
 > [!TIP]
@@ -830,14 +882,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
 -   GP name: *NC_AllowNetBridge_NLA*
 -   GP path: *Network/Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 8994842055..039a57e0fb 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - CredentialProviders
@@ -87,14 +87,14 @@ To configure Windows Hello for Business, use the Administrative Template policie
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on convenience PIN sign-in*
 -   GP name: *AllowDomainPINLogon*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -137,7 +137,7 @@ ADMX Info:
 <!--Description-->
 This policy setting allows you to control whether a domain user can sign in using a picture password.
 
-If you enable this policy setting, a domain user can't set up or sign in with a picture password.
+If you enable this policy setting, a domain user can't set up or sign in with a picture password. 
 
 If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
 
@@ -151,14 +151,14 @@ Note that the user's domain password will be cached in the system vault when usi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off picture password sign-in*
 -   GP name: *BlockDomainPicturePassword*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 869f016e13..ec0f9a0c5e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - CredentialsUI
@@ -85,14 +85,14 @@ The policy applies to all Windows components and applications that use the Windo
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not display the password reveal button*
 -   GP name: *DisablePasswordReveal*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -147,14 +147,14 @@ If you disable this policy setting, users will always be required to type a user
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enumerate administrator accounts on elevation*
 -   GP name: *EnumerateAdministrators*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 81023d5fdd..b2360eb40b 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Cryptography
@@ -69,6 +69,12 @@ ms.date: 01/30/2018
 Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 9d64360b36..2aa9b34cd0 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - DataUsage
@@ -70,9 +70,9 @@ This policy setting configures the cost of 3G connections on the local machine.
 
 If this policy setting is enabled, a drop-down list box presenting possible cost values will be active.  Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:
 
-- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. 
 
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. 
 
 - Variable: This connection is costed on a per byte basis.
 
@@ -86,14 +86,14 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set 3G Cost*
 -   GP name: *SetCost3G*
 -   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -134,13 +134,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting configures the cost of 4G connections on the local machine.
+This policy setting configures the cost of 4G connections on the local machine.      
 
 If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:
 
-- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. 
 
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. 
 
 - Variable: This connection is costed on a per byte basis.
 
@@ -154,14 +154,14 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set 4G Cost*
 -   GP name: *SetCost4G*
 -   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 6dcfb31902..74091500ca 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Defender
@@ -172,6 +172,14 @@ ms.date: 01/30/2018
 Allows or disallows scanning of archives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan archive files*
+-   GP name: *Scan_DisableArchiveScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -226,6 +234,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender Behavior Monitoring functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on behavior monitoring*
+-   GP name: *RealtimeProtection_DisableBehaviorMonitoring*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -280,6 +296,15 @@ The following list shows the supported values:
 To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Join Microsoft MAPS*
+-   GP name: *SpynetReporting*
+-   GP element: *SpynetReporting*
+-   GP path: *Windows Components/Windows Defender Antivirus/MAPS*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -334,6 +359,14 @@ The following list shows the supported values:
 Allows or disallows scanning of email.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on e-mail scanning*
+-   GP name: *Scan_DisableEmailScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -388,6 +421,14 @@ The following list shows the supported values:
 Allows or disallows a full scan of mapped network drives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Run full scan on mapped network drives*
+-   GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -442,6 +483,14 @@ The following list shows the supported values:
 Allows or disallows a full scan of removable drives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan removable drives*
+-   GP name: *Scan_DisableRemovableDriveScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -496,6 +545,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender IOAVP Protection functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan all downloaded files and attachments*
+-   GP name: *RealtimeProtection_DisableIOAVProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -604,6 +661,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender On Access Protection functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Monitor file and program activity on your computer*
+-   GP name: *RealtimeProtection_DisableOnAccessProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -658,6 +723,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender Realtime Monitoring functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off real-time protection*
+-   GP name: *DisableRealtimeMonitoring*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -712,6 +785,14 @@ The following list shows the supported values:
 Allows or disallows a scanning of network files.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan network files*
+-   GP name: *Scan_DisableScanningNetworkFiles*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -820,6 +901,14 @@ The following list shows the supported values:
 Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable headless UI mode*
+-   GP name: *UX_Configuration_UILockdown*
+-   GP path: *Windows Components/Windows Defender Antivirus/Client Interface*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -876,6 +965,15 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att
 Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Exclude files and paths from Attack Surface Reduction Rules*
+-   GP name: *ExploitGuard_ASR_ASROnlyExclusions*
+-   GP element: *ExploitGuard_ASR_ASROnlyExclusions*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -927,6 +1025,15 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface
 Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Attack Surface Reduction rules*
+-   GP name: *ExploitGuard_ASR_Rules*
+-   GP element: *ExploitGuard_ASR_Rules*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -977,6 +1084,15 @@ Represents the average CPU load factor for the Windows Defender scan (in percent
 The default value is 50.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the maximum percentage of CPU utilization during a scan*
+-   GP name: *Scan_AvgCPULoadFactor*
+-   GP element: *Scan_AvgCPULoadFactor*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–100
 
@@ -1035,6 +1151,15 @@ For more information about specific values that are supported, see the Windows D
 > This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select cloud protection level*
+-   GP name: *MpEngine_MpCloudBlockLevel*
+-   GP element: *MpCloudBlockLevel*
+-   GP path: *Windows Components/Windows Defender Antivirus/MpEngine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1097,6 +1222,15 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure extended cloud check*
+-   GP name: *MpEngine_MpBafsExtendedTimeout*
+-   GP element: *MpBafsExtendedTimeout*
+-   GP path: *Windows Components/Windows Defender Antivirus/MpEngine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1143,6 +1277,15 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure allowed applications*
+-   GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
+-   GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1189,6 +1332,15 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
 Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure protected folders*
+-   GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
+-   GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1239,6 +1391,15 @@ Time period (in days) that quarantine items will be stored on the system.
 The default value is 0, which keeps items in quarantine, and does not automatically remove them.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure removal of items from Quarantine folder*
+-   GP name: *Quarantine_PurgeItemsAfterDelay*
+-   GP element: *Quarantine_PurgeItemsAfterDelay*
+-   GP path: *Windows Components/Windows Defender Antivirus/Quarantine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–90
 
@@ -1289,6 +1450,15 @@ Valid values: 0–90
 Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Controlled folder access*
+-   GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
+-   GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1349,6 +1519,15 @@ If you disable this policy, users/apps will not be blocked from connecting to da
 If you do not configure this policy, network blocking will be disabled by default.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent users and apps from accessing dangerous websites*
+-   GP name: *ExploitGuard_EnableNetworkProtection*
+-   GP element: *ExploitGuard_EnableNetworkProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Network Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1404,6 +1583,15 @@ The following list shows the supported values:
 Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Path Exclusions*
+-   GP name: *Exclusions_Paths*
+-   GP element: *Exclusions_PathsList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1451,6 +1639,15 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Extension Exclusions*
+-   GP name: *Exclusions_Extensions*
+-   GP element: *Exclusions_ExtensionsList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1504,6 +1701,15 @@ Allows an administrator to specify a list of files opened by processes to ignore
 Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Process Exclusions*
+-   GP name: *Exclusions_Processes*
+-   GP element: *Exclusions_ProcessesList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1609,6 +1815,15 @@ Controls which sets of files should be monitored.
 > If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure monitoring for incoming and outgoing file and program activity*
+-   GP name: *RealtimeProtection_RealtimeScanDirection*
+-   GP element: *RealtimeProtection_RealtimeScanDirection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1664,6 +1879,15 @@ The following list shows the supported values:
 Selects whether to perform a quick scan or full scan.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the scan type to use for a scheduled scan*
+-   GP name: *Scan_ScanParameters*
+-   GP element: *Scan_ScanParameters*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1727,6 +1951,15 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an
 The default value is 120
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the time for a daily quick scan*
+-   GP name: *Scan_ScheduleQuickScantime*
+-   GP element: *Scan_ScheduleQuickScantime*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–1380
 
@@ -1781,6 +2014,15 @@ Selects the day that the Windows Defender scan should run.
 > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the day of the week to run a scheduled scan*
+-   GP name: *Scan_ScheduleDay*
+-   GP element: *Scan_ScheduleDay*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1851,6 +2093,15 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an
 The default value is 120.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the time of day to run a scheduled scan*
+-   GP name: *Scan_ScheduleTime*
+-   GP element: *Scan_ScheduleTime*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–1380.
 
@@ -1907,6 +2158,15 @@ A value of 0 means no check for new signatures, a value of 1 means to check ever
 The default value is 8.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the interval to check for definition updates*
+-   GP name: *SignatureUpdate_SignatureUpdateInterval*
+-   GP element: *SignatureUpdate_SignatureUpdateInterval*
+-   GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–24.
 
@@ -1958,6 +2218,15 @@ Valid values: 0–24.
 Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Send file samples when further analysis is required*
+-   GP name: *SubmitSamplesConsent*
+-   GP element: *SubmitSamplesConsent*
+-   GP path: *Windows Components/Windows Defender Antivirus/MAPS*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2032,6 +2301,15 @@ The following list shows the supported values for possible actions:
 -   10 – Block
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify threat alert levels at which default action should not be taken when detected*
+-   GP name: *Threats_ThreatSeverityDefaultAction*
+-   GP element: *Threats_ThreatSeverityDefaultActionList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Threats*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 94134afb5a..2dda85153c 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - DeliveryOptimization
@@ -143,6 +143,15 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery
 The default value is 10.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Absolute Max Cache Size (in GB)*
+-   GP name: *AbsoluteMaxCacheSize*
+-   GP element: *AbsoluteMaxCacheSize*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -190,6 +199,15 @@ The default value is 10.
 Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable Peer Caching while the device connects via VPN*
+-   GP name: *AllowVPNPeerCaching*
+-   GP element: *AllowVPNPeerCaching*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -242,6 +260,15 @@ Added in Windows 10, version 1803. This policy allows you to delay the use of an
 After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay background download from http (in secs)*
+-   GP name: *DelayBackgroundDownloadFromHttp*
+-   GP element: *DelayBackgroundDownloadFromHttp*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -291,6 +318,15 @@ Note that a download that is waiting for peer sources, will appear to be stuck f
 The recommended value is 1 minute (60).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay Foreground download from http (in secs)*
+-   GP name: *DelayForegroundDownloadFromHttp*
+-   GP element: *DelayForegroundDownloadFromHttp*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values as number of seconds:
 
@@ -346,6 +382,15 @@ The following list shows the supported values as number of seconds:
 Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Download Mode*
+-   GP name: *DownloadMode*
+-   GP element: *DownloadMode*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -407,6 +452,15 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
 > You must use a GUID as the group ID.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Group ID*
+-   GP name: *GroupId*
+-   GP element: *GroupId*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -458,6 +512,15 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the source of Group IDs*
+-   GP name: *GroupIdSource*
+-   GP element: *GroupIdSource*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -516,6 +579,15 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt
 The default value is 259200 seconds (3 days).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Cache Age (in seconds)*
+-   GP name: *MaxCacheAge*
+-   GP element: *MaxCacheAge*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -565,6 +637,15 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe
 The default value is 20.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Cache Size (percentage)*
+-   GP name: *MaxCacheSize*
+-   GP element: *MaxCacheSize*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -614,6 +695,15 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in
 The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Maximum Download Bandwidth (in KB/s)*
+-   GP name: *MaxDownloadBandwidth*
+-   GP element: *MaxDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -663,6 +753,15 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us
 The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Upload Bandwidth (in KB/s)*
+-   GP name: *MaxUploadBandwidth*
+-   GP element: *MaxUploadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -712,6 +811,15 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality
 The default value is 500.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum Background QoS (in KB/s)*
+-   GP name: *MinBackgroundQos*
+-   GP element: *MinBackgroundQos*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -760,6 +868,15 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe
 The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow uploads while the device is on battery while under set Battery level (percentage)*
+-   GP name: *MinBatteryPercentageAllowedToUpload*
+-   GP element: *MinBatteryPercentageAllowedToUpload*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -812,6 +929,15 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap
 The default value is 32 GB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum disk size allowed to use Peer Caching (in GB)*
+-   GP name: *MinDiskSizeAllowedToPeer*
+-   GP element: *MinDiskSizeAllowedToPeer*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -861,6 +987,15 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB
 The default value is 100 MB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum Peer Caching Content File Size (in MB)*
+-   GP name: *MinFileSizeToCache*
+-   GP element: *MinFileSizeToCache*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -910,6 +1045,15 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required
 The default value is 4 GB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)*
+-   GP name: *MinRAMAllowedToPeer*
+-   GP element: *MinRAMAllowedToPeer*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -959,6 +1103,15 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati
 By default, %SystemDrive% is used to store the cache.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Modify Cache Drive*
+-   GP name: *ModifyCacheDrive*
+-   GP element: *ModifyCacheDrive*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1010,6 +1163,15 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is
 The default value is 20.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Monthly Upload Data Cap (in GB)*
+-   GP name: *MonthlyUploadDataCap*
+-   GP element: *MonthlyUploadDataCap*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1157,6 +1319,15 @@ Options available are: 1=Subnet mask (more options will be added in a future rel
 Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select a method to restrict Peer Selection*
+-   GP name: *RestrictPeerSelectionBy*
+-   GP element: *RestrictPeerSelectionBy*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1203,19 +1374,32 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
- 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
 <!--SupportedValues-->
 This policy allows an IT Admin to define the following:
 
 -  Business hours range (for example 06:00 to 18:00)
--  % of throttle for foreground traffic during business hours
--  % of throttle for foreground traffic outside of business hours
+-  % of throttle for background traffic during business hours
+-  % of throttle for background traffic outside of business hours
 
 <!--/SupportedValues-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Business Hours to Limit Background Download Bandwidth*
+-   GP name: *SetHoursToLimitBackgroundDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1256,9 +1440,7 @@ This policy allows an IT Admin to define the following:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
- 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
 <!--SupportedValues-->
@@ -1269,6 +1451,21 @@ This policy allows an IT Admin to define the following:
 -  % of throttle for foreground traffic outside of business hours
 
 <!--/SupportedValues-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Business Hours to Limit Foreground Download Bandwidth*
+-   GP name: *SetHoursToLimitForegroundDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 56fcae51f5..2957bd78f7 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Desktop
@@ -77,14 +77,14 @@ If you enable this setting, users are unable to type a new location in the Targe
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit User from manually redirecting Profile Folders*
 -   GP name: *DisablePersonalDirChange*
 -   GP path: *Desktop*
 -   GP ADMX file name: *desktop.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index bde8f4dc65..a516cc7ab4 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - DeviceGuard
@@ -72,6 +72,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -122,6 +130,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP element: *CredentialIsolationDrop*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -173,6 +190,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP element: *RequirePlatformSecurityFeaturesDrop*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 5813ea9ecb..c8b4f6b9d9 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - DeviceInstallation
@@ -80,14 +80,14 @@ If you disable or do not configure this policy setting, devices can be installed
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent installation of devices that match any of these device IDs*
 -   GP name: *DeviceInstall_IDs_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -142,14 +142,14 @@ If you disable or do not configure this policy setting, Windows can install and
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent installation of devices using drivers that match these device setup classes*
 -   GP name: *DeviceInstall_Classes_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 2555067447..e418951b10 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -1020,6 +1020,12 @@ The minimum password age must be less than the Maximum password age, unless the
 Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Minimum password age*
+-   GP path: *Windows Settings/Security Settings/Account Policies/Password Policy*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1074,14 +1080,14 @@ If you enable this setting, users will no longer be able to modify slide show se
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent enabling lock screen slide show*
 -   GP name: *CPL_Personalization_NoLockScreenSlideshow*
 -   GP path: *Control Panel/Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 481bc438d3..827b347c3e 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,15 +6,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/05/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Display
 
-
-> [!WARNING]  
+> [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
+
 <hr/>
 
 <!--Policies-->
@@ -80,15 +80,15 @@ ms.date: 02/05/2018
 This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
 
 <!--/Description-->
-<!--SupportedValues-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayDisablePerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
 
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -145,20 +145,22 @@ In some cases, you may see some unexpected behavior in some desktop applications
 Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayGlobalPerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
 -   0 - Disable.
 -   1 - Enable.
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -202,15 +204,15 @@ The following list shows the supported values:
 This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
 
 <!--/Description-->
-<!--SupportedValues-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayEnablePerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
 
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -262,6 +264,15 @@ If you disable or do not configure this policy setting, GDI DPI Scaling might st
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off GdiDPIScaling for applications*
+-   GP name: *DisplayTurnOffGdiDPIScaling*
+-   GP element: *DisplayTurnOffGdiDPIScalingPrompt*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
 <!--Validation-->
 To validate on Desktop, do the following:
 
@@ -320,6 +331,15 @@ If you disable or do not configure this policy setting, GDI DPI Scaling will not
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on GdiDPIScaling for applications*
+-   GP name: *DisplayTurnOnGdiDPIScaling*
+-   GP element: *DisplayTurnOnGdiDPIScalingPrompt*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
 <!--Validation-->
 To validate on Desktop, do the following:
 
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 3583549ed4..8eab86d6e3 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Education
@@ -117,6 +117,14 @@ The policy value is expected to be the name (network host name) of an installed
 Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent addition of printers*
+-   GP name: *NoAddPrinter*
+-   GP path: *Control Panel/Printers*
+-   GP ADMX file name: *Printing.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index e33bbb0431..ed18d1d8d9 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - ErrorReporting
@@ -99,14 +99,14 @@ If you disable or do not configure this policy setting, then the default consent
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Customize consent settings*
 -   GP name: *WerConsentCustomize_2*
 -   GP path: *Windows Components/Windows Error Reporting/Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -161,14 +161,14 @@ If you disable or do not configure this policy setting, the Turn off Windows Err
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disable Windows Error Reporting*
 -   GP name: *WerDisable_2*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -227,14 +227,14 @@ See also the Configure Error Reporting policy setting.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display Error Notification*
 -   GP name: *PCH_ShowUI*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -289,14 +289,14 @@ If you disable or do not configure this policy setting, then consent policy sett
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not send additional data*
 -   GP name: *WerNoSecondLevelData_2*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -351,14 +351,14 @@ If you disable or do not configure this policy setting, Windows Error Reporting
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent display of the user interface for critical errors*
 -   GP name: *WerDoNotShowUI*
 -   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 10a8c1e6f4..e0d3529cc9 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - EventLogService
@@ -78,7 +78,7 @@ If you enable this policy setting and a log file reaches its maximum size, new e
 
 If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
 
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
 
 <!--/Description-->
 > [!TIP]
@@ -88,14 +88,14 @@ Note: Old events may or may not be retained according to the "Backup log automat
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_1*
 -   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the maximum size of the
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_1*
 -   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -212,14 +212,14 @@ If you disable or do not configure this policy setting, the maximum size of the
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_2*
 -   GP path: *Windows Components/Event Log Service/Security*
 -   GP ADMX file name: *eventlog.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -274,14 +274,14 @@ If you disable or do not configure this policy setting, the maximum size of the
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_4*
 -   GP path: *Windows Components/Event Log Service/System*
 -   GP ADMX file name: *eventlog.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 8d5e6e3703..b741cd983e 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/26/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Experience
@@ -188,6 +188,14 @@ Specifies whether Cortana is allowed on the device. If you enable or don’t con
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Cortana*
+-   GP name: *AllowCortana*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -296,6 +304,14 @@ When Find My Device is on, the device and its location are registered in the clo
 When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On/Off Find My Device*
+-   GP name: *FindMy_AllowFindMyDeviceConfig*
+-   GP path: *Windows Components/Find My Device*
+-   GP ADMX file name: *FindMy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -593,6 +609,14 @@ Diagnostic data can include browser, app and feature usage, depending on the "Di
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not use diagnostic data for tailored experiences*
+-   GP name: *DisableTailoredExperiencesWithDiagnosticData*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -701,6 +725,14 @@ The following list shows the supported values:
 Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not suggest third-party content in Windows spotlight*
+-   GP name: *DisableThirdPartySuggestions*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -813,6 +845,14 @@ This policy allows IT admins to turn on experiences that are typically for consu
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Microsoft consumer experiences*
+-   GP name: *DisableWindowsConsumerFeatures*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -869,6 +909,14 @@ Specifies whether to turn off all Windows spotlight features at once. If you ena
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off all Windows spotlight features*
+-   GP name: *DisableWindowsSpotlightFeatures*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -924,6 +972,14 @@ Added in Windows 10, version 1703. This policy allows administrators to prevent
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Spotlight on Action Center*
+-   GP name: *DisableWindowsSpotlightOnActionCenter*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -975,23 +1031,24 @@ Added in Windows 10, version 1083. This policy allows IT admins to turn off Sugg
 
 -  User setting is under Settings -> Privacy -> General -> Show me suggested content in Settings app.
 -  User Setting is changeable on a per user basis.
--  If the Group policy is set to off, no suggestions will be shown to the user in Settings app. 
+-  If the Group policy is set to off, no suggestions will be shown to the user in Settings app.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Spotlight on Settings*
+-   GP name: *DisableWindowsSpotlightOnSettings*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
 -   0 - Not allowed.
 -   1 - Allowed.
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -1041,6 +1098,14 @@ The Windows welcome experience feature introduces onboard users to Windows; for
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off the Windows Welcome Experience*
+-   GP name: *DisableWindowsSpotlightWindowsWelcomeExperience*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1091,6 +1156,14 @@ The following list shows the supported values:
 Enables or disables Windows Tips / soft landing.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not show Windows tips*
+-   GP name: *DisableSoftLanding*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1145,6 +1218,14 @@ The following list shows the supported values:
 Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Windows spotlight on lock screen*
+-   GP name: *ConfigureWindowsSpotlight*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1200,6 +1281,14 @@ If you enable this policy setting, users will no longer see feedback notificatio
 If you disable or do not configure this policy setting, users can control how often they receive feedback questions.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not show feedback notifications*
+-   GP name: *DoNotShowFeedbackNotifications*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *FeedbackNotifications.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index f52eb4c227..ca51c9a7a7 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - ExploitGuard
@@ -68,6 +68,15 @@ Enables the IT admin to push out a configuration representing the desired system
 The system settings require a reboot; the application settings do not require a reboot.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Use a common set of exploit protection settings*
+-   GP name: *ExploitProtection_Name*
+-   GP element: *ExploitProtection_Name*
+-   GP path: *Windows Components/Windows Defender Exploit Guard/Exploit Protection*
+-   GP ADMX file name: *ExploitGuard.admx*
+
+<!--/ADMXMapped-->
 <!--Example-->
 Here is an example:
 
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index c03012e8f2..438387b1b6 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Handwriting
@@ -72,6 +72,14 @@ In floating mode, the content is hidden behind a flying-in panel and results in
 The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Handwriting Panel Default Mode Docked*
+-   GP name: *PanelDefaultModeDocked*
+-   GP path: *Windows Components/Handwriting*
+-   GP ADMX file name: *Handwriting.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 4e2042350f..23a0b5a050 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - InternetExplorer
@@ -804,14 +804,14 @@ If you disable or do not configure this policy setting, the user can configure t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Add a specific list of search providers to the user's list of search providers*
 -   GP name: *AddSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -867,14 +867,14 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on ActiveX Filtering*
 -   GP name: *TurnOnActiveXFiltering*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -922,7 +922,7 @@ This list can be used with the 'Deny all add-ons unless specifically allowed in
 
 If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
 
-Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.  The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
+Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.  The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
 
 Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
 
@@ -936,14 +936,14 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Add-on List*
 -   GP name: *AddonManagement_AddOnList*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -984,6 +984,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This AutoComplete feature can remember and suggest User names and passwords on Forms.
+
+If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords".
+
+If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
+
+If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
 
 <!--/Description-->
 > [!TIP]
@@ -993,14 +1000,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on the auto-complete feature for user names and passwords on forms*
 -   GP name: *RestrictFormSuggestPW*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1042,6 +1049,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.
+
+If you enable this policy setting, the certificate address mismatch warning always appears.
+
+If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).
 
 <!--/Description-->
 > [!TIP]
@@ -1051,14 +1063,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on certificate address mismatch warning*
 -   GP name: *IZ_PolicyWarnCertMismatch*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1100,6 +1112,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files, cookies, history, form data, and passwords) are applied, and those items are deleted.
+
+If you enable this policy setting, deleting browsing history on exit is turned on.
+
+If you disable this policy setting, deleting browsing history on exit is turned off.
+
+If you do not configure this policy setting, it can be configured on the General tab in Internet Options.
+
+If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
 
 <!--/Description-->
 > [!TIP]
@@ -1109,14 +1130,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow deleting browsing history on exit*
 -   GP name: *DBHDisableDeleteOnExit*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1174,14 +1195,14 @@ If you do not configure this policy, users will be able to turn on or turn off E
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Enhanced Protected Mode*
 -   GP name: *Advanced_EnableEnhancedProtectedMode*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1237,14 +1258,14 @@ If you disable or don't configure this policy setting, the menu option won't app
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Let users turn on and use Enterprise Mode from the Tools menu*
 -   GP name: *EnterpriseModeEnable*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1300,14 +1321,14 @@ If you disable or don't configure this policy setting, Internet Explorer opens a
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use the Enterprise Mode IE website list*
 -   GP name: *EnterpriseModeSiteList*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1348,6 +1369,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.
+
+We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.
+
+This policy does not affect which security protocols are enabled.
+
+If you disable this policy, system defaults will be used.
 
 <!--/Description-->
 > [!TIP]
@@ -1357,14 +1385,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)*
 -   GP name: *Advanced_EnableSSL3Fallback*
 -   GP path: *Windows Components/Internet Explorer/Security Features*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1420,14 +1448,14 @@ If you disable or do not configure this policy setting, the user can add and rem
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use Policy List of Internet Explorer 7 sites*
 -   GP name: *CompatView_UsePolicyList*
 -   GP path: *Windows Components/Internet Explorer/Compatibility View*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1485,14 +1513,14 @@ If you do not configure this policy setting, Internet Explorer uses an Internet
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Internet Explorer Standards Mode for local intranet*
 -   GP name: *CompatView_IntranetSites*
 -   GP path: *Windows Components/Internet Explorer/Compatibility View*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1554,14 +1582,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Zone Template*
 -   GP name: *IZ_PolicyInternetZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1623,14 +1651,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Intranet Zone Template*
 -   GP name: *IZ_PolicyIntranetZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1692,14 +1720,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Local Machine Zone Template*
 -   GP name: *IZ_PolicyLocalMachineZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1761,14 +1789,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Locked-Down Internet Zone Template*
 -   GP name: *IZ_PolicyInternetZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1830,14 +1858,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Locked-Down Intranet Zone Template*
 -   GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1899,14 +1927,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Locked-Down Local Machine Zone Template*
 -   GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1968,14 +1996,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Locked-Down Restricted Sites Zone Template*
 -   GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2031,14 +2059,14 @@ If you disable or do not configure this policy setting, Internet Explorer does n
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Go to an intranet site for a one-word entry in the Address bar*
 -   GP name: *UseIntranetSiteForOneWordEntry*
 -   GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2084,9 +2112,9 @@ This policy setting allows you to manage a list of sites that you want to associ
 
 Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
 
-If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
+If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:
 
-Valuename  A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also includea specificprotocol. For example, if you enter http://www.contoso.comas the valuename, other protocols are not affected.If you enter just www.contoso.com,then all protocolsare affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
 
 Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
 
@@ -2100,14 +2128,14 @@ If you disable or do not configure this policy, users may choose their own site-
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Site to Zone Assignment List*
 -   GP name: *IZ_Zonemaps*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2149,6 +2177,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.
+
+If you enable this policy setting, users will be prompted to install or run files with an invalid signature.
+
+If you disable this policy setting, users cannot run or install files with an invalid signature.
+
+If you do not configure this policy, users can choose to run or install files with an invalid signature.
 
 <!--/Description-->
 > [!TIP]
@@ -2158,14 +2193,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow software to run or install even if the signature is invalid*
 -   GP name: *Advanced_InvalidSignatureBlock*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2207,9 +2242,9 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.
+This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Suggested Sites reports a user’s browsing history to Microsoft to suggest sites that the user might want to visit.
 
-If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.
+If you enable this policy setting, the user is not prompted to enable Suggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions.
 
 If you disable this policy setting, the entry points and functionality associated with this feature are turned off.
 
@@ -2223,14 +2258,14 @@ If you do not configure this policy setting, the user can turn on and turn off t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Suggested Sites*
 -   GP name: *EnableSuggestedSites*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2292,14 +2327,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Trusted Sites Zone Template*
 -   GP name: *IZ_PolicyTrustedSitesZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2361,14 +2396,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Locked-Down Trusted Sites Zone Template*
 -   GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2430,14 +2465,14 @@ Note. It is recommended to configure template policy settings in one Group Polic
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restricted Sites Zone Template*
 -   GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2479,6 +2514,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.
+
+If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.
+
+If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
+
+If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
 
 <!--/Description-->
 > [!TIP]
@@ -2488,14 +2530,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Check for server certificate revocation*
 -   GP name: *Advanced_CertificateRevocation*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2537,6 +2579,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
+
+If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
+
+If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
+
+If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
 
 <!--/Description-->
 > [!TIP]
@@ -2546,14 +2595,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Check for signatures on downloaded programs*
 -   GP name: *Advanced_DownloadSignatures*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2595,6 +2644,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
+
+This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
+
+If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.
+
+If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.
+
+If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
 
 <!--/Description-->
 > [!TIP]
@@ -2604,14 +2662,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Processes*
--   GP name: *IESF_PolicyExplorerProcesses_2*
--   GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction*
+-   GP name: *IESF_PolicyExplorerProcesses_5*
+-   GP path: *Windows Components/Internet Explorer/Security Features/Consistent Mime Handling*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2669,14 +2727,14 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
 -   GP name: *DisableFlashInIE*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2732,14 +2790,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent bypassing SmartScreen Filter warnings*
 -   GP name: *DisableSafetyFilterOverride*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2795,14 +2853,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
 -   GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2844,6 +2902,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.
+
+If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.
+
+If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.
 
 <!--/Description-->
 > [!TIP]
@@ -2853,14 +2916,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disable "Configuring History"*
 -   GP name: *RestrictHistory*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2902,6 +2965,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage the crash detection feature of add-on Management.
+
+If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.
+
+If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.
 
 <!--/Description-->
 > [!TIP]
@@ -2911,14 +2979,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Crash Detection*
 -   GP name: *AddonManagement_RestrictCrashDetection*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -2976,14 +3044,14 @@ If you do not configure this policy setting, the user can choose to participate
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent participation in the Customer Experience Improvement Program*
 -   GP name: *SQM_DisableCEIP*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3025,6 +3093,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.
+
+If you enable this policy setting, websites that the user has visited are preserved when he or she clicks Delete.
+
+If you disable this policy setting, websites that the user has visited are deleted when he or she clicks Delete.
+
+If you do not configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete.
+
+If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
 
 <!--/Description-->
 > [!TIP]
@@ -3034,14 +3111,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent deleting websites that the user has visited*
 -   GP name: *DBHDisableDeleteHistory*
 -   GP path: *Windows Components/Internet Explorer/Delete Browsing History*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3097,14 +3174,14 @@ If you disable or do not configure this policy setting, the user can set the Fee
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent downloading of enclosures*
 -   GP name: *Disable_Downloading_of_Enclosures*
 -   GP path: *Windows Components/RSS Feeds*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3146,7 +3223,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.
+This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most preferred match.
 
 If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.
 
@@ -3162,14 +3239,14 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off encryption support*
 -   GP name: *Advanced_SetWinInetProtocols*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3214,8 +3291,8 @@ ADMX Info:
 This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.
 
 If you enable this policy setting, you must make one of the following choices:
-Skip the First Run wizard, and go directly to the user's home page.
-Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.
+-   Skip the First Run wizard, and go directly to the user's home page.
+-   Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.
 
 Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.
 
@@ -3229,14 +3306,14 @@ If you disable or do not configure this policy setting, Internet Explorer may ru
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent running First Run wizard*
 -   GP name: *NoFirstRunCustomise*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3296,14 +3373,14 @@ If you don't configure this setting, users can turn this behavior on or off, usi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off the flip ahead with page prediction feature*
 -   GP name: *Advanced_DisableFlipAhead*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3358,14 +3435,14 @@ If you disable or do not configure this policy setting, the Home page box is ena
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disable changing home page settings*
 -   GP name: *RestrictHomePage*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3407,6 +3484,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer.
+
+If you enable this policy setting, the user cannot continue browsing.
+
+If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
 
 <!--/Description-->
 > [!TIP]
@@ -3416,14 +3498,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent ignoring certificate errors*
 -   GP name: *NoCertError*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3465,6 +3547,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to turn off the InPrivate Browsing feature.
+
+InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies, temporary Internet files, history, and other data.
+
+If you enable this policy setting, InPrivate Browsing is turned off.
+
+If you disable this policy setting, InPrivate Browsing is available for use.
+
+If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.
 
 <!--/Description-->
 > [!TIP]
@@ -3474,14 +3565,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off InPrivate Browsing*
 -   GP name: *DisableInPrivateBrowsing*
 -   GP path: *Windows Components/Internet Explorer/Privacy*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3523,6 +3614,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
+
+Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.
+
+If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+
+If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
+
+If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
 
 <!--/Description-->
 > [!TIP]
@@ -3532,14 +3632,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
 -   GP name: *Advanced_EnableEnhancedProtectedMode64Bit*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3595,14 +3695,14 @@ If you disable or do not configure this policy setting, the user can configure p
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent changing proxy settings*
 -   GP name: *RestrictProxy*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3658,14 +3758,14 @@ If you disable or do not configure this policy setting, the user can change the
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent changing the default search provider*
 -   GP name: *NoSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3713,7 +3813,7 @@ If you enable this policy setting, you can specify which default home pages shou
 
 If you disable or do not configure this policy setting, the user can add secondary home pages.
 
-Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.
+Note: If the “Disable Changing Home Page Settings” policy is enabled, the user cannot add secondary home pages.
 
 <!--/Description-->
 > [!TIP]
@@ -3723,14 +3823,14 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disable changing secondary home page settings*
 -   GP name: *SecondaryHomePages*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3772,6 +3872,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.
+
+If you enable this policy setting, the feature is turned off.
+
+If you disable or do not configure this policy setting, the feature is turned on.
 
 <!--/Description-->
 > [!TIP]
@@ -3781,14 +3886,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off the Security Settings Check feature*
 -   GP name: *Disable_Security_Settings_Check*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3845,14 +3950,14 @@ This policy is intended to help the administrator maintain version control for I
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disable Periodic Check for Internet Explorer software updates*
 -   GP name: *NoUpdateCheck*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3894,6 +3999,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode.
+
+Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.
+
+When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website.
+
+If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode.
+
+If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
 
 <!--/Description-->
 > [!TIP]
@@ -3903,14 +4017,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
 -   GP name: *Advanced_DisableEPMCompat*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -3971,14 +4085,14 @@ Also, see the "Security zones: Use only machine settings" policy.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Zones: Do not allow users to add/delete sites*
 -   GP name: *Security_zones_map_edit*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4039,14 +4153,14 @@ Also, see the "Security zones: Use only machine settings" policy.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Zones: Do not allow users to change policies*
 -   GP name: *Security_options_edit*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4104,14 +4218,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
 -   GP name: *VerMgmtDisable*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4173,14 +4287,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
 -   GP name: *VerMgmtDomainAllowlist*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4238,14 +4352,14 @@ If you do not configure this policy setting, users choose whether to force local
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
 -   GP name: *IZ_IncludeUnspecifiedLocalSites*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4303,14 +4417,14 @@ If you do not configure this policy setting, users choose whether network paths
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Intranet Sites: Include all network paths (UNCs)*
 -   GP name: *IZ_UNCAsIntranet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4368,14 +4482,14 @@ If you do not configure this policy setting, users cannot load a page in the zon
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4433,14 +4547,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4496,14 +4610,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4545,6 +4659,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+
+If you enable this policy setting, a script can perform a clipboard operation.
+
+If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
+
+If you disable this policy setting, a script cannot perform a clipboard operation.
+
+If you do not configure this policy setting, a script can perform a clipboard operation.
 
 <!--/Description-->
 > [!TIP]
@@ -4554,14 +4677,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow cut, copy or paste operations from the clipboard via script*
 -   GP name: *IZ_PolicyAllowPasteViaScript_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4603,6 +4726,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+
+If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
+
+If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.
+
+If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.
 
 <!--/Description-->
 > [!TIP]
@@ -4612,14 +4742,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow drag and drop or copy and paste files*
 -   GP name: *IZ_PolicyDropOrPasteFiles_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4677,14 +4807,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4742,14 +4872,14 @@ If you do not configure this policy setting, Web sites from less privileged zone
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4791,6 +4921,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.
+
+If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.
+
+If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.
+
+If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
 
 <!--/Description-->
 > [!TIP]
@@ -4800,14 +4937,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow loading of XAML files*
 -   GP name: *IZ_Policy_XAML_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4865,14 +5002,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4914,6 +5051,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
+
+If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
+
+If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -4923,14 +5065,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow only approved domains to use ActiveX controls without prompt*
 -   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -4972,6 +5114,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+
+If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
+
+If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -4981,14 +5128,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow only approved domains to use the TDC ActiveX control*
 -   GP name: *IZ_PolicyAllowTDCControl_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5030,6 +5177,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
+
+If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
+
+If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+
+If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
 
 <!--/Description-->
 > [!TIP]
@@ -5039,14 +5193,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow script-initiated windows without size or position constraints*
 -   GP name: *IZ_PolicyWindowsRestrictionsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5088,6 +5242,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether a page can control embedded WebBrowser controls via script.
+
+If you enable this policy setting, script access to the WebBrowser control is allowed.
+
+If you disable this policy setting, script access to the WebBrowser control is not allowed.
+
+If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
 
 <!--/Description-->
 > [!TIP]
@@ -5097,14 +5258,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
 -   GP name: *IZ_Policy_WebBrowserControl_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5162,14 +5323,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5229,14 +5390,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5278,6 +5439,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+
+If you enable this policy setting, script is allowed to update the status bar.
+
+If you disable or do not configure this policy setting, script is not allowed to update the status bar.
 
 <!--/Description-->
 > [!TIP]
@@ -5287,14 +5453,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow updates to status bar via script*
 -   GP name: *IZ_Policy_ScriptStatusBar_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5352,14 +5518,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5401,6 +5567,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+
+If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 <!--/Description-->
 > [!TIP]
@@ -5410,14 +5583,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5459,6 +5632,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+
+If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
+
+If you disable the policy setting, signed controls cannot be downloaded.
+
+If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded.
 
 <!--/Description-->
 > [!TIP]
@@ -5468,14 +5648,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download signed ActiveX controls*
 -   GP name: *IZ_PolicyDownloadSignedActiveX_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5517,6 +5697,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+
+If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
+
+If you disable this policy setting, users cannot run unsigned controls.
+
+If you do not configure this policy setting, users cannot run unsigned controls.
 
 <!--/Description-->
 > [!TIP]
@@ -5526,14 +5713,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download unsigned ActiveX controls*
 -   GP name: *IZ_PolicyDownloadUnsignedActiveX_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5575,6 +5762,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
+
+If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.
+
+If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
 
 <!--/Description-->
 > [!TIP]
@@ -5584,14 +5776,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Cross-Site Scripting Filter*
 -   GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5633,6 +5825,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
 
 <!--/Description-->
 > [!TIP]
@@ -5642,14 +5843,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable dragging of content from different domains across windows*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5691,6 +5892,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
 
 <!--/Description-->
 > [!TIP]
@@ -5700,14 +5910,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable dragging of content from different domains within a window*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5749,6 +5959,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.
+
+If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.
+
+If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
+
+If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -5758,14 +5975,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable MIME Sniffing*
 -   GP name: *IZ_PolicyMimeSniffingURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5807,6 +6024,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.
+
+If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.
+
+If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.
+
+If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
 
 <!--/Description-->
 > [!TIP]
@@ -5816,14 +6040,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Protected Mode*
 -   GP name: *IZ_Policy_TurnOnProtectedMode_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5865,6 +6089,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+
+If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
+
+If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.
+
+If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
 
 <!--/Description-->
 > [!TIP]
@@ -5874,14 +6105,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Include local path when user is uploading files to a server*
 -   GP name: *IZ_Policy_LocalPathForUpload_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -5941,14 +6172,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6023,6 +6254,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, the permission is set to High Safety.
 
 <!--/Description-->
 > [!TIP]
@@ -6032,14 +6276,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6081,6 +6325,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+
+If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
+
+If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
+
+If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -6090,14 +6341,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Launching applications and files in an IFRAME*
 -   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6139,6 +6390,21 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage settings for logon options.
+
+If you enable this policy setting, you can choose from the following logon options.
+
+Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+
+Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
+
+Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
+
+Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
+
+If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.
+
+If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.
 
 <!--/Description-->
 > [!TIP]
@@ -6148,14 +6414,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Logon options*
 -   GP name: *IZ_PolicyLogon_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6213,14 +6479,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6262,6 +6528,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+
+If you disable this policy setting, Internet Explorer will not execute signed managed components.
+
+If you do not configure this policy setting, Internet Explorer will execute signed managed components.
 
 <!--/Description-->
 > [!TIP]
@@ -6271,14 +6544,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components signed with Authenticode*
 -   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6320,6 +6593,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+
+If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
+
+If you disable this policy setting, these files do not open.
+
+If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
 
 <!--/Description-->
 > [!TIP]
@@ -6329,14 +6609,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Show security warning for potentially unsafe files*
 -   GP name: *IZ_Policy_UnsafeFiles_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6378,6 +6658,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+
+If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
+
+If you disable this policy setting, pop-up windows are not prevented from appearing.
+
+If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
 
 <!--/Description-->
 > [!TIP]
@@ -6387,14 +6674,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use Pop-up Blocker*
 -   GP name: *IZ_PolicyBlockPopupWindows_1*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6452,14 +6739,14 @@ If you do not configure this policy setting, users are queried to choose whether
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6517,14 +6804,14 @@ If you do not configure this policy setting, users will receive a prompt when a
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6580,14 +6867,14 @@ If you disable or do not configure this setting, users will receive a file downl
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6645,14 +6932,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6710,14 +6997,14 @@ If you do not configure this policy setting, Web sites from less privileged zone
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6775,14 +7062,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6840,14 +7127,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6907,14 +7194,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -6972,14 +7259,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7021,6 +7308,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+
+If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 <!--/Description-->
 > [!TIP]
@@ -7030,14 +7324,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7097,14 +7391,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7146,6 +7440,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, the permission is set to Medium Safety.
 
 <!--/Description-->
 > [!TIP]
@@ -7155,14 +7462,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7220,14 +7527,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7285,14 +7592,14 @@ If you do not configure this policy setting, users can load a page in the zone t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7350,14 +7657,14 @@ If you do not configure this policy setting, users will receive a prompt when a
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7413,14 +7720,14 @@ If you disable or do not configure this setting, users will receive a file downl
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7478,14 +7785,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7543,14 +7850,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7608,14 +7915,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7673,14 +7980,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7740,14 +8047,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7805,14 +8112,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7854,6 +8161,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+
+If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 <!--/Description-->
 > [!TIP]
@@ -7863,14 +8177,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7930,14 +8244,14 @@ If you do not configure this policy setting, users are queried whether to allow
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -7979,6 +8293,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, the permission is set to Medium Safety.
 
 <!--/Description-->
 > [!TIP]
@@ -7988,14 +8315,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8053,14 +8380,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8118,14 +8445,14 @@ If you do not configure this policy setting, users cannot load a page in the zon
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8183,14 +8510,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8246,14 +8573,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8311,14 +8638,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8376,14 +8703,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8441,14 +8768,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8506,14 +8833,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8573,14 +8900,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8638,14 +8965,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8705,14 +9032,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8754,6 +9081,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
 
 <!--/Description-->
 > [!TIP]
@@ -8763,14 +9103,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8828,14 +9168,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8893,14 +9233,14 @@ If you do not configure this policy setting, users are queried to choose whether
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -8958,14 +9298,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9021,14 +9361,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9086,14 +9426,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9151,14 +9491,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9216,14 +9556,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9281,14 +9621,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9348,14 +9688,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9413,14 +9753,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9480,14 +9820,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9545,14 +9885,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9610,14 +9950,14 @@ If you do not configure this policy setting, users can load a page in the zone t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9675,14 +10015,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9738,14 +10078,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9803,14 +10143,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9868,14 +10208,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9933,14 +10273,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -9998,14 +10338,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10065,14 +10405,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10130,14 +10470,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10197,14 +10537,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10246,6 +10586,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
 
 <!--/Description-->
 > [!TIP]
@@ -10255,14 +10608,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10320,14 +10673,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10385,14 +10738,14 @@ If you do not configure this policy setting, users cannot load a page in the zon
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10450,14 +10803,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10513,14 +10866,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10578,14 +10931,14 @@ If you do not configure this policy setting, users are queried whether to allow
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10643,14 +10996,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10708,14 +11061,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10773,14 +11126,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10840,14 +11193,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10905,14 +11258,14 @@ If you do not configure this policy setting, users cannot preserve information i
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -10972,14 +11325,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11021,6 +11374,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
 
 <!--/Description-->
 > [!TIP]
@@ -11030,14 +11396,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11095,14 +11461,14 @@ If you do not configure this policy setting, users cannot open other windows and
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11160,14 +11526,14 @@ If you do not configure this policy setting, users can load a page in the zone t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11225,14 +11591,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11288,14 +11654,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11353,14 +11719,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11418,14 +11784,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11483,14 +11849,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11548,14 +11914,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11615,14 +11981,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11680,14 +12046,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11747,14 +12113,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11796,6 +12162,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
 
 <!--/Description-->
 > [!TIP]
@@ -11805,14 +12184,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11870,14 +12249,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11919,6 +12298,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.
+
+If you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
+
+If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes.
+
+If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
 
 <!--/Description-->
 > [!TIP]
@@ -11928,14 +12314,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_3*
 -   GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -11977,6 +12363,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
+
+If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
+
+If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.
+
+If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
 
 <!--/Description-->
 > [!TIP]
@@ -11986,14 +12379,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_6*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12035,6 +12428,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.
+
+If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
+
+If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes.
+
+If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12044,14 +12444,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Processes*
 -   GP name: *IESF_PolicyExplorerProcesses_10*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Notification bar*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12093,6 +12493,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.
+
+If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
+
+If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.
 
 <!--/Description-->
 > [!TIP]
@@ -12102,14 +12507,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent managing SmartScreen Filter*
 -   GP name: *Disable_Managing_Safety_Filter_IE9*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12151,6 +12556,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.
+
+If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis.
+
+If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.
 
 <!--/Description-->
 > [!TIP]
@@ -12160,14 +12570,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent per-user installation of ActiveX controls*
 -   GP name: *DisablePerUserActiveXInstall*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12209,6 +12619,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.
+
+If you enable this policy setting, any zone can be protected from zone elevation for all processes.
+
+If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
 
 <!--/Description-->
 > [!TIP]
@@ -12218,14 +12633,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *All Processes*
 -   GP name: *IESF_PolicyAllProcesses_9*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12267,6 +12682,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX controls in Internet Explorer.
+
+If you enable this policy setting, users won't see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control.
+
+If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once.
+
+For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
 
 <!--/Description-->
 > [!TIP]
@@ -12276,14 +12698,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
 -   GP name: *VerMgmtDisableRunThisTime*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12325,6 +12747,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.
+
+If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.
+
+If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12334,14 +12761,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *All Processes*
 -   GP name: *IESF_PolicyAllProcesses_11*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12383,6 +12810,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.
+
+If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.
+
+If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12392,14 +12824,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *All Processes*
 -   GP name: *IESF_PolicyAllProcesses_12*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12457,14 +12889,14 @@ If you do not configure this policy setting, users cannot load a page in the zon
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12506,6 +12938,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether script code on pages in the zone is run.
+
+If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
+
+If you disable this policy setting, script code on pages in the zone is prevented from running.
+
+If you do not configure this policy setting, script code on pages in the zone is prevented from running.
 
 <!--/Description-->
 > [!TIP]
@@ -12515,14 +12954,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow active scripting*
 -   GP name: *IZ_PolicyActiveScripting_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12580,14 +13019,14 @@ If you do not configure this policy setting, ActiveX control installations will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12643,14 +13082,14 @@ If you disable or do not configure this setting, file downloads that are not use
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12692,6 +13131,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.
+
+If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
+
+If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
+
+If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
 
 <!--/Description-->
 > [!TIP]
@@ -12701,14 +13147,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow binary and script behaviors*
 -   GP name: *IZ_PolicyBinaryBehaviors_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12750,6 +13196,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
+
+If you enable this policy setting, a script can perform a clipboard operation.
+
+If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
+
+If you disable this policy setting, a script cannot perform a clipboard operation.
+
+If you do not configure this policy setting, a script cannot perform a clipboard operation.
 
 <!--/Description-->
 > [!TIP]
@@ -12759,14 +13214,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow cut, copy or paste operations from the clipboard via script*
 -   GP name: *IZ_PolicyAllowPasteViaScript_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12808,6 +13263,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
+
+If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
+
+If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.
+
+If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -12817,14 +13279,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow drag and drop or copy and paste files*
 -   GP name: *IZ_PolicyDropOrPasteFiles_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12866,6 +13328,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
+
+If you enable this policy setting, files can be downloaded from the zone.
+
+If you disable this policy setting, files are prevented from being downloaded from the zone.
+
+If you do not configure this policy setting, files are prevented from being downloaded from the zone.
 
 <!--/Description-->
 > [!TIP]
@@ -12875,14 +13344,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow file downloads*
 -   GP name: *IZ_PolicyFileDownload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -12940,14 +13409,14 @@ If you do not configure this policy setting, users are queried whether to allow
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13005,14 +13474,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13054,6 +13523,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.
+
+If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.
+
+If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.
+
+If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
 
 <!--/Description-->
 > [!TIP]
@@ -13063,14 +13539,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow loading of XAML files*
 -   GP name: *IZ_Policy_XAML_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13112,6 +13588,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
+
+If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
+
+If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
+
+If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
 
 <!--/Description-->
 > [!TIP]
@@ -13121,14 +13604,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow META REFRESH*
 -   GP name: *IZ_PolicyAllowMETAREFRESH_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13186,14 +13669,14 @@ If you do not configure this policy setting, Internet Explorer will not execute
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13235,6 +13718,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.
+
+If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.
+
+If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -13244,14 +13732,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow only approved domains to use ActiveX controls without prompt*
 -   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13293,6 +13781,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites.
+
+If you enable this policy setting, the TDC ActiveX control will not run from websites in this zone.
+
+If you disable this policy setting, the TDC Active X control will run from all sites in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -13302,14 +13795,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow only approved domains to use the TDC ActiveX control*
 -   GP name: *IZ_PolicyAllowTDCControl_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13351,6 +13844,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
+
+If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
+
+If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
+
+If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
 
 <!--/Description-->
 > [!TIP]
@@ -13360,14 +13860,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow script-initiated windows without size or position constraints*
 -   GP name: *IZ_PolicyWindowsRestrictionsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13409,6 +13909,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether a page can control embedded WebBrowser controls via script.
+
+If you enable this policy setting, script access to the WebBrowser control is allowed.
+
+If you disable this policy setting, script access to the WebBrowser control is not allowed.
+
+If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
 
 <!--/Description-->
 > [!TIP]
@@ -13418,14 +13925,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scripting of Internet Explorer WebBrowser controls*
 -   GP name: *IZ_Policy_WebBrowserControl_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13483,14 +13990,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13550,14 +14057,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13599,6 +14106,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
+
+If you enable this policy setting, script is allowed to update the status bar.
+
+If you disable or do not configure this policy setting, script is not allowed to update the status bar.
 
 <!--/Description-->
 > [!TIP]
@@ -13608,14 +14120,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow updates to status bar via script*
 -   GP name: *IZ_Policy_ScriptStatusBar_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13673,14 +14185,14 @@ If you do not configure this policy setting, users cannot preserve information i
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13722,6 +14234,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+
+If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 <!--/Description-->
 > [!TIP]
@@ -13731,14 +14250,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13780,6 +14299,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
+
+If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
+
+If you disable the policy setting, signed controls cannot be downloaded.
+
+If you do not configure this policy setting, signed controls cannot be downloaded.
 
 <!--/Description-->
 > [!TIP]
@@ -13789,14 +14315,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download signed ActiveX controls*
 -   GP name: *IZ_PolicyDownloadSignedActiveX_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13838,6 +14364,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
+
+If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
+
+If you disable this policy setting, users cannot run unsigned controls.
+
+If you do not configure this policy setting, users cannot run unsigned controls.
 
 <!--/Description-->
 > [!TIP]
@@ -13847,14 +14380,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download unsigned ActiveX controls*
 -   GP name: *IZ_PolicyDownloadUnsignedActiveX_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13896,6 +14429,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.
+
+If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.
+
+If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
 
 <!--/Description-->
 > [!TIP]
@@ -13905,14 +14443,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Cross-Site Scripting Filter*
 -   GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -13954,6 +14492,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.
+
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
+
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.
+
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.
+
+In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.
 
 <!--/Description-->
 > [!TIP]
@@ -13963,14 +14510,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable dragging of content from different domains across windows*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14012,6 +14559,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.
+
+If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.
+
+If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
+
+In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
+
+In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
 
 <!--/Description-->
 > [!TIP]
@@ -14021,14 +14577,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable dragging of content from different domains within a window*
 -   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14070,6 +14626,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.
+
+If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.
+
+If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
+
+If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
 
 <!--/Description-->
 > [!TIP]
@@ -14079,14 +14642,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable MIME Sniffing*
 -   GP name: *IZ_PolicyMimeSniffingURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14128,6 +14691,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.
+
+If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.
+
+If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.
+
+If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
 
 <!--/Description-->
 > [!TIP]
@@ -14137,14 +14707,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Include local path when user is uploading files to a server*
 -   GP name: *IZ_Policy_LocalPathForUpload_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14204,14 +14774,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14253,6 +14823,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
 
 <!--/Description-->
 > [!TIP]
@@ -14262,14 +14845,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14311,6 +14894,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
+
+If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
+
+If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
+
+If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
 
 <!--/Description-->
 > [!TIP]
@@ -14320,14 +14910,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Launching applications and files in an IFRAME*
 -   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14369,6 +14959,21 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage settings for logon options.
+
+If you enable this policy setting, you can choose from the following logon options.
+
+Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
+
+Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
+
+Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
+
+Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
+
+If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.
+
+If you do not configure this policy setting, logon is set to Prompt for username and password.
 
 <!--/Description-->
 > [!TIP]
@@ -14378,14 +14983,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Logon options*
 -   GP name: *IZ_PolicyLogon_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14443,14 +15048,14 @@ If you do not configure this policy setting, users cannot open other windows and
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14492,6 +15097,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.
+
+If you enable this policy setting, controls and plug-ins can run without user intervention.
+
+If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.
+
+If you disable this policy setting, controls and plug-ins are prevented from running.
+
+If you do not configure this policy setting, controls and plug-ins are prevented from running.
 
 <!--/Description-->
 > [!TIP]
@@ -14501,14 +15115,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run ActiveX controls and plugins*
 -   GP name: *IZ_PolicyRunActiveXControls_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14550,6 +15164,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
+
+If you disable this policy setting, Internet Explorer will not execute signed managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute signed managed components.
 
 <!--/Description-->
 > [!TIP]
@@ -14559,14 +15180,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components signed with Authenticode*
 -   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14608,6 +15229,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.
+
+If you enable this policy setting, script interaction can occur automatically without user intervention.
+
+If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.
+
+If you disable this policy setting, script interaction is prevented from occurring.
+
+If you do not configure this policy setting, script interaction is prevented from occurring.
 
 <!--/Description-->
 > [!TIP]
@@ -14617,14 +15247,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Script ActiveX controls marked safe for scripting*
 -   GP name: *IZ_PolicyScriptActiveXMarkedSafe_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14666,6 +15296,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether applets are exposed to scripts within the zone.
+
+If you enable this policy setting, scripts can access applets automatically without user intervention.
+
+If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.
+
+If you disable this policy setting, scripts are prevented from accessing applets.
+
+If you do not configure this policy setting, scripts are prevented from accessing applets.
 
 <!--/Description-->
 > [!TIP]
@@ -14675,14 +15314,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Scripting of Java applets*
 -   GP name: *IZ_PolicyScriptingOfJavaApplets_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14724,6 +15363,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).
+
+If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.
+
+If you disable this policy setting, these files do not open.
+
+If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
 
 <!--/Description-->
 > [!TIP]
@@ -14733,14 +15379,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Show security warning for potentially unsafe files*
 -   GP name: *IZ_Policy_UnsafeFiles_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14782,6 +15428,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.
+
+If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.
+
+If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.
+
+If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
 
 <!--/Description-->
 > [!TIP]
@@ -14791,14 +15444,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Protected Mode*
 -   GP name: *IZ_Policy_TurnOnProtectedMode_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14840,6 +15493,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
+
+If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
+
+If you disable this policy setting, pop-up windows are not prevented from appearing.
+
+If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
 
 <!--/Description-->
 > [!TIP]
@@ -14849,14 +15509,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use Pop-up Blocker*
 -   GP name: *IZ_PolicyBlockPopupWindows_7*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14898,6 +15558,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
+
+If you enable this policy setting, scripted windows are restricted for all processes.
+
+If you disable or do not configure this policy setting, scripted windows are not restricted.
 
 <!--/Description-->
 > [!TIP]
@@ -14907,14 +15572,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *All Processes*
 -   GP name: *IESF_PolicyAllProcesses_8*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -14970,14 +15635,14 @@ If you disable or do not configure this policy setting, the user can configure h
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict search providers to a specific list*
 -   GP name: *SpecificSearchProvider*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15018,6 +15683,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.
+
+If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.
+
+If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings.
+
+This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user.
+
+Also, see the "Security zones: Do not allow users to change policies" policy.
 
 <!--/Description-->
 > [!TIP]
@@ -15027,14 +15701,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Zones: Use only machine settings *
 -   GP name: *Security_HKLM_only*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15076,6 +15750,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to specify how ActiveX controls are installed.
+
+If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls.
+
+If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.
 
 <!--/Description-->
 > [!TIP]
@@ -15085,14 +15764,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
 -   GP name: *OnlyUseAXISForActiveXInstall*
 -   GP path: *Windows Components/Internet Explorer*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15150,14 +15829,14 @@ If you do not configure this policy setting, users can load a page in the zone t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Access data sources across domains*
 -   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15215,14 +15894,14 @@ If you do not configure this policy setting, users will receive a prompt when a
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for ActiveX controls*
 -   GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15278,14 +15957,14 @@ If you disable or do not configure this setting, users will receive a file downl
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Automatic prompting for file downloads*
 -   GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15343,14 +16022,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow font downloads*
 -   GP name: *IZ_PolicyFontDownload_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15408,14 +16087,14 @@ If you do not configure this policy setting, a warning is issued to the user tha
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Web sites in less privileged Web content zones can navigate into this zone*
 -   GP name: *IZ_PolicyZoneElevationURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15473,14 +16152,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run .NET Framework-reliant components not signed with Authenticode*
 -   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15538,14 +16217,14 @@ If you do not configure this policy setting, the user can enable or disable scri
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow scriptlets*
 -   GP name: *IZ_Policy_AllowScriptlets_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15605,14 +16284,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on SmartScreen Filter scan*
 -   GP name: *IZ_Policy_Phishing_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15670,14 +16349,14 @@ If you do not configure this policy setting, users can preserve information in t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Userdata persistence*
 -   GP name: *IZ_PolicyUserdataPersistence_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15719,6 +16398,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
+
+If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
+
+If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.
 
 <!--/Description-->
 > [!TIP]
@@ -15728,14 +16414,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run antimalware programs against ActiveX controls*
 -   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15795,14 +16481,14 @@ If you do not configure this policy setting, users are queried whether to allow
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initialize and script ActiveX controls not marked as safe*
 -   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15844,6 +16530,19 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, the permission is set to Low Safety.
 
 <!--/Description-->
 > [!TIP]
@@ -15853,14 +16552,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Java permissions*
 -   GP name: *IZ_PolicyJavaPermissions_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -15918,14 +16617,14 @@ If you do not configure this policy setting, users can open windows and frames f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Navigate windows and frames across different domains*
 -   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
 -   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
 -   GP ADMX file name: *inetres.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 361a19a81c..6831acebc5 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Kerberos
@@ -89,14 +89,14 @@ If you disable or do not configure this policy setting, the Kerberos client does
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use forest search order*
 -   GP name: *ForestSearch*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -137,7 +137,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
+This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. 
 If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
 
 If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
@@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the client devices will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
 -   GP name: *EnableCbacAndArmor*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -202,9 +202,9 @@ This policy setting controls whether a computer requires that Kerberos message e
 
 Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
 
-If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.
+If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. 
 
-Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring.
+Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. 
 
 If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
 
@@ -216,14 +216,14 @@ If you disable or do not configure this policy setting, the client computers in
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Fail authentication requests when Kerberos armoring is not available*
 -   GP name: *ClientRequireFast*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -264,7 +264,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.
+This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.  
 
 If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
 
@@ -278,14 +278,14 @@ If you disable or do not configure this policy setting, the Kerberos client requ
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Require strict KDC validation*
 -   GP name: *ValidateKDC*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -328,11 +328,11 @@ ADMX Info:
 <!--Description-->
 This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
 
-The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.
+The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. 
 
 If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.
 
-If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.
+If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. 
 
 Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
 
@@ -344,14 +344,14 @@ Note: This policy setting configures the existing MaxTokenSize registry value in
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set maximum Kerberos SSPI context token buffer size*
 -   GP name: *MaxTokenSize*
 -   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 66109605f7..0e063d9b5f 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Licensing
@@ -69,6 +69,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Control Device Reactivation for Retail devices*
+-   GP name: *AllowWindowsEntitlementReactivation*
+-   GP path: *Windows Components/Software Protection Platform*
+-   GP ADMX file name: *AVSValidationGP.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -119,6 +127,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off KMS Client Online AVS Validation*
+-   GP name: *NoAcquireGT*
+-   GP path: *Windows Components/Software Protection Platform*
+-   GP ADMX file name: *AVSValidationGP.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index f67234078a..1ffde8a086 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
@@ -238,6 +238,12 @@ If you disable or do not configure this policy (recommended), users will be able
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Accounts: Block Microsoft accounts*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -297,6 +303,12 @@ Default: Disabled.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Accounts: Administrator account status*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/DbMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - local Administrator account is disabled
@@ -352,6 +364,12 @@ Note: If the Guest account is disabled and the security option Network Access: S
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Accounts: Guest account status*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/DbMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - local Guest account is disabled
@@ -415,6 +433,12 @@ It is possible for applications that use remote interactive logons to bypass thi
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Accounts: Limit local account use of blank passwords to console logon only*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 -  disabled - local accounts that are not password protected can be used to log on from locations other than the physical computer console
@@ -470,6 +494,12 @@ Default: Administrator.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Accounts: Rename administrator account*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -519,6 +549,12 @@ Default: Guest.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Accounts: Rename guest account*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -569,6 +605,12 @@ Caution:
 Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Devices: Allow undock without having to log on*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -619,6 +661,12 @@ This security setting determines who is allowed to format and eject removable NT
 Default: This policy is not defined and only Administrators have this ability.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Devices: Allowed to format and eject removable media*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -671,6 +719,12 @@ Note
 This setting does not affect the ability to add a local printer. This setting does not affect Administrators.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Devices: Prevent users from installing printer drivers*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -720,6 +774,12 @@ If this policy is enabled, it allows only the interactively logged-on user to ac
 Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Devices: Restrict CD-ROM access to locally logged-on user only*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -780,6 +840,12 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann
 Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Digitally encrypt or sign secure channel data (always)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -837,6 +903,12 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc
 Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Digitally encrypt secure channel data (when possible)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -888,6 +960,12 @@ This setting determines whether or not the domain member attempts to negotiate s
 Default: Enabled.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Digitally sign secure channel data (when possible)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -940,6 +1018,12 @@ This security setting should not be enabled. Computer account passwords are used
 This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Disable machine account password changes*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -991,6 +1075,12 @@ Important
 This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Maximum machine account password age*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1053,6 +1143,12 @@ In order to take advantage of this policy on member workstations and servers, al
 In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Domain member: Require strong (Windows 2000 or later) session key*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1099,6 +1195,12 @@ Interactive Logon:Display user information when the session is locked
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Display user information when the session is locked*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:
 - 1 - User display name, domain and user names
@@ -1158,6 +1260,12 @@ Default: Disabled.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Don't display last signed-in*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled (username will be shown)
@@ -1217,6 +1325,12 @@ Default: Disabled.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Don't display username at sign-in*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled (username will be shown)
@@ -1277,6 +1391,12 @@ Default on stand-alone computers: Enabled.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Do not require CTRL+ALT+DEL*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled
@@ -1332,6 +1452,12 @@ Default: not enforced.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Machine inactivity limit*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled 
@@ -1389,6 +1515,12 @@ Default: No message.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Message text for users attempting to log on*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1438,6 +1570,12 @@ Default: No message.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Message title for users attempting to log on*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1502,6 +1640,12 @@ Default: This policy is not defined, which means that the system treats it as No
 On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Interactive logon: Smart card removal behavior*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1567,6 +1711,12 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network client: Digitally sign communications (always)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1629,6 +1779,12 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network client: Digitally sign communications (if server agrees)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1678,6 +1834,12 @@ Sending unencrypted passwords is a security risk.
 Default: Disabled.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network client: Send unencrypted password to third-party SMB servers*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1729,6 +1891,12 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui
 Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network server: Amount of idle time required before suspending session*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1803,6 +1971,12 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network server: Digitally sign communications (always)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1869,6 +2043,12 @@ SMB packet signing can significantly degrade SMB performance, depending on diale
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Microsoft network server: Digitally sign communications (if client agrees)*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1928,6 +2108,12 @@ Important
 This policy has no impact on domain controllers.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1977,6 +2163,12 @@ Windows allows anonymous users to perform certain activities, such as enumeratin
 Default: Disabled.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2077,6 +2269,12 @@ Network access: Shares that can be accessed anonymously
 Default: Enabled.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network access: Restrict anonymous access to Named Pipes and Shares*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2126,6 +2324,12 @@ If not selected, the default security descriptor will be used.
 This policy is supported on at least Windows Server 2016.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network access: Restrict clients allowed to make remote calls to SAM*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2231,6 +2435,12 @@ This policy will be turned off by default on domain joined machines. This would
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled
@@ -2291,6 +2501,12 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat
 This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Do not store LAN Manager hash value on next password change*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2360,6 +2576,12 @@ Windows Server 2003: Send NTLM response only
 Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: LAN Manager authentication level*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2414,6 +2636,12 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2468,6 +2696,12 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2568,6 +2802,12 @@ Default on servers: Disabled.
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Shutdown: Allow system to be shut down without having to log on*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled
@@ -2625,6 +2865,12 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl
 Default: Disabled.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Shutdown: Clear virtual memory pagefile*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2727,6 +2973,12 @@ The secure desktop can be disabled only by the user of the interactive desktop o
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 Valid values:  
 - 0 - disabled
@@ -2794,6 +3046,12 @@ The options are:
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2840,6 +3098,12 @@ This policy setting controls the behavior of the elevation prompt for standard u
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Behavior of the elevation prompt for standard users*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2899,6 +3163,12 @@ Enabled: (Default) When an application installation package is detected that req
 Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Detect application installations and prompt for elevation*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2950,6 +3220,12 @@ The options are:
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Only elevate executables that are signed and validated*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3007,6 +3283,12 @@ The options are:
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3059,6 +3341,12 @@ The options are:
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Run all administrators in Admin Approval Mode*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3110,6 +3398,12 @@ The options are:
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Switch to the secure desktop when prompting for elevation*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3161,6 +3455,12 @@ The options are:
 • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Admin Approval Mode for the Built-in Administrator account*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3208,6 +3508,12 @@ This policy setting controls whether application write failures are redirected t
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *User Account Control: Virtualize file and registry write failures to per-user locations*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
index ac9c25abfa..18e7a7fd97 100644
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Location
@@ -69,6 +69,14 @@ Added in Windows 10, version 1703. Optional policy that allows for IT admin to
 > This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Location Provider*
+-   GP name: *DisableWindowsLocationProvider_1*
+-   GP path: *Windows Components/Location and Sensors/Windows Location Provider*
+-   GP ADMX file name: *LocationProviderAdm.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index a63d073566..be9c02f1d7 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - LockDown
@@ -68,6 +68,14 @@ Added in Windows 10, version 1607. Allows the user to invoke any system user in
 The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow edge swipe*
+-   GP name: *AllowEdgeSwipe*
+-   GP path: *Windows Components/Edge UI*
+-   GP ADMX file name: *EdgeUI.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 4d5a5f55ec..d60af40683 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Maps
@@ -124,6 +124,14 @@ Added in Windows 10, version 1607. Disables the automatic download and update o
 After the policy is applied, you can verify the settings in the user interface in **System** &gt; **Offline Maps**.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download and Update of Map Data*
+-   GP name: *TurnOffAutoUpdate*
+-   GP path: *Windows Components/Maps*
+-   GP ADMX file name: *WinMaps.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index abd33e0f71..2ad6d83fe0 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Messaging
@@ -125,6 +125,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Message Service Cloud Sync*
+-   GP name: *AllowMessageSync*
+-   GP path: *Windows Components/Messaging*
+-   GP ADMX file name: *messaging.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 445d9a8d6d..70db29303b 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - NetworkIsolation
@@ -87,6 +87,15 @@ ms.date: 01/30/2018
 Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enterprise resource domains hosted in the cloud*
+-   GP name: *WF_NetIsolation_EnterpriseCloudResources*
+-   GP element: *WF_NetIsolation_EnterpriseCloudResourcesBox*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -130,6 +139,15 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
 Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Private network ranges for  apps*
+-   GP name: *WF_NetIsolation_PrivateSubnet*
+-   GP element: *WF_NetIsolation_PrivateSubnetBox*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--Example-->
 For example:
 
@@ -186,6 +204,14 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Subnet definitions are authoritative*
+-   GP name: *WF_NetIsolation_Authoritative_Subnet*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -229,6 +255,15 @@ Boolean value that tells the client to accept the configured list and not to use
 This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Intranet proxy servers for  apps*
+-   GP name: *WF_NetIsolation_Intranet_Proxies*
+-   GP element: *WF_NetIsolation_Intranet_ProxiesBox*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -325,6 +360,15 @@ Here are the steps to create canonical domain names:
 This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Internet proxy servers for apps*
+-   GP name: *WF_NetIsolation_Domain_Proxies*
+-   GP element: *WF_NetIsolation_Domain_ProxiesBox*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -368,6 +412,14 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
 Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Proxy definitions are authoritative*
+-   GP name: *WF_NetIsolation_Authoritative_Proxies*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -411,6 +463,15 @@ Boolean value that tells the client to accept the configured list of proxies and
 List of domain names that can used for work or personal resource.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Domains categorized as both work and personal*
+-   GP name: *WF_NetIsolation_NeutralResources*
+-   GP element: *WF_NetIsolation_NeutralResourcesBox*
+-   GP path: *Network/Network Isolation*
+-   GP ADMX file name: *NetworkIsolation.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 2f8a4559f5..b4363ef967 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Notifications
@@ -70,6 +70,14 @@ For each user logged into the device, if you enable this policy (set value to 1)
 No reboot or service restart is required for this policy to take effect.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off notification mirroring*
+-   GP name: *NoNotificationMirroring*
+-   GP path: *Start Menu and Taskbar/Notifications*
+-   GP ADMX file name: *WPN.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 5bc495e5d8..c69cf5db4a 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Power
@@ -101,14 +101,14 @@ If you disable this policy setting, standby states (S1-S3) are not allowed.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)*
 -   GP name: *AllowStandbyStatesAC_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -149,13 +149,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -165,14 +165,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off the display (on battery)*
 -   GP name: *VideoPowerDownTimeOutDC_2*
 -   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -213,13 +213,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -229,14 +229,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off the display (plugged in)*
 -   GP name: *VideoPowerDownTimeOutAC_2*
 -   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -277,14 +277,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -294,14 +293,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the system hibernate timeout (on battery)*
 -   GP name: *DCHibernateTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -342,13 +341,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -358,14 +357,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the system hibernate timeout (plugged in)*
 -   GP name: *ACHibernateTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -420,14 +419,14 @@ If you disable this policy setting, the user is not prompted for a password when
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Require a password when a computer wakes (on battery)*
 -   GP name: *DCPromptForPasswordOnResume_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -482,14 +481,14 @@ If you disable this policy setting, the user is not prompted for a password when
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Require a password when a computer wakes (plugged in)*
 -   GP name: *ACPromptForPasswordOnResume_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -530,13 +529,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -546,14 +545,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the system sleep timeout (on battery)*
 -   GP name: *DCStandbyTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -594,13 +593,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
 
 If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]
@@ -610,14 +609,14 @@ If the user has configured a slide show to run on the lock screen when the machi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify the system sleep timeout (plugged in)*
 -   GP name: *ACStandbyTimeOut_2*
 -   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 2e10fa65e7..fd0939f604 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Printers
@@ -96,14 +96,14 @@ If you disable this policy setting:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Point and Print Restrictions*
 -   GP name: *PointAndPrint_Restrictions_Win7*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -171,14 +171,14 @@ If you disable this policy setting:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Point and Print Restrictions*
 -   GP name: *PointAndPrint_Restrictions*
 -   GP path: *Control Panel/Printers*
 -   GP ADMX file name: *Printing.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -235,14 +235,14 @@ Note: This settings takes priority over the setting "Automatically publish new p
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow printers to be published*
 -   GP name: *PublishPrinters*
 -   GP path: *Printers*
 -   GP ADMX file name: *Printing2.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index c42149d2f1..3595219241 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Privacy
@@ -352,6 +352,14 @@ Updated in Windows 10, version 1709. Allows the usage of cloud based speech serv
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow input personalization*
+-   GP name: *AllowInputPersonalization*
+-   GP path: *Control Panel/Regional and Language Options*
+-   GP ADMX file name: *Globalization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -404,6 +412,14 @@ Added in Windows 10, version 1607. Enables or disables the Advertising ID.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off the advertising ID*
+-   GP name: *DisableAdvertisingId*
+-   GP path: *System/User Profiles*
+-   GP ADMX file name: *UserProfiles.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -455,6 +471,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enables Activity Feed*
+-   GP name: *EnableActivityFeed*
+-   GP path: *System/OS Policies*
+-   GP ADMX file name: *OSPolicy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -508,6 +532,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access ac
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access account information*
+-   GP name: *LetAppsAccessAccountInfo*
+-   GP element: *LetAppsAccessAccountInfo_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -559,6 +592,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access account information*
+-   GP name: *LetAppsAccessAccountInfo*
+-   GP element: *LetAppsAccessAccountInfo_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -602,6 +644,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access account information*
+-   GP name: *LetAppsAccessAccountInfo*
+-   GP element: *LetAppsAccessAccountInfo_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -645,6 +696,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access account information*
+-   GP name: *LetAppsAccessAccountInfo*
+-   GP element: *LetAppsAccessAccountInfo_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -691,6 +751,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access th
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the calendar*
+-   GP name: *LetAppsAccessCalendar*
+-   GP element: *LetAppsAccessCalendar_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -742,6 +811,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the calendar*
+-   GP name: *LetAppsAccessCalendar*
+-   GP element: *LetAppsAccessCalendar_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -785,6 +863,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the calendar*
+-   GP name: *LetAppsAccessCalendar*
+-   GP element: *LetAppsAccessCalendar_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -828,6 +915,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the calendar*
+-   GP name: *LetAppsAccessCalendar*
+-   GP element: *LetAppsAccessCalendar_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -874,6 +970,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access ca
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access call history*
+-   GP name: *LetAppsAccessCallHistory*
+-   GP element: *LetAppsAccessCallHistory_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -925,6 +1030,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access call history*
+-   GP name: *LetAppsAccessCallHistory*
+-   GP element: *LetAppsAccessCallHistory_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -968,6 +1082,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access call history*
+-   GP name: *LetAppsAccessCallHistory*
+-   GP element: *LetAppsAccessCallHistory_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1011,6 +1134,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access call history*
+-   GP name: *LetAppsAccessCallHistory*
+-   GP element: *LetAppsAccessCallHistory_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1057,6 +1189,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access th
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the camera*
+-   GP name: *LetAppsAccessCamera*
+-   GP element: *LetAppsAccessCamera_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1108,6 +1249,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the camera*
+-   GP name: *LetAppsAccessCamera*
+-   GP element: *LetAppsAccessCamera_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1151,6 +1301,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the camera*
+-   GP name: *LetAppsAccessCamera*
+-   GP element: *LetAppsAccessCamera_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1194,6 +1353,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the camera*
+-   GP name: *LetAppsAccessCamera*
+-   GP element: *LetAppsAccessCamera_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1240,6 +1408,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access co
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access contacts*
+-   GP name: *LetAppsAccessContacts*
+-   GP element: *LetAppsAccessContacts_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1291,6 +1468,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access contacts*
+-   GP name: *LetAppsAccessContacts*
+-   GP element: *LetAppsAccessContacts_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1334,6 +1520,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access contacts*
+-   GP name: *LetAppsAccessContacts*
+-   GP element: *LetAppsAccessContacts_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1377,6 +1572,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access contacts*
+-   GP name: *LetAppsAccessContacts*
+-   GP element: *LetAppsAccessContacts_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1423,6 +1627,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access em
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access email*
+-   GP name: *LetAppsAccessEmail*
+-   GP element: *LetAppsAccessEmail_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1474,6 +1687,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access email*
+-   GP name: *LetAppsAccessEmail*
+-   GP element: *LetAppsAccessEmail_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1517,6 +1739,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access email*
+-   GP name: *LetAppsAccessEmail*
+-   GP element: *LetAppsAccessEmail_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1560,6 +1791,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access email*
+-   GP name: *LetAppsAccessEmail*
+-   GP element: *LetAppsAccessEmail_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1606,6 +1846,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access lo
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access location*
+-   GP name: *LetAppsAccessLocation*
+-   GP element: *LetAppsAccessLocation_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1657,6 +1906,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access location*
+-   GP name: *LetAppsAccessLocation*
+-   GP element: *LetAppsAccessLocation_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1700,6 +1958,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access location*
+-   GP name: *LetAppsAccessLocation*
+-   GP element: *LetAppsAccessLocation_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1743,6 +2010,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access location*
+-   GP name: *LetAppsAccessLocation*
+-   GP element: *LetAppsAccessLocation_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1789,6 +2065,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can read or s
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access messaging*
+-   GP name: *LetAppsAccessMessaging*
+-   GP element: *LetAppsAccessMessaging_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1840,6 +2125,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access messaging*
+-   GP name: *LetAppsAccessMessaging*
+-   GP element: *LetAppsAccessMessaging_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1883,6 +2177,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access messaging*
+-   GP name: *LetAppsAccessMessaging*
+-   GP element: *LetAppsAccessMessaging_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1926,6 +2229,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access messaging*
+-   GP name: *LetAppsAccessMessaging*
+-   GP element: *LetAppsAccessMessaging_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1972,6 +2284,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access th
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the microphone*
+-   GP name: *LetAppsAccessMicrophone*
+-   GP element: *LetAppsAccessMicrophone_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2023,6 +2344,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the microphone*
+-   GP name: *LetAppsAccessMicrophone*
+-   GP element: *LetAppsAccessMicrophone_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2066,6 +2396,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the microphone*
+-   GP name: *LetAppsAccessMicrophone*
+-   GP element: *LetAppsAccessMicrophone_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2109,6 +2448,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access the microphone*
+-   GP name: *LetAppsAccessMicrophone*
+-   GP element: *LetAppsAccessMicrophone_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2155,6 +2503,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access mo
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access motion*
+-   GP name: *LetAppsAccessMotion*
+-   GP element: *LetAppsAccessMotion_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2206,6 +2563,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access motion*
+-   GP name: *LetAppsAccessMotion*
+-   GP element: *LetAppsAccessMotion_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2249,6 +2615,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access motion*
+-   GP name: *LetAppsAccessMotion*
+-   GP element: *LetAppsAccessMotion_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2292,6 +2667,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access motion*
+-   GP name: *LetAppsAccessMotion*
+-   GP element: *LetAppsAccessMotion_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2338,6 +2722,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access no
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access notifications*
+-   GP name: *LetAppsAccessNotifications*
+-   GP element: *LetAppsAccessNotifications_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2389,6 +2782,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access notifications*
+-   GP name: *LetAppsAccessNotifications*
+-   GP element: *LetAppsAccessNotifications_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2432,6 +2834,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access notifications*
+-   GP name: *LetAppsAccessNotifications*
+-   GP element: *LetAppsAccessNotifications_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2475,6 +2886,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access notifications*
+-   GP name: *LetAppsAccessNotifications*
+-   GP element: *LetAppsAccessNotifications_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2521,6 +2941,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can make phon
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps make phone calls*
+-   GP name: *LetAppsAccessPhone*
+-   GP element: *LetAppsAccessPhone_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2572,6 +3001,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps make phone calls*
+-   GP name: *LetAppsAccessPhone*
+-   GP element: *LetAppsAccessPhone_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2615,6 +3053,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps make phone calls*
+-   GP name: *LetAppsAccessPhone*
+-   GP element: *LetAppsAccessPhone_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2658,6 +3105,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps make phone calls*
+-   GP name: *LetAppsAccessPhone*
+-   GP element: *LetAppsAccessPhone_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2704,6 +3160,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps have access t
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps control radios*
+-   GP name: *LetAppsAccessRadios*
+-   GP element: *LetAppsAccessRadios_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2755,6 +3220,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps control radios*
+-   GP name: *LetAppsAccessRadios*
+-   GP element: *LetAppsAccessRadios_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2798,6 +3272,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps control radios*
+-   GP name: *LetAppsAccessRadios*
+-   GP element: *LetAppsAccessRadios_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2841,6 +3324,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps control radios*
+-   GP name: *LetAppsAccessRadios*
+-   GP element: *LetAppsAccessRadios_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2884,6 +3376,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access Tasks*
+-   GP name: *LetAppsAccessTasks*
+-   GP element: *LetAppsAccessTasks_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2927,6 +3428,15 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access Tasks*
+-   GP name: *LetAppsAccessTasks*
+-   GP element: *LetAppsAccessTasks_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2970,6 +3480,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access Tasks*
+-   GP name: *LetAppsAccessTasks*
+-   GP element: *LetAppsAccessTasks_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3013,6 +3532,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access Tasks*
+-   GP name: *LetAppsAccessTasks*
+-   GP element: *LetAppsAccessTasks_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3059,6 +3587,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can access tr
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access trusted devices*
+-   GP name: *LetAppsAccessTrustedDevices*
+-   GP element: *LetAppsAccessTrustedDevices_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -3110,6 +3647,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access trusted devices*
+-   GP name: *LetAppsAccessTrustedDevices*
+-   GP element: *LetAppsAccessTrustedDevices_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3153,6 +3699,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access trusted devices*
+-   GP name: *LetAppsAccessTrustedDevices*
+-   GP element: *LetAppsAccessTrustedDevices_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3196,6 +3751,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access trusted devices*
+-   GP name: *LetAppsAccessTrustedDevices*
+-   GP element: *LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3242,6 +3806,15 @@ Added in Windows 10, version 1703. Force allow, force deny or give user control
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP name: *LetAppsGetDiagnosticInfo*
+-   GP element: *LetAppsGetDiagnosticInfo_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -3293,6 +3866,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP name: *LetAppsGetDiagnosticInfo*
+-   GP element: *LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3336,6 +3918,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP name: *LetAppsGetDiagnosticInfo*
+-   GP element: *LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3379,6 +3970,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps access diagnostic information about other apps*
+-   GP name: *LetAppsGetDiagnosticInfo*
+-   GP element: *LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3427,6 +4027,15 @@ Most restricted value is 2.
 > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps run in the background*
+-   GP name: *LetAppsRunInBackground*
+-   GP element: *LetAppsRunInBackground_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -3478,6 +4087,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps run in the background*
+-   GP name: *LetAppsRunInBackground*
+-   GP element: *LetAppsRunInBackground_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3521,6 +4139,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps run in the background*
+-   GP name: *LetAppsRunInBackground*
+-   GP element: *LetAppsRunInBackground_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3564,6 +4191,15 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
 Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps run in the background*
+-   GP name: *LetAppsRunInBackground*
+-   GP element: *LetAppsRunInBackground_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3610,6 +4246,15 @@ Added in Windows 10, version 1607. Specifies whether Windows apps can sync with
 Most restricted value is 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP name: *LetAppsSyncWithDevices*
+-   GP element: *LetAppsSyncWithDevices_Enum*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -3661,6 +4306,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP name: *LetAppsSyncWithDevices*
+-   GP element: *LetAppsSyncWithDevices_ForceAllowTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3704,6 +4358,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP name: *LetAppsSyncWithDevices*
+-   GP element: *LetAppsSyncWithDevices_ForceDenyTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3747,6 +4410,15 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Let Windows apps communicate with unpaired devices*
+-   GP name: *LetAppsSyncWithDevices*
+-   GP element: *LetAppsSyncWithDevices_UserInControlOfTheseApps_List*
+-   GP path: *Windows Components/App Privacy*
+-   GP ADMX file name: *AppPrivacy.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -3790,6 +4462,14 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
 Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow publishing of User Activities*
+-   GP name: *PublishUserActivities*
+-   GP path: *System/OS Policies*
+-   GP ADMX file name: *OSPolicy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 79ab76a706..a26dd4c251 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - RemoteAssistance
@@ -92,14 +92,14 @@ If you do not configure this policy setting, the user sees the default warning m
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Customize warning messages*
 -   GP name: *RA_Options*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -156,14 +156,14 @@ If you do not configure this setting, application-based settings are used.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on session logging*
 -   GP name: *RA_Logging*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -228,14 +228,14 @@ If you enable this policy setting you should also enable appropriate firewall ex
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Solicited Remote Assistance*
 -   GP name: *RA_Solicit*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -323,14 +323,14 @@ Allow Remote Desktop Exception
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Offer Remote Assistance*
 -   GP name: *RA_Unsolicit*
 -   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 79615e7c27..3af7f7ca34 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - RemoteDesktopServices
@@ -84,9 +84,9 @@ If you enable this policy setting, users who are members of the Remote Desktop U
 
 If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
 
-If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.
+If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. 
 
-Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
+Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. 
 
 You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
 
@@ -98,14 +98,14 @@ You can limit the number of users who can connect simultaneously by configuring
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow users to connect remotely by using Remote Desktop Services*
 -   GP name: *TS_DISABLE_CONNECTIONS*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -170,14 +170,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set client connection encryption level*
 -   GP name: *TS_ENCRYPTION_POLICY*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -236,14 +236,14 @@ If you do not configure this policy setting, client drive redirection and Clipbo
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow drive redirection*
 -   GP name: *TS_CLIENT_DRIVE_M*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -298,14 +298,14 @@ If you disable this setting or leave it not configured, the user will be able to
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow passwords to be saved*
 -   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -366,14 +366,14 @@ If you do not configure this policy setting, automatic logon is not specified at
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Always prompt for password upon connection*
 -   GP name: *TS_PASSWORD*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -434,14 +434,14 @@ Note: The RPC interface is used for administering and configuring Remote Desktop
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Require secure RPC communication*
 -   GP name: *TS_RPC_ENCRYPTION*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 609bfc4763..67d82bb4f9 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - RemoteManagement
@@ -105,6 +105,11 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.
+
+If you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text.
+
+If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
 
 <!--/Description-->
 > [!TIP]
@@ -114,14 +119,14 @@ ms.date: 01/30/2018
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow Basic authentication*
 -   GP name: *AllowBasic_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -162,6 +167,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client.
+
+If you enable this policy setting, the WinRM service accepts Basic authentication from a remote client.
+
+If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.
 
 <!--/Description-->
 > [!TIP]
@@ -171,14 +181,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow Basic authentication*
 -   GP name: *AllowBasic_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -219,6 +229,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.
+
+If you enable this policy setting, the WinRM client uses CredSSP authentication.
+
+If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.
 
 <!--/Description-->
 > [!TIP]
@@ -228,14 +243,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -276,6 +291,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client.
+
+If you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client.
+
+If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.
 
 <!--/Description-->
 > [!TIP]
@@ -285,14 +305,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -333,6 +353,24 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.
+
+If you enable this policy setting, the WinRM service automatically listens on the network for requests on the HTTP transport over the default HTTP port.
+
+To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP).
+
+If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.
+
+The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges.
+
+You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.
+
+For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty.
+
+Ranges are specified using the syntax IP1-IP2. Multiple ranges are separated using "," (comma) as the delimiter.
+
+Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22
+Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562
 
 <!--/Description-->
 > [!TIP]
@@ -342,14 +380,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow remote server management through WinRM*
 -   GP name: *AllowAutoConfig*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -390,6 +428,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.
+
+If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
+
+If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
 
 <!--/Description-->
 > [!TIP]
@@ -399,14 +442,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -447,6 +490,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.
+
+If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.
+
+If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
 
 <!--/Description-->
 > [!TIP]
@@ -456,14 +504,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -504,6 +552,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.
+
+If you enable this policy setting, the WinRM client does not use Digest authentication.
+
+If you disable or do not configure this policy setting, the WinRM client uses Digest authentication.
 
 <!--/Description-->
 > [!TIP]
@@ -513,14 +566,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow Digest authentication*
 -   GP name: *DisallowDigest*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -561,6 +614,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.
+
+If you enable this policy setting, the WinRM client does not use Negotiate authentication.
+
+If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.
 
 <!--/Description-->
 > [!TIP]
@@ -570,14 +628,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -618,6 +676,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client.
+
+If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client.
+
+If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
 
 <!--/Description-->
 > [!TIP]
@@ -627,14 +690,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -675,6 +738,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.
+
+If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins.  If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.
+
+If you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.
+
+If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
 
 <!--/Description-->
 > [!TIP]
@@ -684,14 +754,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow WinRM from storing RunAs credentials*
 -   GP name: *DisableRunAs*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -732,6 +802,17 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens.
+
+If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token.
+
+If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer.
+
+If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected.
+
+If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks).
+
+If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).
 
 <!--/Description-->
 > [!TIP]
@@ -741,14 +822,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify channel binding token hardening level*
 -   GP name: *CBTHardeningLevel_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -789,6 +870,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.
+
+If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host.
+
+If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
 
 <!--/Description-->
 > [!TIP]
@@ -798,14 +884,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Trusted Hosts*
 -   GP name: *TrustedHosts*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -846,6 +932,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service.
+
+If you enable this policy setting, the HTTP listener always appears.
+
+If you disable or do not configure this policy setting, the HTTP listener never appears.
+
+When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985.
+
+A listener might be automatically created on port 80 to ensure backward compatibility.
 
 <!--/Description-->
 > [!TIP]
@@ -855,14 +950,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn On Compatibility HTTP Listener*
 -   GP name: *HttpCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -903,6 +998,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service.
+
+If you enable this policy setting, the HTTPS listener always appears.
+
+If you disable or do not configure this policy setting, the HTTPS listener never appears.
+
+When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986.
+
+A listener might be automatically created on port 443 to ensure backward compatibility.
 
 <!--/Description-->
 > [!TIP]
@@ -912,14 +1016,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn On Compatibility HTTPS Listener*
 -   GP name: *HttpsCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 16adbb0e97..41fb1d8539 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - RemoteProcedureCall
@@ -66,7 +66,7 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. 
 
 If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
 
@@ -84,14 +84,14 @@ Note: This policy will not be applied until the system is rebooted.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable RPC Endpoint Mapper Client Authentication*
 -   GP name: *RpcEnableAuthEpResolution*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -136,9 +136,9 @@ This policy setting controls how the RPC server runtime handles unauthenticated
 
 This policy setting impacts all RPC applications.  In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself.  Reverting a change to this policy setting can require manual intervention on each affected machine.  This policy setting should never be applied to a domain controller.
 
-If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
+If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. 
 
-If you do not configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
+If you do not configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. 
 
 If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
 
@@ -158,14 +158,14 @@ Note: This policy setting will not be applied until the system is rebooted.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict Unauthenticated RPC clients*
 -   GP name: *RpcRestrictRemoteClients*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 5f9c72ad15..20a0ac4151 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - RemoteShell
@@ -81,6 +81,11 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures access to remote shells.
+
+If you enable or do not configure this policy setting, new remote shell connections are accepted by the server.
+
+If you set this policy to ‘disabled’, new remote shell connections are rejected by the server.
 
 <!--/Description-->
 > [!TIP]
@@ -90,14 +95,14 @@ ms.date: 01/30/2018
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow Remote Shell Access*
 -   GP name: *AllowRemoteShellAccess*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -138,6 +143,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.
+
+The value can be any  number from 1 to 100.
+
+If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.
+
+If you disable or do not configure this policy setting, the default number is five users.
 
 <!--/Description-->
 > [!TIP]
@@ -147,14 +159,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *MaxConcurrentUsers*
 -   GP name: *MaxConcurrentUsers*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -195,6 +207,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.
+
+Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.
+
+If you enable this policy setting, the server will wait for the specified amount of time since the last received message from the client before terminating the open shell.
+
+If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
 
 <!--/Description-->
 > [!TIP]
@@ -204,14 +223,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify idle Timeout*
 -   GP name: *IdleTimeout*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -252,6 +271,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes.
+
+Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, which means the ability of remote operations to allocate memory is only limited by the available virtual memory.
+
+If you enable this policy setting, the remote operation is terminated when a new allocation exceeds the specified quota.
+
+If you disable or do not configure this policy setting, the value 150 is used by default.
 
 <!--/Description-->
 > [!TIP]
@@ -261,14 +287,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify maximum amount of memory in MB per Shell*
 -   GP name: *MaxMemoryPerShellMB*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -309,6 +335,11 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures the maximum number of processes a remote shell is allowed to launch.
+
+If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.
+
+If you disable or do not configure this policy setting,  the limit is five processes per shell.
 
 <!--/Description-->
 > [!TIP]
@@ -318,14 +349,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify maximum number of processes per Shell*
 -   GP name: *MaxProcessesPerShell*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -366,6 +397,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.
+
+Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells.
+
+If you enable this policy setting, the user cannot open new remote shells if the count exceeds the specified limit.
+
+If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.
 
 <!--/Description-->
 > [!TIP]
@@ -375,14 +413,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify maximum number of remote shells per user*
 -   GP name: *MaxShellsPerUser*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -423,6 +461,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
 
 <!--/Description-->
 > [!TIP]
@@ -432,14 +471,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify Shell Timeout*
 -   GP name: *ShellTimeOut*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 3081faa8a5..85b59673d8 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Search
@@ -107,6 +107,15 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Cloud Search*
+-   GP name: *AllowCloudSearch*
+-   GP element: *AllowCloudSearch_Dropdown*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -157,6 +166,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1803. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow..
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Cortana Page in OOBE on an AAD account*
+-   GP name: *AllowCortanaInAAD*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -213,6 +230,14 @@ When the policy is disabled, the WIP protected items are not indexed and do not
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow indexing of encrypted files*
+-   GP name: *AllowIndexingEncryptedStoresOrItems*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -265,6 +290,14 @@ Specifies whether search can leverage location information.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow search and Cortana to use location*
+-   GP name: *AllowSearchToUseLocation*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -338,6 +371,14 @@ Allows the use of diacritics.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow use of diacritics*
+-   GP name: *AllowUsingDiacritics*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -434,6 +475,14 @@ Specifies whether to always use automatic language detection when indexing conte
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Always use automatic language detection when indexing content and properties*
+-   GP name: *AlwaysUseAutoLangDetection*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -484,6 +533,14 @@ The following list shows the supported values:
 If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable indexer backoff*
+-   GP name: *DisableBackoff*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -538,6 +595,14 @@ If you enable this policy setting, locations on removable drives cannot be added
 If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not allow locations on removable drives to be added to libraries*
+-   GP name: *DisableRemovableDriveIndexing*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -593,6 +658,14 @@ If you enable this policy setting, queries won't be performed on the web and web
 If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Don't search the web or display web results in Search*
+-   GP name: *DoNotUseWebResults*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -647,6 +720,14 @@ Enable this policy if computers in your environment have extremely limited hard
 When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Stop indexing in the event of limited hard drive space*
+-   GP name: *StopIndexingOnLimitedHardDriveSpace*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -697,6 +778,14 @@ The following list shows the supported values:
 If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent clients from querying the index remotely*
+-   GP name: *PreventRemoteQueries*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index dd8bc02aab..9d95aab726 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Security
@@ -361,6 +361,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP name: *ClearTPMIfNotReady_Name*
+-   GP path: *System/Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index bd6a64ba12..5031440194 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Settings
@@ -370,6 +370,15 @@ Enables or disables the retrieval of online tips and help for the Settings app.
 If disabled, Settings will not contact Microsoft content services to retrieve tips and help content.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Online Tips*
+-   GP name: *AllowOnlineTips*
+-   GP element: *CheckBox_AllowOnlineTips*
+-   GP path: *Control Panel*
+-   GP ADMX file name: *ControlPanel.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -729,6 +738,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Show additional calendar*
+-   GP name: *ConfigureTaskbarCalendar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -805,6 +822,15 @@ Example 2, specifies that the wifi page should not be shown:
 hide:wifi
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Settings Page Visibility*
+-   GP name: *SettingsPageVisibility*
+-   GP element: *SettingsPageVisibilityBox*
+-   GP path: *Control Panel*
+-   GP ADMX file name: *ControlPanel.admx*
+
+<!--/ADMXMapped-->
 <!--Validation-->
 To validate on Desktop, do the following:
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index f52bfb67a6..be4301165b 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - SmartScreen
@@ -72,6 +72,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure App Install Control*
+-   GP name: *ConfigureAppInstallControl*
+-   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
+-   GP ADMX file name: *SmartScreen.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -122,6 +130,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *ShellConfigureSmartScreen*
+-   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
+-   GP ADMX file name: *SmartScreen.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -172,6 +188,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *ShellConfigureSmartScreen*
+-   GP element: *ShellConfigureSmartScreen_Dropdown*
+-   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
+-   GP ADMX file name: *SmartScreen.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index e5c27c3200..9a691d7670 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Speech
@@ -66,6 +66,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Automatic Update of Speech Data*
+-   GP name: *AllowSpeechModelUpdate*
+-   GP path: *Windows Components/Speech*
+-   GP ADMX file name: *Speech.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index e8122802b3..50809d5486 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Start
@@ -1025,6 +1025,14 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Remove the People Bar from the taskbar*
+-   GP name: *HidePeopleBar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1198,6 +1206,14 @@ To validate on Desktop, do the following:
 Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Remove "Recently added" list from Start Menu*
+-   GP name: *HideRecentlyAddedApps*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1731,6 +1747,14 @@ Allows you to override the default Start layout and prevents the user from chang
 For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Start Layout*
+-   GP name: *LockedStartLayout*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index dbcdfe8bd5..536aac2ce2 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Storage
@@ -73,6 +73,14 @@ Added in Windows 10, version 1709.  Allows disk health model updates.
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow downloading updates to the Disk Failure Prediction Model*
+-   GP name: *SH_AllowDiskHealthModelUpdates*
+-   GP path: *System/Storage Health*
+-   GP ADMX file name: *StorageHealth.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -134,14 +142,14 @@ If you disable or do not configure this policy setting, Windows will activate un
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow Windows to activate Enhanced Storage devices*
 -   GP name: *TCGSecurityActivationDisabled*
 -   GP path: *System/Enhanced Storage Access*
 -   GP ADMX file name: *enhancedstorage.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index c0cc5dd7cf..d943b9d855 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - System
@@ -116,6 +116,14 @@ This policy setting determines whether users can access the Insider build contro
 If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Toggle user control over Insider builds*
+-   GP name: *AllowBuildPreview*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *AllowBuildPreview.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -283,6 +291,14 @@ This setting is used by lower-level components for text display and fond handlin
 > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable Font Providers*
+-   GP name: *EnableFontProviders*
+-   GP path: *Network/Fonts*
+-   GP ADMX file name: *GroupPolicy.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -348,6 +364,14 @@ When switching the policy back from 0 (Force Location Off) or 2 (Force Location
 For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off location*
+-   GP name: *DisableLocation_2*
+-   GP path: *Windows Components/Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -527,6 +551,15 @@ Windows 10 Values:
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Telemetry*
+-   GP name: *AllowTelemetry*
+-   GP element: *AllowTelemetry*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -620,7 +653,17 @@ orted values:
 
 <!--/Scope-->
 <!--Description-->
-N/A
+This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
+-  Good: The driver has been signed and has not been tampered with.
+-  Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
+-  Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
+-  Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.
+
+If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.
+
+If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+
+If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
 
 <!--/Description-->
 > [!TIP]
@@ -630,12 +673,14 @@ N/A
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
+-   GP English name: *Boot-Start Driver Initialization Policy*
 -   GP name: *POL_DriverLoadPolicy_Name*
+-   GP path: *System/Early Launch Antimalware*
 -   GP ADMX file name: *earlylauncham.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -679,6 +724,15 @@ ADMX Info:
 This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service*
+-   GP name: *DisableEnterpriseAuthProxy*
+-   GP element: *DisableEnterpriseAuthProxy*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -730,6 +784,14 @@ Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features
 If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent the usage of OneDrive for file storage*
+-   GP name: *PreventOnedriveFileSync*
+-   GP path: *Windows Components/OneDrive*
+-   GP ADMX file name: *SkyDrive.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -805,14 +867,14 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off System Restore*
 -   GP name: *SR_DisableSR*
 -   GP path: *System/System Restore*
 -   GP ADMX file name: *systemrestore.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -919,6 +981,15 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina
 If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Limit Enhanced diagnostic data to the minimum required by Windows Analytics*
+-   GP name: *LimitEnhancedDiagnosticDataWindowsAnalytics*
+-   GP element: *LimitEnhancedDiagnosticDataWindowsAnalytics*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -964,6 +1035,15 @@ Allows you to specify the fully qualified domain name (FQDN) or IP address of a
 If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Connected User Experiences and Telemetry*
+-   GP name: *TelemetryProxy*
+-   GP element: *TelemetryProxyName*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 97ddbf6bd4..ffdb12f42a 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - SystemServices
@@ -83,6 +83,12 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *HomeGroup Listener*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -126,6 +132,12 @@ Added in Windows 10, version 1803. This setting determines whether the service's
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *HomeGroup Provider*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -169,6 +181,12 @@ Added in Windows 10, version 1803. This setting determines whether the service's
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Xbox Accessory Management Service*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -212,6 +230,12 @@ Added in Windows 10, version 1803. This setting determines whether the service's
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Xbox Live Auth Manager*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -255,6 +279,12 @@ Added in Windows 10, version 1803. This setting determines whether the service's
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Xbox Live Game Save*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -298,6 +328,12 @@ Added in Windows 10, version 1803. This setting determines whether the service's
 Added in Windows 10, version 1803. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Xbox Live Networking Service*
+-   GP path: *Windows Settings/Security Settings/System Services*
+
+<!--/DbMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index c301cc1884..b5cb108686 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/26/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - TextInput
@@ -657,6 +657,14 @@ Allows the uninstall of language features, such as spell checkers, on a device.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Uninstallation of Language Features*
+-   GP name: *AllowLanguageFeaturesUninstall*
+-   GP path: *Windows Components/Text Input*
+-   GP ADMX file name: *TextInput.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1291,8 +1299,8 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
-
 <hr/>
+
 Footnote:
 
 -   1 - Added in Windows 10, version 1607.
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index d8a6cbbf3c..7a92fffc6a 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Update
@@ -216,6 +216,15 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
 The default is 17 (5 PM).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off auto-restart for updates during active hours*
+-   GP name: *ActiveHours*
+-   GP element: *ActiveHoursEndTime*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -263,6 +272,15 @@ Supported values are 8-18.
 The default value is 18 (hours).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify active hours range for auto-restarts*
+-   GP name: *ActiveHoursMaxRange*
+-   GP element: *ActiveHoursMaxRange*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -313,6 +331,15 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
 The default value is 8 (8 AM).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off auto-restart for updates during active hours*
+-   GP name: *ActiveHours*
+-   GP element: *ActiveHoursStartTime*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -365,6 +392,15 @@ Supported operations are Get and Replace.
 If the policy is not configured, end-users get the default behavior (Auto install and restart).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AutoUpdateMode*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -423,6 +459,14 @@ A significant number of devices primarily use cellular data and do not have Wi-F
 This policy is accessible through the Update setting in the user interface or Group Policy.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow updates to be downloaded automatically over metered connections*
+-   GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -473,6 +517,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AllowMUUpdateServiceId*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -584,6 +637,14 @@ Enabling this policy will disable that functionality, and may cause connection t
 > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify intranet Microsoft update service location*
+-   GP name: *CorpWuURL*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -638,6 +699,15 @@ Supported values are 2-30 days.
 The default value is 7 days.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadline before auto-restart for update installation*
+-   GP name: *AutoRestartDeadline*
+-   GP element: *AutoRestartDeadline*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -683,6 +753,15 @@ Added in Windows 10, version 1703. Allows the IT Admin to specify the period fo
 The default value is 15 (minutes).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure auto-restart reminder notifications for updates*
+-   GP name: *AutoRestartNotificationConfig*
+-   GP element: *AutoRestartNotificationSchd*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values are 15, 30, 60, 120, and 240 (minutes).
 
@@ -730,6 +809,15 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
 Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure auto-restart required notification for updates*
+-   GP name: *AutoRestartRequiredNotificationDismissal*
+-   GP element: *AutoRestartRequiredNotificationDismissal*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -780,6 +868,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Preview Builds and Feature Updates are received*
+-   GP name: *DeferFeatureUpdates*
+-   GP element: *BranchReadinessLevelId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -874,6 +971,15 @@ Supported values are 0-365 days.
 > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Preview Builds and Feature Updates are received*
+-   GP name: *DeferFeatureUpdates*
+-   GP element: *DeferFeatureUpdatesPeriodId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -919,6 +1025,15 @@ Added in Windows 10, version 1607. Defers Quality Updates for the specified num
 Supported values are 0-30.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Quality Updates are received*
+-   GP name: *DeferQualityUpdates*
+-   GP element: *DeferQualityUpdatesPeriodId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1055,6 +1170,13 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
 </table>-->
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *DeferUpgrade*
+-   GP element: *DeferUpdatePeriodId*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1110,6 +1232,13 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t
 If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *DeferUpgrade*
+-   GP element: *DeferUpgradePeriodId*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1153,6 +1282,15 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
 Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Automatic Updates detection frequency*
+-   GP name: *DetectionFrequency_Title*
+-   GP element: *DetectionFrequency_Hour2*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1202,6 +1340,14 @@ This is the same as the Group Policy in Windows Components > Window Update "Do n
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not allow update deferral policies to cause scans against Windows Update*
+-   GP name: *DisableDualScan*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1256,6 +1402,15 @@ Supported values are 2-30 days.
 The default value is 0 days (not specified).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartDeadline*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1303,6 +1458,15 @@ Supported values are 1-3 days.
 The default value is 3 days.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartSnoozeSchedule*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1350,6 +1514,15 @@ Supported values are 2-30 days.
 The default value is 7 days.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify Engaged restart transition and notification schedule for updates*
+-   GP name: *EngagedRestartTransitionSchedule*
+-   GP element: *EngagedRestartTransitionSchedule*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1396,6 +1569,14 @@ The default value is 7 days.
 Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Do not include drivers with Windows Updates*
+-   GP name: *ExcludeWUDriversInQualityUpdate*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1449,6 +1630,15 @@ Added in the April service release of Windows 10, version 1607. Allows Windows U
 > This setting should only be used in combination with an alternate download URL and configured to use ISV file cache.  This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify intranet Microsoft update service location*
+-   GP name: *CorpWuURL*
+-   GP element: *CorpWUFillEmptyContentUrls*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1629,6 +1819,15 @@ To validate this policy:
 Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Manage preview builds*
+-   GP name: *ManagePreviewBuilds*
+-   GP element: *ManagePreviewBuildsId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1689,6 +1888,13 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t
 If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *DeferUpgrade*
+-   GP element: *PauseDeferralsId*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1742,6 +1948,15 @@ Since this policy is not blocked, you will not get a failure message when you us
 Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Preview Builds and Feature Updates are received*
+-   GP name: *DeferFeatureUpdates*
+-   GP element: *PauseFeatureUpdatesId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1794,6 +2009,15 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi
 Value type is string. Supported operations are Add, Get, Delete, and Replace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Preview Builds and Feature Updates are received*
+-   GP name: *DeferFeatureUpdates*
+-   GP element: *PauseFeatureUpdatesStartId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1837,6 +2061,15 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace.
 Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Quality Updates are received*
+-   GP name: *DeferQualityUpdates*
+-   GP element: *PauseQualityUpdatesId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1889,6 +2122,15 @@ Added in Windows 10, version 1703. Specifies the date and time when the IT admi
 Value type is string. Supported operations are Add, Get, Delete, and Replace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select when Quality Updates are received*
+-   GP name: *DeferQualityUpdates*
+-   GP element: *PauseQualityUpdatesStartId*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1947,6 +2189,13 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
 Allows the IT admin to set a device to Semi-Annual Channel train.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *DeferUpgrade*
+-   GP element: *DeferUpgradePeriodId*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2055,6 +2304,15 @@ Added in Windows 10, version 1703. Allows the IT Admin to specify the period fo
 The default value is 15 (minutes).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure auto-restart warning notifications schedule for updates*
+-   GP name: *RestartWarnRemind*
+-   GP element: *RestartWarn*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values are 15, 30, or 60 (minutes).
 
@@ -2108,6 +2366,15 @@ Added in Windows 10, version 1703. Allows the IT Admin to specify the period fo
 The default value is 4 (hours).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure auto-restart warning notifications schedule for updates*
+-   GP name: *RestartWarnRemind*
+-   GP element: *RestartWarnRemind*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values are 2, 4, 8, 12, or 24 (hours).
 
@@ -2159,6 +2426,15 @@ The data type is a integer.
 Supported operations are Add, Delete, Get, and Replace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AutoUpdateSchDay*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2219,6 +2495,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 </ul>
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AutoUpdateSchEveryWeek*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2266,6 +2551,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 </ul>
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AutoUpdateSchFirstWeek*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2313,6 +2607,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 </ul>
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *ScheduledInstallFourthWeek*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2360,6 +2663,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 </ul>
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *ScheduledInstallSecondWeek*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2407,6 +2719,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
 </ul>
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *ScheduledInstallThirdWeek*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2462,6 +2783,15 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
 The default value is 3.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Automatic Updates*
+-   GP name: *AutoUpdateCfg*
+-   GP element: *AutoUpdateSchTime*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2505,6 +2835,15 @@ The default value is 3.
 Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off auto-restart notifications for update installations*
+-   GP name: *AutoRestartNotificationDisable*
+-   GP element: *AutoRestartNotificationSchd*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2555,6 +2894,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Update Power Policy for Cart Restarts*
+-   GP name: *SetEDURestart*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2610,6 +2957,15 @@ Allows the device to check for updates from a WSUS server instead of Microsoft U
 Supported operations are Get and Replace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify intranet Microsoft update service location*
+-   GP name: *CorpWuURL*
+-   GP element: *CorpWUURL_Name*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2691,6 +3047,15 @@ Value type is string and the default value is an empty string, "". If the settin
 > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify intranet Microsoft update service location*
+-   GP name: *CorpWuURL*
+-   GP element: *CorpWUContentHost_Name*
+-   GP path: *Windows Components/Windows Update*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index b091456af0..6e52bc893b 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - UserRights
@@ -152,6 +152,12 @@ ms.date: 01/30/2018
 This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Access Credential Manager ase a trusted caller*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -195,6 +201,12 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
 This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Access this computer from the network*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -238,6 +250,12 @@ This user right determines which users and groups are allowed to connect to the
 This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Act as part of the operating system*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -281,6 +299,12 @@ This user right allows a process to impersonate any user without authentication.
 This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Allow log on locally*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -324,6 +348,12 @@ This user right determines which users can log on to the computer. Note: Modifyi
 This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Back up files and directories*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -367,6 +397,12 @@ This user right determines which users can bypass file, directory, registry, and
 This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Change the system time*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -410,6 +446,12 @@ This user right determines which users and groups can change the time and date o
 This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Create global objects*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -453,6 +495,12 @@ This security setting determines whether users can create global objects that ar
 This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Create a pagefile*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -496,6 +544,12 @@ This user right determines which users and groups can call an internal applicati
 This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Create permanent shared objects*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -539,6 +593,12 @@ This user right determines which accounts can be used by processes to create a d
 This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Create symbolic links*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -582,6 +642,12 @@ This user right determines if the user can create a symbolic link from the compu
 This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Create a token object*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -625,6 +691,12 @@ This user right determines which accounts can be used by processes to create a t
 This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Debug programs*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -668,6 +740,12 @@ This user right determines which users can attach a debugger to any process or t
 This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Deny access to this computer from the network*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -711,6 +789,12 @@ This user right determines which users are prevented from accessing a computer o
 This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Deny log on as a service*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -754,6 +838,12 @@ This security setting determines which service accounts are prevented from regis
 This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Deny log on through Remote Desktop Services*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -797,6 +887,12 @@ This user right determines which users and groups are prohibited from logging on
 This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Enable computer and user accounts to be trusted for delegation*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -840,6 +936,12 @@ This user right determines which users can set the Trusted for Delegation settin
 This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Generate security audits*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -887,6 +989,12 @@ Assigning this user right to a user allows programs running on behalf of that us
 Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Impersonate a client after authentication*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -930,6 +1038,12 @@ Because of these factors, users do not usually need this user right. Warning: If
 This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Increase scheduling priority*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -973,6 +1087,12 @@ This user right determines which accounts can use a process with Write Property
 This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Load and unload device drivers*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1016,6 +1136,12 @@ This user right determines which users can dynamically load and unload device dr
 This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Lock pages in memory*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1059,6 +1185,12 @@ This user right determines which accounts can use a process to keep data in phys
 This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Manage auditing and security log*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1102,6 +1234,12 @@ This user right determines which users can specify object access auditing option
 This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Perform volume maintenance tasks*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1145,6 +1283,12 @@ This user right determines which users and groups can run maintenance tasks on a
 This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Modify firmware environment values*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1188,6 +1332,12 @@ This user right determines who can modify firmware environment values. Firmware
 This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Modify an object label*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1231,6 +1381,12 @@ This user right determines which user accounts can modify the integrity label of
 This user right determines which users can use performance monitoring tools to monitor the performance of system processes.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Profile single process*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1274,6 +1430,12 @@ This user right determines which users can use performance monitoring tools to m
 This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Force shutdown from a remote system*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1317,6 +1479,12 @@ This user right determines which users are allowed to shut down a computer from
 This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Restore files and directories*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1360,6 +1528,12 @@ This user right determines which users can bypass file, directory, registry, and
 This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Take ownership of files or other objects*
+-   GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment*
+
+<!--/DbMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 8fa7a54082..f4e3dbae88 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - Wifi
@@ -97,6 +97,14 @@ Allow or disallow the device to automatically connect to Wi-Fi hotspots.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services*
+-   GP name: *WiFiSense*
+-   GP path: *Network/WLAN Service/WLAN Settings*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -149,6 +157,14 @@ Allow or disallow internet sharing.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
+-   GP name: *NC_ShowSharedAccessUI*
+-   GP path: *Network/Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 56be2210b2..8329d11f77 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - WindowsDefenderSecurityCenter
@@ -124,6 +124,15 @@ Added in Windows 10, version 1709. The company name that is displayed to the use
 Value type is string. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify contact company name*
+-   GP name: *EnterpriseCustomization_CompanyName*
+-   GP element: *Presentation_EnterpriseCustomization_CompanyName*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -167,6 +176,14 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
 Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Account protection area*
+-   GP name: *AccountProtection_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Account protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values:
 
@@ -219,6 +236,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the App and browser protection area*
+-   GP name: *AppBrowserProtection_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -269,6 +294,14 @@ The following list shows the supported values:
 Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Device security area*
+-   GP name: *DeviceSecurity_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Device security*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values:
 
@@ -324,6 +357,14 @@ Added in Windows 10, version 1709. Use this policy if you want Windows Defender
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide non-critical notifications*
+-   GP name: *Notifications_DisableEnhancedNotifications*
+-   GP path: *Windows Components/Windows Defender Security Center/Notifications*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -376,6 +417,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Family options area*
+-   GP name: *FamilyOptions_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Family options*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -428,6 +477,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Device performance and health area*
+-   GP name: *DevicePerformanceHealth_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Device performance and health*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -480,6 +537,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Firewall and network protection area*
+-   GP name: *FirewallNetworkProtection_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Firewall and network protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -532,6 +597,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide all notifications*
+-   GP name: *Notifications_DisableNotifications*
+-   GP path: *Windows Components/Windows Defender Security Center/Notifications*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -584,6 +657,14 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Virus and threat protection area*
+-   GP name: *VirusThreatProtection_UILockdown*
+-   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -636,6 +717,14 @@ Added in Windows 10, version 1709. Prevent users from making changes to the expl
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent users from modifying settings*
+-   GP name: *AppBrowserProtection_DisallowExploitProtectionOverride*
+-   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -688,6 +777,15 @@ Added in Windows 10, version 1709. The email address that is displayed to users.
 Value type is string. Supported operations are Add, Get, Replace and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify contact email address or Email ID*
+-   GP name: *EnterpriseCustomization_Email*
+-   GP element: *Presentation_EnterpriseCustomization_Email*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -733,6 +831,14 @@ Added in Windows 10, version 1709. Enable this policy to display your company na
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure customized notifications*
+-   GP name: *EnterpriseCustomization_EnableCustomizedToasts*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -785,6 +891,14 @@ Added in Windows 10, version 1709. Enable this policy to have your company name
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure customized contact information*
+-   GP name: *EnterpriseCustomization_EnableInAppCustomization*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -835,6 +949,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1803. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Ransomware data recovery area*
+-   GP name: *VirusThreatProtection_HideRansomwareRecovery*
+-   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values:
 
@@ -885,6 +1007,14 @@ Valid values:
 Added in Windows 10, version 1803. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Secure boot area*
+-   GP name: *DeviceSecurity_HideSecureBoot*
+-   GP path: *Windows Components/Windows Defender Security Center/Device security*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values:
 
@@ -935,6 +1065,14 @@ Valid values:
 Added in Windows 10, version 1803. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide the Security processor (TPM) troubleshooter page*
+-   GP name: *DeviceSecurity_HideTPMTroubleshooting*
+-   GP path: *Windows Components/Windows Defender Security Center/Device security*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values:
 
@@ -987,6 +1125,15 @@ Added in Windows 10, version 1709. The phone number or Skype ID that is displaye
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify contact phone number or Skype ID*
+-   GP name: *EnterpriseCustomization_Phone*
+-   GP element: *Presentation_EnterpriseCustomization_Phone*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1032,6 +1179,15 @@ Added in Windows 10, version 1709. The help portal URL this is displayed to user
 Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify contact website*
+-   GP name: *EnterpriseCustomization_URL*
+-   GP element: *Presentation_EnterpriseCustomization_URL*
+-   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
+-   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 0b0a6104d4..3549c95e06 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - WindowsInkWorkspace
@@ -69,6 +69,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow suggested apps in Windows Ink Workspace*
+-   GP name: *AllowSuggestedAppsInWindowsInkWorkspace*
+-   GP path: *Windows Components/Windows Ink Workspace*
+-   GP ADMX file name: *WindowsInkWorkspace.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -119,6 +127,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Windows Ink Workspace*
+-   GP name: *AllowWindowsInkWorkspace*
+-   GP element: *AllowWindowsInkWorkspaceDropdown*
+-   GP path: *Windows Components/Windows Ink Workspace*
+-   GP ADMX file name: *WindowsInkWorkspace.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Value type is int. The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 513b783cee..cc10b25f2c 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -83,14 +83,14 @@ If you disable or do not configure this policy setting, users can choose which a
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off app notifications on the lock screen*
 -   GP name: *DisableLockScreenAppNotifications*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -145,14 +145,14 @@ If you disable or don't configure this policy setting, any user can disconnect t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not display network selection UI*
 -   GP name: *DontDisplayNetworkSelectionUI*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -196,6 +196,14 @@ ADMX Info:
 Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Hide entry points for Fast User Switching*
+-   GP name: *HideFastUserSwitching*
+-   GP path: *System/Logon*
+-   GP ADMX file name: *Logon.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 5830a05aa4..9e122a3f3f 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/05/2018
 ---
 
 # Policy CSP - WirelessDisplay
@@ -291,6 +291,14 @@ If you set it to 0 (zero), your PC is not discoverable and you cannot project to
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Don't allow this PC to be projected to*
+-   GP name: *AllowProjectionToPC*
+-   GP path: *Windows Components/Connect*
+-   GP ADMX file name: *WirelessDisplay.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -422,6 +430,14 @@ If you turn this on, the pairing ceremony for new devices will always require a
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Require pin for pairing*
+-   GP name: *RequirePinForPairing*
+-   GP path: *Windows Components/Connect*
+-   GP ADMX file name: *WirelessDisplay.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 

From 0edc458564c17528315eb3bed5f3cff1746d93a5 Mon Sep 17 00:00:00 2001
From: v-savila <v-savila@microsoft.com>
Date: Tue, 6 Mar 2018 13:04:07 -0800
Subject: [PATCH 084/119] add ms.topic metadata value

for task 1199273 per Sarah Barrett
---
 education/index.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/education/index.md b/education/index.md
index 386a59f34f..3e75f1c5ee 100644
--- a/education/index.md
+++ b/education/index.md
@@ -4,6 +4,7 @@ hide_bc: true
 title: Microsoft 365 Education documentation and resources | Microsoft Docs
 description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
 author: CelesteDG
+ms.topic: hub-page
 ms.author: celested
 ms.date: 10/30/2017
 ---
@@ -696,4 +697,4 @@ ms.date: 10/30/2017
             </li>
         </ul>
     </div>
-</div>
\ No newline at end of file
+</div>

From 064a7262819afda3cba01bab06ee07103931589e Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 6 Mar 2018 22:07:54 +0000
Subject: [PATCH 085/119] Merged PR 6195: EnterpriseModernAppManagement CSP -
 added new setting

---
 .../mdm/enterprisemodernappmanagement-csp.md  |   20 +-
 .../mdm/enterprisemodernappmanagement-ddf.md  | 1629 +++++++++--------
 ...ning-csp-enterprisemodernappmanagement.png |  Bin 95333 -> 112574 bytes
 ...ew-in-windows-mdm-enrollment-management.md |   11 +
 4 files changed, 859 insertions(+), 801 deletions(-)

diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 5062ee119e..2ad3ca1434 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -7,11 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/22/2017
+ms.date: 03/01/2018
 ---
 
 # EnterpriseModernAppManagement CSP
 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
 
 > [!Note]
@@ -359,6 +363,20 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Get>
 ```
 
+<a href="" id="----packagefamilyname-maintainprocessorarchitectureonupdate"></a>**.../*PackageFamilyName*/MaintainProcessorArchitectureOnUpdate**  
+Added in Windows 10, version 1803. Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
+
+Supported operations are Add, Get, Delete, and Replace. Value type is integer.
+
+Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
+
+|Applicability Setting |CSP state  |Result  |
+|---------|---------|---------|
+|True |Not configured     |X86 flavor is picked         |
+|True |Enabled    |X86 flavor is picked         |
+|True |Disabled         |X86 flavor is picked         |
+|False (not set) |Not configured         |X64 flavor is picked          |
+
 <a href="" id="appinstallation"></a>**AppInstallation**  
 <p style="margin-left: 20px">Required node. Used to perform app installation.
 
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 335ebd258e..7c3c1c855b 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -7,899 +7,928 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/01/2018
 ---
 
 # EnterpriseModernAppManagement DDF
 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-    "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-    [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
-    <VerDTD>1.2</VerDTD>
-    <Node>
+  <VerDTD>1.2</VerDTD>
+      <Node>
         <NodeName>EnterpriseModernAppManagement</NodeName>
         <Path>./Vendor/MSFT</Path>
         <DFProperties>
-            <AccessType>
-                <Get />
-            </AccessType>
-            <DFFormat>
-                <node />
-            </DFFormat>
-            <Occurrence>
-                <One />
-            </Occurrence>
-            <Scope>
-                <Permanent />
-            </Scope>
-            <DFType>
-                <DDFName></DDFName>
-            </DFType>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
         </DFProperties>
         <Node>
-            <NodeName>AppManagement</NodeName>
+          <NodeName>AppManagement</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
             <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <OneOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>EnterpriseID</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
             </DFProperties>
             <Node>
+              <NodeName></NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrMore />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFTitle>PackageFamilyName</DFTitle>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
                 <NodeName></NodeName>
                 <DFProperties>
-                    <AccessType>
-                        <Add />
-                        <Delete />
-                        <Get />
-                    </AccessType>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <OneOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFTitle>EnterpriseID</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <node />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrMore />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFTitle>PackageFullName</DFTitle>
+                  <DFType>
+                    <DDFName></DDFName>
+                  </DFType>
                 </DFProperties>
                 <Node>
-                    <NodeName></NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <node />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrMore />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>PackageFamilyName</DFTitle>
-                        <DFType>
-                            <DDFName></DDFName>
-                        </DFType>
-                    </DFProperties>
-                    <Node>
-                        <NodeName></NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <node />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrMore />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFTitle>PackageFullName</DFTitle>
-                            <DFType>
-                                <DDFName></DDFName>
-                            </DFType>
-                        </DFProperties>
-                        <Node>
-                            <NodeName>Name</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>Version</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>Publisher</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>Architecture</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>InstallLocation</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>IsFramework</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <int />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>IsBundle</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <int />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>InstallDate</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>ResourceID</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>PackageStatus</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <int />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>RequiresReinstall</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <int />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>Users</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                        <Node>
-                            <NodeName>IsProvisioned</NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Get />
-                                </AccessType>
-                                <DFFormat>
-                                    <int />
-                                </DFFormat>
-                                <Occurrence>
-                                    <One />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                    </Node>
-                    <Node>
-                        <NodeName>DoNotUpdate</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFTitle>DoNotUpdate</DFTitle>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>AppSettingPolicy</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <node />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <DDFName></DDFName>
-                            </DFType>
-                        </DFProperties>
-                        <Node>
-                            <NodeName></NodeName>
-                            <DFProperties>
-                                <AccessType>
-                                    <Add />
-                                    <Delete />
-                                    <Get />
-                                    <Replace />
-                                </AccessType>
-                                <DFFormat>
-                                    <chr />
-                                </DFFormat>
-                                <Occurrence>
-                                    <ZeroOrMore />
-                                </Occurrence>
-                                <Scope>
-                                    <Dynamic />
-                                </Scope>
-                                <DFTitle>SettingValue</DFTitle>
-                                <DFType>
-                                    <MIME>text/plain</MIME>
-                                </DFType>
-                            </DFProperties>
-                        </Node>
-                    </Node>
+                  <NodeName>Name</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <chr />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
                 </Node>
-            </Node>
-            <Node>
-                <NodeName>UpdateScan</NodeName>
-                <DFProperties>
+                <Node>
+                  <NodeName>Version</NodeName>
+                  <DFProperties>
                     <AccessType>
-                        <Exec />
+                      <Get />
                     </AccessType>
                     <DFFormat>
-                        <null />
+                      <chr />
                     </DFFormat>
                     <Occurrence>
-                        <One />
+                      <One />
                     </Occurrence>
                     <Scope>
-                        <Permanent />
+                      <Dynamic />
                     </Scope>
                     <DFType>
-                        <MIME>text/plain</MIME>
+                      <MIME>text/plain</MIME>
                     </DFType>
-                </DFProperties>
-            </Node>
-            <Node>
-                <NodeName>LastScanError</NodeName>
-                <DFProperties>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>Publisher</NodeName>
+                  <DFProperties>
                     <AccessType>
-                        <Get />
+                      <Get />
                     </AccessType>
                     <DFFormat>
-                        <int />
+                      <chr />
                     </DFFormat>
                     <Occurrence>
-                        <One />
+                      <One />
                     </Occurrence>
                     <Scope>
-                        <Permanent />
+                      <Dynamic />
                     </Scope>
                     <DFType>
-                        <MIME>text/plain</MIME>
+                      <MIME>text/plain</MIME>
                     </DFType>
-                </DFProperties>
-            </Node>
-            <Node>
-                <NodeName>AppInventoryResults</NodeName>
-                <DFProperties>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>Architecture</NodeName>
+                  <DFProperties>
                     <AccessType>
-                        <Get />
+                      <Get />
                     </AccessType>
                     <DFFormat>
-                        <xml />
+                      <chr />
                     </DFFormat>
                     <Occurrence>
-                        <One />
+                      <One />
                     </Occurrence>
                     <Scope>
-                        <Permanent />
+                      <Dynamic />
                     </Scope>
                     <DFType>
-                        <MIME>text/plain</MIME>
+                      <MIME>text/plain</MIME>
                     </DFType>
-                </DFProperties>
-            </Node>
-            <Node>
-                <NodeName>AppInventoryQuery</NodeName>
-                <DFProperties>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>InstallLocation</NodeName>
+                  <DFProperties>
                     <AccessType>
-                        <Get />
-                        <Replace />
+                      <Get />
                     </AccessType>
                     <DFFormat>
-                        <xml />
+                      <chr />
                     </DFFormat>
                     <Occurrence>
-                        <One />
+                      <One />
                     </Occurrence>
                     <Scope>
-                        <Permanent />
+                      <Dynamic />
                     </Scope>
                     <DFType>
-                        <MIME>text/plain</MIME>
+                      <MIME>text/plain</MIME>
                     </DFType>
-                </DFProperties>
-            </Node>
-            <Node>
-                <NodeName>RemovePackage</NodeName>
-                <DFProperties>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>IsFramework</NodeName>
+                  <DFProperties>
                     <AccessType>
-                        <Get />
+                      <Get />
                     </AccessType>
                     <DFFormat>
-                        <xml />
+                      <int />
                     </DFFormat>
                     <Occurrence>
-                        <One />
+                      <One />
                     </Occurrence>
                     <Scope>
-                        <Permanent />
+                      <Dynamic />
                     </Scope>
                     <DFType>
-                        <MIME>text/plain</MIME>
+                      <MIME>text/plain</MIME>
                     </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>IsBundle</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <int />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>InstallDate</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <chr />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>ResourceID</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <chr />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>PackageStatus</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <int />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>RequiresReinstall</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <int />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>Users</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <chr />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+                <Node>
+                  <NodeName>IsProvisioned</NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Get />
+                    </AccessType>
+                    <DFFormat>
+                      <int />
+                    </DFFormat>
+                    <Occurrence>
+                      <One />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+              </Node>
+              <Node>
+                <NodeName>DoNotUpdate</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFTitle>DoNotUpdate</DFTitle>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
                 </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>AppSettingPolicy</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <node />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <DDFName></DDFName>
+                  </DFType>
+                </DFProperties>
+                <Node>
+                  <NodeName></NodeName>
+                  <DFProperties>
+                    <AccessType>
+                      <Add />
+                      <Delete />
+                      <Get />
+                      <Replace />
+                    </AccessType>
+                    <DFFormat>
+                      <chr />
+                    </DFFormat>
+                    <Occurrence>
+                      <ZeroOrMore />
+                    </Occurrence>
+                    <Scope>
+                      <Dynamic />
+                    </Scope>
+                    <DFTitle>SettingValue</DFTitle>
+                    <DFType>
+                      <MIME>text/plain</MIME>
+                    </DFType>
+                  </DFProperties>
+                </Node>
+              </Node>
+              <Node>
+                <NodeName>MaintainProcessorArchitectureOnUpdate</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFTitle>MaintainProcessorArchitectureOnUpdate</DFTitle>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
             </Node>
+          </Node>
+          <Node>
+            <NodeName>UpdateScan</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Exec />
+              </AccessType>
+              <DFFormat>
+                <null />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>LastScanError</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>AppInventoryResults</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>AppInventoryQuery</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+              </AccessType>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>RemovePackage</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Exec />
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <xml />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
-            <NodeName>AppInstallation</NodeName>
+          <NodeName>AppInstallation</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
             <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrMore />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFTitle>PackageFamilyName</DFTitle>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
             </DFProperties>
             <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Add />
-                        <Delete />
-                        <Get />
-                        <Replace />
-                    </AccessType>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrMore />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFTitle>PackageFamilyName</DFTitle>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>StoreInstall</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Exec />
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <xml />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>HostedInstall</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Exec />
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <xml />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>LastError</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>LastErrorDesc</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>Status</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>ProgressStatus</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <int />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
+              <NodeName>StoreInstall</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Exec />
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <xml />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
             </Node>
+            <Node>
+              <NodeName>HostedInstall</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Exec />
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <xml />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>LastError</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>LastErrorDesc</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>Status</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ProgressStatus</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
         </Node>
         <Node>
-            <NodeName>AppLicenses</NodeName>
+          <NodeName>AppLicenses</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>StoreLicenses</NodeName>
             <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
             </DFProperties>
             <Node>
-                <NodeName>StoreLicenses</NodeName>
+              <NodeName></NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrMore />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFTitle>LicenseID</DFTitle>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>LicenseCategory</NodeName>
                 <DFProperties>
-                    <AccessType>
-                        <Get />
-                    </AccessType>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <One />
-                    </Occurrence>
-                    <Scope>
-                        <Permanent />
-                    </Scope>
-                    <DFType>
-                        <DDFName></DDFName>
-                    </DFType>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
                 </DFProperties>
-                <Node>
-                    <NodeName></NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <node />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrMore />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFTitle>LicenseID</DFTitle>
-                        <DFType>
-                            <DDFName></DDFName>
-                        </DFType>
-                    </DFProperties>
-                    <Node>
-                        <NodeName>LicenseCategory</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>LicenseUsage</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>RequesterID</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>AddLicense</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Exec />
-                            </AccessType>
-                            <DFFormat>
-                                <xml />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>GetLicenseFromStore</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Exec />
-                            </AccessType>
-                            <DFFormat>
-                                <xml />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                </Node>
+              </Node>
+              <Node>
+                <NodeName>LicenseUsage</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>RequesterID</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>AddLicense</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Exec />
+                  </AccessType>
+                  <DFFormat>
+                    <xml />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>GetLicenseFromStore</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Exec />
+                  </AccessType>
+                  <DFFormat>
+                    <xml />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
             </Node>
+          </Node>
         </Node>
-    </Node>
+      </Node>
 </MgmtTree>
 ```
 
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png
index b834990924fbe674dd5a0bad29e364dce9c3f04e..a28f41fe6a5d6feffc824118eeb4a776f7ac494b 100644
GIT binary patch
literal 112574
zcmcG$c|6p8xIaAYqLOSCrIaOvvXwnGS_q{`_FdK(+Zam=l`Uo8g-{9Ejlq;P%UH5A
z$TnjeyBQ2K&u65&?sJ~!cYf!b*YiiOyYBfepY3{I@9TYC*VkV|?fOCb<Ma>+<lxO4
z*X}|fyL2It0}ttTg8#GkR_;mgpB=Ef*OegI&770qAG<BD+`a;V<c2V881Di9-v9W9
z4h#Z0R7Lx<qt4-j83aO2yLs)(J$Hkd&CMvzargv+Jh!Oum2rlvj16(V3x0{rNnBul
zRRl9R5r6QkP-4$F#<7^gCL@=;s}7y4bKe<x_{OoAV{dp)uQ-PsUZlJEeD}ql$1b>k
zrVA;Mh*8CjBj-M$KFwy9uE$29N>QJt$vWNjv)S3jG1i~wKAwD3@#P={^28#QZU+Ps
z`<i<<1Y#u}a2Nu4H~B1JzBxfgP*70H9{b?IgA(E}8IQM!2?#=R;!>hjOoiVdRcD`p
z+gN&GO!oHngQYIh4V@~4-Y)-`(RQ)xK8sy25mmV*!l=5e*NkyGx2f<;BtPy)G=rIN
z81exwG={-aI0^LzEQ`M!%kcX8I+;r^X0m{{rDAboq3)!D)6lo8B+<g7u-qmdG4^IX
zc^DHW&6%AQ0x^n$mLQR9ZG7D=u4>d#4xhE}!w6X6w+^eOaWVEby<4y=NJBaZ#6*UD
zc+Nq%r76*CAq$<h=ek8xnmBuho)*k;z<e**#G<QA2Goh?qghuy6=g$Bg)@;QxFe`Q
zuq3gcESc<WZ8z3`tR*F`Y6+i-X5xVPWBeqe`t{u*kXG3mXh}uIpu7)p&U?)g>0zYo
z)Z}N6Mnv-OhP=zA4|oiNEn)p)GG2RM?mpN=7lOp%QkL9qgXK+s#$Dz_D4$c`yq|rv
zV6vd7NOu(J=M}qyQ*i$9^9}oOX&-81ov=a0&q1&o?`|$aSNm&14CPmz>j_SXRg{z$
zUcxC%cz^ut?`B1vBlzd0L~Zbp<G;LDQLmEk5x$g`yS4{~RiIA#^W>k6MZVUZkW{am
z#eeOvLy9J5JJeL*@qE+;sU**dL2!`YUAV?HSdJi>A*@5F4NW~*Vr55x7k0ob?S5?B
z*aOKv?3MDUym<Q9ciiDa2X$?c`n^kfrR6`(^$N@=ipxFXNxFvAu87TGjD-hoqM;!G
zag}zS4ny6&?TM47jQAs0xDa)M{&C*y$!<dEl$3J|`F&6HUA&}t)9u|7@C1KHhr)@y
z#@Y6S1DSN_h4tt7K|7Qb?Hs=NOy@9ADgh@(=yA=66JbpS?ymewx(^4qoY#|l(@(Gs
zJesafN=q;7aQSS@hrG%@+b$eG-4h-Z*+|zYU#uS;OA7q*SlhzY?M0xe_nBG-484=F
z^DTWiA39~@Lk?RaY<NF=2%IBY>Nx_K@squeX{V|eUc3_A&DB)%?U3nJf$8_Ns`Zg9
zL;C~!czVyeF=((opgeGT>AE>~X4HTjBvWr^qAp}}(TADZYNGAR%=ADeKAGINxukj$
zfANByIn~~TB-NfYm_wAtr!dc6z}XoM9@r>11?Q`Zb$D@cakyOs*I-mv?{d>E-Cf1@
z?P`tb^?M1&^3^svvg66gU$YbXmmOu674QV4I?B69-8^iW$LE9$MTg+|qP~4b){ahD
za4b;tII1;J5(N+UUzk}QxRH*(%pU*cA`W9Tcw_;w3jzs})%Il{l%aOlRfIM^OW@@?
zHW0%d)w7aXadWXT{Q;ZY!t(d1XYX#J8aR1uFp1<DeP3iipCuD6%FGbeukO0j4{F6H
zy|!vI+3VT1>{$q&@3|}Dg2UdW$X7!gz#hkXxv^Mm{A2-fRXYeZdZvMeNqW#u)@SC$
z9TwaiKCL}MM87U?R8mS1Av1|=ksmrUBYjn*FC~IKpVfmcnRJ4~o+(!9Ib3D_+XY~j
z#(|H!eKM+vw_-2y-dZfg4~$%7_B!y8#Zu=fR7QwD&a;Arvr(->eZ<hoks*-yD9Vz|
zGH%9*Cvti1uUBz}mkM$i_da!%zpBtTW9p#o&D2*n+1r=zG<3mdX?AkcItSLAH2=D4
zNMr}(-DO)Q1Ej~~+Gxo5vv*cy+%qnM&8+uj2QdQu(vwaKw^O_<M9j}cX0=a05SB)n
z<~~lk#k8I=aJ)FAJu2mEz;$PQvn78DMnz5xiSW&4Czwso6w_f?5|<JKTg!NwIL>%S
zfwR?S5jc-U5y~m&NA=p5UG~C1Z{A*MdCXO%ph^c(g!ORSwiE%xGZd!lcuVSEmw7JR
zMM+<`EJ?cHuz#uc)esL@<N_$P#~yF}#JDM1N_j&VAa5#x!N$hMQaZ!w+*eVHCXT8y
zIjjuuGeOxRSR@Qz-L#-bFB)`gsaDj1k)%euVVWT`Gc!Ym??2yQYirx&{1C}vbW{u%
zY&>{!HUT&_W$k4t6=^X9#gC`yLkL{upBJAOsDx$ly~ZXnJd;zO9rDbsJn%DoC*z%O
z4i7Kl&KnONT|fa74wBUU=iD(oD_2|B6)zk5%G6R3$hY2krrgJ&?)4e9kJE;4w0sD4
z*?dBi8?eVi#o3wxJ|ZfvltBl-1uE0EVz_i5GZBRs@we=zh8F!b2n^eBWu=3U$H<!A
z;TgwTT<Fl(NWrWR_X2$O4X80c@a;VZ9f*{9DM!^R9@#ITG<P8XeIo&rm_b6trDn_)
z6JzGoi=1ZrXG0c4|HGh%eFl1{67~a|#!)ltUH5d(_~gfP-E9kBakTsD?Sv)^uUGVP
zAl8=3<Sry;_mZ_`qYQjEpj&3mmdr#<^(9&u^j+Aqd0LvcbO|qC?R-8$z4mPWSa#V#
z2KIo9%o%39Zm$v%&8{Zw%`UdLlpD(r{exKD_18!{WfrtX$Zr&?YI0{)#i!jFQkTv(
z$gHvY-!Yhy*f@L|0tp@on3v-6S*=_aLkjf}dXyS=e)ynZTX&7CO&Jqj7VG!=_Sa|k
z7F~HH#TyIDW8P+j3*BUVn-~&fAmbm&7uO@U5QSP9H3(u1SGX!dzu6f&DSeexvyP9E
zWiyQ3G>9qpj};&F%2`Y;>#%8x`&Py?LIMu+C_I~P4!Davxk9whb6$2%=;m9N=<j*%
z@Qn^!xC*C3g01%2!PH4)aV2d2(6CQOX5wAq^B0r6$d&eSiag=0p%W!HZdOb+(hUFT
zs_4V(EXLxl{-0G*@OuFZt1kuD?X64)_x>BWYWH>LY#Ob9)Z?5nSww2Kay^3f?&H?`
z;d(Q*E++}RZ!jPoKS)pCq*`j3-#@cgw<TejzY-fWlTX*F?2KwqdxxSUT(eB{K7EUL
zPK5RKUx5ET;IWt2rY(Ls(SaGK^5LDrOz0)6AL7dfE~5rVPDBzuJ+3l9OiS}f*?Vc4
z4r<A%e@r6L1va;mE1=UN7Sk-irAf5~g?crp444i=w!nSX4w%{TQ-VsPwZS$1VMC2P
zO5Ht&7aT^-N&TTb-ab7UI!e%f;-RRt8m$nnn=Bl$<9Cc$=P<L^6YpNUqhwAERVn&1
z5k9l{j628)Lm28xUYp7rryTRRUe9hke9XhpcDbiNuH<QK;wQPZ&$l-*Ft9^%*i(RY
zJiSJvVTmZwrH(ccyucN;a1F;<mH{J}MA+-^B4Ta0Ui!hTi*c7y^vxQs)w8M>eX((n
zn_KJ6g?6sEUG#{*o5QUN_M}~24ZVBrK#lhKz%O;j0z|aB5`98i$;5yJ{@#qT@Hjq0
z#5-7p`QYB!gJ7z$S6GsBi;7%v*c=*uWwX*})Mdm}#nUI=wHH9V2&q_46U*nraC|KX
zyiL(`EU>i%hHus-)a!33CYJ?j`G5R*Zah83(n^@L+|(8k!Ajx<gz)xV4d2?zV08nT
zrF=Q+dFJ#)Q{e(6Hc*9Oc5xTv$%}KsN>$f}!BegqZr;s4xy{XZ_w9gK<t0L`XyDg0
zQ}0klG0Hw2{q`8l5yK<N-ly*bh}(^aOveFe65LuUR=b9r@*h{%>S@4qWaf%iGtUB)
zeaS5@DJdzxKDOT5+fH5&=2acXy{#g}syq_@fc(61RSW|8+JmGsot~cN(nGtZ!=~yS
zUN2mBx?QJt3AWbktQM<M@4y3A=HmdHv8|mQA#BLob9SKUW>u8>=6p_w*EnEBAwLXn
zQrZnSw8fBqD<@!&n)Y0bs@D^O)i?QxMTLa;?|>*a4+e;ue;Ubekw?uBt}Vgx3C*gg
z0r`G!ga^)Q08iaiXUB}ObvZVTi?Y|~9fv(_GQY?kco?8=IXL;Ktel*jj-g!&Wwy0)
zAI0QZfbpWVA2PjuQ9?JsOk-&8==RWfzW8A%zlJa1flv9Bp3><5!D~$PEC67vP6cSZ
z15ttEt~<Uvp@2*uf5pwhuLM?5ktJD?X(!-IDcg@|r35}UH8nLiH$S~NxPe_m_A*6N
zN3TaUf$=#vLH%=HBUN!G$VM=RR`V8UNl{TzL4osd`I1;d7ua<6^u!BG*s<<JdEz`>
zQ&RZ`V@SnD7Pd0>HIjd!^TMBnY0<v{MqYg~V19N01!9pFXSMR>%(;z~+#F6>XGYD`
z3sFt9O=yCONBz*h2d>p;8}94tt7&9cE6hleCqB*=i|z|XzQWzDkW#4I1d}=3kEF}-
zS^gH&{Lzw+5m))_<BF`*ngmP-Q{xhK3@lHymTz2K9J`3&>ZHHJxXH6)F&Ego^-N&N
z13dcx3U}nwb$4}1&lOQ9Q6b~UpB>A+5Y?k+C4Xfv<XwG0;A0n;l_q4^ko)F0Jvq@c
zmvKr-aJ=?4u)M+dHGDZZIK=QRvTJ?2koHE(?unP2s7*4KtCkGl7=tLmlQe>~<U_{_
z?oA*29VT2o0c*pgxj6ve+<JD6yUf*#!pBFE?5000CW-!1SWdvSicNg&AP}-@a<j)}
znpRDmDf%3xBJ;%RXuXQ6dpUHNvU!}Cc1{bb7(B!3z#ZQtAIcg>mNqQn@FmG;;$0QV
zGGd|)BIXNslO+~}1H>PMa<5=l0Ucip5SckmcbzA_02Ycl6+k02Kd6#7R{|a<F(>r+
zeymSh+tusD>{`rMOInra`)Ca~-4i%R$!|8VK%Qwo<3JVf-Z$KyN=FDTMZPZo#x~%t
z8y)M)kebnEravJPBG_PCBH9`AAW!9o9p*Xq5JPu(+oMLI!LyrV#pK7mT1b&PA@QgD
z>}(G9meTSE#TYb~yqVbS@2*O?`m{GB0mwx;nzogn2WYdaWQ&!?$dOmylARn6%NIrJ
zed~#tu5KLNyLjaMIf1t}ld<)o@5@I777;2lqS96y)}+|M)3zz&rJv>>6Lb3;hR(ug
zvUnwn<Hqt@%EyxK=bV|HmslSvaH=ai*cA8Fr|3B33GOj;wbwGK+;i$B@*=<a#)rk)
z+S_+uj-2W6WWuFloI~N(Hs|`Wud&AAnr-c~5}Q|hv}-cH*1XIQ3Co&!I&ym^ijBZW
zKE9N+2XVcHa9KYe&xC3z!%Jl?|4p%x+_DN%<mKF#FddDC@H@W!6#d!><x#c5@bP=3
zSmf0n)|3I|6Iz~^kP$NdGp|qrl~|R@_QdPhNt-6F%%;B|1=xB|kCjWatkdeC9$WZD
z^Pw|AmKhHliu!Wt!gBG4saONj@Qk}Il&sg(jO;-8P9Dgo!_Zj3>b^{HIO%kKr5px5
zHwjTrw>7$EGU#g7T`}2D1hdl&6t44k&)o6NZlY(jtQ%^OA8bzaFie$;e{i1sa7Ja8
z*%~2~|8n&J;)G)~)T;L11i5?-iRVQ}GCa%U4G<$4TZ!xJWvvU&<WUG6>02VTW=5u*
z$`2cKnKo#*kwIXcizlrIUWVx+59V_q@;usM6YFtYlTjALM_d_l+V0h-*^~dp6^#`r
z$10zOeCFYGUwyeB%;J!)FQGSv=0Sw%rX*R6>rDrb;DVXZDgfcF$dx#p1xhR|^Xc(J
z&<B)gsl8MIV79mC{R#^U#S%3CBT?>V*V58Tw|tGeyT#96z!4>GAiO@RZ}>o8UvA*?
zTa_IzE|?A;#Sw-F&jB~%>}3ofGrheb4N?_-!QlYqtu=6_r`A!m2{H1Ul}FMm{vJ&}
zv<Gg9tM5Mfeb0{e`M+a=UhXpB9?<e2NIrbPWW?~;-FXHqQ4%?HF6uSe<s8zGvvS71
zNw>1>!id{`Fdn-iI$(zRz!!<K@7{G((+L*Hvmqd<?Yp+wGqkhV88u%l(EX^|p@rjT
zbg?how0iCc1R~mJ%XA2zbk-T&Q|#-bBW<0&KR=0P?2BrR1wTtxgR2VTjag4qkAfA#
z7zef<-N=zF;+j-W4wHXXyL$vE3gzYO14OZq_S+s6EK*?uA?!XD$@{CZm8;ru*W%**
z=g!sMeCS?XxiT7gn?3fX)VYV3OYct-hM-@tt#<t`$0>*Q_4#ew1qAze4eKx;dULhT
z;n1S;Jx;|oQ;rA74^HZ-T)S1<KjBqog=5i4W4S^~bMJb~rE+yqk6*6X6(Hl@4p=5$
zi*v(XS{%`I`Nlq%Pk!K+@s?A{z)sP0@Br>S6Iu#v`*#>k)$uNZc|4}>4YoV?)}wx3
z1$SjAhwZ{>q6iNroKUw{=iZ$>x|*{h^#gtAnb5@Oqs89ZdrIwUoWyX;BN>#aQ%h=`
znfONsD(Eo%U(1d)>2iBJ09W)DAJDowFV(%*HLkVm{<^W1Y<9ng#gK4-=)sS+7*D1?
z`^FOmmH{gdhE5j$JZWr?u}T@}%AxZS-RuAa7+DO$I;$t2>7=BjEG=5(y~ir_xR#Bt
zo$amvaqGp~B)xLO#n^Lw`6N;llu5ZQa@H7+@U5Bdzxo}gqOGRhnH0;K4Bu7IT#m^R
z0737aJZ^EI>cwALE7#)=S4i<4$(3UnaL;EXuEBgKP1~*O+XtaX{RU13i0TY|elx3~
z>g=&+QcIbMjVo7Vi|YOyq=|&bt}z{-Gms_Ci~;|lG0QTze2ZS>Q0lULyia!)UPV79
zqWo+?>j|D-PkDRPAoM|51-ezO$d1#mS7pIlDNyu~CaUTgRtQdW{cC{<7|d;wJ<Yki
z5vdFg4vukamUSGX=m{RMHaiMJpX1oG<FP_-_vlPtU?0%)kQV_?_UR(j>T`B>;%wR4
zM5bW_Yn5X9A!syu@)A9C6^MfBZi5%22Ft<8R}5oeNnRkwH99nJOpB&`nSvfoQtrN9
zwQ>@coMHKTaHDt#)yN1ASb7Ova707|V691>gr_vOEr~l4$6zO1jG6~ih6B9<5MD_b
zrD<q$vBl}&x1grzKpWu;X!KFQOxpumdwP0SSJIZkEDeth4oMiVU&K9&ZL}5^_K5)W
zYDU91SGU-{u%(b!&D-II&w%ea*cM-*k<fuXfFfavGP#2WN^*N*y~y*E>`4i-mr917
zG=+<AE2hX-8yp?rtQP-bs*zDqA_f($vrVdrUgLfrEx}TLiFvv)i@MUJO&L#CSc{?x
z7Jo@M6~5)^LZgU{dKY2CP2;1cCJ@M*{9^9qfl?P6W8>is?B^JwZKm82%0!ZIjHCLL
zeG#kS30TbPlcNv_Khe<l%;Zxp1If`uus`Cv{`aKuFWzYkfx44s2RNkc^{5k7tJ+N$
zc0~t9i3kY^VawoQLz4#}il+lKCTy6z*C$QLdeiq1>wFG!qyec43UG%p-<tBn_8CTd
z;8uzaV<!s+<C1iBbzxCpv9IwfC96YAN=rRv2Z$nS)CvDHBrd=d#j4@<i$FKw1Jv&+
zN)lKnchlr`CJF_&IN2Px#nxg)t75Mo8X~td53PgE1RQXddk3V|mL*xkgDLy-=d#O7
zIkezLFI@C$5}G`oRE}7PN2!6e;ehgo>-y4k84LB$=Mf3)gPypl6}Vd=FksOD4gO-f
zmKKb>*UYe<pJ+tvWK1fM*l9X?>pk#n6DA;|+bqrqA}Kv^>8z|RBDb+9*StF7I_zDG
zW1m^<XEt?$o8mcg6x=~rfwBOvWCgE$;7dkbvASh%-*(N|rffP*E?BT~1Kd$m9Az&O
zWX;r<<1u#uV+S}dSd`B+0uVh};544Qq^d5|`$9(41%b$JUzsxCwNCvT+*f6x{5X_@
z=jQr#u2R8$5XCche3f*d?n^jK_mKBF?UOREH*ZMM$1YzH=RM4xo=zZ?PZTA=<L!Se
zrIiHFc$ck;G2A|dV^fy#my%*0(hLeKn1AIrU3WfCSUk-BZh@0?=8t}Kpb^qo7NsEN
zgDH0z4$F~ig<IC@Uk1kL&&@KzUA8z$rH?l>+#E|Y^x^}ryp5IK!u>ACKe%rn^AGOJ
zNp9nQ(l6Yvj&Z}5-~sO2ZQ;ItoFG0jF$7WC2w(0LDYQJN1W`-{v(ob&UfQsks}NmL
z&6agN+JBdOC6v(<>dPb5Gg2pKc&m@UKji$U50Pd}0SlRe{aKrh!jt~~j?-@U-}P$=
zNtvpNcu)E4zc{*K%IW}gTS`EyDhgu=bUN|lQ2uH;62_EkU$Y9IFrkpnPCt#yqjt13
z%aTY)p=-Bj=xSn5KA3~OQaB~>@Gl22TS14C$^cOqKNolebRu#00|Ntj&-EHT*AHj7
z>(wH)@}6#tO>KsDE4L+<qtQYEqMx#z8D)mf2pJ5WtPCtNyXyFfGDCZc2%0YGl9LZv
zukrW7HV9P8xXs2#UrrQcv@`3yX4=kIx?sUIvxKK>uS@R?%_t8PrANuJ80S^!oE}Jy
zo>-<oV&?`x96kpNbi41#+eeGM^xWslP#~}tKLQTneP3ln(F%=iFSOavJJ|F1u}f)q
za5batx|Y(in;Hy`Kqp>@+RAekCur$Ir^yTiv;NxqQROUimQhfvbOelm9Wg4jarF|5
zfUk8h0;VG7)(h<BEU=qgI)xH%!oGI(@exzQGaNU97JvNYJ=bk^vtmj>E`+m!1azGB
z^-`4W_E;YH@?KQ6j{f<b=lfvBmQQ#P$1UDz-#4HSV))nqZkAg@N~7)S>^_d`*O9w>
z$@j|XM%&*c5pY@`CVJ4Ci_N{jAGv)4uNT-d+u+7I!;P0xiQoO`H2vUX^W_;b4q4gR
zr7C+MiqFCMncPZB&DOv~%8+$FS+SE#H18Eg_!vheBHR+db0ooY%IQo&^ra5Knnveb
z_KStDeOuPFY)L3Zkg`#-VDKlQ{L3Hdf`ONC8H|AglAWkP=}FD;KG)6f5~BcLLwl{X
z`qZEQ+~_&FvX7Q!0|KyoiFYts?*QaU2sg{Rwr_5nlmk$;Kg!9p+ZU_5sj0SbX0>gM
zjEP{R@b%gju*OUU!t2c!Nr+-Epi>nVO1J^pUGW*XSKqgyv$HeeAsk<2zJys@f6F+q
zwEok9c^BkeDxKdIHe-U`+OkiKL$g$f*GwYNV(wf4dO`9tARQRpqbUU+XrjT<`!tO}
zfF>6x18~ytr3YHWlRMD==A|js++{A)T|1|Mwon6(?blZ{$wA|e2~$x^VeQa*7lUSt
zXlGJV((2$EQpar^0yzV=m0t;pgsxV<B{QBZefg0>OFn|PD}!aFjpIwqRi>Sa%o@Lj
z8h06J9pXFwi=P5suo-6*77iS5IdA&|s3ontx29*U?K>LSuN!E(9-5F*%^jckpl@(6
zzyiRi_5GLJyPxpVG!~63OvKm$f~&1P0`UlB%vM2k-iLL2Pq*XUewyTRPs6v|LK{^m
zMF-Fm6{+nF7R_oWO?zQ=WTMmzPvfrq<h*=YW`<i<)TMtprrd$uD@aiHJlWmN*m_Vz
zDgS;MR<*3vaAZzaKiZz-MCK{Z@`!wG29gnwmObKOLofariQ{@7eu0z`zQ(0MzLG6_
zD=8sBH1JdInx7{T**UV&Fe0+Krr?8LRHWeA5*^foYD9YbgC%jHEw7gZ<2J96=Um=d
zjgQ3>7M)u*Il+>~J^|?bz)}5_zFwJW#bux6FcKO*Gx`<2jAy6LMC6P&q%OZrj@0G;
zBq*#v5+^O#ho}c{b};X2@R7D93fbeJD>3(Q!t%F>ht9SjtI>-ohk(#@Tak83MjCEx
zavINZH$_BJ#mVBAV-ukhS<Jz1?`%&XGQMbcvU0rwM{b#cwsQdw*^*cFI@uyf#a`v5
zi*uc8A(;2WtoI+5)@RQ#v8g%n`U#R`4})h<ux~AFp<v~utRGx`f%4h6mm0h7ha{aT
zATbPRwVezI5M5tWLeu3h2N8wlZpY@nyuscV9msfIOOl*Ro`atP({2^n+WjeQUkkk-
zHKQa=J?%RVy>F$a^0FR|0?|N}zRqlOO-t+P<a#z?1glzSXJ6HJet|J6@oMA?xkJ~0
zcDC-fbxeW6ivM0};=%aOw4ZU?;{F^k{z{8KD`HX*@TQmW|MBC$@4F>b+3VKlfKgRz
z;WYoGfVM_E4v)b9vJZb6DJp%o{s0gq?L!dJl&zBpI0PWLcehU^NZ$b51ILi22BvP=
z)gCa;uOGH-@CulP=%@e1r95oI4)SaB8(1ODC>_0rkN-6c0xSzC0Yn<Rn`&_zS}pZg
z`fK!mTX!@+uq30gZRGjCGv|MUzz1)p*BBAofyATJ4=Y+?{xagPJxi)Y&f7L+HVIP)
z{@EgvvB1ZkjtCn^A-J?;ae2A8&nXX2qbb*zHZ3P45&p+~F#<}6=Z}r8AAZ*80^9cF
zQ}Pyg_0tR)HNDiUCP;4WvLDG|c1te5J~41nwN6(IQ8;n9trDqLz$K$&NW7$;kE^`L
zNBPkAIUaF5N7MaXrGyH{w&eks)ARLlTrGtkzI0u!`Oqi2Q6ZT6fd1E$B<fg3t&Rk5
z(up|#XF@u4pScLgiNli(^-pIO$FMW-(ogwewj9N&LvV_w*jg%Ij%$w2U#G6wtKf)_
z&#f5hLO$16!x>N44RJ}GZ@l5%fHXso-oEQ_$AK`CYBtAt?VPgLWJ*>Yyf43@t3`no
z@kY=&OJ{2Ph#syBK<u0x8A;gZ?LHpjy+{EbgY!}dWn-k<04}b5a#&OE;h^EMqEW3c
ztgPqj>2tn-G!5d*o*0LVxk}xq!8$71ZJ~6@-MXYRK@ZPor9ES{wSaTYu(26;xE9ed
z%rOyVcY}TTaB%CKu81h<szC*pSMQ(;4&_@nQO_m~z*??`>-#P=m#6Z{Od8}jCI17v
z9jSDqEq0^+BlWr^q7p-StmdOay60^^ejv<LT3wCPvp+$tFbX#xw6>r>WE_<Vjh?Mm
zEAy=5b_O`1qj?wXr^Xfxd@}S^RrrIkSC}MWe~ti)vDn{^;D7QHaCV6@LvR}lCl4II
z=H}Xca<Cy9Fa;;b6Q(VH3Y?@K2zah|ea^{20fv6`&epg9xq(15&Tai24CsI5hyN?@
z9&jXZzG_HMMnS5v!`vJ7oeBhxpi5hu!oy|^A~s}wjvTE9XnhF;ZT2axfBABICV9Y;
zp1+(m{-nT554iYI_^&bljeY-yw|~LnGj7hO#|*K94>=ppcl=rG3$M6mKxqvrUT7dc
zWcK6tAdE=QoZ>~5rF~9<yJ?`xPs?*8n?Rse9_IhVOqf%FU$CY?Q<J;ErjU^MKtP7R
zJ%3>Hk>)=>f8D@W@`)<L$>`E@x$d_j1V`ofbmVzIntdy6jT<m1$rmZgH@U8v?sPP^
z_ONaCdSiVuBW~HVzA>RhWNEsGwQN2>K1<C(weR)_qaBO^MI6mJ_c~f=*}*l|jy+wP
zSd`T3S^s%7LGk!AYbIh3Y~v0>*0q22-llebMCu7OmIPOlH<tGw;u26oM;)1WSvvLj
z(B`N1`@RNsJ#l`I25XLuCH5ILWaxfVL2?VxUC~t-Ib8oTzis{IS-4l1se)fyq->#x
zxg|%p*<wN6{#V>V@)Bx&*>(Q@bN7qVANsoTEfz44M*ke`zv;tMen!$;#|?48_nt%7
z^vAE?9ab@zU2Zrtci8*DcolzXu4NLjFGN)^#&FSgv(6$w{nXS$=GP1Es42LKYjHhE
zATcq+I^B|qZKm$vHnKW?F5!D4EIfE&C|+T`o;)N=bo?p1z7*&~Z0O#YdBejJ>;`LQ
zIET*ks3-{JZnDpJ8H#L7xLE*i*#s3Af$Coowjm{f%wnb_&hx#e4KT~XN@B>(l0O!&
zH#yqEgtMtf@$izBu>#X;KkR|LW!Q^WkR#>KajQnYl5@j<M0~{i!%ag5S6B(jbYYHU
zM|E%}w+We-P^IUMm|PuZuUC(_-aj>Yeoi+ZuL6{ItHQLJNYbOi7^|c`A3I<Q#0QV6
zYKnV9F(|_Z;+t%vxq5THQvqM5876xlFP!b1uwzXK*$5qt8bj8<UAg%WADu8{^4Jr0
z`>wlVK#h6WilMliVT0ej9PXe*S1xI5kz#eRh4pe0^FaL)F)UGC7zrF1dAAevXx1BV
zeJCH>-02uI>g45uTEe8cp%XEoKEZXt8wgIn`Re-G$J~n-YpVH0I?cugO055Ii)Y+I
zUW;zK1^>l{XL9j|tBe)*tpDKIRRJZ7@Bah-4DbQ#*Q_fR2I>NVN6+bV&@1!&_7@76
zFlB>;<vV$hdc{WUf&}qzg9o4<A6Wi>WFddJ4b&gHIt=3Wq&V}bi)j5ZD$s+KIk)KL
zk-#rr*(<*?l%fEFXE_X|?o4EJLX56$@eUyAfY6#st5)pfV)g^i43hmd=Km4=?>b+p
zW@Ce(F$}b4h*-sgO0^eK`_k<l`sbd<b-8={UHOZQyn$|OK32O9=FzFhcP&?k+M1xK
z1iz1u91@=Xb>(BImFf3_cjZ?lyC*$dL^OxEh5B@z8y{;Js!9KiC5&pGk0&;qes0XK
z%J@*Gs4;>e&Omq?nWaIRht)4g^PL(xKfM;(ec#a#*PSbfO*{%C`zz2uO?eNli~T=g
zTHE=r1V5hq*KRwBDn;r93d*LZV#<{@NqI5!k{!vqJJ}7UN9y4ELv5z36sm`k?&3nI
zYkbJX8?`nk5c#4QREZN-Gbgwp$_W~s9p?AW?wsQ*S{`EkW{AhP4pW7Z2ldwVn&eP^
zvAIXX`(KG*<34Z9#L5MH>5iEjDOpf)+CIv!Ol#zxvJ9LlyVoFBiB?#jrEb({!^Vee
zz05cjR#c#pZ%P7zVxh;x#uM&Fhpt+@%{E|^uZ|#GXG^{zE=K8H55ce`DBb`BWJ#a1
zyZr1Ql)MlP$ja=zUEqR!GyKXZ>2^z$>mA=-eepThhnzPT#j)~;SxYqZf&0!implo#
z`@Vjb6>+0%e{Iw$XwQA6UV>n+;z*GexLeb=e!YRRIf+d2VmHpK9?JKMCt!lnU+|BX
z<(CFHi;e!+=X3rofGR)YRdQ@a<A?O%z{O&<;s1b8YrL>V29jw=#K5Ec+z9(YP(kr^
zhMs7V=(baG=7)MyyG!+DK61$Gi1Lo<CO0>1_8$m6@Q$v$p`Q0#*`=D1^$Vjzd%+nf
zu1e&Ik|oGHhilm<S&Xb8=J>2HIVeo7tzMpp#5a7d+wYF}BBS$)n3U+cZf%1-*++H?
zXz?V~vHk&)qfISL#FH^5CgD-m7v&VDFzOw3<6gO_OTz!q?q}RHLlZv5sXqB}qkw&F
zhv58`6~S^o)a!fqNuZ?vTx`+<{eHmm&$|5I@-RTQ3`*Q9g4au&Rzm+pv4EN!q4eLB
zFa9gq^e<85+L!v574xm{5%B_gJ$6x<E4om%U65PKzus9b9Bs6&G-oD&q$7ND?OT5C
z;MJyEXTMP6;Po@HH)FQf-j(&-rC_HXu{WsKk=13ey-zB()Q3A-O!jtm)b$@_<Y457
z=WC4eeF4JQ*Q(xL3&}4xc8Af!tfPVphgkCQ;mhHet0Jf-VN(1<vfROl-jBVR*g`ia
zV!<ON$mTDq8O|M4Wnw|xc$!qk?o%8S(2^>mFY7j39(*1#>>5ycslpch$||p%89tHx
z86Ln^`;G0qYLN(5l8H;?;bgJ{Pd`q3@rS@esxD>tM{}RCHb}t<t9C8BS{Y7D2f@d>
zL@r@gdnioh_nY#U@9lWU#jkXla;8=8={+^tENt!X_(~kt^v!1<)Frpv=J1=nNPLs7
zE^oJSD!`EcVRVFM>GMiEv3fQO35PoU%rr!d=l2b?tNPj~;Y+6TzQIR5*XwbUqs}#q
z6)Uam1A~OXN&As~a;rI(y3nTfF(XJTJ4^CmD$_)wBE3i@5Z^IbS=7}Q3>)-8(gl!#
zC5=$mLxNWhwlB@zWn28jqry)$?vjNv*zJPPO#AhFgq~R!Vf`E_1fz!ZH=GpF)$EU0
z^FgUs8D7w>IWK|8=h}%US)DvSXc3B5fxAvl?odQ)_$qB&e}~xl(U%)LIM{=Im`Z0O
zkxti-7s=ir`%vm?yVA9M9cRt-zD3vgUG6Lt?N-zpE;@OB)Yr;*{Z?6w-ko3XxN4s$
zAIPODZ<Yk5YG+%<@F?3SkLSda?W3deG$Bvq-_iN4hA5JD-@ObiDO{PGj>`gB?YIlj
zOEAg^mlhRf=cOrFsh9s=-L9{MeWvOX%tJUl;a*8>oluYgQM17(KEO5HGl(Mz%Rc_C
zK%X`7MX`o#5r-Vh&<XKCLd#j#B(;JoBooJ}av~#S6DWcUTu*2BzYh&~jBxRK&V3L6
zyjy-qo}^_z+{!Cl*)o^i&&4y7;47JTE#Hj6w&hyIYF2$g$g<z$iQ3A}ySPp(Ifb-q
zT4^bpW_(s!4J&CCnIrA5h)0%)=27dGNfqI<)r*p%Wpc;r;W(0m+o|GRPk=19y^`F}
zRXlrFllKp#<M4AVeO1DoXLv$?7qQO<{XOSP;74<&6l$K*o+m$mWczFFm7uF@i%E6r
zKDnN$CU>j?=TrSw9a(b7uap7~?~&)<*f<8c1#JJ<oCMgCg}w*`$tL;1`pH%@z+;J8
z{XR9Ht}^vSUcByaF)m|o9B)pf@;0`2Zg9B!^(&J}he%&_1?w}*yG4X6M^<W_ij(z6
zijGKK2_zoQdLtwr<_#@BRE*!o+U;ZCs~!w>;*r2*u@xKXL9-b~Z<qBk_xFv163E>w
zF{~>(Ii~*H%S6*|bq6whdMtz^E9^5i;<-NJi{WeCZ`neyFB8ke3)|kk+Glqu-<uI`
z*-H!Gl9w9EiH7lplqeV)L0Lg62;&_h-QCdFj>KFjWKmdg=<qjbv|lxMql_#_<+?=V
zWGB`I2!f}T)gL*JPI6CKMHv}1sL4p#GwQQWbj^8rkdJOV?-7Na1I#zj9#pM|`-hi?
zeBurB8W(2Wp>CBwP==DvH;(5sv)(mgvbY}3qwOw)^zm_ut0vcTNhMB9=VjIh3HCgf
zYk7w7EmwEo+IA4Xw~0h&zNfTnA?${#6%#K)%f8ZFQ_q(I$2I056lN7&C62+t#PK?<
zp8xsYMW6h$rG;9LeeBtxM>Fo{VY5e1a2q&{rbck+ND!sFKqMd?*^llC>6LuQr=pH3
zUVZ0>5XFnMh{Ysk6o(u$W9st>y*zLDz@Kv8vY2sgPTmqljLe`~6_Q%6TT<UhK*aZf
z49(UGf70>2)0sx9N;wj6h~>5xLWVV27h~6xpyP_sGi5!Qd7Y^?gV3diAUrd48gv|Z
zp~F;~dQFgh_M5I1-{wU`!k~P*GKp^VojA4loj`sX?#>TS$z7v$VGDB!u*RL4ED&o@
ziT7)jS<fl)Ch+eo?_hqa+c%R(SKi!^B7j<ml!(+J*1SBK*O)p)$Bwq`k(jZWJSg4o
zrj}QTDFraR+)(s+^P&N+K5Dc5wTs9OnpFJ@AdWyE6xI(2WA>Tc%<o6|>fGef$FC$r
z8A~=}nU7g27y0Q6_Fh8RO3oKy?BXZ-Yzn>)#gLpluAyYL%CsRz9e<lb3SFjDnwR+J
zrfdZXwLC%p&!2O-4MKSsM=O_(2qA7;=;zt^eAKIIUwJ0?*4f{kyM@<6`}_HwPxk&9
zNKaGmW(!m8K%}HrcKMNkgBC?F{pfPud|^0FB*MmhQ6w5a_zbHP!;V_au{s6`k`B;#
zMWu6AKXu0!6EC-cIl|%0C>Orh(D8^Xd-AXr#vq?zW3xJBv#0T;p#Vv#Vve2^-|rYA
zx9ck%NNsGv;}Ix$=~X6Wzj2cGvTUTVL?hO8?tZsXug#0|Vto4x^h(B2nEuLFM6-~#
z2)8{5VoREh7sLwk_nXUsxxLH&$8!Ps1~qTMvEoQ6&-8h)sSd0}`RG<y;RKq5riZ$v
zZW{<?efC;(pi<f}K4=R0etO<g8>Vw;aGf+XKnW?K+YdyMUkR04{FPaDVJy_#To>|?
zlszS9MV<P^b(GPDp_r2JaR$5UY4>Pcp{b@cpO`ewp&N%gvJ;}rwDq=mZgJH+8+csT
z)Osz!huWg+)=kAUQB4G7-MSSFH`O)gsTCE-+(*J(fO4gRyerTbfwQo4V2<V21KzgX
zFLN44y~vt$kk*gY|9;;NBj;byPa54pP1bZFNy*}94^?OI;~DUq@2}r7=}aAsMOTh4
zQFlO;K^hc@^-h7Ha^xPcmj6~(C}0Q6Fh0r0n@~k+(Vr+8$_Tu2VF<RAAT{LU2AU%d
zUZwG*lpLu0bXQihjF>}#!6tEmFHw4ZoF*;py^KTHS1jSk4%s{P>3-F?CZ~YX03;H=
zu;^ExpR-kkscO7e0VfbG4EnR=VES0roe*)z)|kCnhHGnUkqlzA)+{Ie$^&i{3M<<9
zp*SA;9q%r0so=}0w7fnAWJJfDd_Pvo%B*#|i6p|h_d`UdeyQsQz98|32Gy6y!^WS)
za8uDXW7%vFqxZjKNLpe2C%FWb!|B$h*>90|XJf&dv2U;0{Kz;%i`vPimAZEs?R_B6
z1oSSEp=pr3kJ-E?1|qt`=Kpxpk-*2G{8$x#Pgs7h0!UQB0(t3mNA*Pr=37+(IL2!s
zjH&~!2r(IvWQmuw6l!tj<^0^-;lCnVkaYcBEynfyB*L_%Bkobj7Y>B00)uAz+Bis?
zTNwC|(?GhBRvhq;^jImVEh6XR`JFn_)U%<aXFK`aO7&E1S$^?miu%*dj_H-V1=p&R
zvYJ+}n#q{pCl{A%-}ibNe`5BTji1ebj2UhMn*aJrh`jTktUxt%wKK_QD>C)OuVM{P
ztS#xm54hSoA$6aR@EXRO%zg~65&G_dW}(WO5PNeIvJt**xcVdHPyMoLstV-lSfU~*
zOwH5YC)aY@n@|piy#^V{Eqa}@GR!qHr+#iJLu6A(`{b?@G-<1YEt>TF3FYN?$?njM
z1{K#7<)%JiL*Js~n=>j>Epr*urdIjSsLriRAV~o>zEo<*mK>nODF}$qkvS%BYB18F
zf}#K$zwrI$6o$i%%bp6gs;i9;Z2ZC<j_>k%x1)Kfjtd0>4Fo92R%Y4SXr}ecm6ddX
zb5->-%*E5;Q9p90L8)g|*}3SrId!k4QFVEzKT87gHI0ppFV)e}f+62-%QrW@=dt9P
znZ(l(o)>J)Bo5FQ(bcq2dlyx@mkkI4m8**0w-32&7xDg;P65fF+}sQ8kH#BJjl$3f
zcA!5M)#9Y@l=m*ob*^~U&wfE{E>{iBJeVx<76MQjQzGA9zcT%Et1Moy5Q&`p*MSMX
zwb2~<%s*eGSoGw0+S>#!RfUyrD>nZ+&7$jtJbYZ2JspIvyZ{9TlDMgOLcD>Yp<DL>
zh-m3AbJ6v!bzoQU24w(FtQTjJ>GCgV*Xf<1mC>9D-a@BIsFj{Kbwr_JA&O>Eq6*%y
z8CszY$h4=v-nv3zs|^!aj>6@IVkD>W3mK85^=}b2bI8EmTc{1PTbulqJ%!Ut8GY>$
z8-cvR957Z;!@ppB0U~~IYey)o$&R2n3DhIS+o3lXKXS$L!`FMNnoiYuwqV=_J*k-c
zTUoR{kk+HW1mK6hxhpFxE%M~1YxSTOz7OM1Y#L^Eh@-~o8U+4l&;k<l1Dlu4B5`ve
zYv@@}^s=&@QSZ0|MCJAEY#YE3h@#gPRJ@~ep}Clf?c^J+U01_!TjxIk!25&9FYzgv
z*3R3p1t9bR8rMO>ZYq$rEPJ3IXzji$+u8VkzvhL3FX#{xq#Lb>08OsjPaSv?2pVO)
z;P5q2qDyN<_&(X}4=R^bzgG{{6OoZ?+1?xV*WKm@U54x-M_qp3^)=wJx%oH{{(6c1
z;FPXz*Z9+PGM;AU>$6frowP%J4^b-DzdjK*4eH@%QH<L;d@xE5#jV!VN(3Gh=*hb*
zHzHq6l7Nu^D_3U_xc~B6T?m#mqU+NyO(JF_370m4t>0=>0C!KjF$rT=$IK8@py`4q
zN=W84A(=ohV@pq85}dK9WiKvft8-##JPv=+pO$8s!Rk{!%;!)#&z|Aq>}?+z=l4&>
zM5DW#yUfFjGT$#EPb--IIAgJKGN3P0LRh<}h7%+LKnn1k4g7L@23FPnV5IA!Iv2tn
zw-M9XdEf0m#K?EM)WBs^u##ae!Dkp_>Ex0({Z`J*A&!trR|hJz@X|;>^V>eKd~BG{
zV&OhDx4|)oc*s$??S<4&3Yec-S$o1Me#YZF)xUHmzptNJGZ1MVr1152pQDFKy<8DO
zOr%C;2DxwTM+rQBV5c+Um0>{hd&^wbxuN)=UQxOFF=3+(@%|7w{KT2X<twv_<RDWr
zNv%0irm&)7Hv2FnX!rK1$>xHVJRS|JasaRrT7J9h>Vl~P4!d}%OizGE0f9exoySu9
z%P?zQeCCHl#2b+suStVNwNogGiKJvHIT9BLRKnU0wMSKFv{)3nCoDfLJ9cdG&Wh%B
zwC8MP6AqUSisUqWe$Q-jtMU)j$ZT%T7)d*-q=j`v+sVK+MQ6)K7$2v)TlaE?7q15p
zTUSE8j=xO6!tcIBim4uIgHhYo>vOM}xNcUPE%z8s$f>nhCoMgnq!q$o^aUUv6n@WU
znY+w=trAoS!cOOPpQ~WD*d;i9nnS(!eDSPWz^z$V*Sco4969H57J?Xk$(Xl+^d2eV
zk4dCYOoYL?hNvHPCY#O*Bfcbw^bSx<I^qxmIeP5(;E_;wd~*V`SRITtkMwpkTuu81
zl9#!$J-2vTwY=AvxmUa3<%Y_jR*lTi=rLYC<{XPE;mn)VwB_6fLxiGBo+R1y?%RbZ
zhP@Dp>%U~4jtE^}(Ad(rYJN8F<&RwBvC!{qy6bD7si!}~IqS4M!bJMwbo0AU1{gTC
zX<?1Ym#)5z>vh}&!$dys%NRVjr)9EvzdiHLqX&PFaSPnrrsDT+>{pU8(60BNEk%ad
z-wrdME_snZI`yfJuTqZm6I~##U~w|zo2A>ht37X@S%@XS0)bUx5*;olNp9(qGL<@4
zdLP-cwh(8Uv=K?=h6MepP+>{V1|>T1CET<FIy^AMLrs|Nr5sZC#kb#H5%m1HY)e=j
z5f6N|vkg2btER}+4~@W%-zSYV=z3h`LOd5Gha=yE-v8B3SBUZ!<pPMMZNe0}eATxq
zc4pU*z_`)!Q+KXrT2Ct|S}Or$qwqI=f#-sH0a`PvAY*#080Z%VrBleiuLv%dNBn%L
zU9rBz*i_8_xMHCJn?xBw;~JiS#Fc@zjU+E(3~<7VcE9m;XtUE~gL2NiVo`*8M*F0y
z1Rhk@vazvY;~)@g0HPxbK_JFu8Gb!jLEN{bPoH##&yve)MFqKN^yxByx{@-z$`E?U
z*T-8A6iriNI;4zGhyks0r)W>J{M9NC1V#<rUmI2V^yAu)gnie%jS3`a@2|5v{MB=@
zKg4Il;xgJIcyd~HeJaXA+7c9i4@B&G(zopw4mCA2G=L^5J<oe~Gidn)^1h@-O7N-9
zBwGE%;6^+shtsg!e#aH-mgajKB2hsi_96q3=+J6P=*SOm^T+33ptW`ynQi0LzRBm)
z-QJ>`_p%i}i4)nwnp~=L&S&?`eV!)M`bD(x2hf#=zFKY9HXZr_KHSjT{HUE1N&m5_
zgslL5+`et|dn)x3MfEZT>Z%!7|FW^2S%vo)A**`X4Qq~Gw9gKk#RhGjs2;SYsN9d)
z?%2^6g?zZYJ@F@A8~q{P#7qagz<U8xA2ZSQCzr_YFICuB83sGG4#)(xw{{v}pE(Zq
z%9)*>=r-H9d*qdC@kj=1=7kV0q=Q8yT63q7^Y8gIbtvOKGh?Zu$)p{*<uR7i=gBra
zt~a|L4>GbVyF_oiOa3m8rZeB!(D_NMPWPp^Pgv5a-J;Ul?)7;w=x($in(d(m-2C>k
z=FwX3K0gILe$5s^=)zs6Ine}q+|L$u$|xviY1KaqIl6y)v6Ej>d13=L6^%)DWnK3k
zdh36TDlm1Dy5LbCX|jGHmm1nr7O=$VAnUlWxW^3+is!b6`*Pf^F{!*W(R1Uw7gGG#
zVDyv5*`1{`DhlU_vrK*cFDDoIIomtLM8;!(l$&vpWpcV`4PEF8=R_{9-J%}bqrM8-
z(i6n+-Yc|L(4FR&+Fdx*H&))BJ)Fv;Bjdrv6*pOG7+pR_j8wfpHQ%O<Uha!Y(l3{v
z6W$LAV%y$@$5~lf38>bs3PeyjDy$Xl-NKljBrSvRaD4Pl{{ZCZ<?Xo&l)#rP$O-v?
zT@BNawzD!^UcG|&mB!*hXB}g<p)QTv0hYTJi-NQzx1^L5EwTW#sz62zl*+@6r;dsF
zc+Cg`=NY}9E9?o5{3y2H*9ch6G?y1>8N^kr{HBH)zV}Uk%y(t!GQ0&2RY5^Ycl@%)
z6pdrK4HCv8we3`Q#?ECtvR68+n7X~HOd~(5C6*{U6&TALhz9i6xRrcCt>U|e?IoiF
zB~6ME+X%n}wEHIlslV#?xM@Wu_qSo}8Xe$UpMri7saJ;q6T5eeMihaVPpet^aPimb
zomK*QR}J(3*B4!=ruC)iUAc)Rv3&i$RTXrFiM#qqAZ<?F@}6k9ert||7#hJkXNpe3
z$*eawfnaE3W2t4Jm_u>%_ZUq?Y0P~AWG!QM$IFr%ibE6@K<(`zQ1*DvD-kp=%vCI`
zNIlFcvb3c2v(kL;FZiNyz*mQN@mF$4vFYYJP**Xzpw>N3F#2?J&qiez_@+qq_|;=n
zvs;&QL3`AXK!;62(@ZZd$ZLeWOZ>fFZQZmga(B?B2uxV)X{bu%n_Nsmc|ucVhqJfe
zK-207v1{aky|K=jmdA*?$|d#mYGwpD)j8<RABZJ1&f@exwAB}6zO%Elo8uLhXsskM
zN94W5poGrjQGzojhg1g!4Pq5q3(MkrO*_~4G%5a@qaB8z&pE$B{v8+V9u48&OAg9r
zX+d=95)RamzsU@{s4S_OQJBNc8P`9UI6cM|DS^n6rkbrgnW&%GTm-$Auaw@s{%1NN
z+~VVoMC?bJCz%cnRTkHz@Xd#+KgwW(bsqJ35?3$^a;peil7&HlTMvwJG0k!55^B!`
z@i3Yt;bzFE#zWS1v!a9k`iY)If`YJ%Dhn85Rb8DTsM*^pi)Bh#<`%~oH&iWO&%SXh
z&QoFS0zR^C1sB_dGs>%gb3&u_zjf(y!m@vO%wDNrA*CVeWuDG-8RdKu<FHWBm>9Ue
z92MwtD-lf{Hw6u;kGuCP-u~;+8$Z_zL97*F^Y#dzeW7#c@q9Zz2m0Cs?TsDw%P{Zr
zanBdE4BJkY8sw>u{tS~*pAvO@F?o87k-g8WmTyjEXq55PEZiH^LMM5bP6)F;k={ml
z?rTV>m4XO}%%{;8HL<FaKlA#Xit0yX>}raqQ$kS$(Ad>(!>BI;B?p;YxTUB-DP?Gh
zoAsQr?;7zw?@0TOPt%N!yv$x}-`_?v&Ss2uI83zVbyR7|9*tEMQm-3G%Ae%T%duiy
ziz>?sa2w2=`XLkOT6Wb^ieY@z8&h3BH&F7;PU)TG@9hGqI`Dm-0%^<jjTQ}(6)%Tn
zcCoE(8rLFk(pYJo<Cr-KKQoApEhlO$hXz7XTyulTaVIS&vam3|8W|xttyvvWG@gCz
zNyBd|zvll>TSGS&PYAoEQwqvsHdVLXtXEnXJySx4%gHm%BKJ|#($+34T{<YgcIJ5-
zuUw0$40C%d&QU9cQvW`Le3{SU^$-$Pr!NWV{0$keK>fpZb7Nr0+c-U;E+>O%Zyfl3
z!-O!$6YIYQ&@<a~Z%T?iO2TxBVUq9r2*tz>59-7x%EU(hb*0X)KDABPY*}UVJoVt~
zr}kl@A4{#xW^?}aJkY1HO;E?b-E*~&&I%4b=(Yg4x1~SQ0E@DkF&9T_F{~iIg){gy
zb%%Jat{BGGoA1-?z1*2t0V>h~E&2euR<_DOl|0vK)>hFu^J|MC_zI5+^camm&36Ys
zEv2cpEgYoXM*yxYWYlIcQjG?0oL*{v*+}&u8p3+P>p@rz912ou#}oRk2^&*H)9G>@
z%r`lc>lv7jA!m#PWC*VPpeW?ey5-RV`22ww+K4d2-H{N9?Hug2S9t-gm)w%KK6NmX
zYRycId^;o65p(SO-0RE^(866v!r`&zyEN>6BQWS6U}y6N{X8vraJ{LI7uIeqN40-Q
z2Jih%|0=C_s1&}G4(QUSEp>qgkf20$YHA9Ex`15S&Y&d{$b~hj3pO`g6@F=DRSL><
z9eaL*KdqYpbVSoWIv{-IlX&)?x~&j%#E&w%DmK3A7N&ZhmrGb32zF)##Yfr=bwfAV
z!jNjEFfj|NJ=|Pyski<)&8*oED31R|_!KO68G<zXk?1UZML?W*eQzq`t9<o<QPc}!
zC;z^I@~TS*^$9iSkFqBYTxEOaeY;kK=c$#Op!dVv<4d6X4SXFdCnpMq+;L!=Qy)Iv
za9(M2TT1l10j(uJ=^1RwUy0l-Jc2rFb7}4+L#ni@cdLe3lA-U#9pl!WF~8-TyE{JY
z`h5<<4Sb1Qyzz2dEq8@CSkr%2jR3{zc_o){_(yz1iu*aFTeR99*gWXBYALHyKfF_7
zOP_tleeKncz}5#kIx&ftV;kSntNx$J(XaNshx+<1?0+L27u0IQbz#&no^nU{)(bh_
zpLwV!!sH+70p$o^BGI^1mcCAWrAY;u?kv(<M`_NK;N2Hed}xz`%LCmNQ_p{6ke7hc
zDEJ7LmB4!?E-tr$T4o=wv-_*9Zg#yMtgEvqon^NWL6-AqCQH+Zm_s2SdlVbiZ-<89
z@ACva)^Ri%=~=pDQAm}GWlG8jk@F;CCuz}%%FcK8zi|q9NpUT0?UwTXMBt)nekqVO
zJ;zkZ6T|>O9de;$9edaO&&6|~^{><=bE!FKvJxMnpoKxdkiEDBoO*@VhCguSv4;(H
zbR60Lgepvc1RNF9cORchBhEB|Kmc@QO@d%0`bgbw68I1s_#9gy;}Dfb9i&buVtyYi
zlQ+=lhdMe)5V|Ri>z7mNmvYL<l_GfTlC{`3Obf%#)R(^(>gu`5Qqdu{CCr5(ZW1SC
z@0PSiGmovV4^ije3$g_fPm+Iw+3u}QkOL=vn+J_^&>2nqp6QjX?vSh7aW5cMpig4w
zQINv<g*01y>TB!o;Xb3aNkCrwA6^Y?bpYiyAQE@=1h&)#^f(#y{Pn6^LNrDCg!I}7
ztz)Dx+7(5}<`f0Zd|OQ_fCjRTvke0^R>pneWIEebrj+08ACN);{>s`z&{tEx-Qm{6
zIAmB(fBNSv(N@A16xw|_^!NC`<o=frvbx9gTEyPL&Orpjby$V1?ng%O@qojf+X5hM
zRocFCWBcrb$twIx|C-TpZQnp<&EouiUzXDvd;XdTMzAvXd4iTloCe$Q4(7nN+t;Y_
zBed^0=+#k%%;2ScfSr}8$@;}<yYVailZFA*6;zWm2BUpwrC**tQ;T9bRH{?&osT!y
zMQ#=I?=I&qU;r|e1ZK2k&uAq~|7eayHxg9IX3fpD1C9R~=`Qpo_cfQ_d<1M*HS|H(
zMq8i*J}>odm`h^$ZL7I?_&8s!O6ls!WL@Dd(yYWu&@ywR_y9%=Df21<)V0$lzCcX`
zS!#Y7H)jnlyKZ$7rR$M0Z`+yn|4{ecaZP1;->Borj0GdjLK#ttAjJww8&PDDCa9p&
zq=Pi+B|t1-0f7;umk0=`NbiKAC?LH_4GBXHB?LnWB_w&zr6|PReP(@jpU=L3Dk(Sj
zp7T4u@-5utq&b?izBe|n`K9(X0J5gL_<GPfpSN&~x^sl`O8in$PT&1WSUbQ*ZFrf3
zpBTmOx2^JfDaC)r`d+4T7zjVyc-bcl7=r`dgLz4%FUaoz#ilg3isxkT;iLn!L_xY`
z0G{4)>JL2i7mPo&d}@Tt&-3ehfI{iJB?{Iz%4JgIg$!T=gYLk?uSXb|iG2i>3}vmz
z_&?s2EC>HtKmd@-PqvvU>|TDH>-Q4G`m&#Gi3=75RLmV${4Da(gqlqs){-f(DbxXI
z9I=!MP4;dBbi?{L|KLXaE04q%CQ?qUm`DW#T+DX%swG}Ha?6$c4=%@-;uzIA*KNTB
zkH8EtqtgqIB(Vq7TiZ4|0f9yUj}TZ_C{_rt8+=9pIC>Uu9!z^+wAGYpV~p85%2S89
zb5!<tfX%FRRj_INlTSXc8$Jf<hWF^_a7Mh{H&KsP>r?HSDhyC*8A<F(t+}*=?h_^e
z)Wf=4B=s2WkP)$Z5=`Ru1lWCWv*srO;-p+AGfE6CCL*72AfhaEeB)i@5h>q>kg}zc
ze~sox*eygU#MYWrWmJVmkpJwYeUj*PYfe2!{+wPp!@JPzaMOFC@x^pS#6)rsQuE4&
zAn2<mOADMwcwCB*<&u3?8xW`FPHQyQVFT=qfkubyC!5nyjF@tB&dFFXb$$+xoPL_L
z6Ewhw;%-0OTYsU8JY1Ib?u-n4v<pFT7m<7@OK^TseQGl4R<qgrW)?Ps<EQa>O%MZD
ziojte5Jt!s!JBzFx&W(-+4GKvBt`MPmBHenyVzIq;f^nb%IC2LS>VS@g0ddJO8tXs
zclj-V{PkzSxY;IM7C!EM{1xrjyiX5jwe^Pu@i>m7v{1gmJU=-vPsUe{zxZF|Ke5oo
zguk+oK>y=^J{rFNAdn17IZjmoxuow_J+x&&p165z0CW)OH;W-`^E(ixR%+1y`6T`4
zd-mUYh(njXU|R+{IDj{jriXOV+O-#OWY<yvh*km=WoaiV;!s!Ubwv)^+GXgj!MYR!
zf?fl5?21tA#*-5;ae!Rt`slw^zO$2VtFjmv(H&ctz5O{ieo*r=^%BtIgSE}gR+wM;
z8RqVUxJA12{o-pz>q_h7Y_U@@`f-*3x9c2(b^04@Gw-_8VQ(&va*MT<mjSyv_)Ew#
z*Ab+}AgCRCBk%g937pgcsd-U65S8W9y1zEx<$2!RZeeYmUx_(ORC2EG*;Y?Y%c^ol
z4_+As5owGIEYsQ6Ly@NdgM?XWA>@(R#w~4l)vrm$nG-19CYi8#HsSR^USkn#huO(b
zy45jr=@{k#CR>{;-^hLQ2f*!IpMt>H`yR-~iqkx|Hs}|7ETrps%7k$~h<>%X71ouE
zJ*2ERC1WlkP(IQIkl58V#F<Vv8SVt_2P6yU$8mH)?Xh3R+l2ulb0L23;QT(E$_@Du
z&Byj9Ql%3aTTeSNr(T3@-U=aSdataMk}Po`5~VNUJ*V|={K<hVndun}hTiMVX7JpO
z*vcgz{uHCg;R6&o=NMb#81HRfj>2`^r&$h?{Gk*?!d+HjM6E+bM%^1lIU|>^c=E=V
z*_wLu#;yDSTn4^tnScvLo5;)F*yNH_y8{khuq4E^xYGF(Tjk9yMfK`cHJnO(n@R?)
z_lPF1eZ@+Cl5o|#E|xBT_<sHT+ZG~dd6Xiose^ShGj-}oY^?;4dw@B~y6pl@X}8X1
z78Q-rrMJ9n2O028|3|s_zZOA2?$Rraa0WBi*R?vJ1^wNX_l2Z{Q7sm2fwGC%|4lYv
zejT<#@TwNJ8rhiO0j@Db1up?A%%S?F(=&o{C=Y$fw?w*Eon`9-?a!Y0C*|#~9ZHh*
zX}(Q(M6c7{tckmH@#b?nV={lJ)po+<bg!<pJZ$rp^@$D&^e*)u2Mc-bt_P8!{A$(5
zep0BL7^mn{!crHnMPh}#xn@9EvSku4&YCCx65FCUp96Ukds;>(tCW%<iS<a%#xzbe
zO4IGbSK2Ule-m4_q%*7vdRl3PFSFmXTeE6~p=&h%1l?cbt%#u+I~&>4=P`UfWYNw%
z1=ww~an8g*x`20E)0=Q;VE%RLE3oyOjnLO`z$0KK;i~Bu#&v<9)P?-Hy4HTmWE^8#
zwn{)yTGJ!C=xYa)nICYQ?$!EpsiHOv={lrPh!=3d*PoaxynURYcT>yAEf-f$^}Wn>
zOy)9?dfqo<L}2t+PmoG&j86tPruk_eQem8l0rr;GRVW*xckdzPq^haAJb1Fo`<|7D
z^O!dGSsI9Bf_DC^$9`XgWZ}I_T5J+kX5^*UcJHmvMCmkdtJ3vnEg4kMn;A><6C)p!
z$>g^Ebq<Mc?@g8d5G&s~E#UbzIF>INoQE0qE*DO@^JnB_yIY>fD4dRH!(2D*XY{MI
zE&w_{gwCOSdva#5ro|i;m9Nra;g1e;XN`-{QyA@_TQd7u4_<+G^uJm|exE4(U=9pA
zWa*ys)ar;)X!0POgaJ>BbzNEuN^Agv`*qC7$*JwT`dW^mllxmJ0=>n5rFj3>0tT3}
z{0n^p0FnX?ZJ<UDg_lD2>hG`o%HIFm4C7=T<4S9AX`9Mw(F-*Ypd3KGiwE!Wij}Qz
zWejty(3E=^=tcCI3DBkXB|JSt4<8&YPrDM&xar<ns|NZQj*Bo&!;N{5Jg09HRy}I`
zDX2wkyKaO>s%nns#Pc?H2Kf<65|xVUgMCtot{+NR4TxMHr;g6s3$e#)P*bMc16}$<
z*%58LJ2!s&D<xQxqH$PN^J(eKtDhCU`gnD(ebHF#)W3e!ySbT?s*^tyrl4>Hh=4IJ
zXr#wPJ<%JZzNw}AsW8^Qka+}RGmf^@JS2-40+Kd(c(L!E2v!XH)9h-jtahaApP~G%
zG5VwP@59oD)AcWVclGsWZp-CwO;DgH&b519vQbQrL06TOj<u{D!g5QpuL-{#UY^8N
zBqM1GOR_SFbx0~6bf7aQiGr6b67Dlyn_e(!71raA%<|39if82%L0lT$<GcGYL?9?j
zUVFQ|uFNTHoIhS}a!dQkvUnM#{0XvjIoBiRWEOvIIoM{{x5e%YJ0h3fh<|9&_T++}
zjQ}B+aUeB_wKxWyJr#ydn30H<NHnIHqxB@kLHInkF6Fqb<4rn8TCmEKdv4-vkW=U{
zmETbQ*+WPr&5?$^w-k~sU0~y<;2o1+e2WR&H+Uq1xU1U|$8vE0*Fg#>@3Z7T&A>N4
z?;p%_e=tu08>~ZivFXCkV}_u|^!@hwZw(A|4Mk9kECCD}L3}uV7q(Dr{O_hAkP^>I
zt-<U=S7!a--TQm#qNWuz^MnSLB$JI#R^H!tReK^|jFUW;CtlL=mUP+MoM+u?d?r|4
zr1?UY<zVD05^kka`?izrbwwbN3Gw{h18(@%3@Bh&iz++uh2kRtuGjR5N}4gc-8C<A
zRE&%W9vZz()EpfY=LVUG+HaV~mZeSkS<=-ryGsJJ@3^NiCQnRR*_zO27$&gpt2I86
z8s1*_+)8*)6SY=)hSm2)-xLiBq-~`HkLHB3)fcc9Q~Y*L*xS9GndylnHF-9iJF&5F
ziI1IQwEo-B?ISgBt%C5`mPx;aADAS?Uayz@qqs3lR6RSy?e+l?nSI$GMlKo^mueyV
zO$~|-mNe!@<+bb49C)X06T0}dT!kRKsJBHVFLA(bt1HP9aeGusBUQER<>#<j&OHt=
zcl1T0yet!o4)J4V9VesEx?Lf`JLj%@H^)wkpHl)nRr*$Cu5h`rl~tE(_cho>#W0zj
zr3&Fs{mL>6U2RQ+D>4r=C$N&Pdz(JN6gPsp4{9&d6*)zoxA7_(7I0BHatly?F1@F9
z=efWDn>Ay1@~}X@w!^4GrE|Oy?}2U#JEu5k{@R>se#ZNE?)fDL?(Rw?+E=S$Fj%N)
zj?ESlx9B#4MJmd+`Bwp<t<zoSi&aI2;{~2paefw_QEL>H%ST!b1<|LauNWij>HhEU
zt<`^1js5-Zf%w?K;6=swg@|eIC;)uz0K$4}FbnWUMh5cQObHyE|GVMAe>neG(i?E^
zo7<nTeyFfAk&yn{#pL^yu5bH;N!;Jd29G*GN`mdKGp@_s3+3XQnRJQxp&Q=r{{8@2
zYi(<G#V}vp`(5d}hSA9!MxX{&m~7;LMuU#!5-SNrmy8t^q}4{fXt_qKKhIC3WnH6{
z?wH|>Uz6s|sZDk)_v4`w2ZFg09|9hGav-JHFAR-(((DDmxWP_!7vOhlad6f+%z69$
zHa_${gS|waoI<`WX=EH@HreMUEa{-Ri-@>lji_oRfoG<px;Kuae`DGV1To5{vghg%
zCiff&{W`M*7~4|#t@p{5{dzC7u}*;*a5pVGchT824Tnn$f8(tA`tGmYLmA4FY(I_o
z3z8kt^=1&LM#xUo_a@fLNMPZx#lWE}H@u0z7za;SyRH;O2dT)bUmF&s3iE#k;_4Cl
z_Z;R2trBUbPwGz{@G)WQ^CG}B>EpSM_aU-_H}$ZI=9kxYQ=idIw77Rz`4NQR1YxT)
zt3i(2`-L5Jr+dX?_PEsiC9~W-#uA@?F9Q<H!Lo-98z3M4@Rm)mPRK>|5lz2#$J$3g
z%wc_J-0-m9A6@lde=7@wQ2N16<PWY*NWyP%u;|H-&lQsFrgZBaoWK9Ya|%EdDqNGx
zqHj?GxTI=>vKo-ux_vCBD-UJ=E@R!?5~N3~sMl>wm=B)~yRCh9Ut2fe`#$phaQZg3
z<_@(tf^L61iI#gkx@iD>aM0A8$|22Mx)Qp%6RIbq{hHA2G8izoa8}!H7WU}CApL5&
zjC4GOpb)Glf<Vg=8`OiJy7S;`LA=_=l#_S8H3r6wW<dESXdII>o|C2KYMtM8Dw`KO
zTwRX8@~0!stA%wCGxJfy`D0JouS^{!H;eDwq3bPNe9PFnJEwLa$~nF*>lq+j#*DKR
zKbH~F8SxixHfO3pjddSBi#DzXvqvw#Oh6UgFthFFS*mHoiqk^2HW0f6dq9&iYi{en
z0o%N`&|#*6p=y?EF$c;Te+^DEN9QnByhPR522Ebgb~~3xa{8KaO+Ny8gJ%My!xwrA
zG1XY*(A7Liyp*B^i##$fP$<yc?-bu<30w5h%1Pne#jfIVdF{;~Y4EYw-{TnpiV*Z5
z*TTUxKzDfchj0&NCG-x2glc$G<vOf+nxWbPQzb2jI*ff;l{OVMzxB*Zy2ob+3jhKM
zpgExT$YdujG#PzSoMleKoAkQ)TxW@porGjRj`0!Q2nPzkG6IXnr!R@4#JYR1bq?c4
zmFx4JMdb4BPx8#V<1cZEL<;<hi8L)*%x$E*ePepwb*2Azr$3nIQCnwvmu=$cr|;mP
zRFl;O()VCQp!^;PT>XEN2Y}%PWQqa0u>iaJeK7$*8M0?iNJ~3Be_i2d`rUvN=uoVf
zQgK4Y7GMN=MDFTWq!9$A_@PP0Uy3!e!sS2`5-1Nlf~_*B`RY#q7q=A-FbOP~?gdDM
z+7Pnz#)BmuEAI+7JnD58bORm<)Ug{(bxN-Uk!|!dhzq_MLK$z)T!IzxVzoYl#^8pz
z>7kq6AU$CB+>f>}LADfGZ|{IG2UN{bC6IY+zrqPuI$oHFn=nXbZt@c=YCTf`fgd&;
zaTmY@@3VwO!K=!k&Kgaj5#h`vm6KYw?y$vYVZG;bt_3o8W-=zkm{m<oZwzhgQw9%G
zi$k#5a8?4sNU0X%%{<pvR3loHVutL-?vb?=&}dBkgD*zIyGzN(W!62GL7tIi70;Ft
z2k>mmBa5uzz$&#t@CgGLxF4aqn(U)@v|I6bEuU7-;Y&GRc<Lq(Mq>Fh&ci^32Lw7H
z+{A|F1At;sU9n4ZtP%*~)KHoG?1GN-jIF!Z?c%7kEZ%&vQ`|b<K2>9$o84jEyrWv5
zX>@ne4%SY^G0NY1!aX3w#ctg!d|tLWh|?YJ*FJj9d+NGr%1MFkYVXjguJ~BO-mFBr
z8Rp&y9>;u&j=H=`sHgdX*=XH^+TmAqIXs#llO0B<+6(Hd^yEiE3#5&Gv>Z2M<ik_N
znotkuJK&3K2bm={KAs;;8~$EOOOLhztl}@oB-$|W);U3cxPh?=)n*|Z@Ya-dD_MY8
zG5z_>kRiLS&H0}!2IzVY0A&8p@KYdP>geduy37q2d34=|??yp6-=|X$h~g`zsnrHd
z=GP62{%x6`uexYCfI%#C*q+i&PSuBaIDj-?x2l=J?XzX&B1uSj3F*w|(R!Q-!5dLG
zKzo_Js=o@LUdg`YRMtKSu+*}2ZzS`~B}=KB1Z4Jclul|o{VAp4ZFg^?WMWa%oAk56
zxi}5)cQWhB7U0cejpIe~p`siXhHTEKGbS*(m7v_^;a_AJ1Ndx8%R?p>KE0XNn%1we
z)+>nA4G*zQ4&nSHqpDd7fK8%DjlO0A%MC?&U0*OjeRdcKM)C^^+fvM9jEB-Vj&?to
zJ9o!<`(=E)murmajh5ThHWTwW4i#eNOj{NY-i|-(`FERB<|LI06gcipmq&%gQaaLc
zS%-|RPABG9Wkop{W?c{pNPd+wY`x30gg3d0E9gS)Wc$?wiAytE0=h<>5@W+>uA_wI
zWHoBJHqJqaqc|Fj76^FERRjF?U9jWQ<29O*?0$BQ3&<Q(BPF4mDwT$PT)$4jhTEU=
zafda7a%?M3$MLN$;Pj3RSV&GOF|K~(dJq;b_Rtdb^N=l<n@AYvL7=#yek+lflLGgS
znOD`Dx}7d<JYiCmdbt?g)0x1+ZV+fRk;q8#F}ZkfW78NkT^3~(!u`$PzUtFyl+WK1
zJX@dFeD;P#S4l-gn<W!pVNco;45d<)r(4uyc?!;g;Fk^v(O2=vv<r7;?Mv%+WTJok
zTHbd4^7%xoNA=`=ILx5KfyFs&e4d{sA$OZ?A!nvRUQh1L=ix-xI5yrFy5Z4o#LObi
zY1PtGHv0YnhT13e%=ynC?dit1R|^@pNvRjPxeWg*Tf`Yh_vly*&Vs5-&3^ixggxEW
z2*}y`%5rkGefN(48DQ}Ju?z&PT}KA}fPF5g80eNEVDx2WW!+u8e)A^ag3}cvyBSDd
zft&x0_{>R#|7v{ZBJf!Nq?K^mEj7Bw3wY5WIBBENqettxKc()L0-4Gre|V8uVDimw
zJ2<Emo~<kD)SrBl5S9H^Nw{1(dW;%~sx41oJa&BD1mMjzZ?b>X`?`0kAv_ma*Tt@@
zD8>Y|72!&EyK9!J2ckhZCvYGPU*iyC9HT0P`H03XPlNff9w4yl6;`R^xq^n8_mO1U
z`lSao!^guDs>WYFBFOlbrC<p9Uaih_aMk#m@_Q5YG@R6b=8YRj9Tp8dV5ufA5dQ|J
zj*oD~gu>fWcXOw8xH<DDpyPD0WC0r=<41+*wTL60M>~1}pJn}!(l>`uo15C#v@rC?
z0*Dg|w4uaD)P+JCd59*=&Rx^#ZSPWMoHAs2q^QI!b~w~*C?CyJ*M6*ZT%b9!kem6a
zOj|7cOCWl@=hpzki${vf`(HAuyR18p?O<NBIIRKNFM=l2bfofN|M`8QcJT)+rud?@
zZaG_Bb$e}=?9FrZ?4>OGoR6$}#MdP32NB@CKou~Z@(BYVugA|oqmW1o`U)!zDNqm)
zY6=PV#P`CL`0|UPcl*jZYdOdCUzsR*gkg;<Yno7C(Q|(>a%7J2SkSr$*23f1xaB!T
zTq&M>XKUPmXUqOJjr1w>H6R4&E3P;_D*=AYCr@EXmN>0Y=MUwV0?I^ucOP1}CF5_)
zkMs&UWU?Zzj<M?Px!=4;UCWN~V(r9P)DgK8@(P)#dbY}_8So&ddkPu-0u1>nn-l6M
z>@a76(V4LC?r*qkAYMBnzxQlBV}vvv@b51rOx^4UvwMFaSb<uNYYj(D*F^wH31DBj
zY?{q1F2;XX^86PAP~^P)bW6Ty<1epAae{F-0G{lM@gPEQ`kTOf(U~sXf}9iB2Cr0T
zKX50%5Bq<qtUH;pIzFD^RiS$T=U{9i7UdhaCrI?}C^FNXa+kdqcw^ezNqJGAkK^2T
z?=`wQXrjFUeH*wG0BxE~V|Ec`mAUS`BDyHp&*R~`<hcgepba7e5kvY^g*2%*r*Fbk
zqso=08dRP?s9pr2QgJMTXJ$+09rPu-DFuLDAOfk74Z)-+S51gQ+r<(Eb4gnZ>hGl6
zrPJ{MIQClCAuU+MMd@Q++t+*~{Oj%ot_amiTFcE{P^pOrO3fvg&8HVmz3P4?Z_Zb`
z5az*V<tMiAn?!`bPbj}8;iv7d-`4{rw-w09denwL`HUR#ycfx#?>-z(dbD`}$#S#~
zRnDW#ht2C=9n*ZphwZ=aO|&jMxoINsXSVhza`E*gjyUn#u=YMPAX>d1Whl?=*YtG$
zXeSwckgCttaKDj;ssyr_DBlcM^cY>GWo{0G+BWOvx&PrBsi~SBI3+!NU9oYIKuAmA
zsk!}C;0ksA|DPVqm*FxBb=gFq(A^XJ-SioveNeu(mVg-weVNq5;{gN-R$8+g6Rp3r
z8UNZy>^f%6zjKIg6!}VinE)ajFvON*q>ouGl)P~7K3fkJET))%$X>Y~J^GACS&uVH
zUqBQrx?8`mJD5Pbl!<HqGSAgGz1>wn?&Qzw#$^=WCTESQeZ+|;$5I*V2OuE12Fb$S
z(Wudy0CfJiCaNahk7rml>TY9AXPY>!E7Osg%u+JgTa3@FcJ#<=u9*hoWMB`oLL3ID
z15<hP2S;de8T#HNJ56;v-$b<vTya-q9;wB%+X?iIjK{-g{dPr`bX(>-_v0PV-C;T^
zzAAWr%+^{5etkO91Zci+FA<9uCWY=$`-f@~vt!c$2WApPIv!}v4}`T##t11xdur06
zJ?}@;cAxfaOZj~tqS|gd^!X0?ruf+Hs=pz_O@l`)Y}~vW>8GOCdpj3<6KKRECREp@
z3t;5C5162K4%#DAlEAQ6i$WYwK2nYsiE%+S1mxqE&Sh)Of$<JDD>G%tSsoUDY~!ew
zKuK(K;7$#v)ojMi;}daw$T|~+BUgGnPKR3|eb^1`9aMkT>9Y%dV45z7!c0h)8y6@%
zPFfagFrcn9i282rSe)F?Psu?8Vecf%?$p7FcZn74K}R$0OT(K(i{Ib@-tJ<pUqct6
zhP>n+#dG2Ox6F{^DKK327hF)ZG{`Tk2Fil{r|0aOREy0Dx$|-H;9I+^N}SOtj2NX+
znd~8vpAvXU$K)Sh{I-T9_ELo8lIZ&7yMC6xp1$!2+xCFxEgeMd!8usF<%UgC{{98y
z_^AzDp1xa`y=OO)nC^&S%T6QgP2C{}13wFhcl527S^oaIzP>(iF91$T8=Jd-iA(>V
zB<%~NFluRO^~S()P=N6(1UfR6l@C#_41!<j|0b+`Q&UrAv2Kv7^NHMW{oG!_ZnR@(
z`rT)31_TCMQoylmg{%Vf&yUExVEeXlAxnrCB7gngB+r#uu1#MCK!}fh-IJ`M%iI)e
zgmZ`{Q4>sQKL%A~&WwsA!&4}D@XFo5t7m2Ro)VBte;5B5nC>=c3PhWqdKQQ}T6q7%
z&X<gH*=VprAu{h)Xrj(@0l=Px0m*Avcr?~L<;iPwmvy-=pO#H-f5PM`41nQnTDxv_
z6rh@b&JKo8>Q+`dd5cMYNSL86c@ztLi8Ki^MLLG3kC`1mjmw*|(d!OYW@{kJ7o-fZ
zrD{%H_WoUWZFK{zcl#rRnC;6yEOc)yEu?#e)&_hzB2a!l@7?g(;d9Sbs#BcnJ!mFE
zjv>*d2E{k279BwaXdOmi-}3mALrO(SxNu-YPe579eGH%4gpErPe^KDq-?K_LR)^_5
zp)qfdrjg3w`jm<=`yrSFMkSQhfZE!b!%~upKbzP2(aSm8;3P&NOzA?O2^r>c4DNLs
zpB&q1ZR3E_rdgZ;$Z;o#sfH9^L5nHFsAXPv7DV;QpNf6thDG%$e~KdPc)~dQS~12q
z#3lssJ(Sa#NH2B+8ydA0-#TaxJS6i~Ph!<;_WAC9wS5h|^LgGj6n`9#zr9@vi_3ru
z$q}EVs{B65o%>8aJn1%pPv5;jV76t}#WOHNboCmRfrF0$qSQ08El9X<=2{tcP_x-u
z&bFTO^bE7u?Shk=5|Au2+QQgu?S8<t#+0E2yU(k`F5)hG^qA*kwJ_iA5cI@%`Zlp$
zJMNX%^`z*{IPVQ_#n2~}f>^O%By5KqpK#I|;v?p{42pzA*|Jx?j^0!n4=rdqk1W{*
z`#J?n+WfNN!hG2ca`{Edd&=E`zWFz*v_Sb?pmRI(jT`#izaihF^{@Ze{tcY%fLKMW
z1@d&v`_G1e_YRSA{kFX*|GHi^Vf%$%G1;%X`Cv}V0BHiR(PaK}@*n>=WPM~<wl){H
z=_vrQ23VSz-kJu6>MboTV`FbnI~c~kl8-!vp<kG1rVVuKWZlMrPdF2>lr#XZ2O?{F
zi)}8dE~?S+e98h2iQ2$MPUg|k*Ovvv`9-v-G;ooH!qP(t$np}fi>Zq(3y?&B8^h-{
zea?f6>fSDdo-=U543O}OR$?}NJnd4plpQf`*52OUBft4F^IEMAtnHw187uuh_5H66
zfa!b(h-u8u%24YBzTH?rVuGwE-Eeh40Io5Y@yau|v5~Mw-SDoS9!EOr`<kLf%5GEf
zmC<&nc4uG&Fs%i;C77*SF0VSp$a#ZK`Ko&6cpyd<;PZ7a?os(Fjp=0T04CB@wQ4p!
zdp>P2NorkSwI5(LXtHyO2D&HkJcr1}fOTOH=s*CO(K5ie)<NLym6_^=BL%GdT}pDo
z_JIToXp!ueKCPSk0b68STh04kKHN$Yc&{6=?0U;szcll4di(Y=r?8#B=dP_KZ~#~#
zEhnb=f#tdM727=T`!@J43f@CpBnB9;nGdE}y&2QL`Q#DSZrKJG7}<3(T>T1m0&5u<
z^0me=7fy8!b!wZd??_~dKX%W2sv+-c$F}qmJ>O6k$7_xq^{E`a5;I{RqZ~!6d-J2l
zSz?~foynzXO!DAm_DNC~3kQlqTCWsI9}BfIDKo;hV$@I{dPO&leFYEO!SZC59=ILy
zsgvXuDRUnSE5vtVK4!8?vxzVC?*$IaOnR+eV-$_0>Bn7WRn;|$RtvxICZyg{)QSKo
zeP_cfjhsr@xEU7{ZZhx9jABbqvP4-HMWjpgvWH)Bx+9ZAl7lZIYWFK}wgAS;Fq07=
z>ajr}VA;%f3$~)gb8Y8oyujQuko-x)Ym7g@6Ytp)SytaZz$>YKh%YmQCeZa3@1xtI
zO&kn$RU3j?hdNE_yfw=ApPWcE>$e@@lXRdp5$vdS1H@AK3L!kOmk9tytpzKB6YJzD
zq|1>F9w1`be_F!hZOc6ITHu$~AD$idM^W-<JUK>|M+B2c&JlKFU~FnOPv&w!HueZh
z<T5x77c5_@v1vg^Qz;E44L}$INc_$5F<dtIx&_8@jB{kQM#l=B_G`z>FW4RtO*HCI
z^v#&Rc+(|k2wZnAPo0mc6h<=tO1ZS$38LoIbCSe~7`C$Ey{k6{;BtVCCh(i(JI)0J
zGJz9m_<i&(#cFvb(u@PZ3-32@ZY2KNT!XP=dlXh&6{_8TEwV0sCa3-Zm&@o<`81#4
zC*wkd1cEY{DdCVUCcO!D-@2(M-zI+=I3l8PH^Ct3)mM%k_@>H=TK3o&Dd2JExwPXF
zKd^QvZ;84?#bg1$>(^H^ys~<f_h^v#baD<$Z!7#LS;8eh(r_A+{WLF4R5)@b2i}%U
z>(uV*jgr2nNA7hiC0BL;Q{6av9gS4&d>}j;<QI7N8I13uo5hPmlRCZ{_{kZnfQPul
z8)?rug6@W8zfMgfO_n5i>WJK=jK0in^6A0>f(5u<S4cMNJ;T*iS4T+Lq8zw31Lgvp
zYEj<*`W&p%tY4-r_rxCuyqnKq^zUE?AOW?8y4XQ|o}boB(Zpo}wZlWUw3F;S%B+>o
z7eCioiqj_M2y}uMm5^JV>v$7n#Hn?-Za0p2Xb#A9=>Y4x@8l_fk8ng+Fr1Q7rHmW~
zj-@fuE{hE@l7uOSS4?Y%J!J6-tmGkGQ9|@Q^)t|-0B+L>pG~NPLo^biY^iLBt=$9?
zFh&;7_N=LBiPH9L*$d>RS2$lY>5N8THpq>bQU^L&&O2kyqN%ca1vC5ulZ7}Z2Z9`~
z(*MAc^qv>(YX@KRB+uJZ)7Hm&Ii`i}8#mqhbL|iRZas#7=M)v{P9&(M0rmK&XI*jS
zZ@-`5Za`Qmv(Ob1|HevQB4b~aekX{c?YSP;>6&9>n%)pXQk!@*z^SCD3M%=REj=es
z`dH^1eeo9!wQKmU{=Ww6=Fovo6dB;a{3yJZ_ohqc1T85>rMkVK%-G$~0`N`;gsTJ3
z^vw(k(Q)15RpmP|24jPS>JT@-1`={a9W~9_-!l9*^63M**`Rtp&(WuXlL><owegb9
zHq~IdYN#aTZ~Hm%ni*GkYJ3cuSl)oWpv)E!RdwTXO>ywO5!+L_olX*S5=z>r(jJGR
z1uud=!F@yZw;~zQ$bGhqL!uX1B;`EwTF3dhBuO(`k(Z{4Oiel2u%u?Ha&sY{2#$}^
zr@=xt=fd=FjL92>Sp@~E6JZ&Mx#nI$)${q++zWb)5L(h@p`~=a>;f|P0U~Yw`Ei7l
z7s#lG)Ib$bRdqaSDL!i_&huk5d<+xeS0wCtL|BgeZhMx;Wm8u3x#-fv`BS^bv=V5Y
zl7^G%iLxtCYCYtdfQ#w%q<uCdJnWSjCSM7om8DBZ)do<N_voeV%2s5qagLpPZAo|?
zrjOxdI~6@5W$Sia@p4W5kS6vVrOllqbFQN$nXY0sx=Z6S*mF(Sh1#-D4RJSp<h6^L
zi03VSONl}=xR%;aCOP+S1W9fpevUP^7j2UDb&I}cl!wFWD<L<wXE~mFvBkX>a+?$m
z;D_tiqk_Zyi<!a@k*E`4PS;6pX%i>%%}{sHv}o~2bDu=?l&W5bCgBCu%{{Op7VafX
zp|8Fd;ekz+p=61+GF|pIgRCB*H^zn98edL!D=z-lUGvaL!?l^S)I48l+6X&kZ1v8G
z=JcmkN@0MDXj61?e$w{$uh{DcPF{n13VYIj^3U_HiFXw|8YGWz+zY!Z1;7k{>3)Gz
zSQ)#-uk?R3#~iAYp>bAooTUHDh}UhYNV@<0;oihN;B)XDzs#OJ=?F~4)`?>LfM(x6
zPTK#uIH2WJoTx`%oZ{RC4L!k}j@fPLi)JI=)HoPV-nafO_dakH<n|c%gLi_ayK}n!
zQu{VSL<onOEj*93$htM-Q4P1ySpzd%>sn<FzVqb0(V$0M8Ylkt<Yfuz3ULvRKaDEl
zzN>!2N%#p#tBdDpW7qDgET!P|4~U*+mt08i3nY^vA*^!;3^wifFf<2u@loMp<|WXM
zBwc9HBU_}8vj;2gl_nc@1aTU^3A1mwvn`EeUsV%B5-I%(9RVo=5FM9AOv^1H1wV*w
ziB-@qnr}$&b)cPc&TNC7Qe1qO*=PiQLVnSQ#4m|>A51Ee*dibUL%p-sczz-6ReTlk
zXClp??SfK}R<LvmDp!=R)`iHrKn}z8d-9IP?QqLcF0wy5mox4r4ty1QiEEUshx_iS
z`-u@=&KTSjQU9foy+22>_GO0>)gED1lXhH>d|{mb0D8#hOo;U#95rYkw{V;1M>U<%
z<2xur#O>9=gW>Ii=k+~4J<X4F!>7Oao2m$3fZ0Sba0K4?9nHQ?d<v1j=^+L+J~D;r
zi4Kid6z`V4<~&4XL+{Kw<^FcE<PVNlx1NL?ohU);nT@0ayLTfl`FySct(Jt&kdheE
zZ%hW_YzlQTH#X6Kwz{v_rQJt%{h_mCK@DDVH6wjwtBDqut=;}>&$z}95Ll;ahnokv
zYE**EN?e3G8o{`<7FSKEqgm3prz7E^sfHbaGXX_C2R|QTiwBBpKsRFrWojG_3&+ZL
zvT~d@kM~gI{<y>nFL|yVtMTokZ9huJ&a@Ns3=d0=K$jgZo8v(si7#9(e(k1CJ!({G
zqcszA%>L1*7)62wAh)f%C#LMv?=6wGNVrh`AEVN?saDqM9{l+k$kuGe=?bHlJNvIa
z)ir%-Npe5p-hw&bopu~s*cp;_>Q~j{eWc-%o|41pds*Nc%>hl>O{gNCQ)bXp#|jbM
zBzd7GO(3uCajRJT2eQJ^&KMwfK$OHTQ*=M>_WL5qZ4H!>Y&~=S(53=MAN*8f7)?hc
z%;-QO9PL@3<~-EUUcYSWb2%_GF)MH~O2eC1?{R6Jj7T)*f|oo-$vM1+#lYZ>vEm+S
zUq=jiY(ax0clbscUa&9bsm}S@c-Jy7s|ux$i`Bb6V=B=%3Qy#WpV3w4XW~P;q4!~*
zaV!))Bj`#Ru3v=@^}QElCD<FRZF}cEQlInmV7Le2*lVBP=0261z7|b3=g!PZ;puTW
z?Z%vCJ()Sli^wO^8Y=_DB~faojmi0bJV)o0+Nq|$+y+`!{Vv7u%};nPJU+<Yr%;>3
zZ=*B+o3;&Afa0+rIjlzD^u42XrJuXVUhDL!vAH8-qM^2(%IZ^T9r)Y9e@r?Ty0HXe
z%sNo7?ikn<K_9LFiwA=3yUPY3Y2t%&J5Y@5c<Td`YUbHZKN;G@p<qKY^A3n6cf^ZI
zV5hP>i@CRCTAWB5!BnN$kB1ZenxypL6T-~eql;S~{jCy+Pa3|jAy%P?FMECO`}jn;
zAcHu`y8gQ&WkyQu2~rcS<+gqiBa%k7GG}(u4zvxVFq47PmyBVS7u$8onACYbSNPwm
z2sKs(16t3$ektTNJ)dpg{P1)^un#+M?~^=F8?`Cbm1L5a09~1bUR9`N(Wm)fr0%In
z<ktdiW+D(NeVm<^TvTg^sOgqf2$t0huF7H@kS!k4T#$WPk9=Xn@9dV9ny)G~gs+ha
z9qN<zCtWT!r6xMqKH=@snn0+v9J$^(e!cLDZ&ez;)HySS5CV@jYtFBb_SaP9KHNHx
zBGic>=G|y~!t=R7(~GG@`sF|=N!L?;)K%%@L((0B@lvaRtJ15<BCA}-CrfI#fJc)8
zP*D6h>AJ%CV4}@XmQ@jLMRjU~oB0=*o2lpaBJNnxSe{ZZT%}4V>(@{Y>Rx5SAVz$<
zrql4;)5LjsL)yG(&tckamzJTh@Q{IIXCb0N5j=OCnbdFOwoRpqOGx(&IhOrxk7sO2
znXqZgq#hN88HcWQE@aH<BWGi~?4=Iz_fNGETKei|v3m*)++_+|Kj}wW`C^@#XBOpJ
zSU=NU=%i?>7df?}XJ?sbomww-o;!eYma66y7EF0ELY=RpzO83Bm`R4S86T9t-k;X<
z>0)*A-MQN?yo0KIk;YoiAIufg_7wX_2lA>N*-sXBLh}uje$W+iL7Gj1l`tb2Ok<l}
z9Q&2jOPQE(`k0nIu^@ePp0Cpm)!nA`JRtvqO*j|tocvHM;Y*s(P5#LH)04+o`j)MC
zR^piYRx<TW`H0<2)tfn&Tk^1r2#qAfNy0*<UI%y45MJ=W4X#3#FZ#I(VJ@CUVUB?q
zgO0Pr@+GE}#Hyg=!+MwaBy*-T&Z5SW<0qY)wX|}I$I<BV$EY*f;yz(@B021y$>{=~
z<gQF1{`{*$4@a9FlKUo`N}pS6%%mx42~p*oPtaYCf&5-+Y(p$bMDD;(@LCC4AnBd%
z0>aBI*z&n~KD8qx<}Rj?ra{0l`X!68^pxv?lTxG9H9qrEfMBxa5Et&oy!8{U$6BHK
zZzJ^dbs+(Odgt-dM8adq=+y8Ld$MSkXOV3ZiM8TD5_c2Y#mM=W_z%2l31L~x4pASg
zR9yB-s|2um3Xh^}w0hHYcW&4zSI^x7H|Ve#=8$g_rSJf6!VTPg3eKX3`<2Z!7Ey$f
zjmq9K0oUrcs&Ev)q$Ae+Saxbi2@AvQk!<e6+hzOM;C#0G1%}8bmItfdP9iVW4>n}a
zxpelrb-1ABQ?grUJq0>X>zWNolG<F+<=GQXEGMw{>Wq7NCWNwrV*@#9iLM_U^Sh$j
z(H~_EBz-1}N<2``T)uaJ?~mM4fD5GI^y<DR%fSzy?-*awG#%6TZcg7aN-g0gvr;tw
z=piii9_%lBPC3q;*`r_V*L$=DKycSW*PFXM#*xQZ43MBFYq8*DqM!9H?b!vrz$#P9
z$t{#?55Xv7Ep)P8_EtXekmv2$Fk2Fh=yzF04cT>h#!z(b<g?zcTkEc6v+p0E&$&fJ
zPD_^%p|9MWD#33pFg?Xyc4}W)kd>*p;)PmcCssn0h==)cOxACh<Mu8#k8J!#?3N6@
za+e%xwLJyCg{iBX<Ufg>k3QFXD5vlF&k@2&BTxR8>}XM(XD&FI`@F-@P`0^}7;Iix
z*19Akg(d7E4r><0NCXYV+{knHQh)?LR?oTkUj^hI?(5&NbY(#2j673`35?l<*h)An
z^r_G)acOMS0e%<nLnv7+()Zs!8D}d`3xo^b98M3V?dNgUuZdd(I&bUl#Eugm_boNT
zl187Ox*Dyc@mbwxg3Tm!X!B9+BW3Q3JzT%R<L;!t?n!AbthP=VAW4P3<W6Z^_p9F5
z)Lc67?u(9>tczJnqs}kxA;X~;0=MQS2T9aw)}+VEFbS0Fk?Ud{(nZh7Y9d$ro0}LO
zm>nPWW0D?}kDPcNe@6o@_(aT>mn?>PCu8@F?XvgO=Xf)sYQ^@hi>7v(5A6r;t?D;z
zW_b9Upm@Y3bt#knj-qa1teAREQ2xWCCklN#EtLuAzvZ!u8cR;t9W8W!Z};;mhKiBl
z-K$mU`^^kuZ&uqEz;0Y{wJ8D|Kzvt5U4Qwd6)W~8TPgX#{HSz*;qK4NR|t9~K&BgV
zH-Jw&Omsy!qdfB{BuILv_e85jSMSxcl13|@Quk3@40rjKvw9%+siUVC8zD`G8tg!a
z781~gDB}+}rlrMu-KHtFWe)9*aVSBCyDO9Z=47ZNK0li{4SA#hsZaZe@*Q5W682@I
z<)AxsCwn);{$*OFJg~E|wzdY&B4y+u<WQ0KKEe`3lzY4w-LJ4?&4vm{vx43sPNYr>
z@=M_Wwm3jKYksL>mkV&J0wQMs&jMbel~yuGd0kfH!+0fz-c|=dPl4afm5EWE`(oD)
zIQZ9v*l%#<0sa(78Pc6J*|D=g*B|sdn(Lg3^irp#B;6pBs&zg;>kO!FORkbf<EsF0
zGQTo7Y{h^jsBP@*2~Mgnke!!Vet-aV1;!mpWs9n5Qe$UHKlcH-%8n`ZBjq2G^}&q=
z5G)3<_?4gWl~`9ewHFWhut;}g=Fi2e!6`4ZMJu>B*;<>4FS*<95v~qHmIcqWl}ks}
z192=Ou3=OL9`j-MFv`}0vZ%nl&bbQE#uAXlw((+jyxg3JA>SA+t_Lv^g*x}TqTGOc
zRLhVewrl9dAG6(qu|Q-~$F|z6%4SfyTn`?=d;%Fe8VP_;UH2Xy`v(qF^Tni;)(=!O
zMr$V%#P*MTx}S|lw}=CSsWx}3pr<P0UC!~0a6*^tg_8?`aS2h6yIRi$QXc(+GsOVk
z3Fv1ZB(MSxPmjPaqPz6PnKqjZmrFvXU?Ekvl9zaLm??<^GpYu^!@4B{sE=8HmTcrk
z;DLY|L4{$>noGGl!nQ%YcK%GcC3h)pVnA)M#weo|$@8@RNCM*{;JYH;i(DM8LV65t
z@N}}p7B7JH3>=~|T7@R9kWY}LTCa!cuFPbE%ul69hX;pCNIloQo9|_L?t-uO-GKqe
zH$O0ce}7F}-JwU5^%YeN3Wa^_iP}>A>5el!ABSVm7qDn0S(=lZRsoK{bCOx!peU=L
zP@>6grcJcov0)1Bzv<TCa<Bno9)DmaKz=`SrI32-&FSI&5kf%1n_<m~E+67c0MTQn
z+0zHJKZK{yJEGYG?coAqbzi=I-8HcC-6rZ9*?_EX+h&HRCzn@WB72<O?BWs-ytfv)
z5H48P=rucGS?1QO%MZfNN>BhQ@yaY*USxS0nY0F|r5q3&@!PgdFVvS8CDhgRIe-Li
zR@5qS>hUnXx<9LQe6q8X5&26IsM8F0O_xjf<}#j>?HwJxv_CJQPC%nLPsCUh*r)~0
z)3b+Y(`x#QUHT<d+F)phVclGh2d;juS7)n(aL=_(3@f-E-%>UMD+h<^;rb}h{cT>h
znVR!*d+&j$qty$iSA<U%E;LL}?%Mpj(ej<!`#Y??8&D30$wt(4_%2{2wK{bF4_Zn6
zL&vJ3IF`Qd?rvaQ0<aUCFWC=N?wl4bali$T*|z+CV(r3!x(yhwFpJ=@*2vN5$k;RP
z^E1nc_~*yL#PiIwu=Fv9Vrg^{V7Y+lLXSA-s=*-WREUT3=xA%Bzzh}G;V_Fp(@kj3
zxp)$|gG>U*rb?`5qGwueaUIi^Wy{KC6=2;mKOi<fO<_ul9*uT)p1PH$`?DB?`3C#G
z2t0_*YE&R+%`HReFLXhBJm0ZuaR}VFz%UjVel?&{5gr4g4w+d|nbQBj1_6~bgU{(t
z&wn0Fs~l%4ZHryPOqmga7~Yw$wuHtOwY-6kmNXc*mdYL?!3A!ow-@LbutNh(h!B%D
zG^C8QKT&w<dUv%faAQd@<4dCqd%75`^O^D#EC+*y6WRRSK;u45)mb|05#Bo6lVzDy
zqXR1Ux1+W;p<Yw6vI~J_3xns^yN@^lJGA=x`i6z}Wu@w%lBXjFY5ZeZjkj&pl!b@i
z9HTObTU3oc;hpOw)EBc%X5hF6l?I0GoVPbk9P~PJHaNCIvl!uU-1NiD;b7EVVyl%b
zDLNtWQ|q?EEfXgKCOB+47b*2#ly?FQJ6173mpcM^mcZ$Un5&ho9r}dj8;_gM<aV%e
z<Iocc2||`Q1SSM!3w3_+HEOtawNd(0SbwRbs2l$unEf-2O;NGrKy9(KYV${<O8u>7
z**A+-7k|e--Ldd$@!5yDSVD0wq=m=K@R@rB4R=|~9fmD(vYf&T6|!}We-sW;)iBDN
z7*u&*FzqY*&cFY)iNj^=m{9lm4keNWhqFCSk#o2~?97Emio!U5)t)C^v&_NGMu@mM
z3F#Ei25~*ammZY0%WH-g)YVj^$R1io4yGilcY#brKW;cBnbff`m$K>Uj+MM7E)7V*
z+ZoyQ56;>D@`G+uY8-`Sl!hCv1aL<G9<!RhIRP^UvQF(!3L@u7GCycKbs$wsmbT>J
zQqS;J%Df01{!UJ_j<^dVGNcp#YvU>4<(cOBNmh;V7Ry?E0GUF0xh=xIe?iCNvx9x6
z1il(`d<Pf#J+Ux!o$HaDE*R(cl}tn4GJoH9>I~-0d)f0_ZvC|Glff1zQ)8T1!`FFF
zeec=?eRgN8wGRz-qVCr4mr?exFr|VK1~Hx0c`(M$EUa!0_vgoL!`dvz)ws#8+H8ih
z9=ygc4W{A%$fFPY(^m&5IgD)d^{2hEeE_7o?3VzcI6^~1zgbQNu2@cqc-U8Ygq7p0
za8~<hdk>y?3>oy;V2ekwo7O%|`SoS*2X<im_c}qpAq28cunlEc^8_ou2Lah2n;u{a
z;n0xR3;8aBv<mXIf)HX7VqZ-q-}qDVe|Df1>vz$p4zu5kC>TDkDjDCo1x~TXyxxWi
zg|<qnY9D%v`$b+^P+E@uZY@7IgT;tmk0odp{LO;u&62E!HErKmkL}5{PFsO}AHSUU
zX1KVDRlW0v4W{T6F!0hrT(!{I-mU*rmIRyV40jdsNL5*$@$F*^cie#6-Qk3ikZ|h7
zU_5(tol{FpRA!l7gLXaQwV+WD#v6sY#c<hS<pGp$N|~{iBLka`Z6CY%D~P)1$+w?B
zAYcumAEuG|*`981Bplp+u8eOWEa>+flrSX>7Iqu}Y9J#+t?dj@i*EUb+=2iw#~h@z
z4zli>++qkn(b%p{>bQgtdfQjbE%J0sY~kGbXP#cLnxCGhTr*o6POpmz4_rV}vE5cC
z*z%d6@;@?>0(cl%IN|eI+Q^Q(uvME24qxCQ3wNGMDdgEla_p_NR7o7_2ys`G<a1$8
z2(vnp#0{EmPwG=7fFZ?PDrqoA(gnEI-hH+z9LwPg@-EUsHY=Hx@2~hI@HduDp@tfJ
zhBn<*Uu83Kgo2~Zf!&l!4GSC^GdBOnMp8awU%*H_#!Btk1BQ!xR>JL_$H3=FRIl`l
zU#skK^`Kf7Q!xmj1Y8H}^+kUETE3m18%_2*k!^+mmS3_UrLr$6pRtAR;~QxTz(1Wu
zg#7ewWVPzkd_O!qTvbMSB`pbAy#bSiO5qRG`qnBg$SSnaQB}9t<DNFSgjHlfh6Y$u
zPLMr<RSL!isC1-Kr50-N2wF3I*_xzQNFr%-z02%U58e#vnFkq74KRqctVZ*YT#apr
z#TN1~WjadDwh+g9aqDLD-&RXaIgaQ8Q><)l{(`y`!>e@~T>r@U=|_i1f5l;HuLsP=
z#s&ahj$TO9DS<33e~AV;zHMm)fRl;!UY`TmjNt08Vmy|?bMjz8aj^$5KaNnf1XdKl
z7a`mYAmJgQ<zJ$0xe?_aClFKZ4#Nk~gt}sJS(oWyl{wFCYdcHMd#^Gqk}Wzy8V<5D
zP=k03ekp-a^fMN9`E!NU=_OQ>5^&{%=mgstUgWKPF{r75P<5IjbL)MOi-~rKe29U>
z1^^31xAxI-YV~s`LvTtV!10U|afAS76%3cpuc2#3ESHJg!4pS<`3kT9!hu#sqpOc9
ztKhUc>sLeyhJeM>)Q)_Yqf#{E8tKgB0I!8QyrNg>?ln);gK_{fk*<f7bvKRYM#9MT
zEV){iI%yexXTbO!4mc<sQ}(8T*KkPX1%A><iatm?iwbi76xnh2=GxHi0&wF5V2%0d
zU|P6RaL_-nm~t{qYFN(s*L#kD<f^w<M+STLxlqv5|JGj$po1p0C#sjBjX%BMTf4*R
z?vRrf$b6Q~Sy&Y<f+zVQ|IPxePH-28a=Un70wYML-2Fg0b#p^Hg}>%x`T@V~*Ant$
zs(q$vH3S%Hg#1CVVaR=3oA}or1Hkz~TN*$3UdQjbgk1`qXD4#na=mHiHsq>lC(}Vh
zK@;JGj2mKs3&CL5xX!K9X-(+*F`!fdpbW530?vOuM{M{G-08ADgEl6{<n^PS)T=Qh
z8*;>G?xVD@c+ZQOdwE}QBQQQV6&D$2aZ9_h(B&|wj5|!@+IjiV*UQak1m-JLkZ%tQ
zzWhAetlS?Ot6Oy{;(BZVO4h7Z#Tb}kO^Lc`vrZOkwI#Z+O}IX4uwkpIqC^5vrCzbe
zd*DnMvgT6)oSeiKe<^1!qzb^@PX_y+=+Hi$*TUo$tY(iHkeJFMJ2>0g)a$_o+^Z|%
zF@Y|VO)7yWW;6+f!Tp?}Qr|4LH<&pArL$^VSt>EA+A~+i|3`hNmTf1C@pPZ;x|#)4
zRDDtrVY585+?iN7vjJ-brotfScQ)hG;z~FMDxNjtDG<(c%^*4X4S+FAOG~q}$@W9X
z1cN<qOKm>0S8bUY_YLpZpQ8R1N?6gmWb?-9WEiKiN!6ev?dP4Bw=X}JI_^p!(LGTs
z+E4}Qii_(l%$7yZTZl-8*E9gvnx%`95J>(Y^-$HyIPf0AtG5_Il~s^AZX5T<0^xvG
zV5z4B^szWc+(&?p-QZL8eAZ#PifW5(fUK+_V^RKJ?%iCQo?rOto&~<|b_3{2Si6`4
zguptpC}Qs+tH$N>-k$jWDsT*4e1O9aP43?^`*o=TP!i~^fELS9cJ6CY^Z8GW%i<d9
ze)n?GNgS@S4e*@Orm}B&wQcRJ0KIH+TdW7j)$EDtxtV1$guErKq>0HGhq6D@4t~%-
zxy~OAq_*IYQ%;@*7Dx^h^~6kCyCb24EwD2EU>8NoZjeek<7M#6<pW=r_`1HxPp?}F
z*dWz~n;d@Zi-7};&j)%{j^~DZ6i7*D8V5CFFDWCe6-nC4!)Heu>cc6hp^((NZyucA
zRywF-JUuCR{OA~!vgfbnP^_}4*Znia8GFy5fG@bn-gWM3z(ua7AXCC_3SPMT^(R;E
z-RLN{JZx5(reT=zP8{Wq!PQ6AO#6ND(|(uvUg)HrT{Ci3+WKPGy5P2dQcr3QG6@vc
z@HsM{At5YFe(~kec9Su;L;<}^1kR)@?>T^8fxd1bDHioNhTC5m5+L}3YzW|%A!kIL
zXFK3Uwgb6IEmPx{N?vjX12sCOJeJnLCzP;{!`GrAGbgIyqej1b-CyIrtZx%=`j!Nx
zIVk(YI(W}>GT-Ua{XNWcl)nNiEe9uy>2moPMY<0s>Rc%b!y6%RZTo{COt>^oS&rWY
zJl$1N1=6=kOuf@Be|E0yZC%+7%s+JI1PPUoIP#3FxYDl8r&i5wFFXc*<e7zqZs6bs
z9noczP-TOk#UQs$P=$e$&81_@?>kp(J6L?W{9f&qc67GBXOsv>XSnSw@X~X_Ml3*<
zP$mqQ)z%gfXc6rPtz&K)DS>1)4t#bYZ*IV9!TtL17bJj5Tb5=*4(nIp-5x0mX0Prw
zf87c1Sq#QN)Lv~wIS(r1J_94FG1c*r@nk(o_r=_$Dc^eF0Zu}7MI7txRP!PeA+M$l
zR+jJN!?Qv1rD1?PN<k-x>Uu1GGMOuW)86sOVS(YBec3~8Z&tHX;o&HwQhDH&zJuc%
z$?f0jOz}S`vjE@Ff97npUb6}$W1yG1!E1__E$+xuL?kr|tg<?w2siPaW}LP+)VlpM
z4jz7UJs$2O4Ovn)5i}skT-*z)-c4n<^fK5)ubW+O{ZLp~b#b5+<usxfUisnvzSbmu
zVq9~5oY@P^#jAlT{^z`Ym%IJu=`)j*HyT;HO_T%`^Ux0kQOdb!u8?N|P0s|?@Q*oR
zWZ$R7V+K_XozIB0RLfHl&xlt;c-zVjT>|DR=U^mf0lAN>o>z?A5c32NqyQeTF$H9x
zTB#Eq#|T@)xOyxL4CbGQ@o=p!vUz}8EfFj)^lxr3&na~N+tIGQENXB-AnRW(H@v}n
zn?LaM>=Ujp1eRAX*6jP1-zZe>zu+@5b^M?_<HuDx6LcN%2zdz!DIGx(<{BQU=N}E-
zVa+8064yEXH6IPrhHL%W+S%E%ow8nIq_7(=&i5_jBogJ0FAv2@QOgsnyr{F6oG+Ym
zqa}`pK74V-+q7>iBg=G3!t(vwFIMcPDG^S2xNW101exG{Z&M{j<<D-sZX#9zQAeG!
zFfJ9FGvt+wkIb5`Gm&%fX*?o(Otr<NgK@$>v(zD#_@#d-slYhg>RRFby_l67XpBI1
zL-+^iXYSMkdMo8awo-Ew(AB6mb}0b^Eaf)Vd{4h|1Q3WdLp%DW_5;~H;_87`zD@qs
zC*KTxAg>~=BFb#TmhayBQfPkzdB4FnfGm_+jh<fs#&=QMyF&J-*GI}{a9ihq6cmn8
z5`aoK-2DNbI@{S{r8=i`@DDDY2G$lx`EcdfaOa*dL%Q!AxduB9MCtzJ6~JO(3$*3d
zUzR{Q7BHh-R~s;W4<Ng@5+EkD{ujPrgaZ|e4VQWgRys?HQZ#-c)DXkn?Xt^!jWq$*
zqWl9O5xZ?wA{JU!p!hOhV;n87RmK-i>y{+|EVr+Q&6V$GxVf72{iol&ldTV3=2=Uv
z)Ny>D!rs{R-S2Q6>P|eA%yrfSFO$R^d?C&gcQ<dtrT)*i>c@7k?>>>`y-HfT<<VF9
zPB)8oCMRQ}EEs6aY<PU83;X--SeWIMW{ik%ybZXRa^9tS(?g!0_ODu5KzHz1t$aAC
zcep#w{)xrM#KL}yGWriGVoVVa7!n?s(dZS3;$aSctfRlT!8X!oVOGBN*+S$fHk$I8
z@KHpcGxD&C{u`Y)PYpN5BOal0GA@k^l`(XtSHD0?g8DaJ$(ykiFDHEWJJ{~?lPr6X
zJ1fPJ{m`LX75`pU&)bmS)S%En)7SaKrSOY@hQEGkJ!3VvGVN2yF4Wab3O}AL9)QuV
zY->;w-5Hr|bBay0TDwsmra5^|%P+e}?YT?Jk>$XcRi-upL9amE^BruRn)GVwJXK!i
zMa{hAoFh{)TXuM$CgX&BIHpmUe`f(uwcXz86m99na<GYGHA#fth~MA$mdX*g4}M0h
z`V=ny7N+D+$J>5l+|16VLcY7r*;Wrcu!1Y_>;}#QuBds%_x1+FLw6g1y_L&L;c|Sp
zK`C=~h7<sa;<tQzxjd7vSc#n!Df{l}U#GPz-7@`I<DL}S=i(EK87CG=ZJ9uL<(~9v
zngWHCk@K+Qxpcw%-?erB%6bGlc%Ee2dx>X@t{tI`e$}4@e7!qj{}mhfpNEd-Td*m(
zKgy@q^6B~j2d-Z$P4}$*Slovyg3;MyiY#;i>@OXrf8}}1pct8itpYV4h4`2bpS~!0
z;6Y7!QAEL`dHN0bno*_F-}i?8^|xtar{PEBvKt1^f;I8;y0Bb#6E-}0`nq=Sc@_=t
z-$8qHSsw#BSxj>onYa(U4RE&3En$h10jqkArUI>MkN`Z*>uYH+w`fQUE-`L@+hgwR
za!uwmde|i~AGd9cD=Tbj*6$FXWt!*?oOp^*K2VO_upd2cQZY;-y|ON|oj$^i3*dlU
z*;vXBZ}yo<T7~f(tvOoKY^DF^NO{HKfyx75i@zOxZkV|(+YBXTS=IkjH{Id&DGhe|
zlzuooGl;V_I%l&V@Uqf7RHtumbFzcQU~votDvu#6K74Ux;ArBx=^UvG<11U?4~pk)
zBtYFlhlH_w=jT)9?}-Y6UB~L}PBcU$`8K8fF>I<1zXW5mzRj--B(ZO=yL-m+5`MA@
z*Xv^a#Oe$1quxAqRrtexa*2!>OK+ga@%zqoae#}ZZ(bhQR>6U76-x1}$rqKHddJ37
zkZl!UaDTn+i<i9{FxbR1%nmj%HriCa@(1JFzD=L?@**RO$M^s*xVr1Gw(7?Bn7(F=
z@B~5>>zCtSIdA{Uru|E+cICtqda}c@;_n`K|D^{v2uQAgW_n;G0G)4({_dEbuhi~P
z6BQK^;Wj&a?1O_4DP~Lex&siz0lh-!(NC`*?czoSj(&Xm7NkyVItYI?dHzfL9Y}$!
z?ssXr9BRZEwkyo}VnU4nIj04}iPwzvQ(Go7KF|eu-J{T{KX!4CkCKCt=mbQ2G^TA!
zJCC$ZmfE;2n@f0fqI*vYyJnEf;N8AFKP9ayBP{3T4)PM$wHt#{T>oge<&;w@rfg`J
z6D)PTjx9-xS{D@GlEtH}*$~QZ$;OMb;>oXJFJk8tB6IhimeeUNE$oW1E=6~74Nl=8
zA>#GPViwO*53^-8QnYblOidIqP-v@_l`v|zzgFkyQF}qZ;!K@vMYH>&7{L?~RLJXh
z6AR}`@1yLA1zFs|an8ZrlnyJ&IL6#;r+__oHYO1LC4tm%%24Yk4+BEQCFhe;q)<E3
z=c}JVESSl(c$-xc1S`2-_wquNj&~d7W!PL$@+`Sm0rti$iaYW8!FMZ}@cLA~>s0wR
zWO3xuk?H6wI1y>mbUL`wu4C+tc+WNu{QqO`z2l<1y0u{}5fTfIG?f-nK#Cx}gHZ|6
z6_8$}gY-6lG>s@qRff(0q5?|qZD5EfATWS}^cKp{>kMsZ^X(amK%Vn{IXOA!Jn!%K
z{z)P?ciDUGYpr#y>nh04sdl{I6#bYgQQQdnYIS3c(y;fAKh<H7@@;L+TgcAazQVwM
z9l#M8@8H`d`Gu2ri>%kPAR~N+B{Gm>6_+)Eg1}ysJf;F^(~aP(4et|Xuu5NG7Q!@Z
zEbIEBL*}1v2&*FSb%isw4d;|NE1%2!2;^D!#@MfkOwMmIq820_L$!v2!WF0u$2(3g
ztND&oAtuzJQfB__^!@mi!YWaDr;#LC=_u6OH@;vXXy0FN7Py}Lb$^xx1gH+CfPZBb
z|CNCB)f%#CKd%!K@Ah!~)7I-JIz(*2|CK%uS{n5x9=+(de@u&!=5L$g5|`!&AU6Ma
zyRt*TIv}CX-){G9rM5@E?08WVv)I$uCietgz--CbCNcigzx?_G(aH0qa}DU7O#SJu
z%Qi<^Tj~P>>T9BvP<8fINT+Mvdv5GJ@VRd1q8C~GGGM&S6BiXu<$pS7PnP)S9P01I
zbpJl;fu3p$bK^fG$GQ)^_<SHr_w9aweRd%-PeSU2)v>4>$GfKq4pw{58<aj|#^IwS
zaJpi<<NI*Cl(dy;f!yZK?iP4OJZPO0$r`8%S_kgA@OSa#A+w{h1a;*i-x|wtl`pAt
zItVt=a5b3H&Sa5IF8>@6`9VXgWGO6_F)q)$kOEP*`Nq~_|3(LyLX$*J#5xWG&l2~-
zN#Per!>5Gj0tH}-OnKq~g;ltQQYFXZ+_R}Mk^VI^m8DDyAv3n7h>TKk3Av4do*SPd
zS*FFK7n0^fN=x>yc2HA@jUn}RE)At8Wk`8_(=4g|hdgWE_9nshQ=MpB;HU<V?HpBF
z$s|A-?#0%qUm9u^#_qWKmj@+;>hW5Rj?BLeDb3ls=I2ex0s@hm0IzbHJm+fDY7=;y
zL|kT?`{UQ;n8i+sD@n82s5z+?#2B#j=DIXnrjoHTYxfSMrl@fO;S)*%`1c=<1xNi6
zAY-oufewt4VI%K%f97<y&8EhMFKOl2%vt$ToMKgCqeu8M9aY(br}<QTl@g*)2BcCv
zkI=u}V+S$QL30R;37Mn0gk+-ag&pK@tK)?*Xgv5<412cHm^~zh6ur^u_=LY6Rq5<R
z;SP;kd{U6aRN}uOM(U`+wR{h8g%$#B#KcGl`@vGe0-e6dilvZ!-Ram6iXdNsdNdd|
z{RhfTe<jxN>-b9PuD88mWw<ALupDv^vgtj!aXf7_Dic*u)b{5s`EMLZoJJe}!$9)D
zYkC1QIEZmbrpV*f&6%b9vZD$>!0X3AbE80BMoGeXrNc{s)y(t>(@oAjf#&ZOZ2ncS
z3A8@74OV_RP^%JE^L3&nKowI%o{`p<e6aRFV1=>(`JU2NDNq?|aC`wE$Ll8KCqhMX
zD}wwA{9jkM-LHt@K22I!m)-8PT@yJAH3%XAivZLDat%%vc?CywH&;V=8Z*7wrX8|O
z^GbJW)WirV6-*uV->}Z4&*g}Pah~ECFBV8K53v8r$-UgRa3JDo`)cG?_=t~6t$##U
ztk!-7&_UP~8?Bb=3+%6KABh0_D+i4{y{HVcHnzvy8Kvu&3xDW^o#V2xy=1Imzr-!b
zUtg8u-;!q)bAz<;gUQyi&#h3|Eha2Wt{N{zDqqB!D{q#C(w|gf{)4?B%uHRxeJNTX
z;AncFle=>I2;D9H(X<GQ+`E`>{JK!y+EXpZgF080y!->6bUy8rA4-X|EiiMmZ?+WL
zF1U8~rz{cN@(9PJ#_ai&E8*1%iu}0yJjS)*`W_tJ4*k+&*0D;t;cW7G-e;W58cdw>
zIPx5k1Cjw(dz}`UEQSsM$G9t%o(k5{Ze6OtAW%bm5&3IWNKnOx`-Md&u%KV!pO62v
z##w3dyi?pBWRH8xhSH+}SF`drXcFBmeWauGeoqsTi*cZ3Ioi-Ne7Rdbt?G&~-*^t@
zWW(lUaBT3E>xh`K&rc7aLQyT><mM^G?kQx3+g$~Ll4dKr&Zm>dt>g)R(jQUU*%6uB
zJL2)V?foa+^G`ZE9(O&N83#S7W!21{xdR{6&;NzxKU3`fi_xb>iP6h*AXb6(z!m`K
zIjxXw`WrDoqxruI!nk9TH#RKBej}G!|MIUfikR2J{1ZD~fKkG!)*27l?7>qOg=8V{
z2V-+NYf(xEfWTith5stb{EJS-@ClF!$vce?5xNo8*UHWVti5+lRw+;?>KlVV5cl;R
z{1^hH@~5_SI*B1AMY>o*DqEQ}?akMbt_!YD9+OLx(UE<RP13Ug*<YRCkUcuG=WLAH
zVB!yt=>J*i#%;=h!SxY~d{LC3cz(8?I26mJW1Gp6yaviIsCHSF-p6`KL6Dy@U|O;{
z@<BOeFH$E~C($W*P`k)b&@yIeH~BpXPiN>}ew(9`>1abEn#CPwS}UyYJ0sf45q4#(
zw0?bQ`MnnyHzkBf0Gt`TC(OgAEKK3&({MZ=Vi47X+OPB^p+WYZI86spZpF;z;jq+~
zUBDcR@KW|>HCm8HjGnQ_cxKsWjdD4SKH)weNGZ`2tMkV&)tQX)1Bi%$(omA6U4c?i
z%a^p|*R%EeU$b<G|5ffh@b_`5<~Nr84ztoEdT4a%AE)D}bjHSDEkVfNivo<Q1HOFI
zS=7&9yKbIXtgqQ;q#wigq{s?FeL=JHtxA$5Wmjvnz%)kiKzK0AC5tZq?^{d<+Ft%<
z0dpPWZ$h{|VgDjAaRan{7w4L`wul3j{D0q?Cb+Y8YJ}}TQOAY7y*yCJ3Ac(2j+0zn
zsT3k)Bz67=A4$h|7eyQhZvPyH_-1ZvoS(;I&xk@DSX}J^SDoLrQYX5LJDOW6*|t7E
zur@&+!yp9L^ldC08Mp8<{3@9dC&6F~6e#w!EI~c9>i*2?P<IS-H};6Rtm%?lvE_k=
z73wyGLA!$?;}mJyl2WGASKDH>z5#(=vo_91;n>mR^@!iAHhbTu)gnN0fq53L*UDh)
zSztY|aNwonGFjh0CAF9*2lb5yMZ^mh5#}`0H`Br|rZrk4MAO~hyXhjnoKt;0&M@IB
zP$>JL5EuHPtJM2B&vyR1ccV5?4@4$x)__Yfq~zc9CuAbW?UGx!GLdh0<LHZ;?!z)|
zyI+%4Q6f@pRi?k0U}LOLZnrh}q62kbKIe8}pZDM>y>H9h&a7RiB)WFxdePhjw4i>V
z`5bxOs{^lW<MMUa#A(5o7M2NA-3))6Pt*#v;WgA~RqXlA+H(Jver+H<=B(Li4|UJ6
zdGL#al(a>B-ErR`#2G)ni{8Q6;RilhC--&itC>dY7+W*L(vp%W^L7w2b-K#Qrt8L^
zeT&WJa4&XlzMOBx!q=Ad=s*-G1-@1X|Jy&e3=bYM(s|NuQwv{fXppte2YOY6G#?BW
zik1$2B$vwn6Zk$&a_Z^!5F@eC{=Zd?05pibbr3>Y@YrV~^8b(xl{ro~lhafzjy)%h
z`d^C&fBF!v#Bv1Rd8)h;=)2tOzI;VIU7cscLgKLffN4-0egkNf@2yTaBgjBkqO%3;
zRj!+c1!UNorLFJ~2h`Q~frLQH0nK|=z|pFUxlxAlK*|d03_JC|D(pPvK;o0>Qbf+j
zBn($ZZy{7M&)#Ls_HG%!CVd9?i3aA{_0ae{zh0$l+?5M*qYGRVI~e(U3P0<$P&37y
z@asrZ{JJ}{SY^YC-cZ><^Z9z?G~JBkqE9g_U#-i>rN@5NcOf5Fr%<}r&ZOX~&mgo7
zaQ6lWP@CLa1IhAs%nzj>s1A!LCu7b07!+>s;BJ$+KsmE_+wHgUdWpA0lgR2L?`KUY
ziXQ@+rF&ZA0F2c51Ya#@Va=iu&9Pu<;)Lmrhw^`256CX{b7o2Sol9D?JMzPUIA`{n
z%*MC#cDKAnbf}JjCYGzR%UDtJP&rvc=-|blfWPQoyu))*`to7<^|J;W9TxK3=SrVP
z%zo+ADQ$eq6jmcw$o^aI(ouM?KlnzO7rMs|d>|BMV)>ML0J}{tCfTOT$?S=vp}vdO
zT++qNCaU_#5d}#l_UnjGGl`sKr4(nmD;=M_*QZAvxY<%2-@wuR*ZoU<j=zHb|BPrY
zvH?TcK&-s1xY!d8`UEFHcX^w|wq3g{`#&W1|Gwpj^^LZ*t$Hk|QU00b5Jg%2KN>iA
zCZ*jh3_bEi(>YBJ!UmMIFo+Q6s6eSvQ_ql`BA1M2R0!KLY2>`KCxMz0A#I+LF6Q~n
zK;G6yPWfcO-#%OPyiF#(93!iYR*ZZkVl*AapmF>FP3UVl6Y3{xybTSI3;m%o26X=(
z9obW&9W#T(G}h0ubO$)KqM<iZ$Xa5{8t;~uN(c-6)>0dj1vPb&%$?|I?TKWMZO=5L
zjzEj*vXh%IjB<eLM(z{E0~pr?*iXVVU{a>>P7^&z6%x2`Ip|8Dj_*iL&?Sg+qo}2&
z$YjdoFh>abUM~Zj_5+&vT8@qrw)AsuSu3VD#-T|hZq;}^EnHf7K+fdi?jav)2TClb
z0=HVA;&X3W!l&lW!4#{|Iha9s6z|uGA+{?S0<g!XcD2#je&SzK5sImI=$JPS)nFE?
zRg@JR(#xq6Y2Pbu#ofKB$xEt%(RfYyO;7hmjd<jGg3sz>aL1@mrM%%IpN!g^X5!i$
z6)cm|YBke)Z%hkR*2Rpg4e{!+c4v>kCxZ({fqO%_gw3zsWPQ6gyTz;8E`Q1%Nqd$e
zp?8taOap__V4Y61=H`PwS?yJ?rb|MSvC>&dNsn<^^8$VSy=lkmA?YYV_;ksF<2|Hz
zu1%?umbRIlmYHJLjZj^v#>}%`YU8d<&9VF#5q|{i$C}hk7Re4yg&Kc*WgCJ9^<GMx
z{|uF(y79QFc#ENxZM6suZtCewK~es6b2#ht2QAxQtu?udG9p;a1eM+;{b)fwVy^F#
zp3@448N~2qCCl(+L|@^DB`EV9csd@MfiPA@q0u_s>5T4k2ih{P$O3qz$9ifrjt!#z
z)c0-t)=wV~Y^(O(<3HB3A;hu@_r;w`BcHeogo%1jkr^ZqfC_5&O3bz&Y11#VkMDPq
z`T_~viSHRTAb9@!Ft$8qZFDsyYMf0obrB|ix^Y95v)>EK92|dY1%vc^r$+-UT;}&|
z|G(X#>5c9_J8gZUhji`0$G0daBej|odvk{;*2<5a!>tLRkjF<`R;I9Ov|=;BYL<s@
zPht1<<x0>nU2=Bt&cj`{&L>-TNF|k;VK^Sb^a-`+HlL-Dk)Ic8iGCl)F8vI-r^4|J
zLDo`ly~H)$tcz5FdNp$KhvY?~>e4=X#to?CJkM+TFah$cC>tbb;$(;qTs9-eVHQrX
zCfwg(VCP6b1$$#YN$JNR<&Q`!2gX&+O9z4{hz=W08X<Ze7<i3A@j^#ag???Yp82}E
zwZ4nxF?8Zk`UqFkc`E~8W_5q?4k}u>SKYle^98+avwJY>o8Ck%N!(@V6HmYJkb1B8
zZotfHa{sYj<-xeYvsRz-5?9$15I)u6qHw)4%^<fmwIEEtPd;8fA`)HH&cxX+Yu0?H
zS%5=|MbjshV)+jS*XEK|I_7gpbN2&)vtj!k-@PI2>mLG@v)sCy)lU7HCN-Humy{k{
zP}KKz`Uw^IoSk(M#edt^MW$9mDYBz7O{%rlqvHmIMO8wMx3w~j?l<t>_q^WE{#PRs
zE-JLtM8Mpq^gZfRa?2hurHlECnQ55Ct*XYA`IS>8BEHN3_bP{13vBIVJg_|<caXg@
z$3OKr{iu?awmhuPPFY%b{&M4RgV2B)>r5ghX9~1@v|>(LafqxHU%rmoOH1qU|5C1I
zX3T-OJ3*<>@Y^`Bt<oY(u5S?aV5>Bl2sVQ1aG?aFJyRD)OFSTL^i>M;hmvDshq_$a
zXxbvcwHWqLTiOD?xZZ^DuKkUr{~9a(na+8C{`fa}$RPCS*i}T|JXSi`gZsakU54D~
zE}F7KNz;@)n1>%Mzx<D}%>ImH#|$BjHi1yVW2>Q(2T;jv-vas70~9Y{F2XhbasPJw
zL0VIfSGVh2(3Eu(IjRygl5wG5o8i6pvqiPH$f1+R17L+gz*1!IX${b_JT<Jc9^0rC
z^BA{E;C(KJGC3c~fp)(;P!Y&wD)X6{$T_YPkKK4u|9B`wE%##Ooh*RCx^>0WklNE_
z3(c?G@3-mFQ`b+Q$+77<aPDgDvdAF8+P<|WG<b~1hh#D=?FZc33!nlEH7r#k<)Yq#
zjeGO2+7xvE#;Y7FU!RS2<M63x_6qptj2OP<Csvu$(TqQ#yj8LVX94ju!MeNn&5HvJ
z7%SiMRguc6T!WVnM`VszO*Zs#Q%lK=1#0{1twaN_tGy@6m@$Oq;>-_Xc+pQAHI=4w
zCHOYsXzPs}ru2TngM|2a>I>lcSoR#ye=mjkd#Bj{BYYkxBmZp}Hs45~WAkfhb@c4t
zP|~da_QYE0J5J8(GEsIjFT<SD%3nsmR2DkwZnUz1#Mf>QVG(r;GLm(wtt~bHEUKt8
zdt&%Gj>?ZU$3XLABHOb75XfE&?Kx*kHGGp{7>`e&SeiiwtC>9h5!5_w9UmAr+1eV{
zTgT7T%zPNnc5E^Rc2jNBg_=lF{**A}uzndlyVeL=I9_K3`nP*hUM5`rI)YIbxo4+t
z?HUV{x+UHZYUONGpv0@It`=cbrRtDSq}%dMKSw#Qk-#>OGubG89Fe8el@ZOkHdQ#n
ztOGNma7sa#xub_;8TW6MVq6WP(?Bu^MKhwGZX$CLR-}RHa8|ivjZRxC)n-ma)uHK!
zClosd@1`6!T}Rhsh*;nzKJ~H~FX=iRZvCVnD4U=jp|QNvPu#QJT~hS%e>~UdOVgbb
z``y!L0Q1MnMbLdQfio#oUy3Zx($@9hFmR~};saHdH0MUNC|_fI8tD}SiF*(;50092
z^-e13XMNuRm@s|IW+XF9ltKcI#?adVcuq|_V8LSo&#6g)O3&h7pCP|9xxqi?sw_)b
z()Jy1F;dJ6FQY3i$;oFso^IBpl#d3#6L;Hp98>Bfh;W=S2mvkjqr0HHay;r+NX)xX
zS8XdqgHjUN^ch46@V3g8sNd+2Xs6HjY!#2s@0OLeFkoNO;wrij#l;iCc75USo(qs^
z_$oZxpI)^50)YY}sXZZk!1=as?|$GaOiyW8w7(FeL@M2p@wYBzhhNIL#QTLROJCf4
zKUzQZv)T7>_y2wXM7ZxS#3Gf<4$N%+cIsSaPpL~i(w&59htL|5>~C*nH5tt(Lr!F~
za&j>$GxhEL7v%og34pAu_kFVKKl}65m8}+S_!Aq@Ty@^%$}({ir&2!0NhIAZYz5ud
z924W);=MzGb}lbAfW^A_P6T^%M0$);Gv)yR3Fw~+V3{l!hY)5Br{edN1HV8gg#bsL
zYUkUJse=kGp}AAL@>ZvT+d4Ax$K@#9@YabCWIyQQ9&+2+dorW`b6|qY%sqPUcBt2o
zP}sD(l7G;&x#tbn=X&nzV~(=9vW_f|?;^sT=9}RrNc#rh{!3qETL1_PM@x5uS}#YX
zaq{o#ezlMJV=)>HF|C^%8fQ5~ygphNOtj=MYZY~#rc2KV_?(w!TCT~Z+|(0@NQ>zm
zQEsqxMX)>o_DPR2ckZah=K<zEW)WL3+OLH4^&GKkLe4jgdf%x%g+FJPn@g7FY8;^A
zT*x~aWkj*oS^soAkWr5d@<d}sMz;#?*508gk<(o_VpcTMVg_b*zTaYkRB6Np4wK-6
zUzzmrp6XYx`{-01n|>l$;z?Y2AIlO&DH+F_YeIx8tR)(B&_u_DWh~9W%pM0A++OoG
zCX(cbntVL3;8wLBV0~B(Zb{}jn+`Gh;D$g&N7)NzdZC~un=dWHPITFDS;KcQI79Z@
zsMP(70ok`&>!gu`_LdV=le4(<hA(y>_oXLaGMU3Yz0Itqs89}lmq|t2aD5i%wjR?P
zLWf$Oa-6xkA^S^FYpz5$b7K=EW}`c!S>hX&;e%6)Ku>kj^V@}ePe_0Hx~dwkxWtTQ
zIyEQK1Tvz<az4%bqxc{2@Bn7B9*%%olXkKIJ&_zu+X8-bhVGLs_fZ=9I_%_n61Ms|
zQ1%*|dt1-DMaPG@L#idTAnMdmU>#3*4LdA-g8S9a!rxC%2Cy&4zSB(&rS>fi%Kzlg
zid2T7G#q2W10~@EUb+zZwNE>L`l}k`Fv<0ug+dA@;&{IEEdCdMsQKnU2P}exu1YUq
zPrVx2xlKqZnbi8+M^F~dfa~a=<KhMs`eZ?l=T7qN{bh3WhvRmmj=l8Cd<|nlg|N8$
z5-VsdFC>{uxd4h9Dr~gA$!isn!k{!UH#kWHG+#{n&yvJ#>*)A~T$5fw1i9+#N-ln$
zZ_+sb#L{$g<kMsGrxk>%^wRX9FFV%1D`a<kv$8fu#v{FNKR=V)iyP!i5Z|m@U-UuV
z@4rMszZ1?vssrW{eAY%nl<|7ZGEui!o?p+TJlwnc2LS`%O^D=bRdZhWPlkih+>+SZ
z7LMaU0wCY+?8C90@x3>o4+!Lj=Gx`)X!C?LHL|?OtvU|-@f#>(R`Loc?zLAF$<2_R
zZXn27*Jdm53-Ue&<00h)nD_1GnJbNUENimnF2YL_n<HN;mp&-hQtErNh`m{SQZ?~Y
zxP$+f$zqRa15SyxuQH6CMJKQI?7VrxP=e=1Wk1|4`wXK8{H>q5Q0Qgd7+McYDLybk
z3tGiVA+XFYQ@f!^^zfNkCR7o9ddBSeCoP<nv+)mBR%6#GC|=R-UQLZ?0ByNaN0Wdv
zVU}FtAF0$=u}k(X<C==znDQ3LjOz9OVl|wpkUGJr{n)S11-agnqS1H-bOZL>6SxX!
zjwXdy$+=HCpqTUdpZb%IUwRZZ9B27Hhc*kQFBkdE`R;?(hD^AguydqIY#{f0{UROu
zwzxp2gf1^jM@Vo&;5pZgI)~}HDmI%Ya!dxw9OYiRti`~^46*AMCxPtjf*P95`Mt4o
zvZ)-mn1EEN4K7!t))_Z;c*z}bVU53hUVEWsI5IauhI5vFlw&jp%@P(^7{hFAI`S>P
z_qnWu2dDd!=H77ksR)Y(OwMA%&_vxxo{8kOc{WGMW-o=%+4TV9R}?$%X&(2+sxyHb
zk6Wim+ls8l%Q;1Xc`3GoQ8kTmZ4;)2KXOOQ((;64Ok@n3n6ge``s$K%Ke@AqSmauJ
zjvCSD*+6ZwgehEah@qnqeuW`v=J7#Twp0T{W$Ym4eTdX%hc|@e8Bi%V>9?CA&Lo<+
z21WL*_t(;dHkGZ8v^6ymn1mkDWqt6R$o^CMzGeznlF(t2@92!gD|6p-I>akou3Y$n
z(7(uOZUD0IP9=xvmh!%mes|NA=IQRDX_`Y1pAlE_E#x^>U*YUz?_h#-i@AnAsBtlv
zagNkwhC)~#$h*Hkn+Jw17ipTS-(-MCNTo7l=FdCVUlM&R6T$+sVOF-3!d96}mhkEp
z&eA<B{=PHttEf6$l3&7_0<$DEI;Q@fdu<Z=5|H*7`2}KV*3|jac-@dg#FNOfYIUta
zHDH1@m=7bR$ZRfoGOD2c0_V7FKeLK6b{MIx96XBpDft(Ugwpax!0|24e$a@tAsO5a
zDxj;KQPjUaTe0$hS#rUF?_E^cTrL?0n0?i#XF-Ogs5GqNFeaE6yfg#N%vB<vnH$Fy
zFJJd4tco|y5Aw1Yr%aJ}FWFnuSU1y$`ca_^KZ6C^6Ti8(4mIAhH|{}VXlp+5k*+JB
zX$uUz%2Ow=O7D(V2{Y=5_T=zv$6=fj^d()FKzLlTIdU494iG(_JOT6Oxlmu}=Hn_E
z_8%R;jNgKYw&PMCowa7K>1|(MKuMJ?_dWIcxF<va+DEy^a-)H+_wdRn2bJTi@oNw>
zbEDabnCQA6Di>ZYF$&K*Z7wBjVuT{OI$V!mquIqvolFWnNUybUY)ZxIx;e*{%6v)L
z_gU+!oE51@$EbI2N#FN55O%s^;D*L;rueZ-SLO>Vmt7V1afqfnD!L=o%y_~7>dUYi
zt4MBSvFC)HlDMWUg;^bT8s_6*wlWxt_l)yVJnX#7<~>YhI5HF>g<M&ElE=X<<uo!j
zbi7|2j7Q2Si+{<$VHxpb+?(w_S)74BNRNquVT#SX$OLT$u5x7IgUPllYY`-4=XY-K
z=#@$okU|4`5<s3VOBdm6xTxzlg4SqaO@QP1mmiqAuRCotq}8&nKPH#_Ly+go?jU&7
zbqG`gV<{^sQk(KwlJw#Goj~#LG$ZmaSQ$VEc5*B@Bjd_JDkbQ@fal+3p{T2?A7rq1
zG7;YL))4Ccw)<ZsQvQXa#lSbSt#OdEI(=;iDiZC)w&}D<9?w}1mjpgg?aSci48GED
zbHCfR{g2pgi$QoS?fyJ{Obrr4*P|;ICMlVpT`rHhd&Z`$<COQ;#<#=GaD<72w-diM
zy{LRD3~uj$`O_@Pd$Jlag}6F_5*F^S(VG+!_n}C6-5B^?m_yf}i+jBI0Y)x-t8%b<
z?weX3X-(R@jTyt7_01emXf2Si$hj16Ml<1`D$j69CrM0b$TzO!Srj*1o+0uVHmuUI
z*NE22>W+b_Azqt?RmY~P5z-Rx65t;}=(T;`l-r%|u-%;ROIUwQCYFH9WAy<o4YL|u
ze|eSK@^9u7sn7V98?8gtXH3iLTJpK`hU>JyjA%qZu<Ss`su`>G9EN5|mg<;VS`@LL
z(r}-exj$HQW|u?0JCNSOljLIsH&gXq(=>zWs3i};bx`3cjo~Hv-TsmOO#I~VpVN++
zYCSS*s*-o)7=2|cP#O|<QE5}Na)0R-9?Z7cZjPDDb<tFMc{>>kM`VVlD0v6DYIfPb
z#=_CK;a}K<B6UPaT{L3tKh-kIzdDew^HedR-rS$6GvINmBA;uOaLGhbk)y&+vMyU^
zPCS35pm8fgP3fAr0Bf|tap#awajvwS9_(-k^Ot?grgEGNnA7UjTG?rdM^D~w3@>vW
zb}61{sS7X3{aCkFlH4>E-%$C|BS9$6`ALI~JF}fNhsW(@@wghJCJL#D+xtIs%Ec*x
z>l8Xm&{U5Su8fbKB_JzsM7$lbEQJmJQX2kaP1#&Chv&Gh1D)z85|X0VvNwNG6KX%!
zi1Aba#9OC79Mf78ovvIJaW_|_{mqh_B_u#CZXxIB!Fq;jnUy#ivg~dSvZQ^r50nZ7
z6xphh5EBKzYwhof2-D}e1Z9`u#b6>)2fsvTxs`bAfhT#)G_`+&RgS+RL+n>ru@?<x
z5{Ir50<6h_c^7+8pd?xnJhL+Qk$gYl`~u0R@3Wo%zz;*i8~Bm_9-n5(mtm3jr(HM3
z1MnwyLHH}ONBUP!zE!_H$K*LAme5gSTiq_`vGK{ZFS{vlU3jfKFQ-4`^J5XUMa}Ua
zbr1<VX7_-T@rpc@s|4>Y@Hp&Nmz`8=Rz;I7UmD_2R77h>sI$*kYC~w_j}Dx9{CMG>
z8rbg1_kn4BWhlgs#G)4Tqo*0G99W`5FX!M@m7l-eSZeWZ&tipL^;&wK!;JX!?NS4L
zfXjONZtz`^X$eotoe~15mJqU-$jGL+2e|eV9~FG`g*^s@BHN}Cs(F${n_1WxG)LS=
zDEe`YZpGh_YRK%OMR}$3rmRNP9f}j7pQ-Pz3U~j!Rx$pYv+U-5q`6DcNR=m!L6XT8
zkI{vPycJfv&XA#&4u3CB?;*LHJt|TS0G-4TgW{--JEmvB0h^Sf@3AP9)h!itSBsU3
zJit*_{xkALlHwf}n7(5qLQEBU*RhLLPpZFzGppgf<Ky+)ja;FARlnklOp9QRU-aV3
zUr5!4Si;Nj6w9nb=@H^kjoZVlk&qfbXg@F#GclOo85(&S{Ro(4U6OhEvyzXR%BPc&
zvfOtkncXjVrB2lia0=3fSt)4tyI+vH-Eiijfv7w2>NW5BS=__)AE5Nvf{oOnP|-)?
zzMYzMIgVyvs{O*6f6?~98!zfapo*{MZ@07_su_Lu5*<&9@k-*pjBpeV2zV!_s3~P=
zAiK#L!m@VTHdHFMOsB*fm!GRE+2k6zo`p*o7FbKytx8Xbp>qkp@lGZksAqL*lx?%$
zUjUnA7McM~`>0p4*d(_X4jS+U6;t<LI>SF|SqolnkIMFD>YkT1pPpxa?nw%B6&pX1
z<`>a4y{XifU=vez*(V~$q%ds_b&1{Y9b6V|Ne^N<a&Tu@=LFvoz8tc&D%j=op8)jb
zypt|6p0rTwMsA5<7a28DXK#NeQVZ{m#bQ=M9ZBnKS>qD5^wZJlVY04n6;6nbb>T#(
zXTNFPvDP}1^70n>EJKc&D=4S#dF^K8*lH|eP$ND!_eHdLMOhAC>3n%z<qI&*ZT0w#
zLg>Ps`%_)*pCapMRB(=_8X}`6!{@cBP1jtEIdquXnp|Ja2zEEVgC}Y=oevOozluY3
zat+YchGwz)ms`ou0cPLMs|ukGnDej;A<T;xwR6<tCkAcu*571Qgw~^@em&Q}bS*DM
zuQRW}X$_a4t}#{}r6ThCs3KeCvHoX2J3SO?v}TfeJ<p6#;Fo@O4h(qiUUexTdo{>u
zW8Gq5My80Ct+L$fV*hexv)Qx>B@1H}u890J2behbGKcX=b}KPp3x;O|*L(z_<sBm4
zylax>5|oB{jJ(pqANQ=6uZ|F8dHBL71Wo_tNY;KisjgLhOq@p~Q%?*3ilW9$-P>Q6
zXI^hQPwK(g<oXn2By0w;owkA@xjbuhYwW3dn$h#H&gJntz80tUyy`BlN*AZjYTT(f
zPKCocxnK03<qB<132Beg-f!a=|KS2(XRDYi#j?)qAt=~t=ZZk9qbLDydPb*eRlx6a
zjeD(#QA1tlbg#9)vUEdbS3`|*Z6Gc^ne+;Sf_{l({D|dr3Ul-VpK+a})X8NEfq^#^
zYgxU5Vn#^sbD9X?pmj;u<8t*Bd#8PS$h(!(?DC-}Vd0a4{2$`D%QV?4>&}%bFJs2L
zye?Os1F6jJ>m@KwJvTh3aYZoh3kkTcJiGM<zARH8wPoQYL^@6~#z&`tv7QNqbg$1y
z?SBiKeFbGTb4O<6DG4@A)rkWKEpf%=+ZASuN!SWX`MQv<4LGH0o_%u;drDZ4R;Txr
zk;V{*vT#$Wa)4J%rmpyB^GX?wJp8IneLRKqySR*XI#F=j-cuf{&-@)Co}FwMn5r#K
zxr1d+^llALqmmzHeAMg51P7kUFTAR{iK<sCQXw%+)+U=9Ly_$A3$+y&W9)o8gN(6y
zS2u#+d5UrBr+UIN)BNV`N{yDvIj}a8v_-d2Mffho)U04uJr~(r$E9!9%(lth8Z|T7
z?Tqyz7Ca-GRdwjmGBfl%7QSvNo4hi0SE?H(SsJquQlSb9E}rZxl{vR|>5_4Ke~XM-
zVBSqzO}H|eKh;iA#Kpj6Tw(Q^KfyoCoRC8AL_F{10sOLthLi%*U)+4Wt{PZnC@#sk
zgs6JU<o8R~&la>YDO4aLe;HBrJvmbsY#nz0C*iDMjq7NW=2}-%L4`;)_77UZ^O~5j
zW}XBUgbffz7ca!DxGQbuUsClnOHFt!%c$3|StC^r3l@eJQb_p;Bpl^~YHYp9&nE-k
zs7b!7YtchaOti_SjI6Vs*s}|m`vYOhU?u@dzcNbJQZrt3ceMX^e{e&p)cxm|y$tQ9
zVr}^l>@pED%s=#KG<-$hO_*mMGKLBlDivn0e!O3mGtBlp62nHGQKp89UwuE5r?>pI
z^$O$Kf|BT<eq)=`w2m2djF49mSc@1wWA#Sv_jTZoG?YH}Cc3}xc{`JqshP2Pq!Wzy
z@ByHZo8`84^o;bgvny1Ft8QwNak{=NWJ{3_GeyuQy^{Wl`uF^Dr8>()?8?7S^?1F<
zIQcHB(*6V;cx!xD>Akl2c+`!QaK1u}FE)K6--N@2qn=zaT9&bQWwWN}imR1W($X^o
zFwt6=h8pm$<tHdiU#t`4wEYsBRgJlFi#$?F(SThUWgALg)B#){q|{e)C=FaZR-LCU
z_idJ&C&UA;ZbaxpLDOr^OGvTWBrae?O4+y~v8#dA$F-<Gw*Cmc8^J^?P)JVw>i9D|
z9EN%H8T5Jdg8fJ_`Z@yJ^<=RoHC|=9c2t1Rd$U%p(FtST(TnRaM{K^~<6Cln*IB4J
zTD^=)>ntoV7aPA^D@-bvyiRG!_%eFX6IIM@N=uEnQehFN*h3+xx^}lHLAibA2BZ;4
zKI|MRM)trBE9z9RLajyensn6WZ^iTdM_q4^&puC^YTU?hoRLRo6;agpR(Y)GISt$f
z#3L#@Lg^iH#Q(*3&28UDpnxEa3o<o8{+|9)rq8#gc2)XVX<9xI(A)h+z(h;xDN|rv
zgAi8A7E(7_#Yf?<G<7$ABvmXHNdN8L$~6eDLI59{DZkY;p`<EI-#^d)shs}iCs!r2
ztl`*bMaOYoExm#@p5wDpTGm=HTjmlm#0`Y>s<1~+srF*YKzbiA=Qwb+X)9kAxc|?5
zRbi5laW&3{Hflw5nYz8U!W3(-utzADtE+ae-^WfpuI`@8g%mQpa6S%=tQm{C@6rDm
z!Hw%m<G0!K8g*=5W1RBLcOoR{v+`o#92%*a`r<;QmkrMLr&+DHrq9jbl~$#e3Y?=6
z+Ka}wqP^Jsegd)(yD#FB^h!^bcbun=(OI)qY=$|v5)Qb#IkVHU%X6_!zw3g^^VMe`
zQqNS=D|fR!bsKpb(S9A>y3jLRIPSp8Am1E91>yx!f`VrSz)9})5fzNYbHgb0k%WF+
z+(wHqec{nKxjgyin%}xq-QnRJcQt^%JLSMzFZD+EX1`aA9N^0n>pmp+Rznq5KW!|F
zy)=7}$_4)xUw09uRV&UZcvac@tvh9+c)@~Jq3Zngk~_J@oHt75zik)J4v}2BRj-(=
za$Y%UsvrkiFNkW*7*4-XuaL>K6!UUTX}CLprY=rNI6}94M7U*JAMYs1J@wt+kGi{!
zXh}%SsJ0)6<e}EK0_lJ8pC;e-W%OG33IJ++g|O}iXXXU#Fkgb_=Cs%$lCg8dhyNu2
zbQZ19>&@H|@f$Pm{TM|yafI?jvPkWyI1a^{fFIT)<|l~5Bx75WNsowag^CjA0nm_S
z^q%1hS1?SLszumirj+#!))X<w4p%agFGq+EcAb*IIrXd1U+wl;t(S|uI^EcR#dErH
za`f4Ck};5(gAWiyV|a#+MxR#l!Qdmg;Hx~K7LQ+V&x$LuqawN2MtoHkWuUa;v$1v@
zUvP#=K^#^lR_kHXe}&|C1!Bzzj9Bhev46XoqljT(o(%()e3Cq(%>rRG2o$B9mjeK?
zT;@%jv$~&g){-NGnEOgWJ<YVoF_I`f;?05yV9?a5;PrfehS8>ppntJb_TXpL@AcZz
z^EwxW9%v?HE@Gr4QFnHJ6R0|;crTXAx#x?I93EJ$9PGeIG^JAy@R<kO+Sq`iJIU2I
z#F{jS5!+&9;NMD&oHt}1R~RM~&Qkz)3NvochN!SM^RRRg^MMEU)+T}(3Wut%bfzv*
z4E0>x>ez{|_Sk-(`Ng6>?-ryJ$-{HRwF0JJ@GEc9WGNpsUTi{c7MNG4vxO|NhLo-M
zITXGn6M)$+C6ylc$DB9pa>uE%GUrjF4u6FjF7X9~uLhbUy)fMR2J(%RBv<Q+_gIEB
z^v{0pK3AK<j)v4mJ>Ym_qw+&c6vsy%`a8a@CJJp$@i8X@d<vNac@|4%8TH|n;^5<f
zQKc!GLnQZp1(Zx`j-?-~IV)U-24@Si%9cr+L~_<+@k?0lyLA^|%i_N}P<vLPB^>HI
z0?R8kbZ>$Q)Tvg-=F?O9M7Ay%bez&4AztaQv@kvBOs)2+l55mmOm^Tp+4Yo9egY5U
z$Hkd0o;TzH-Q8Jk&!IRXshQ;WKmr%TUKG?L<3*hERT!p&OO9S1OrH{Iu^D0N_tmW*
zYD!nvzex!wTnfwnb2Rcz-V0x4fPNGS>M~(DrVP#WBIG}6AXiYV9P?jihS8CMWo72t
ziX(c3ml$>2s^W|gX6K)v?`uuFq?5sxEx-sIFcAW^KoT>e2#Bf^Zo&$mVDQOvs3ZD$
z(L-||@9dS&w03$$v%ozIN?6ar0tA-}F>#7+)5@-MYeLLk(Zjv6eQ$>2a=-r@#mU*t
zrRd0^Rm;j!2Yk3}1&h0D=<;Wz4#~r4LOFdPOb@x*)xW`n#H$H7O(9wJ&+2+uH6WEi
z{2+`B4TOO;Itx~Kg7-LSIGv$3oX{6D*Oz>NUY%T0JWR4cLI^k+E4|fXStkr0Obrjn
z#awLx=ELg&8c$P7v`&zC5ki)s4&aM#bfE)4yTN-ksY1DV?kffP)fV`$Q@rO0tO-A9
zl~(Iv*iS`rjYwze$OJO^WuPQ4dtP5tqP@i3!4wxwW1zHYXX?(%f`hXrxNmClkSq|@
z6@{~nX$nKR<A?EGqa-BGM15Nz!gQMC3vo*h{!TEqawWVof~?9Rl3v1UCk#UzC2^)9
z-2Q*=A7_IsYiYV$=*tUY+eZ7)D`moZ|MW<)gbZfyJ~=I<(a4>Vo?gc5Y3YCyZuwkR
z?8%M`%RCWjV4&06)l~}o6gC2nY=xcEq=E%Zp3A*K;ZE|h#p}xko*M(Bl1>B>k0C;r
z1qaIS^Qh=I^&gW!x3w4P)$P4>h_E>b4-<PG;yw3)lw&k<L>V8#Ewwx@_rW**L)U5}
z5CFAyXRQWxI53wVJ|J&b<`Osggv5+^+6iZWk#+;$Ps#)L{)jFmzXbnz^w!`E_tu=9
z8nqyBWsnI<8ntIzbE6f(F>*@gu1|0j+4knnl9Hf^jRl8$1O9VhnS%)-FQ0)5_4B47
zLrb^2^yQr#pGcqpXB~{$C+46V6khe9xK9c~F|xr4=a6$BDmDYWj7jc2B~)^r9XYP%
z3(N~?Hy@0H^`JIk(sa?|v#y}nHOMJ-nK!M5riQ8%f<mzpIBtox_fOEH&##l@5&IQ%
zny;AF8<LLutSS3wjfZXk+pA^Pi8_yhZtQW|@cSs+KSrjDg)1x>W6PPjO~v5Fq_}2X
zOmW#!i{%&PVez$}jMDmj9C>S>R>_WN9Lh^Ud!s~BiarOBh99B78mveee-8Qkv@r>=
zDg~N}behkY)<^r1xS<vw4Ytq?#m*a@#zG@g7|t?lcC?g-Ib#a5x%$<C@G5x5yXPJ+
zxJ|t*4IGtTmGO_oC-PA&CluUMhmD^Ki2T$$YEobwH~6UR?6_0fD)`cQ;I*#bpdiU3
zN)^y)4oMS+%_G&RIj-dP*J`Iml~pTr*9QEiHQL($yW)^#?eMFzZyH5@IgzLq&Z*%>
ztY|vi(EHi*HRblE5au&ZQ>-j4HNZl^!9krAj$cb)crcBTUQ<7GZFy_SSe21A8PG{O
zu4BVbcg}t@_>u3?-K7`LQ!t_3ZmdbnMSA)<e0-MV#@tD33P-pq;x!Z+o|GH0%ovy@
zsrqA*26HqkIzog89xF9Z$`*9H9w!kc7Pja#^Q2b>{21fK*I;tLP5GEeQSni$6xM#i
z7@^RmZ~GKVpHHQA-&kZePg{+f#h$>zYSsA+HQL^;smyDp+qvp6BG=+U<H+7{5e|A|
zTTFvbj|6mlgLHpRU%Ji15@>xU+K6MOsZ_`iR-<K2MT2WD?-T&zKr_s=HjDJohkTSJ
zS`6)ANI+NQo%;klbQx?r|Nh4(?g?(KG^=c~*`5+7C>ky2NoNAj429{t<Q3V%SUB2q
zPMTM@wfc%xg2@16eu>~M2AU7%P*c}<h0<EdrrUkfR088jHA$r<gUp1$&bKov=tHB=
zX^vHF^ooJj-$O0}emG6qb`Js$X$hwh3uehuk#J3G5BA6t<)anrQ%<8k<wpI2BxAgU
z!@=Pm-~@m!n<Nxt5B?=DII#znGRxk!uSOmBMeB_`9hs`D2eBPU{E#?r2e@Ma*@=uy
z)>d`2NFMaP2RFoj#{mLYg~QNOuThd$d0X*EK+_k50tNz_!rU8#CzP*$BW3iw*Dpdc
z#<}%}Wtwcw45T*ma&uK`PqB2lPiXXa_w?i&93}apMM&?Z3Y8yjxXrvS`E^Xn2eXot
zS1%tvb?<c?;|8XC7P*$W!9?<~5g6G|>EwDH&No5#G)E?^IVXun36BCCS5$a@<<21z
z3t~)t_5o**wH}$^m8rs@0RLFQdFU#Uc5w3q7t(ux&|PFBXK57S^PF$X&;chW;kw{0
z@@N|1d!>+WZ&es_f^c>x)i<%;iumP(p#(yB13~ip3+E|znQV(52nb(!W`mlg?2Eu3
zx{u`;X8{=(Y5e*men<vO?A1rOJ_rU;5Xd8a|J|3*Hl<`OHu=7V_gkdnpN2}g52A<3
z+wqGF_&2#_ElvQ2O0Lh{Sc^Y&Et0r#Zk1sXMG5Pzt{fYXmJVwE3NjPp7gwAa&6mUS
z40Lj{4Q;v1rQO`I(T_^PG}nKHVQAp#rvl<wjlGB9c`<7$oLKazWVz?e6zKF$0ko(`
zIDIcLy>$Lng?4^Z$O08|B3bBJy;xP}-5c2ZF^`wJ3?rV_V$#WcD!gi_<2!Gh`^{F-
zj2r#P0@}U8ebLq=xPlkIma#lddyIsha8h3woZnoVl~~3|sk2`Sb+A1h8{nSYSLdT{
z6cKhZlGRw>mt%?ar1VmW^ks_Mnbb{$PcyTgr7@-R14%FO0<STX?Tu1UOcTeIGatY8
zaB^``$B+t0>8`LUbF%sra~XJE*5SgR^H+U@EBI){g!({$0tT6ILLGj3?dZ-`96>xs
zAJ6h!#5Jk=znwl;5m=OeTUUTizC4{CKl~h9%b3Z>-R+}gB$rdHsH<zCz!1=Ik$#5e
zNR$Kt1~Um3+4Xy)d&WO|zxuM77rJg4;|1W-==sDF&nRv@j8R`<)80!8UsPQyAD-+y
z!-5bCv5f~GCJT?fyS7B~dpdzVbsAC%ru93q=1i;QP~*sXe;>(E$%02wTx{L*cwC4^
zsFZGhw)B`TC8bn&l+=~k^D=6F1^|fE7(}y@9ztCrY!^rhz#u1l$`@QKR<x7ui1O><
zXCdC;u{IsimxKZip@<H~kPMII89lF|I<OMyH^OUruT&CNYC=5DZy>FHUG)qJp}KPU
z`pp@z&S?xP=9=pUmuZlYuU^9v3V@mjpyNb0D}K<NTdDvo4=|?IAq4U`A_^SyjTN#(
zV!Ml)@DI@76bCAT2_jAe8J=Gy@uTDo6#|<xwHL$DISnD+xanclRX`;PcdF0I${@gk
zb@ekOUId}O3#DiRUa{@z=<3oA=}XvD#&XN+BR0j>#MQyBw#BfakMTSt4uzd28=hNV
z1UsQ^iGGca<TM50MLfC&0Ms+0gWR>BDR){)Kc5B&%ZRv)Pm}Es)lQQEQM!jwge^mM
z^g875H54H<9X*`5!%{u`2=F~m^Zn_vHdF&aYOLO04b~-B{y5@Y#dtMs>o=p#Abm(L
z4`B3JIZ+ZG9$tkWsukZN8<>cXg0~j#$!nl18SZJs4dTkia({)BUjXv=K;kMOGZB@J
z%Kw8vY2fu7e{bM53s44~B$ScDg1{zIu2@(GfE4LCeMXNAMU+2&bnQ9~A=`xU%WBW%
z!2CF-n`ch6wYdT#0pog|bIT?%qB#U<cQJA7h?GHv>ukIiABpp60*bu$^DhB&;3L=5
z=*u?0J;M=i9An8}XHF#S>zi$p_^s~`p9_Xw5nnbrFP=l#Kmc*WD~eH7*IyyF9{5KM
zUp(dm2yDj<yf*W~73LX>qMMhrV_+Oph6Lp`K=BH?VrRCb<uX&t?_(4~hhGQl9CQIK
zcldJ`PTvCH=nn(DsRM2$GJZoXNh#)Rr^3giBUA)IMs0d^fbZ5aM3+r|gLi-czA!$(
z{p|XyfbGA3#~0u{Q9jQL3a3~u#=KvpaKq_!JqeN%FcY%JLV<j2en>-KXk;$EQqN;g
zOD=a^{loblpY`RMOs=<vlL{C^qozM`HqCk=LTKXv83@&h<#t#*J4PH%dvxtQcO}Ru
zxD4EwKQ$PMwR$@mH*z&iGzdo5e(>BFb~tZn_JgXO7OGP&7C<(Yw#X&s(W7<pk721?
zo!RS;u8)eoM(C!u%n?(?tdlrDmTN_X^PTKyvl|3C-?j*#s*2^yW2{yMMws(_Hmuw~
znZ;@N91+?OsbGdZ#;6$dGF0pHD(C$H6Kk5xc6?fOVVImI#><R#maBi1{O1`D0+e>`
z@6EQOddRi4h~9QG5eE1>2Z*FVxo7;siw!1+Gs`&5V>l7b>OLi0S4wO~a}9W5OIMdv
zN}KqpTaG#p*_F+~&o$M|n`O+lA0v<*AK-elxF`<O6Bvi!69K>k@}Wm~#AAvWS>0y7
z$qp8Z`hcAF(S2A+Ikj}K?)ACRFX*c4IN@*W_vT*$a*=KSRg$kn)Is+40~0?D86a^j
z$h7b!Mk~NO`*?Hi_6#@74tLdP4TranqWY#{U`w}`LxZIA7)QGj<9;+BOBZ)wT@<r+
zLoQ6EMEL2l92F({g#7#hP^-Wm@&PGY)`HB(p-<89h1B?RmsozSlHdkzzNH6!`(YBR
zkIB_ulfiQl=Arp!m}1U5%O?Ic7e;q7;vHfX`0kvQ0a*qsu@vO$gT^DtX9D8jTZBZ7
z>F#4c+Y&<mVM6JX<0JYNKKX41aO|LQeNnYo)!3+!fS;OcHC-z_^o-~iaqVZ&Lj{yJ
zgL6nVwh*moOy>NF;d_ExW4l{KtVh>k*egMLwo-*wB_bF=QNpgtKUCWKqQjdd1yfCt
zqn?XC8Iss$e5wg4#dKMI?&mC#W1^2hebG*2>Bom7w|zH&2>BSX28!-rC5ic{H{^ZF
zHE4^<4Pu>-R&&#UK?DhrGk@VU8GbRE;S_%H+^ZW~d&x4JOl;oZU88sXEgbDcXms6d
zaKQZ)ZnYyji{P=ea8SR|sKiKnjZHniE+1F!v_#XhXtHtzdd+WpUEhQBl{k$8ObCFE
zHOj}T6k`=&KGgnV%4_TEna}nj%mKP|*j*3`Wl-E8AfsxWxs;r9g`kYkdDi53Z%wBJ
zddd~XX+10y3948y6aL6E0R}oMo7AvY!yK$h=tejCtNI8zHKY4b#^ln;Bc~;{;&jZF
zO2R>upQ|bR;#u|j=X(zx7niBR^#u5{l0_`C=*=uGthfoLD=3D#)6Q1B9&F?{^K|B0
z{2fq$S32A|aBdU9xBEQS5SBi-$yM-Y-uvFVG}QC6APrWbJRG0?iIa`C5jRkoe+tXU
zPuV$2ov3iFL|dHCXVs@{ZRV+08j16vtw0+@jM0$>UTBa)san1~n>=FXaL0S(muYgE
zx^GT$cgn&H#5h?h={y0WuE{`mgq7@(EnzD6G}+sEK$$CbnMBP!A>@>DFY_gaBIhHh
z{V}xi<z@8PwCCgU$&>-zpJwEZuxD8<7xG382EBQ{h-|G;-^-PsNb#%O;3&QrP<iQ(
zy0nLaYyM(YjRM!5aM_yiPmNzbAOMqm?&zAC#-SJj7HIisFc%Q`h>Hkt$u8Z7uxz3q
zXYhTbK@vE7F3nwmdeszo&r9T=oMk(M8>fd%sxxUKxI4?y6nE$eshW9H!UfVt!P~#D
z3t<6l=>pGzaBvW%^8dsaN1!}=4nFyS3#jkmJXT69SpNLtm2^}wz$Ty!rmw9Ph^Ogk
z=n#iu<~TmK*ll86HramsV!8cHT$QMXSRumsiJGe-V100?cqZvZ9UBG5rTAjnEOWv{
zJC{M3*IJ?1k?ox1+RrU)l_;Qj+~>92i>2`cyAQk*nEMEdsGsE4*re~xjxzyNLU!CI
zP{S!IDFM^Q)2#H@YPQe;Zv&Ha?=2e}n+%z$E}aSq%z73hKIJaJB#fSOzhG*Ku#%PL
z_Y>RSErV&wceo|g(=k-}rPnDERU&2u$m6>dG(aTZO=AF30rH~TYDfeGv#UlxfFM8(
zWJ@5L08OZN{2&OB1z2uwX+;yDj2ZwdL{}NGw-5XwK*a7VcKEniC*u5Jk1!nZ5+K$Q
zRGt5oVj}UXK)&`*8f#lO^4)0XANlz|wr(Om5E%HK35*!&VFrUWL@`;ydy<~@w>S1S
zM3gDqf*j`AikIL`Z0V8^tFT(){m+@`=oq-DB7Zc6FvuD4ls_BOm)SCs!TMm)RrkRF
zPp4?-H(Q3;9Tphjd+h49uXn<vvP@*uV9N$Eww7d~(iYU2r#P%wLO@CRrzWUjVT_i!
zhxd!j*%`iQpq7SJdAr4$B6>NHfS&(5;0ED6^Sr<g?pEW3#4K#fxZV^n9gVK{9r-Ci
z)!PXEwmuWmg*NgU)gBtC!YMk`UhPbE{DG%*hu}thT6JG9FqxY^I>jt;$1QonzZ(gR
zU&?6`^K3+`)E#y-<A|SiRoi!ocfiacO-Qly^*~t`1bT0W7e-imU;CLjH!s{$gd|IG
z7iTerNy&6P-}k3N0<KoH#&Ywt|1f>BpP;bpMQzCIZq(&q;P0^SLTOAUJ$rw1uXfSa
zQvPn+^>=<I_#!N>c8#N}0Gj@;VM<(bpf&-RxVAvxgMcWv1wIH{255=xsGR+eZnRw+
zD8dQ?GHl;fiLC50c2$YC|L1?GW=8yg;2hhvW!j<PZAF9ciuZr#=l@^ZCE}aS^9-^t
z&gauM&~&CDRyPw7!z5s^=;YS94fYty5t6)71QgG7jm|q*X1aCF?p*~{3N(g`)j4IR
zaQz8dQ&khAGcO5)x{7&ME07kVyas%|v3UtyaUJNi8?d+I^5OE~yG&Z*({Cw~YxJ!>
z9)*k2^jC0dDRgDN<5`Z#DaMKc--nMpR>CRMpBScwr7uH`s3U02k}QPMeJwBTeN{xc
zbg7Mm6!!nL(Gp1m2(?=Kx2>NKh8&F5dihWK$X16Nn)_cxB<Luew;z(Wph=z-ZeIuV
z!0nS4tiW_K^TkoJhK~A2vY8?@KTOX2kfN&Ni;K$U)4Ah&jaUWSdea7gjWRSn$ofP5
zld2FB(KpnFeJ=~i@~r%DN~lWAY03-P<XcA{xF}FNeK6!UWq!zpa-=8_YedU&ox%xy
zzf;~F(zQ69W?Ur;IqX4DtKJHkdp(x^&RW?!BK}u?pCIA48mqDEQ^Ij$+aX}<B+(@J
zrj|dN0kyDQankKG=sJn;*_}N5A3pr{?aBZ6lqK9dU|SjdNq2|v;NX8=Wea5F@}4Ag
zg7(P@|FehW1{Xnxg3wGzj3!D4zsk+FWtq9Kxo>lEQYF?F-{AoVS1VPu8Mm}WTePm<
zjwuo$$X2CO8OGa!Vy(nY;AeOfWC@qA69OSmnzY+W2hb?DN}En1TLhDjME@n?M|g1C
zm$&Pwyx5y05rooGs8*iio6g?5xDM;s{_wtd#&;lXu50HGj!G{f2%M*9_Ux(^65`pG
z8sP(Uxs+Sud#6ayU`-33iW*VlYlL<HjlM9g2X8u&YO1~gveiLC@Q%k?Eo@ar<YrA!
z_qO1wAM-`FhXaV~7T68G-;&6Q8hJ~l8TeTev^_UNo!*orleK6FwVy(BnDZHqwt6ZM
zEYr{zw6`YhpG?iFt{uJR1Ym)>Z-R%>G%ai2Jkf)pLek?caAKkp8iE5CgXy0vZK(@V
zC=I_RLz`Q{rX})ww;w`lU8K@zN!Qo1+EkepXbYRMYEiOFkAX=gFx*MBTiSV9Lo~RX
zkQuPYr&-3sJ_xZ1wMewX!7S#tT^O>ENEU}Emv>?r=>exL+AjKO?KjHA_vO|CeD1A^
z?AO;q^JEL*doR1sJc;;+_6UgnxBLv?-=v+s#Eu@|iKaWgTfRX%hZI2NK<1w?l(pj*
zLc|aEAcuedu$A=vbsYK^x8h#~ydVRw=yo&zp?7|w%4x?CiMWCY%3xqJW%%0-zmVP<
zXQR-|yE3SM2ZJ2MG}2A}b6^tE!bMZ7qh;^Tlx7Ve9GmBXR#s}gYXXoih+wqvqi5Kj
zFd@bY=Nz(8!C%v8WhuEDg39x|r{0snHW-Ufc@@TC_5#q?9@2!Sp!VFoWuN7IDrqu>
zovLQy>wnt(h<FldLHf2G(A?Lb$cJpKPlD6#0lb=*=6C?Sj>(R*-MTsY5BZ|H)OuS}
zc6)$%v;F`S&CID9lXtyup?HCArOVf+t>fMt-El)BJ}<$??7!@JL;_Tk*+Z4<E7pGD
zYbUFyu*YR3_@sx@Hw2fsna!q+7-uB~2}G!RG}5J$p&@xkT4(!H$R>kT(ogS$y)X4H
zPJM2Iut&B*%O@g&@IcLig>(6G<sURZaO^`4TvUb)rXoOVG-xQNTF$`nBDa@IleFgM
z*@TV|zJj$Z>&clm_`oM7xLer6eZP2$Dv{Qv>h1DN80x%Tx=AjXe2r~!3X?)s$K9gb
zH6B&9aU#pGO)G|vTM<}avCuPr+xOMw+sUGT-O&*uewRHeIsYv`0~EchRh4#QXU1#i
z$lmrr+&cdMtBL4;Jph1sRphf4u@O`<cGx?MhbZLwKeFZR0=Bem>=_qq_9j3O8_3gB
z1zk))P+=D6NDapv0z=Z!wR3XYD&Iu-(8*CLVJqCgL?_1VfBN)Ry^WB|8`4Uj1>SsH
zqQAt5dtBNg^BqCw`_0$jXfR>zSumhddWl}ualD|&=y{$y(%zD*+ulc7vw}3I>;$r|
zt{_EiV+_8S2e9-aqsxtbi}AY!F+mkZ$Y-gaz0={3b5<;|H_hCsZ33{dE^))u`h9l=
zxT!*VpSVazG4%G<L3Lc*AB3%bEb)86t=Q$xJ1#%O=;CzX!m%-Uw*|Bul+F$Ae<nIy
zp9Ym%t1AU$txO_E`Qi<#ia%(ik7OFC`l1JNc}N9V`4VM%*_H&o<)F21<6>)Ik`vWi
z@+%kC*1ky|BDj=(4F_&PUGGMc?+a8Yl$uVyZBc_L$>o=RysP|P6ZB`;b^szc-t|^Q
zD%X>`1bL6g(WXm#|9|YgbwJeH)&@NGcszn52r8w6grtH<gQ9>464EW*okJR+0s;ck
zB}#~NODo+VNDL`CG%~=@@a-8u;k@_0=iYPA{l52)@6UmmU+lft+H0@%tmlbymNO>V
zxH#xm?je1@nrTm-2s@&hLY^%XtXUdTHt?^lr##mg%Z!tpj_IMsl6yzTXmRR9>im7S
ztxW+jyDCAr8N&l|A(H*kjPm!g8W_ab+5L8y!0G&xx=O7s*^OG_=k{d6G*Ap_$Y)j@
zi2DG08<}n8d4_i<V-7MfFLR-xE&E69-;JjK-S1-~*qMQnKrHE8yBF$bE9U>1{rW(H
z3T)8>4(kurNvyseL#dJd)F<7GI{?+UpEN!hsDHJ2h`jr$^YJ%%Ky9mCcHZCjw0U<<
zOp?2-a)IuZA@agaVrs0jU|9(NJb;DLm8HtP1ya#F3P3x_g<pz5xS?)`lQIRezXTlL
z1b`WQmrIVVlb9%giaH-{5<FJd?vKa1&91JN9AqLZX0!06+rjp5r3;oiKd@1R=tYQi
zZ&+KF;3xf{U`Hc|{my2GzjnRK!;S})#9zGOjVe*C^*Nqk%olJ!P*U2nh4ETKUIq26
zVeYA{_6DHq87CV|QJMSJk)=GY(OY}^x2CPi=eqeEauyD@53I&N|7!cg1(*Hn<G%YS
zs-8)o{B)l&E>u=L%2~G&eu#cprJo>)^MpU>5vK|>4&-4w9ULi^S-vQsm0KbmJ*26T
ztAS}<nTS(P2_=oN?tZXC2fM>oi9H&_3x%+R!8`Cspfsk%zwJQ9eUTJqXdoIluSf8p
zM5#f+GOn|~&bHSM#?=!aV60QunjBpbp~#BtovurcF#FUD7h6^-hIX&)cbnk!F}q2s
zah*C>jAteh3Ixid9MmZrs;dSbvGpit)>d6=uCR6oDXh#2V{(q4^t-s}T7@^zn`{f}
zt97fxbcuf$`uOYiK0kST;Ra_NrqvJtHpLv0o$h397YxU1d9|ccb7c<xA>?b32`e@T
z@5?)v=9x$>?=ZvIW4<SCZXwT3vi>l)#|a<F6&ND={u+s+WMK<0Zyt2Ur7n=<U|{$G
z8mjwW-T6WD{!bR{y?#&J#DiURxxWW+7x+xnsVF)2?WyYEtnC+7F4i{x`3d@84cia6
z0YC}0qm8&@O1moR|Kmp3EFczpcTgR5&sXf%E&S2@Qzc~Y)v)>PJx1JLs)e`!XCJZT
zU;O-FhYc^7FA7JITao0qM}myIJ&=Z3x<~?IgI7YMH@Zv+FPnog#Fh_1QXz_H5VP@_
zj|_;K1NPkBb9g|BXWzg3i8bC&2*D1Y__?M0rwTv2r|Tb963NcP72Ht^4HH&hK`w#q
zg849z4pw9S=9vz?on@6TqUNH=;zJx$D8BTYj@SN84CJ*)Lf>y^6ArMIg;5YB=NmDk
z9_t>}>V#GY`<_c!XdR(@Af9+JF=c0c31H+uIv>W_K2EM+CqZCt!&VnfncP2<q83MQ
zMmkpt?W;xu{g3IRbyt@=`u||rid*1FE|wZfYn%zixAeXibin-nRfQky`nnEMb(1L$
zX&r<yS&}Nu3})Av8$-)_a-d#kl8qlGw%+({#&9Cc7V)$188=O#3<A2$`^Vtl-I)LE
z`&dDr7hVGnixo%yXM%e!ufG&$msgIN{a;LR7wsen_6v&Q+$!Myab1|)OWW(}eA4{G
z)Bh6<z`tjMkKx0q`#o8I1Zc;01b%TBR%I@0iID>g_4756ah&<GKQ+;C|1Ab=YNi|+
z&`6WUwy$et@0^vm9eH|h9Q4Wmn_SP1$$!|DNPZ^kNYk0G&#po@_an@d)hI|bqH)1}
zRQ0>&wrOkoNFSEyt)ec~5TCt7Dc9U#{}Kac#=l(A%`RRv%&Cr8LznZfzWA%EJy^64
zE<qO$;3BBR|3t9|3o`(ZM&X2>3|!v&&Y93uY5p%t_uxzkB*n+EDxr5_1*c5%Jno9F
zCwE~Woj{kvIN&5u2^u2O7CkTwF6Uy}G<3?5qm{W6$0|1oV-R%AXME=FlQz8qCjhwv
zbDO0O$b0%CkvICV%Ai))n^OT$JU81B)*aXeOJvuON1IQ?O6hls=_acm+0$gf&Da6u
zp1)@S{-HSfzwNvOX2q@=OQdaq`IwHdJ&NVsz3cx*UK}9u00GQ?xjoz<fyBW-6X?P{
z{(q~4^+$i|ISX_*O`P>^(CJ#uNb0ylcNDv5DY#LktXMGGi-U32pX={n4F((>%^A{%
zNU^-6D9Yb>_h+a>zQVD>dUou#K!__Yr>7&;02GD$QapnJYwePIO#YQn^;RoPde6ym
z!4S2Hh<=?t-eg>q5i4j<wZ2|$wN=iqvXvA~nxZZI=|ZVd1iOlo7Q#3%seLg>q3udo
z3VSiMuO?~sa-U(@$!S2a+EhP$eCJi%r_*G1a^1g3<#)(k%(d><tGN+$4p!AM7k|`?
z3hO`1Z$$gBIaTsX<U_Yn(H!|D>L>_EQ@;n$=)Ht_rC2YUcv@}kl)E@XSS@S)75RcI
z4{mJ3lV>kS*3zVl!a6WI>HD|cN-@G1?`tH6juUj!mOu!zUr@m@xt8WFag5?ar@Mm(
zJSNckg{N2e&bRw|=PvrkgzJNz_u{xIF**T6vUU=j)=1(rGR59FdiG+b_kkL=Zaj2G
zhhJI7ARv(4q%De-{>`a{kM&QP$t;{x6-sXCp)DQ)UQJtkox%3V&-Sn&da<R+M?gB{
zS5j!)6vh&@-=X|*>HMdk|DhJ&URY`|T*XzOWn@(Ue=?k27<;h3{<Y=U1`+oTU(DXN
zoo_qwQ(iDRIl0RYPk$H625Q>>fY1pSRqi9@{!5=jmarDZi^Y4g{A94fJ`v0ccO)08
zOlD?~lkX~bV<-c{SsRN5=Og#e^vhx>`*Gwj=qGye?wSg&Bd0Ov&cyHtEl}aKT#g7t
z4jbM+uq;)tmL-424A_40YyoW>S7kiUaO|RLK>>-~tHoN)g&nCDk;Ifo0)V;wBQ~j%
z?K5BUVG-gTPC4}93x2Yw)Ugs7WRWdfRysrH;6ucv1rButNQ*NX{}g1yz5z~9b9-$*
z3oB!j2W`|M5rIcV*tE7<c1U#A%9GcB!RhbRi$2!O8ymCn(?KMS7P1XTS#d2@x60Fd
znU@9D2>mfx26KcF1y|R3S!veYP4Z31&h8My3o544D<enWO`5%#C}i<w@dRmo8;L0I
z^~wyu&TJZcbJvC8wD)#*@<Q{@t_#uz;taaHsD1;+>Nj!)VXrE?dB3SqCMSoAvoW>V
zWS%x^%AZwmWGd5c?P=2;dGY;#D;!sY#Xpg)Xp2gP;bqYyR+9jHGdK7`p}?joy_U~I
zbvFW^oM^Z;@y!eF`{!%i9u|LE&ylH^G$bwBI6PH4C<v(>q!@sCeI>XrkXtjaG9;It
zh$}_cXJ}TtEaPL62mZ}dZ5i-h>F`;t{V9>J#qb70hT>OxT*i%!94L5nUrRA2C|9)r
z9m~s6-}v%${b+7`YehrV$($R98p}2srhM6Q!>rJvR%7jpwDD|N?z-p&EVb+}BLGWI
z9MNiRmD<qWUl19y-|qp<fLB)qP~xU+XY@?>|K>J~OWM`WUhcpW`*$<<AWFz+6Q)pK
zp>8{f#sR0_9a+y86fXLIh@<~c09}eecMndJcOOd}ZmZjE{{2Y^wNI}G=O_M=94{_-
z_|FTUvrWBK`g&U5`MNsypD5og;d1q_gerjm_s8V#yf27y@z074XEjTkOn(Y^zN<xp
zd-}UlZaoXnrYAt8z97}551Sp9!FTE9B_bDm8H(j<#l6D+l&iu0_8<riEcamKv}$);
zzEkA%T7;@TxgK+9p!|zfuJSld0=?*G?cl(1t;fk(<GM1UOsat#JvwngoUeV2S4K{O
zj9R$4<0>An3!$C7V_)e;?2OI+wKv}{?Aow}HqhRhu8o$@)atxYdM;dEHS9KGoFgf}
zKC7x*9_INW%%0GST0BoyEr(wFMYwg;aIL<bevky8r|RVajnQFCbvp9;rR7~ooL@d-
z`XW{`YbWJMFQL8@u2iRLovl;b^iPpXiCaXgp|dlK7)pzYH1fq+0(|^a6@ln4(2MzW
zV);`*Q_2`^Ev>t}as=q@!1dql`b1KG;SjZZ0mOq5hgr4W)rs)3o+i}jlR^i!QRV)a
zl(0dQV<g>bWqkd`a(>XgcniG_3i~_l8RxE_i+MnyEIyXuIKvoShd%C^K1(|rq8e(m
z^D{ZOS%E?dDf`MNtqCfW6=FMBRDfBkkag2KCriu)SWvTrr~?P0Jk5usB5K3U$`ZwU
z?~H08<Dik5H%L0<EHM^RZXv(GJb#No4Yu+uI3+mF{SF%Hd?5YyXKS5H-L2u^=JjWu
z1%&49Q$`8F#KghAtdV=HZ+jLA8us!53<v0F|DQZ={DR>W=ji^y+hMZ?|4{wvzw1pL
z6x?<a3MH}le~2e-MJNs&LkTrzeo4~oy0S_C!PX{yZGaPfL<EF<n}Pw7by^N*^X4vX
z3@Yjh5!oh1`!9U(lx<TACH@o18Qh5sD;VRt#xEiJFX_zeL#TTG$_WN0F!OH&xPH(U
zb^};67G!1VhFbd7vJD|~J_9Jo395#qwmtDWu$cqEjvc=+txHXFFL7#quAU3+wRMp%
z-9<@^WlotU!#)QNKa1(mta=y0!(kMslT+9oOBFUqV^|Ggwu5>H^YYbjF`?d5wp%tY
z*L~gVzgummSg;`1v_R$a4<oftR|cD8_)kOnKl}av4{~$<LzeQ-oYDXMe-W06m9bHl
z=qAuf*mqpJd!YQb6Y_J6lPYz|`6QKg0~P8WN){Z%?G>TM*5o6T;(Xdz=##5Ez<Vq%
zRRKoMcN5Ty%e@#)!Xj^qe{R$uR1Fian}Y!@%WSw9c^dQYDE9io+6i~w!hCPWEJOiC
z;faLuI$mEgnIfgU9?jLsmWYRI{*LpOWz=3sWITPEl-u~JeN||DKEzU;qw9|dX%v(5
z`iML|@@vhT8J(wz4$@tW0t=s#KQL5!CJgbJ<;N!$Yewrvf+NW&SM8b&5MPPRR%TVi
zAWa%YbEzw-$HeU#(RH=#d)l-(Z?-a!x8=I89{0CM#$b^&lUqHBc3bEP_EL)>vgXyg
zw&3llEMb6>t>F+1c_qT+sGjo)BUdu%L!x&d79>9rQE#Ig!7GoiRO0X%-hh$wQB29C
z-#4=VqF@Ym`-$)|AlB%YaAYi7G{}fY-dDrx?N#W0b4)HvkER<fAJ_+&!L1Q}oZ+gR
z%W1-dmmP4T79eCW=Zcqdqy9J&+0kv9C4Cjh>YC1uybU#Ow&b^M#ttZ(FU^cCNC*Ub
zItSI8K;uOlw7?_cdP+e<1P9rm=j)T#_pP=A5-?crnXsSU6rAA?$j0EF9nUjedB2lB
zAT@(~M%psd{pBC=YAhF#nwp9VUz4@wa}<c$e!b5uVB<d0XR(ek*^jyTOC70yt<e==
zAwk#KaNr>NH!e+kQ+M@m$E|VVI=H4aK>P`)e8_PHctsUHm*J|@>tlzowC}it@;)62
z@aDhNSFkI$t9egT13PTfK;8J3{2o^Dcr<n^G)T=%pZWErD`<EGD4)IRMM^8_C<B$-
zv!XYTSGMsst;n4~0(q9tM|SQCG&K@Fw|)bf&J6M&BCXl{d>t9`!^$7TLGd${OMhK2
zR#{L#7@%<?sD=Yf*-Fz@)u?;5EM?`A_}5(8yx~W`?;v7dH=P><-4=~#mcf`S>s4m7
zJt+}{Bt6Y5&u7mTqF26-`fCS_h#gO|rAH0Lan?EwhAF!_a+&rSp8hErbL-OIB(?&&
zy~+g@ib<5;yvqtytR@WaYF4``rUx`%JZOt7`G@GnDhjJiCq4S)Zn78JMBilH6PP*t
zWTP6(?B}%FOzdJk*zCL6b01;fWFHXtB|9NKtFx!VMSxgCXM45{sAO>wc(o|fkfCTB
z0a6t!dV{0zhcxE9nx@?2YF-_Z1|$kUqSvVF1q^*P^yHKWtY^z-)1Z}P$^nm?T)zns
zY508%^m3{kZ2d;xF|fc^c4=3J2f0jwO-L4Os7GI?k}sO<2=ApU78_5_uYYcOIR3Q!
zl}Bp<Pfe3_9CJk@qA72z=PAcIexNT~B%SmPpY2%vaA)^{u#4+&lukK%*rNzK9F+{E
zKUD~<e@BxC8z%gcNde2Z1*8-pU-mk|G2o=Jqp*T?3+n)z{Of0XO_sP$^D-B_J?S8v
z$$-=Or$6c$f$mvp&~Xmk!(ji7edvE?^;fL1-I#hnNePf50Vb91fe&7ZpvXVFl+%t6
zTGs&~4yF;(a(lP4j=t>5-Tn>Kl->(Hz$CQ@8p?l?quun4vj4u<`ENZtYUi?y!IDFe
z9C<6f+lejXM&Y_K-?|zcZLjeIkO3)PJ%{BB*5h9qNh{$lO1H-H=wl$`csu(i;7O|*
zTVs|NcUjGskZ*M}u)sDLHvg`^0(!wKOGF@CJC5>omDe=`AHb%Qf8+e1(*#l?QcV$e
zaQW3>39=^G23t-$uB*QHy{`E+ls7x;uC~js<WcYI<1E>2Go^Dw);HjkBLm$pkDc)H
zEt>DJS$}@$CHanv0VgM6KqBWAr$@h;(RqPs=2h6ecfdzz^G_t>Rjc(4fM|qo<!WeI
zeY3V+HdewrhD99aKxWs8?Q9(Bzut0rXFT`Op1Dq2_>(L3-Fs(lU^*SQ*|5j7CSG6|
zT<onL6d+pUb#1^Fu-F?BiUUzQ1n7@6b6xgv?txSQ20?(`e;tn_p{p;?I<aw5z)FKT
zkzHCqjTqD5Vq1DqzQI&*oXt|6T6PIP<;$HpE^IS?xqL7{Z2xRlmfdZX&v;1gNNRPG
z(K}}7HkZgHYJ{GW;dIqhY;Y?Tn`$6nnW5Js#_OX(QV)xM?3|H%VM8<An_#ORrs6hC
zqgAC^YN=9aX>lJUMV#mtE?7m)I?Fw;-(XLAve&FE5nT|pF}PMex{TG)4NVB@pxCbb
z;(5(0WijJZO>pIF=dgZz#x(=9D6*L{XxV2WaG}eR;J%P@qkjgAm0|O2MQjvrP?5mI
zY#ooSXtwTZ*V>qcjn0B13&q<NLQaYazA->90cbaJ0TB#NFzoV~nr(~4`xsP`-|9m2
z>~?BKu}%c94M8=J?QFIjbJhd<TCwhz2xD0@DjIrjjo@Xun}JkK(ulhOI>X$=Qz0f<
zMvj%CpGdl|Huv&oJFD<67)MA*ZT{vM1{%%)5k>m$jgSDz100-EsZdB~I4cI-^Tn&>
zRbpIrMC*ybJFkQluvcw62_TdXoknh>(@D@I`kt#yRt25h%iJoIM|Y&JF1^lm^)df<
z^h=`4n|F22fG4Tn?)WsuqM&9u@yvOX6d)Auh9IqS1q#si5julZX&JIX9D&peNgOjH
zU)++cO$Rvxh_p+3c_Rv4wiF@|nduydvYr~W)Fqgvm6x&|=fd$gU3zW1?dWED{9FLB
z8j(h&Ajh&HvLYBQ^HGssJxYxH;TT+{AeQ4qeg$XoNkRSQ+^(!wxf%G3kwe)u?Fs8$
zipaij&L<-41I{aRu%Cnh&jeTen&%i2FI>>jd=nhcg|3UEtxRWKm0L+IpJO;w;J&k}
zL0iq&@j15H1G*zW9KC-wKm#@d=XDG{N}S>cd$3Hx5y6m1kK!aFT{>cD+p})h??ugs
zmHcLg(zQA)KOxESOAfonr|jlI!fpz9hqi%LCTBz2)~>|4=&qDuaSF=E-k#d+c`t$z
zlnyv-FV>ae$bs&K5TTNqT`_@H39IwB-|l9dPD;6X#PS3+l{zg3Z_hoSy~KJV`br}T
za4!tHQ*8x&yG6XSbDaGEB>){x&g*$*jQGu4)1wJkE+1@L@<y*7UB=mM(zSVYzLnA~
zX&sG?g?1EwxKmjvkQ)imbIr6go#?Y;Uzw9SLWW~}J9F<7yy41a^p_J9Dxe^P<r7&D
zrH@3nA_Msm8?Dhz#ir4A)j!%tM+jVi+6aZqN{llN#F}8oiN$!OxA{wmqH9I?1TmZt
zF|ysD?f)b6)`5;L?D-ie;$)Xvo>w)WZT~5bj7yaOAld=6)|KB5w4Ll14FTIW=%B{f
z?$3n&`DbyH<3O(*_^*snll_r8U4fh%$j9i@gnNJKN?MP=2C2>(7RIZl(ml3?#|L_a
z2vEI0^-ggWK50RHOLI_gURwdZAWYZgMY88LxmN_a1N=p;X8pmI@m1euoFP%%vaGUJ
zc>l@c!}vp(k6j2?ppoSRwRfzWG!EaUoq|8z;7p<(&OT5;P^B;H{$OcJrKcFAmXReY
z^uE!XYW_x{q`ZtO`Vx|^FaH9~bc0}p(;%RW`~7~X9m|=%6r!6|czP7U21Xshj!ZZC
zYnJMH4}u+J+>mjft_1dqI>)Daa#+nZP#cV@RVDE}SZ5JUO+IGg5||kLT(v}mO{kLb
z(emW`LfN3_wn;<gfz`9A)GiFS4`jR8x9yj$BvgQej(RD&pMnSVEnn2t5ls(TM_gKs
z>&z(XjV-<EZbVpl<)gplvjp2J&p(uM8+$^a-Tsz=zGXV!Uc_{i^jnJ1a)uRF(IaGk
zwWaTfm3&sI>jvrxMP#bBa7b-=eTN38pg?Go)og)W6xS+SzlK4%N0U_$D&Rz1uL|}`
zswQPH8druVe=L~UO_z0G;WYeMIF0Mp1U?-Sri=b?u@EiapfZ2N$wnfQ-m3Blt4?_>
zZ+MaeoVM+pKUE;X8Hq-bvChMN@2~jQ8!{~OtZJRSao`Yn+12M-B0XY;(Tm1PwK3mc
z-lqsp-dQQ1Mc!5c!QZ(U+LxusVL7)DACQ`!&zLsiZK8ue8I`c0FpU6ODu(-3uQ^xQ
zR{hz3K`G?lPzTvLa$nt09u5-fMMZ}08(pBj8i%cfc!}Dz8$HR|6U@e*-~N#<2-ZBs
ztEc<fqCjgbR$^u+0^TnGvh&k@!m7AaHRaW^pN*6I6VVYq{}gh%s}hP0)Bh3w(x1h>
z2Wg$IiT7`tZ8dJv%n*nm5<6Tvqf1trTlSJd(8Z?)mvWvyB_1RhSgqi*Wi81?PSKPs
zJa^U|sYVV&d2hPhC2xrNSbbljt9$dtUJ2p}-@Ss7t@ZZbAHoevH)Tq<_zD}7XOBNp
zlG74x-4s-ILvqqoWHhvH44YF(?2_n!BHoc(j<da?8wp)kq|Z`eTqm#kWe>P?&#f(K
zpN((kyPm5Z91<2A%G&FmQd|cp@rz&h?nc2N`~zxI_K4Nq#9-IPYYmGi_bg&SPFJ~Q
zK&thT(!_u0iB6Or-+biUs~4g(qNArAl}krrrEKB4Px@k+JdCB{e6vnxZih473m!=u
zbCk0)QfmmF8>F;cW^S%rz2|v{YUJzv%DT|HwhYwp?%wzjnwOjFvQbt!?MqjFO*)F1
zcd0w66w$Y3kX*-=Xs_@_R7n8i&S2un61wPL*xMJHndINbH?g)_rHe2T4<s3RVQK3J
zIHl`|=?f#RpU<MF-8V#B#DF$S^e6rcdO0H*g-_x9`L8&lGS=008Mh$-Y^NP^;d~18
zfhFO|p+#XT!Cv#w#fLd+{=}^bb*ZFHnpwB=tK60%iP1;e8Lp$_a1t7QHm}x9{Dmjt
zs;2{oXmxe;5(sMUgm_oN==J0PSrCqb8`~HPL`9@LuRS<(_0;S8zvoNP6w73#EgsX6
z$J4Wb$tIqhqM4?z-5&X>O;Ps%truWN-^mO#m+Mihv;Ny`+W|$o(Sb=JOVR=FQ!SxO
zFLMq)b4aZq2N5Z?eyh_}a_!!8;M$66lD4DfMB%6F*r=1EYiylb6&;;K-~(Sq`oy`)
zCu2sf3QGf)^}?x{>!NiSLT4uVSUu`4)9F1#C;{Hk{SOT!P}_$@2u}~myiyFJ?EsP@
zYuZIGvQ+~ktgh1s8hwk<ZklaGAe=<<kKlAx7??XO<?3R&iw5#lja?#IIPZQ*rp;yW
zXuB8t!p>JAiyO-ugeB3(4$A*Kk{@q58Hom$`^jfs32~dH$p>w>SN7<x3M;!(1=nBq
zW+|C@qAO9Dsb_@3EbynKws>EUvwYkf{?P4o3GDV5#4G}N*X8c8sBNge=NZ;Ldih&c
z-OOc^>`hAx@4psO^qIy&moeT>1BLg)a{{D7oCr|^e7BN8f8}!IgQgW@ZbU<;e__w`
zHnM9;6SY!1y}k%4jEycegoD3h!BF)5pbse`2sF{8#M1N^uL$Mytjeu@?O67o>n$W4
zjEetaRsarJYz212O9{$zVPaBf)7EJNg6L-3EW{gcB&thZYNo92Rdhp%gfILq7+IX;
z4CF?_3|xgh*d$`ErMB$K8TwN*?zE1>%`We4N@8@2{ngH}1gI8Uv0Icbkw20TwDGs_
zx`uFCUsb2hkWE&%dg&Aq96{NU9MRX`7{4O(jUl<uY2!^pNVB0s%g~pRKzfuxRELX_
zzX(5T{PaSbIlmMEA6Le9w@DV|*i`V7oF1g7#M7)7nhmM`r|mXhdg8}qUO`?{%s0J5
z(7RgZ6$np`h*`I0j!xaLn*j-1h>j`>0|&Y81v6Iw73W*X(HpQI=`uo6wDbCGG8vWl
zjt$5yRA)l7%=#^pCfO%OxIgrHC`Or0B?mlUEoAZ4L2yX4@qSBFbe`B?uJlL0x8<j)
z{KgProm_WSM@uf3qOhxdrH-H}Yqm`@I-Z^wA07JRYx{JmOHU^1F3eDmp8rJ?xn~B&
zdKBL~%?K*ZJ60TyEVBmRoJ2mT+l(4ko?R7ww7gG4<MG&rI{(d1fKCUJ!f|zHozZhI
z$4E46hr67J#Y!pZ1^}fk-9YTrq{c>gYKZe(ol|&o730~3nNr(;$)sTsc~$@92wpa2
zkMIdhdj|LPQne+X(ko8649iu{G)2S)4~?sm|5ZN6_GV11Z>sM0@Z7gp%2|ipS*a?%
zleJw-%Zspc!wh~TL?~%a?@488@jiJ~t^mH*n#XMR$wIv4q;T4(4o-8m#&ycK270@4
zEQJrPx2eT%_~@592Mrh{35K}XF+XcafRgkEk|Al^3C-2W(%kB5ftpI4aR^hQ%+oCM
zAt0y`r^Od%+v7B?XK(ydh@?S=UvNi=#MOa@%wpP@#s$xa@1*W@DrWEbgcF@40}~3J
z+S^kC#2Z&7&U>0am)cQwfV^ye0>T;R2p46Wt<%Xsqmx@_KE+~y7*ka;aWgB)QX3)j
z@UwF}sjAx21$7oa-4|L@+NYBEljTT7qx|i!Mx$HmL@TEgqbK=#Y$#Ow&>0eQV30<Q
zXTFu_=*A%0?ABj;GV`<Qj&AsW>`muz7`@R;78YFhV6tS=vwf2Pb@4vY5lBUK8qgYf
zkDeHT-?*J#`pT*_$8ol9b4yh`PO7!9fI=Q|SQj-b8VEWGqPr#2PtlMiS>6Y3vYM1D
zB_bn`CPEKL;3!{KR&+_P6<ZsxTIMe?$yZ*#nj_phYFrs>mbdPYOxV;mq>#$huz1$*
z#1>?B+u_rO!P-NFrftCVr%JrGgw>2z-?){JJ#7g_68oexAoKGKWsAy|NZxnQndQD4
z7XoaU!nS$5H=i4_M{o4?xtKBGTYp#e$U4W`PpkMPma=5D9$0ZVm2PW!=y1@fnI<FR
z4vHj)`#Chxoee9iG}4^Swb2@OD6Qz3HQ%O&E>w(ek7gvv0Bf3VPe;^D?E5Rjq_m-E
z=~(Bxx}FQyhfCg=C`{*WytBD!A<-o^Bj4x3r&@^rOR)t~fr0?x3Nq4A|F2@pK!@a*
z#c=7#*|)6&1oFtpb>-3C;5v0PnxI0j<sXG(Wih+%?+nGirt5LbiB=$<;ts5;X)Jt|
zA`d#cFcf-HkOo61Vbvb_0C4K!WNjXU9<ATohQ#urCN@Yt)9Z1;L&@)A{Db-DBLk51
ztGc=YDg|P4@-r?CW$O||${n%FBC}1iEv9~aO=`)ha?Yk4NqHdt+1aST9iJOm#5;Sp
zxJkpb<3n0$;E|qj$nJNE5uLw@dwFcelITgaj?RiFt($Wc*6W0mRN4;Rdv2vWI@wP4
z0JP2@c%;o#i@1o^7fqQmXLXQm^IS=_`Id2$fJVUTG1`5;xS&eC@wd6Hx!7$jb<yDb
zBw7CFZ;-*3A6oW&dIinZGL*~G)JV_Sax8^BucJjB=%9&}MoKDLiWmsD=PHLOK0lrQ
z>!RJoM09EKDC)cizTEQ){w~R%abXtRZmJ{YRB8SjCkf5-@qw!|RfQOdVe785)^v?b
zA{3_#B}OfFBtd4S+yXF)oG1~Br+Yt!T%r@9b{^VVkG#jqD@!a6z6={n)+Q$+38A^!
z%Ht^+rL@M-lV~5)ORK076w_-ziMuD{5|crGt<3%5#5ct^J4}(!^9uqa*tA1yWh>NJ
zEeAZD9D(vj+sSJGq)t*j(0>R}HxLLfj#dT&8NZAT{SQHI;p37X5QxJ|Y%T`^X}N<-
zy+9t5<M1{R$Rdtu6asnsf>uDoaHoGOBnXi6bvJWEARhqLKHwk)H85pm<uuijPb?~G
z<V=iMac)-T6o%B~<log*T>wG78CGo@9|Cy|_GqBc4H6;@(cJ5RX5KfFX9Faf5jzUq
z*tAXQ_Ry5xbLJAD+KOr-Td#sZAfD;)yRd%1;<=PFumLhMSWRep@3L%`0lrmYz2?YO
zEFm!WQOK=1-~)#RLq@(Qm0sBDE9<0_D$C|pcfd%Os&KC2h~T5a%LC<HAkE=wHBmOO
z)ut|I>E@w<)lCSX9l3uQ0yzo(n~QC0^>%fd=MFrBmF5PVdReIEAFS>W2++@YCKzH}
z1;{zoHYxpa{4SrJ&usrB%4CH=);!^aAPEx7>filgvHFl6V3RO>n<4NbOc(}$Bc?R)
z0Bwn~$a*)(<0vp5$Gyx)d(k-BRDQghB9Br`uSk8m!H#Jy8T%~wsrvM?tea(Ihv&6W
ztWrl~;{!lT326}}jA;QX*q<!4ELQE~c<?wtA9(z+2dpXB^mg-I6*rTgLdI5L7S9UO
z-jH<zlhho+sdUx%S>q!UUit)F_BfT90gyvcTHQgs;bFQNy5diup{U+r64e*eqziDc
zs>Sp{9O0-__4L66p5{)YVa~I;9;yniO)d*RtfCb;OSJ*rH^jjMm^gf6r>C_#)p;gi
zJLw_$i7<v|t<__i8h*Dy?`Hxvkq&1&V9+cB>eRgz>Z4~yU!jyNa$0c|>aR=CU2TiK
zz3q2}eIl(00Asjj>0vNgR6q~NGu@B##`1kCZafxDkOk)36)e;LP=*x&QiZcVTHGn|
zq3S5tSivJ(!YoUdmzH!(V?I}#iW)rIsZ-PoEpLvtp|vxwHo3NPvV#LM<SnS+UiQl0
zc6D6dCJ_#$vEOK}$NzEUEWNjQ@2rJac7&cSJD={+doOj)TWY6OW~678|NdI%S=Onj
zYvKYC52*XjXjYrr^_&b9zekEbCeU4VL82+yqyfR$<GdupE4#$g-X3Xbv(&aUy4foH
zp|GH!VA``nS%PzZ$*gqFBEIC)avI8otj6cOR@#r8Y(K&F1bDX4w3%yAsls^%p09~B
z2_tjyGu!Erk@L}jyjIVbUoJe-&lL;?Eue`WCX8`veRcw$Jfi5w?YBG_K0_38c%Z#~
z;a*`+&pZ`X8T?ydSJ#%1qJ6(3MW)bs4L!Y$getEeqX804&P^A=>jVGy;Gy8B;$qbl
ziKVq>=@)l>Kfu>hQ|-^Jl|NNgdkAL`P(Ajrm64MdJ$<b5gJ4%~mYvv4?{wdYmQ9|^
zxxtvaFKM&=LGpNz#{%!5Y$E4kMjvWn+NC8<3~5Qczw6HrQq~CV>VWg1rWk7{5za?1
z3eMt3*m=y`rI(8vXAhW0Kg*KH;!&TGbBnaYBbDCPEDn%Q$^aVTp%>IuRRe=h?_BsK
z(O_L&-Nc0N;d#H_aYXEc;NXz&MJ!w2dPfV2bRiJJbAlg4(xHq%m&Rpg(frcwvloGp
zgnp2{dGqGTu_KVTAHa)d3VzDTVdG_A-SDVBa?T&1Pfj-YS(){&t_2k-foq%x*T{u3
zPEAdr3`->@iAh;cHt|O~58|t<_;;R!Jl1><W%D48(Xp|yF~m6ey4Jgim?z)j=bCQ<
zT{CvJwj+XvA#c0DjrcuVGV}8hiPs$+*4`8IyTB!BUezMTx+u*eoedmp(fwtr2ovDT
z1kbl5z^wr!{~L3YSUU~h%C!88x)bXBn{DzEypb`hm9^We1KT=dp<nHe^tADt1>-9W
zm?za3ErpWgrJ9+T)QW<IU`!YjpC&lo)!VD0q-1zATpmRdd@<`nm~R4;(m(`CDD8M|
zg6piyLeA3ZJWmz1Bfx)y_c#v7&Qe|1i<cTX%{|vsAdr#Mf*)d_h1i{-hTaoM-r53g
z56EkI!kFjqY0x7Kxs*mLa9Xenq<$f{)TG=ldZwQO9NdqKz_b%;5CdC+AOvBCv}H`#
zy#wtD2P`P6Al(BQ0aJ7E!q;EJd;9y<R8>_K6%F8=1J28lOR9ZHq~CxJ<ksNMr30{Y
zWwX7t39`q{-;x4D=iAyS$ml4v{ll`_hdb=r*ZP$P21iGA=nF@e$sm$4xaTYrgDKfq
zt|x`JE!Dm!m@Bb$u(vm+XiLD3eTUsj*T~@Hw0l}<{vG1OxBPZ)bVShJY%o=pX3qIx
zrY6;E=FO;9Co4OX>~Fce1Z~5${EizL<<VQwlfCZi%cX(xhar;JaJPDwCip2U%gSa8
zUznypWAaK1JwDmjJ1Ifjjh0lO?!396s6WH><}gXX#m(Q9J>v9=C!LBtA~qIi$oVY>
zYl7{@MyU=#2v6dMW?UU+YG&4~8ih#Oc=%Qd?$dq8)=^e?kqq7-iAc%0!4IA#bVAy+
zK=heN)JBX1o{Ni)PpS1`h~OREfUn88$vG)-u1qE-95FbHSR_ANuY27y{hNNy#ih?x
zvGJw(p)0kewhpD|+|g*TgFeB{&0-=nt?v_BLQfrfw^mJP>hcoJ<c4F8(fd*NTWnnH
z=6$xwub679hx9u{n+|c4-*z>qaF}L3R7c6djMQt*=qmFyi+r^tG<T&>_7*D9mDHjM
z!)Q5o`};G^s*I33(WE1o>kz`<c3w~z*021@(RwKImd~`w2Dv49(si0V?m;T)+D#<)
zY8Mk{#xp20&6u{J4bRgp|F&Q>)#%ZUxZ6v=2Ts^KB^-+k%f=rsj_q^KwY9>`laG7(
z@%De@vlxWBemx5De1?0SD{9y+4a__Fwo*ph!~Rcf)ZOChgw|Zl8^=@0BxL=btvyul
zf_1B%m55Al!=LTY`2KsJ@3_5_qw8{3c7^e}hsb(HffQmoQnn!@)yu{v+2~3d5#&-Q
zZq*A80nwW7(SA_+{1JE!rr?6_VUG^(?dGm!%4c(}6c<aN%r4fZXv5>M<82Oq?aph)
zMXug_KaOxIxTv~&tKTA<z=wNIMlIh46%TyPV-;Y6z-nrV2CJ&7?xvi*_qy1(U!p(T
z{f#k;Ng=yte$z*GKT{=)JK5zGe{|}PXLIwv_XSwk5@?`0W7qtb6?)XkZ}K=T^E8t>
zjyR<lt6oJkLLjR<2I$XNHl^+|KNgBQd@^(St78obOo+wfZU$mmuRT1yLyIQ2NRV$`
z-?CX;80sh@q-_79lH(2|`)0GOI-2|hp9~KWRYY;haIUoX^`OHJLC{`1BdqL}gPa5_
z7=N)kN_c|Kd0LhoG1Xzn;!1%u*VI<E`9#?}51kYhU7(uEAa)v(M1Sw-GD8kun6z`u
z36oJrQz%z2FXssrQ5h$)j1{fS6D)bL?!Uf*8`kyeHXR+J3@3P5d0XO9?KO|kj}peF
zrgiiuAT@w52Dl}^M=&NPrjqT6sVC@~x;JCt{gEopB4*zyiJ+T>4JRAFdf3eklrpE0
zLM|oj%-vH#d(>1<Dc}0SErhn-21$uQ-R<?~_7qJh$<;?$$Twj3dM%AJYWNp;5!ZnI
z=Ay)r(J!%9{X7f3OU$LOe|=%7sui?F<j*<<J48fpVJL84+uHgj!K7Y%W%~>SVhJ1{
zM+Q9lR$fl=x*bi4!|F)q3Gu!eizt%fwO--0V|C9&P(`*5D|I>bX#7LF&!{gXuzmir
zmZl40%so8Mtmfz2hFL6!rwuSsK;N7QXc{yNg4}{h0@vH}DlRS#pKo3EEl-GbQ|&1V
z9{V4+)Horx#Ia7T<rR=}OI*AAmZ$aR(7?stHx^u+SC*sO_}g+$0UJTr9l|}Pq+1o(
zcd+yDWaVD_%Ymy!@!Lnf4av7sVNMOPTu*z&&t{j;ly(7fsT4bo`eKvYeuneSk|$i=
zThzJS@$f**1+=m+`>#IefIPl|UC=StcT7;vhZn5qZ?BAR&wJe>y5A(Ulwl=-T+N{x
zJ+?e%sbgJxUnt|v_@)rSHgUv_$^I`Xuu=<g<OAocj9RK>Qx`4j&qF*PW7iyYUxC#^
zWF7sJ-$d$PQe4P3JF{-*87X^b{$u1b%b6CDJBp6tr?}i{e7?VUs}#^AYI@1DoO-MN
zB|+%dg;GTomDlp8Ag_(EQ+va}(Xo)rZg7>r_k_Te)9-sP5qTlr^>38Q!E;wmCv2F<
zsJ@uRzi5a|Ac~24yk<IaVXB~^L40m{x+duuq=pT<^e$o&PSopt)OtcBQtsBvfT@$<
zfo={8@GiZ1_)X2S6R%iA1CP&Y+OMu*WpeUkkvP~KaifAzceYwDUobo7som06@=Bi3
zakMkY!IZlo$pa($j<C3=Vp6obN16+4B>8!t)oBks1}G&q!ogb`gI=O$!LG2E{!e_)
znQzg(ZQz>|&&U*_4Z<&;vE^_`)GH>`zrX5lpG?kUv(QfyH^rV-XLJNYdmQ_?coj`e
zK7p6ORZqs&evUV}AhAA0X?m$!dBax5ltQ^JS8crXitm`X=j4x2Eng>|B{TK@&|u=@
z5Xtk{5hH!;c*>5Rb(lHYiRJaxSD^@<jYJ8f1md8Tb5#(@yST3;x3{<FHyb4+@H-4v
z_#Q4UTQp1lEw2P+6$~tS3Vj~}`RzG&9u3lg=udc(_%}MN6~5VyFBJ1#Dt4X=@LzJy
zrR!abs-NS7ynT&bW+CJxBqVkvC90(y(n;;fhKUWY5}fel`7*YCC~TiLmKanRkeDho
zbT%u^x9eO3I=UQ?x8URrekd-NlN{fFqCI};MfF;mQ<SF6CCDY*GJ0t;-I}@cS3Jlq
zTdW10$&dm^u4!!Wav8*RhagC-?-Zy2^c;{(oWFYsV1*EEV(bP6BLP8A4bV0PSkapx
z=y?sK-9S0g7z90+fN%yVJA<eXTo`M72QDo75enkM)V@!aiP!73byiXyLo9cmh%ph~
z+uIwF`k=&N(tw&^VK9H-M)(87JmgZ=&IQjhlqIfJ{OIDNCb0V8^csHjHPEBP-BjcH
z3-AeW$o}c4L5QAqOirPsp{wyD@PMngaIYBD4hK7Xj#44!#-vFaHM{d^Ht<dkAV&+{
zKd2GTz^0TEw|aSf9t0m;nr3stGL_uA6?R~}S}1WtkSj(Mqj1SMi2lnAp$6c@JT!6y
zH%iL3ozNwhi*#wV;We5Y!QW;quYPrL%u=zN<#yD$P>^uZQ1gXQ-<JN2_xkfG*=6sP
zz8phJbSMZCcQ1T10Xh(+@M&vixmavCe6ETn{xI@uwFPBEu^mG^<Hu>Jbbx4lh_sCh
z<`{;dk=?FSNE9=C3+8Z{HkW(djZxuwl*jUdPk+*+sfpPHApeG-aiPx38Sgq?RI>zp
zAz)yOLz3K?%+Hi8sJG&!p-h&9+uKN;{v&ozW%Zch4x==_iL#NF<`y^D#8M`r?9?nC
z?mXP^MzaFnA<WQ^#k>xRs7;D~F7ruK<^`_+bzXjlRRHbMdx9Qc?{b~!I+@w;DVfai
zad`Sn3^WCHB72~{-*5IP9|)lzU)foCItwUhJ1i#XF6{W+1{XmJwB37%;|ptsRf{9D
zksIVS;m#;C5XI2aF-P@6v&g+ZSh{XClRHj`KVVulREBlu5MR{3|3Q#eAdlgh-n(-#
z&T?QaUfFqD#`i{U@1jS@6m(3Q3t6WU0wdL%Ry;b?+&a3X#%HEG`pdl}d43Gg+Uau>
zEDMvT7zCk`u)ltawbYl4?*(fXIRGiW)7xF!@B(<rzxNX`3s8wPTnepg;0W*tjo{4t
z^of?49HLFMvyL7L>La_l6a;Ojf%^q}Vd#!+1_6#z$Rlt{`wuMgubR5Zxj_uZc2o28
zh0M%M_<?8rl%LNj8-1R<r&?PRFA)Fc0W+p8(*%&xOBB0a;@|jmPdaTj_ao&K@6Av@
z_l{YC#7&D#0L`sAv9mgo2{jx^mePU*gszskxH16;^>xSnoJ)re7hU&&zgiKp$?J+<
zYWZcLfSk|(_<?&Mj{-bdZV}-i_I%M}DYW{8U&?Y8lk?R-H+&g`H<tn;fA2=LlRnIo
z{pMuc^E~BB=QOr%VR;fi{$Q|>$9G;Q0`BCfIk=WLu*~9ZRzk9#e6hyosBpHQyiETG
zgE+Z21Pbtp#rq4kKUhT_%?wHmUT8fkY;zhE9Cv@)#WX;&^>rq?=fjJlZxaXJth0VO
zf}h``LBeHy_!i;{+l<MGnUv{7H|60bAIAAd1}-&yOv2nU*ZPw4x+ISDl+Rr>l1+#f
zsu8xU<&L|X(^pUwSH1hr7F&7@(GbV$4~w@e3Okow?WaB`78W-!i@Pi>_%dzJ%xy79
zl8ZcWBw1DFB8qV`W~N<3B#_mWvQ7Kin|%*)WD+oXN<p@9_Atc*K#$wMGr&Oh16p`4
zhFdc_o#j+vF-az`IP7CjWlT3;rz_Te&*1N@Vx}!!kK&67a&MLwocd|q6XqUmGd#Ly
z<Dpg8Q(}3Y*%Velk>Z>x=Z0C8c7vqb?fCP2S^=XX<?Q=59(S$SKPElT{E?k5jj>K@
z>S^qTlh4IL@9-;at7I_I+NEzZv4UB56yEXMfpBeqG9WC$x3{}h0@BvM_Y;+@TTf5V
z67nL8HX^^%3lDN+_uevCyCnbb+NJVS!A}_(8J^Q!AW;AUa+aM<8oQ5ncYkcxqhlQw
zqt>+?>m3?;S7Z-)t++Fuz;4IJ#$=o|K^`E$gHwjD%lPJK<&nn?dprN%;oa&LVL@Zz
zg+}k=a%bj+NK@J$#&fmiN&wc^U;A_n7v-sxK6n4+8^{u|_FsFGH(UmM?XfX7;=8O#
zF9gF2?ChT1=t$a{c{ERCLxFTB^N};m4jWw?_wUM5Og$RKweIGu`NO-Z>I*>F?|Bv>
zy*Xu9d%TDOBS8&jD{I?{nYN`(E#KpH<v-lmB3@<*sqzITJw8WYFA&C{?JX%6d4Bnl
zT-Px!31>s^$Y-+_71u|TW*qU1e}xGcht;SB6pi2N{P@-_#QCTf{U{r|GZwiw_zCUV
zx>dF2)tImML~$kg8e$OK*)yD<4%(dG_ltwf)q2wTLZ6z|V1!;ymLquYnx`4JGy#D*
z1Sx=9wYrrNJ7F2Qyo0MxOVjPNask^jhiKk|c<1MkD8M|aPxais3bfNh1jn5`*R0&o
zSS7eCuXZ-97lO2N$9lB%LNhZIqtZP2q_^K?C>iu`j(#VJoZo(WuM_@;WVCQ2J{HKp
zY3!^DPI>|Aq5X5f0C<r0q6KgGU;D)P1)kiIkka&s<vI<G&{Y8l=We_u1Dl<m28xDC
zeovCSy1HHy<L_I&M<Jg<UFY8oEdS~@2J)zAbmqpUe$CUF856|l&v4V9t_&O+4V~8{
zS1$oO;k<4r7_-le!0+~KDC6B<3r7E!u=Of)+0Ud~|I7C|N_8^A-IxgrA);@?%cGQM
zFZ}XkqlHkxXvQ~13AGrV@uPfS@hWulhvr`U@89G?rjPQ04P)U&6@aJhxj>yP=!-fd
zlRTX%*=@BHd#?iD<ZL`)dN!p-OJ{45X(WUEVTnlRGQR68LKzvw&=>R_czwQYF6gzW
zCr79O*mExeB8kNACF-OcHl3bjYGdQmt;*YK1N<2Mw>%CJ>CXugzkR4r$o!l=iKfx^
zZaI|}WOs&sIyu1*l_-&tG2FoG!x8V4<J_DM&$i3r7v=WZj&qN2`aw{f#-8}=9eTF;
ztU6a00&0GDUdg(JSmYp+TiUR&JJSx5fx!A=p?7@7&MA*e>m8D4<THDb%UejSk-m{U
z(<Gho%oa^{nElHijPVPb08K~*JeoBB**Kk}*TBO>S^?&{!wDw7>$aOC&!R&%ey#sT
zPtGZP-zD``9wsY(VST&6PL0dlFC+Y=LVzBzas<A2CK?q{w1TX7F@x;+^)p7m#mAiD
zKK+(325r~?x8|#y;Ta9VXBL?MX2v~}aHL!~iickq3h~<wg5N?%XJj0w?>)SEvwlJL
ztDdGo<3Qsa4L3z)6);>2xh--fH_P`<!2@r|JX?CCdyp5nmo~_z384IlQG!BY?c`s>
zrCjIrdZO*uqx@A1KKQ%;#h#Udf`XE3ZpkUYuz9Avu=Oc$Y>#(6%%2_&|EdM=yYN{C
z0T(aT+#kx*kP*nw$az#ShtC<D7;7scBF^W$lT_n@)BpuuY`}Na%lsqXb)H<`+6o0J
zAh1+(XxH<khy02xZ+iZ<Pq~NBY3Nudws+?wNSQh2Jo<IT+%iIq#IJ^ojrd4kV1w;2
z$MqTkBfFT`X(B$DU46^1iA$jsq$PrekKQ-u24e|C;;~0kxesgt#gotLjL_7X=eMbB
z9Br;Rv1fcOT~bNwc69LViv-8OrmDr$f7}c)`@_A-4AFJhWrepq4{w+z<uChGW;1RX
zB%+GDo!LvF+{t(2&HvfX7i)5V;X&akO3<Fsg;Ya%DY<n^(8q%+I_^9jv3;SQ=Cc}y
zo%jBet4~zY@l47%t?f9igdPD;$yNGVO^h5kfaN7r#yVtR9q8`)-F=l)z~*kVJ8?|p
zGquSXXK%?18P|((ld~J>KP8OO=VqRGBS(;!u(gSw0-b5+OM|xeWeZso9qaMD*2gc6
zoyy&B4<*AqpBt4%PxVpSI)2@}eaA6x_2chfa{JyCmbb&^KdQRDV~h0G+z_nTKVY8H
zZm$4Q$exdT5B)o$BGGhc(vm?EYlv7wt%nrw#CSWF55mYGY~hCG^*Inuf^6h1-JQUi
zN&%FM&hJe6-<yZ|$Hs<@9g)a<+u^#nDu#eSaO6C=HUIY$H2=$<IKfZ`j(w)};kx-}
zdoMFeUr@Dd&H{$TR=Llx7KsK0Y7r`7X7OyliF(T!fwPedkBnN9PghTSz#I$AZfc)b
zWZV=Scay&;|Gna{#=VaqvGM5l9j6iR+2YW`&>2aRqvm-!uye$@r!Pn)j^KT7b51p~
zbQ4O}ua>qpr%J-;Zkiz>md3TD-!D2t@wFtpYe+tAB{`L*ZQ+**gS*g@*Yjka5_>>J
zlfpH9bq-}nk9b0<Z$_M#5ZQ02zA=?fI-V2eIH&L`DobhdSZOL=p@ASED03wFwOexv
z+JFD1I&~Wt%BnXt9nGY~beW*MiOt`kvU{qZ<lHbjk@D_aSF7)tSBz7#sKl-Z-bLw*
zTV4DU<IxFG4&5tXFBC%yU96{n?GioV(KjNo2TNb!<r8(3{njt(ic!fEGH!-~2FL`8
z+eNYQ3Fnt(GZKmg9n(q#FRV*8(HxiH`*9U}3@mW5-rI0?50&$eHu>=*3b?t}t3QVg
zsG&e4KthAUY|m!gLR5s`^=$FFHp;jLdursSLCGgDkl^ff-p~57pg!vDvPVV-H1Op1
zILFVa)cn4-$}U=DKrfK6(aT#|7}1|uS9_Y-`LOUAG9t|Fx@`IPg@PlI%W84$8*Q(-
z9i#Q5Q<U85MCjBri<R|ZLLy!I`>u6d2JD<Fcru6UH<5gth5-}8>F-+x+Gel$*=-4B
zxULhe&kXU53Q>KV{*91ihWR#UfG$E!MAn&o^i-nH%iv!4^pCH+ztR>@M025zq}*k1
z*lxmPHAGF10TPDYu<A%~0sQw=;)ibCKUcu{Pcr8;R*D}9{fgR-1ZTpv$pJC@u7f%5
z18?Z~^#cyiYoH5%*M(_*&;94AA;04wIh<7E6B$YNGj@f7B=bw`NdOeKA7k?p|II&~
zr!QMtT9Q4Vos&aVx&-bBs^$|$*zzqiBcrNeLx*9G6)W~E`YIzdRrN!ooLPT~Mte*V
zIRx?<B(c`y-InKEl_Lv(e9<d)So+phuC;!CVFBO~ToGf(lJJ1WO@lwEqyus9HealB
z$~Zex;Z7;%cl4tBg&I&cvUjlcuM~hlcnD*t=do4vR9Cgl>H&V@muGd;7pCW{!L3h;
zK0rhQfCvy(46ui7ff~a0kM-zdmTn^DJfJ!Oa`>H{ouhF8s{r!m02Bd=W6Hu!#V{z0
zniu;h2`K8-P;d|M&!>X=HdWTnXiy(GO6MlhUL=he?T8G=7VWSVcj_<jY_9T;-nU#A
zbtc>U<iMUz*jrM4btg63T@`~?IxH-{pipb-&W%MlJq6{ElSCROwqwX)-(zd<DOfXG
z3>g%p6vzx54J4!+;Mrr(nq6|Tv#&6dKp^fQBMpuvpu|wuVE>k9jV16a)z_!+zKct_
z^2;n5f(kDYU<3iy0b9_Lyayg95w4=9#&;6|a=e@8{VXsSqn1CD)1LwH1PDJoNa`4;
zGM0mUnB9p6Yo6u_>8BBM&9(B?^o=t=<U(A;Of;P~)!S(PjrU$cWI!~r_{N8u@_~EE
z7I7FkhfQ8J!eY8U*k!o~#N-+gm`n<<N`bWEh$?>x!O4kyqP2&e@a%!n=WjnrF!IUt
zd?->~hguxfE3|#yZ_ROUrD-!vDTR9bC;*OuryVOTW}myOF~@p?<y?)=h;ToPZIoxW
zQWyoAoSxmU(lT;Adswv3^ICTEQ<9WBoDxgEXGEQwL_C`<n_D7%PMqw?Hv>ik`OOFZ
z&3FUV6zIM*HQ+KZEaq%6r{28D^_tAXx3~<|FW(NDyj0y>+OJY-if>yZK8OqId#`Xf
zO5`2pCck2g+G@zErbudRs^LEbATVbIyNL10c{mV*&p_&p7mFuK%bR!*pHgn)l!#&z
zFe@O8DfsGQR{e~2c!snqs-?&YU7O#mNO=@OcoF;-Z0PN4GOpW*$=9uCuj&pMoWn2j
z%nUwT%*$Q!Ed?5Bm(M?=XOjI)qUXb_uC3Sb#XIS3x8Ha?^yY0i2qjwoi6f%?Vxjz?
zXPhXiO*_U;mAgc{v=gcC>uf$MU6l7B+Gsf<Pc=v#v{&G7L~fD^;I~?!MiN+9O9~3;
zb{7$*eh)gNVYo=$7GEza7$IL39ag9k-1$4?@w<1>^>I**O^YPQyYkX62Kv6~Zc1iG
z#%1R70HGrY!+ZtA8H>FYr)XRVKfK<;2RT$ep6w3#fgc3G<w&|Y=a!VXl*qYkRSZ8N
z(m2is3U(F%6@umhi_(}-V?a@ggO?rIS*lYuZ4kw~)s=DTMcP0ST^cABy9>j@(gDl`
z0EKcLBA7_0d0dC)?dZ~E^q6lDm-=-c$6lWrNZi`V5sP;+k%sd)eQ>&Fwa|oY{ZZ<S
zF7+v;=!y#DWVedHsa$M>8pB|6i>?4qBLoY}&B@6rD(Y=`>rvGyQRFyNnZZ1|kgTY#
z9^46lM<9QD*JiV4E(OkGKAGx-2LL-y;df=g*#ZmVfz#~*dtgAM3J3Oi>A4F4x+@5l
z8~_Df2BU@p3Z0Pxbs;Rq=OsW`;c!3uE~AA@*%cJ5egAS~bqduY0muS7?0SBc`|h^S
z!L#3ujLnb$WWn8(hoKkv!OFWc`b?}8wYVsZ`>yf;VrqT69G|~t>JWtXtmhf2r8H<>
zUS68(s{1*rQl5n}07;+#+4m5NDQ+|8ZJH^RX>Wn4Dhvy;s=Nh*f8;xdMOiddCbBp4
z5JL%dB^Nr7!MaQjG8CW?cLDGP7sA2G$;nlvRd)jZ-|n7d?Ly2C(@;-E|0s8dNRon=
zy<Y@nXJ=0s;~Tzd!Bt(inCKO)*m+Nl5ppXP$g9!K!y^h+TtR*G*2`<4a6GB7?|(@6
z#xQzwKJn|Vr`HU^0f;FjIl0E@IHZOdya^S6ROB0?`S}zss2b+j&KP{_QF~x|f1$At
zq~c3;J`{CytI{I4M|9QrR!4eKY`Y*2_(yP(b9UbBZ3w;Pw8#@Dlmzku+Wfg^vGqC%
z#d{^~AfWF6h_V#}0Z0um_C^YB1HFao{WK!W0lTF;A<t{g3t$^kQd08Y0XTs71Tt$)
z>}mjj1{@rZrnjUozvDzxv2SuwtZA^Q2c{={w7_ZrNnhW>d&g69PJC1qe^oLgLn^OX
z<<-ONrH_SH^_$5*0#5d@)~=3*5}WpyT;9cD+_lls=%XvUJI1`V>ZRvf0;BakT4h4H
z+@BGW%O+5m)XO*|t0*rXbTuw+E>Z4LC;WHvfh~_J@fVhGiRW)QUS{!X7iX2jxRPH{
za{x;%v7E`=xC6mrLe5C_DX+S2=cLSNHaGihNx$XszbGYozvq~jq|Ey;XZX<>{RQ$*
z1g{t!VP9RkQ=oSUQifyhqE;y;qr*8a<QQ>N#F#Y4qUIzvN6_t}dzg&hZ@JE1q^DdH
zv3+PJNGnI$Zecqv=k{f|r)^#`(zE5F1s^8LcGZS2^m`O~#-lM@FRE~Blz10fQ2_y%
zLQGoo7LO#khYxMa70+u$84hZci}9kck0g;4=1vMfI320U+~-`^*0A|%OUUDhchKvQ
zq$DiT4V&<J*II;@?!K2DCTE863@c1PgR0*oe?fwH9{k&Yj!B*`azYa3DcJ$AmGcQ!
zWf&HMoZm{npNClb!Yd%4YzD9kG+QLzf<ZY0{O2OI%@(cd3L8IGX*$A`wCqCivciqt
zK{vgJYVO07-jfatoOk$u2jcb>?m})ivdd1*6=T2@J~qmZ>KuWL5DUKiqM)L3o_9O^
zmg_YGlBtV|^7qwPA-7zl+|Iv>jEwBAoEUNSBMaz#d92K<ts~GM_|@0ygqM%&YH1BS
zrED~02p_&&7ORmwrTPE#cHU7<E!_f-iV_<dsiL$XiWe!O(n1pmHWU;@$^}H4NYen)
zn+6LVM5H54niP>D5J2fg0RaI+yJ~1Lgc3;Tyg7mRy|v!`-ny>ut@q!_N>0wqp4nyg
z{>>aC9`6VHVY?n6>-bmiEv|hf-b<0Ng94Y9Q+!Gb)jkkt8Ri0RC28)9YVU1<=!5-2
zA773>pUD6k8TJsSB@DiGFf%hFQ}BR%(Gxw8$=X2B8}|A6$48^Q_37Guvv@k>re*-B
znD=+WC-D9N83bVEDe3&s_0b7hjzhe=NPz;YnOA%66mEXCH17cj(0q}}@Nh8zumB#>
z=+witk+=Q8aDIYFg5y23fu*)q8xRwL(D!^pU%EvOJa@fi3<fi2M#GOh+#m)1<BM7i
zC{z3zPX_#w&oF$cdC{J-+XzPB1<yzwM!zd8!~h5_#=Thbls&{bZL5xpo@kUAwwt+>
zq?CUqj#g4yIx-LQ^#lhena}0JrKO}s#d<Y0edh2J-vE>&2~s~Nm4HZRo64kf-g0tq
zauWQv_#USJJPW@5&T}1%R?C96pR(x=$#z~J+qo5owdr~xj@?@bpxAIEl@Gn}MY^;x
zLtUR!qkpA#%13wEGgg=>>=>IsSWsQyG&E>Bjax-)(#(xfmFpA{$JuLJl&RnaxsrfN
z3l0vZ6ienjv`!Qp8+u2X7j^pp;|IG_`40jR4luMPD22o4_aD7(HoxTL72y-T16pM$
zO9B*P6KGP}qiJ1LRv~4u%QpXpi{U2>dbn@>s;0WUeQ{(~$T%u49(d1zaz|}rDOi&v
z7%KG#=sw#a6o&js*^?`gUPnD%a8jOiS&7)pbVWm+=TEk(yWh_hmu2H@VPO_fFPH+S
z83=PNY0vXsgG&@uyMAU#VslZFUe;%BLKeVSz%pbraY1h$-gX`Wi&|<)Pd?u1o(~3*
z>J)ghvDbiimoDy-JuT`$u8V$X<?5=Cx`Wlclv5v~=-E!$HytAyW{$Hp0N|E~7&B1P
zVv4xux@4FGXN{@mEnAX4w|?oRd{79t&ye2rF`d|@E^LokMnjz;PFGuZHl8EWZHyKl
zaWDN5<xYlR<}pEDW-=mBfmsjB=Sj^;7y4PZg})z??lG~zGmz<J@tWzaUTsx&i;nL|
z;$%C7b}b$*Emj}SEJ|4AJd1lo3Fv5(nG`JN{V;fnRHvf5_j22EQdJcw&I7a!%F-wk
z_pIdI>+{kp?dxVoIgosxxp++O)F(cxuyz){uN%cx8}c$iqv`3>GfjT0pAOiBT;?@4
zzA~D0c&qQ06u4h^%rcHT+k9->i0R$Apl3hC>is$N8c%d_OsnWF;HpTjO!MY=O^w6V
zlRCj|Wih89hG-)_q)ha5oFaQ9F-47QTmjE_aBDaI_$=Qbbd|lT#9y^+a7y0AzkL_V
zC6)6*0%${!_bqBnQLY7d!X`2gK=Q&MB-1r3U^r5Ach)^FLp*;q^q#%`mDtqN0&Qc=
zki|OgWvNj~LY1(v?!roBH;v@Pv~1qpIK<MT_%IHH4lb*$;slFrz9&-Qey6{e_NDtI
z%2Jya4PtzP=*wYc?!B%tVNWGicA;Qy(Ch7-9lnu)mTqN-v_Wyve3e23L>9n5!|s8J
zX50&2(~2PnD+fw!O9GJiE#h~pxVShFH`4Vbdk}X@N%4%_xXGQyh0TB^{2>ej-dfv9
z4sE67IC2gxr_I$o<=algo|J+((D^Q<gv{$8_^GO_6wTiYBLG(0-1j+uX?3|ifUkPm
zc^Cnt3pfyIZuyH#Thvy-l>;y2ZefYjO)8Tc{>y=58{oh9H${LGNKD<_%3{v?tmgM7
zxzg~@<7fm52{?j30hrH8M;)1N)=ZCI&Vj$^Eg?9<lw-jnTmul~{GUK9cocjHvjia}
zEBJ8!RKR}Uo!~>-L2&pR6NoQ6!D!sv3gSy^km{2FJCY!Ta7#3Jlag{Q2r2*OZ|Ehe
z%Ztm8!c77L15qf{Y{WJRfYsbo0XrCQxIbgoXi(%Bl3|ck(rIFhfvH2yIbQ$|z0AuC
z;zNS#D<UhK002m!7KA+oFJ}Tp>)*e|&T*P<SfNfSP^>km*ezrcH~|6QB?AY?W1>Ob
zT_Tj;xp%bVXXbVl5$}S$oCi18=Mc9G>YHDxNCn;v6Wrw>J_Z(X<6xlPW2?E#OxaBV
zq$KFL+{nB4wAvJ_0rsNh*Ps3$DoR@#be+|{_GR{qc;1Q~33%%@e7BNFe%)g{ezvav
zkn`BRn|RudQfxwjPoGyUFh35OCx<4S<$^8C$T&3V;CQ#9#c4D=`W%q804UV-MjU$3
zqh9f)D7d9Rp(rAK<XGhSlj$rY^kr(#lhw*=IuEXU3@i?)-EJ{#$Dg~s9H`nX>{PD1
z^CF@cUr|2L6ao&7r;868G;}5^h8=J9A()DZb<IY{C1`mYZC}pnIt!QzDWa?mnrot<
z#ck=>M3Bt&WuYlQ>5JRdQO#VS<D<|>H{D0<c-YMQSygm|n!|-klw(gmgDfB^42BV1
z!>DYI$EKq~(3vE&P?x^2#C}!8(r{+Slpd0CyYPGNWND)St-;&Xr9aNj)leF)C`|no
z-V3jsiRiXb^PpbClGRsRHJpT1K&2JT!mnZ~s9D@lp%h*y%}(d23Sz0gXM!K>C3!(Q
zW%~z6&?OjP*A`u5UOP+LnWQRElOx4D21SeDlRRqLC0<55L568Vj)%~<^W&S}P?|(l
zY?v!zB43c+)VB7E?aop~1Te3)U9|M)Jwg&%c6?5;jT(Di<G8DHFt^Keo5?E-cMIqE
z4Kr6nOMd;j;t_d<B*DZ2J220t%c%B>r)o4-bT$L0OMjLhQlqwymatmU@Ig69-tWhe
ze@$Kqo~{uV=Q#xPM5B`GIHPfXNb?kMrs3wze}66T0U4itS=X{5=CEe2B9JH8HVhPo
z&MfMNyFk|0eVc^;hK9jm<IMlL4*w5RfMp8QT6=Yh(A&`P2-gSG0O{K3Fdc-V>-5cR
zDgBs(Rv7u>rH?%vt<AnyAzK2Bz{tpm*|W!w8>uH{69FPQI{FGnfCT}w1B{2{X8==t
z+%P1+cO5o?+(ZiLc`K+qWqVRuaQBB$`{9TQ&@9S^P1_0OMS=Z>vBo1`53PklNtafg
zeDM|gTSxZqUrj7P9wq?0a{$t`Z&|ezUBppIALj)M1Y>Zg<U=Zr1u8A-v2sFN3h-Sm
z4eFKMVPIj!(CL9|iXwCT`$THORQ>s^-bt1dCXYABCb6InF$_yhmtYFqWNG2&whS^=
zQk<uHzUK2&W#u`Ka*pIdP5WT|Lx-Gy`juRDt6(*hWU5ERPo{i~l#A?|;5Q1CAZUG;
zq3S=qIwVr#WbJ)ko;v(xM)fl2)W)0!$3Bn0x_<lPc4>pj5n2?d74=r)TX;rYj5N=_
z&SJRgzVx8=;@gcbny)F3V;K!nu@CIXm$Oj2;U;Z7;%f8Q6r`AhWkHJRy&P{ESaDDa
zRGahB*5|~TP(GQ>3|X>y1b4)Vp)>90zMq)mr=GJJ6J$A5C^mjLTMXI0tTkdYQ**Vs
zs*UdshM~D-qAC>)xOrKd)C66;x&@LgdDuLG1$ko@$HbPw8GElSxd>S#(y?gpTGL@U
zrQ9nMDudI<&AbZ!eB|`8=*UCGEw|!^uiZCr>$g}0hwjh3AO1Qlu)<I6yUJClK+<Yi
zly0SX!*^7P(Huczp_=^0AC$u#W$&}>xQ2nvaDr0Vrst5b14wL{&EY+Dehd);RUO{5
zM!uWDxK#_Q0YS2x^XKockLY3773V+aWF%T*<hzP5051XgN8s5OK<2}9=$$J7hzYKF
z#tsk?d5Psc9MZ)L>|hHYKnwrxeeEwj1^m>~l6$VAwrbuN@g8V>A;f%>3369y0e9Wp
z7QvRPZ*RObLaeeC-;|Xd7ng+zZnWp``}t2~L3jnf1TrAHt#Rp#$?sWWqUm9Kv(IZ!
zbVV-lN!8m$hBOJ;aH#g%)iU1sGF8j2Vx0Aa$_V^Ezf>#xq7!tE>4tx?LNx3xWI8s3
zj5LhQ{|rb6U$?)}U+PM@vT}5M9$H4ncy|Tuj<`@u@b@>Ah`zF`F0`y0&r6+TLi!p9
z#oEpeenJIz(4x3=fpd+2q__Ul7)#x`4-*5*x^&Ys-Tlpt9>RN0?W22g>>KN98<K89
z!YzA);}u!`xsnu>%eFwpSsEv_tOYJ`V_1k|0dD6J_~qp>ORzD1!%?mOXxb|>YW&|7
z{rkD3?OSUIPd-M7+%+&OW{;~pVWqIwwzpM04UXbz%qyZM>36&5{q*=!1B@UO6aY2-
zXh-08W0u^L4+P#))3GjnD9B;jcdyPK*-aAlrWUg&uZvlcXyiBWhZfeLtiADU*|my>
z!XmlrIyaXSd*QX}q!To2k(v$~ITv2fF=cZYY@XbZ;;w0z;Nqlj+UniWxPBYXv{Lg-
zT(ABL<<d!#OpEYHMz3M1;}bpX_X*W!MeV<a#0HVw>MYr`f+{Io8Q5P`x?qFtkr4nj
z!e!U~+7Q8^afdld8|vNb@(xE=J;c)TK3C@sP*0-ARVwxY1-+la;m>@(0xjXk$RMzt
zcT*{~SkPRijE=AguzLN@HJI=%Ef@E?-N^4PDREy--Fj0Kn$SnCgZhQ{hLicX5$Z3k
z`JF%)_*+nqv6(-(*xDARJs(&MfmzL4xWM*H2?0h$1KP&;?8oL_D2Dp~ZrAEXYuuen
zuk-A*bplE7dXUQ4lqblP8PRJu<jX}2FG$QWQynSJJJ$v{`i+sEHNXOdu|cIbT`}P9
z)UTnmLg=c$Q0si^WCN0y&PTlw94-ubFDtEd{!v4mT;D+Y=a*{2HI?=-)xA_VkFR_*
zrVu80@r@AqXld+-TO}NYV}l+r#GPDeJdXRk&To;rj<}K-#f<@52=0}jwh+l6-7tQ3
z$FFcHgQeXN9o@9Dn4CjbvpRlteQvgdvEmnldWHS*l3f_lx%51AW>ss|W<6$bh@2QC
z^Wd!!O4UJ*$NW8`6ALrdg9W$9>7mt%bgsX1#*kSvelJtqP4!=88B8g&?&!dvTs5d;
zsG5nr`%JtvmL<cw&QY?CKq`+Mbnlws-}XzUYu+JRr{i&7i6PIN?rhzWc;7qA5V2!u
zB<P9kYM0>}-c%1^@Z<GGgCCYAjSu&@G9*?eqH^_yfxO#KJ3oKv;%4wL%4T%Sbw4}n
zmj(<4NTe0v4mGx{>WBZC`~DB3aZoAhP%NZ%dH1M0h<5a6YG5~NEB}&KJbQBg9lZLo
zVqt<wA(iwOYv}W%Kc}xv^A^!-DTk_vV|axzyBCj%TG;P?)o%;S54wkKVZ@LEN$b1<
zT}cef`%monKlu$%D^L?SLoli|?#C17LwETqfJZ<P;8xfYSQP%=3h^K4AEZ$xCi!2i
z2;wN!EB{|EZBH8f9EU-Ls6#A3n;w(3V;#tO!BIuQK*Ippf8pyb`#JFphm5NL@=!_v
zkjIxMhSCLbnr4}v3C24jow5aox(X1@>E^oJfdx~1qE!wcGetG~8Tfqoq#)lUW28RZ
zMFc$9*)ULhOa;M$(J+r09}TMqFGGXs0KPjd1GP>#IamI$7N2kSNNtmhE=Tuh-bN7Z
z(m<ZdR;h3REHPW7Zp{(0Zw#(h2JBThe>+OQ(KhO5o0suaL9&BO)v+O2z5dF<Zps^%
z4n?$r!Q*_R<;W*vU3QE)tR7fUtMUSM|K&T2R7;b{Gb$E*lQKP2^~$dBgd-6dM?(JM
zks|1%CMGIe`IZ&KE-ym6?yULM|H^5bF|%O9Omd}}3*TgFs^`U~#N^>lDr3s6d}2<4
zhkhL3t0)?1JzRE|HaQ%+eJfHX#Txf9VqUPpI{YS9A0?do%Bfv7pg>_%j#pnNyxQ{k
zm3Et>_uTJzC=ljw`DkjqYeflnHqQXJ1GAmxq{!YXbkG96KBH;UZ%U(16VbKUIsrh1
zjg@Ui=s-b$1UQ9Q^#(0ef%`VxPR)PZC}lKZH9J<fM+P;O3-4FW{t;fmmV729g_JO<
z6X5AS<WZb|IvL4kmh@CRrxKtLFS;xkqB-TFYa%|p`@}+hv>+$B%8h8w&yR1Y(#~p(
zH^zQz)$tIiq5g1^$Iy^Er6?sV=foUo!U}=UNKivO@{u(HxgRLNFu&04<JF)ad(Hhy
zGpd5~p|y~@ljefq%2oV%R7kPHv?I1fO+@9Orje%jyUN`6BvGP%nTbjolFg*B#Hb-2
zbJz;$6`;UV9WS<N{|b-HR-d~aJcuMGTwJxZ_)Dm?JwBwUL5wT>+?paLHPPZe*YW)O
zGKGCy#@O#~s;etB7bYh7CN(_#nuBL6y&J4O?*E~(7~xq_2#y-CBDpPOyzBZ_G3d6@
zZRIFZIy~m}W_;Xq0KAf#@mwtOM9s!b_dSse58QO&{Fj7lkee&tfBSQNef=zfDdIf7
zrzdK2{RguCAs`bE6P5${CD=<)<b;9pE)dxN_C@ZOrFG1g08i~2EwDEp2D^a1qL!y}
H^TB@s?(uOX

literal 95333
zcmce;cU)81`z{*0V`BsX6@i&?A}C#?hJY1D5CS5-gMiXP4?T_!Vx*1IOF%&BML<eu
zQ9zLz=_LtB4K<OH07*#h4uUh^d(XY+_q+F;`-dM*%wBu#wchf)&wAdC($&#8e&p;C
z5D0Yq_8&Lzf<SwpfIvqV5AOxOc`OeP1^(LObywp$sJQFg9PnYk<2CJTAW&)aQKroS
z;PX%Jf0%fIKqs0wfA+M%bMJ#d>^HY>Uc2XKxwyqfoa;x=Zlz(JS$~oab#WDbv<Me2
z>k{-_A#7~i@A^xt?2*zj*i#$HsqQA5#;M<L9RBs@ovViq+PSnGyeP9_rX^t~F#Je*
zNal;@l&Fx>OAXcM=kq9|2DSOL;!&!evynl888xH`r`gxv-)~=W4{mV#4|c{;5XhGc
zd=O-<pl1vGlV|&%28I)zot?bLA}cE7RvST}r)JhD0|b1uZnJedx~sFZE7i4AbZIVc
zuBqei4ph>`t;~*&)cP-mCEfg1mRX%3=~Q1sTi&k%3U21ijmPuk4E+*S#NvybsKvm=
zuUlLVn@H&<C72NFX+UJi<xQ@d&hjE$aZr9&VrTnLpwoLHqRTx!J!^|egD~b=QWn?D
ziS>>@I<gK?7~`caeP>ofwMdG$4nF#|+X&Tf(l@*+dq}6D@WeFc2}Jh!>el(OyE&iJ
zLs+fET12PwG0+egpRlpg@9)D$ZO%C4so~|&M{1#jP&yWGOB(KbPkyOcS6b@f=0^Ky
zrG|z)mJM_e3R$qE+8dJS2{YhBpkwAXsKJ4OY&FHLz8Aq5JB9M~nfG}KYMYBM{m1u!
zo=i(Eqag^LN@OS3Ed@v5dDatV)UHUWfvg{?fJcXh5>*lO<tl7E#F$^FwxZuPlEgP~
zWuIU1OPI{(b@ex^BMddxQi4&(p*<jLT@^6vTb37lqYL2`_R!`Ne~sBuJDNZ}!a#2M
zAeCLL6R}AyOW3c2iOsIf7@H07edyAVm4Iic$(82D-;^DcKib*UYm%5~?vv2myBZ=Y
z+hPi5jnBN?R0M&J-E3%1w?MN$F0)@iu7=CX4=&x&nX3vkGd2<I{2lkk?qOPAjaa*J
z-bDl3_4*9EBz){B?qh$H!IuZEOxEnuR!o6I@VJE$HBc@k>;%E9Y%2wVASXs21YO-q
z<t`~ILMJA*38JUF9sO?Ko0lx5n)}vg=6y?cM`=^*6xL8KA!<e<pNjf3c_s)(yaB#%
znw`=V*WLr$H?waqNLMYVnP08pZPQr#o38P)9v6LEi|SG5{D7maEANoqN%oKihZMtn
z5~eJ2Ds7}zyWYLHh(|~QF_~Z?Ouo~F2a}QO9c`HPr^Fe*4AT!5r<d-+Oo+%AvW*tq
zix1MFUTYl!?d|O|cEGL53!AIlhyhhpL-MP-&e=zAS^{9dmVsHa*xWO%H#~Fd3~yz6
zq_-1aS*l^KSiI}3hRysM&{D=X!d03+G8`N7%!G`G%8jl+txs>oV^ngivW6US^^^|p
zziNH!a1G<{PJ<3!6f0HUAg}R1oPPPm?65OR@=uGiP#x|5T%U=QfN6q4aG-o~jGg=g
zE0`o9+fogm{q65H$v{EqoTa}nO#4INc|1(;>x0lBR95%VBIEfm4gaW?keW0^s2qeq
z%G?}`QDYD(d>tAGL9cYOo5jS$^n1g+!X}q4Al)evf7RYB5%vMMrs-JorT85w8~^F{
zh%8myWb$a0iTQ+i{a&q9tHdpQr*E0yw|HaNyVYgvt<Od7gD2K8?rAE_$a4OX<rZLM
z!|Z14)<j#lK7?5mzxgEO-eD2xfrkZ9`k#6ctE7^-wfk8l%vxetL0nPfDYx<&uZcA1
zyMQxA*uRT(jcpg8m9=0)ubN=n;9w~08wk|b5?j6X!CM&Hb_4O7_OtnG4P^rt(aE!(
z1yavVHZzY0WWK~b1qQrH^kjwqQvRh%yIuvKtuMai?ZD_(`xT=l1ygv#a7_EGUoi@O
z7nnCzDQ}-(j75`+M#WZz%7xPe#)}1)%2i6zH|8P*6ehU1Kv#pkQCVZI{wj!HXpsgJ
znffsOGQYwYSz@9$2L0EAlwk{#z2!d7)7qOG6naKokAN!?wQ|K{I+W*)e6RsVTK*>O
z%iNndV>yhMZSO<quyO|2uy;%qt}v#yQgk$->!UCj^oTyoEhQ=0Kp&0vJY?(dDUs)M
zaMRpImKk_jnoF?SF&ip~j0J(_v$U8W69zc}53{dSk-TYNFZ-EvBxQW8>HWCbN02nA
zra57Tlm?}v33`b(Q83}!V1_UA&%K~rl;ko7W5PNi(+gpiNq|m+EGCl5C0M68pEs_6
zj)A}qM@alwe;S>-uzctU=+%Xq<~>-_%ZH8U6gO9TxRJ%DLGy34g2sC=6yZ%nvS^1i
zU@k_6h7(+;Kv%WBQEIg-b6nBTc*qfopC?w#?z97__TI|Hr{B;HovpNGz|Wh7ML~~}
zXSor|XnqmIhE`7Cg{_aU0eHl7k?JemC2cQ5lKSK)7w_WWqeEl`1FFLGT_?&De=K$J
zE;F#XY^y3H+=MPHlhTr%rNCXkz8Jc^IHmCSohmZ{0fF5q1OBOjt9t=V!u?Z^TGQWR
z=BIvQQ}PLJn(>PGH@OLz;GtzWat)TpZ5Ei=f2B&UK7D{P5apIUM$Q{mbC@PDR1{X~
zZ><h}U^sSFPDFEWZ@+?qLjN%C#vyX6U^qjVF$kpzty5p3Q=c1LCc|I7+sCJEkPxcn
zBC-y-oVAYsi#~B4n_j>(IhT9@`?xlWo4s0#L{LZKHnR4EbcHQ!rzcwY)0F7eWMjhm
zY|P+0;k3zyUM@y{o{y$uj&f^C?Zt&ZM?-Z^qAl*m1U_$+a1`i1N*Ylf@AfP}4pYaw
zrs^yvGSR56VEl4c>iUfkF8)setAzuleCmwe7=!in7~##)%<+~AkhSz3R6>0GiPRt^
zgg6=DomBR1BZ^TY-2LWju0d<PiM4kC6jdfat)eTDP?`OS_~!m?`l&fq?!}Qm-l_OM
z8|4Yan5dDxnKw6~?`&O4;_u*ul97d+kkzH8jV<XLP~nBaXVe=8AzWA=iZ`QUX2yXD
zB(&V<i_1Xj#Jz((wRqJfI2+uu^*TuB#N_m{Hd-cz&l&Bazj;Vqzgmu>Y7Dcny32>S
z$WZsB|4pFJc?PBgyhM7kTxIJ66UAF;`iB%vTP}KB2>{T;){rP}*@a<_@A7I9+MHU^
z*o`o4BqOyzoB3A4NlbLB<0mfyY~jtAd-4m1^O2DjoSSvs0&WJ|?0aoyn9`{udQ{=A
z?gSxif4s3v`S88Uef8i0o+W=K*9$YTF+61cXj$*l`li?&ko0L2l!CmxsUr*;@U4O1
z;h)mV|JjQ$s5SBT>)VxNIXki^J;Ak&@jkPNy7=-;c|-myYHp)N{%Yz_RoDPS!W8+d
zS&NnJ!lH>=Q4pMxEA_cA!G5Ocd;VynE*#~dsHH<B*CS3m3LZ&DTV2pvoNQ=FdLtI#
za*cN_o6q#Xn5VB$ZoG!gDqI`h0_;zww>|roZsnIMtpH3;v)+YHnonFmR?^Ikl0g;U
z<PKc_LT^!ro0)k@o_<}Mk7%v4TWX<21;O3=ep*hVwbmji$<aT7u6Cw!!`<Avg4`Wy
zu?J7S5$lSe{MB>scR`Urr_3-%G2@)4$`U%Vguia)g^QRCl~*)+nL}&tW7w&;qY(+u
zHB%2Nn(AZGES^HBH>=+bb(HpHv&A&dz%HG~j56wS08_D2kMW=0;3~Fc5Q44(fr}Jt
zjPW9MwbDw2Ll#B}dqyA!jI<G6Pu&wdWjg{lI=bQMSigZFQ4r|hZ&tR`TnY(M6{8)3
zS;3QOawk3>8<(7R@LT@|U?BNm@)hhTH|Su8zU}mU1<p!|^@Q*udAMoyo7s9=+BE6S
z9&7#$twQr;_BSez)Kt`9N7^|b`Jl3`1r8D&*#|n9`?k5w=&02lZDI0i;HQpfUHTd{
z?Q}?|mD>JC#NXnKO-xLbpo|7(W73JS4xvN<sI2ysv;dfOrQQZKbPFGAY+_|)bZ8;V
z5r|V*H(T|GfHQxcqcMy^+Tq_ok1Q&KQFcHel65o#_7^*8)%fw)u!_(9vE?~C0H3_a
zIqrEcJzLdWx-iJ^;9w@=kj)9`(b%mD!mnv(X7ofpaI#NQl0Iq10Y28?YN-c$?}j%)
z**QBqTLt+SZGBjqqoDxg3}9B~#8hv7=lp%=K2qsEB$gd_gN<z(Ym*Sh=n)O1o+l&B
z;CX`&vY|yfkKu&s4<)7hAKCESo#>;}>1}OoJw11Gdi7ilMa;5Pqw7PKoz=EBmU@M!
z;-d+<<b3{H7@vjsfXEH4CXn<y%{V{GX4rYFTyEq_EmENh@bWWYUtL?!`$u}VhXBlf
z?DYSej|Tb^_$qh~mge~y%9^n^nBegm>{xoi%YLcF8sP>V!@lRvLGHJ`;2A_Wrsw>k
z9>AKRR<V1-`Pp+uY8}9HqS)V>=4d}{t$ZU1gRGw|6*kYGTPPPxUkN*@;Vh)=4x@{l
z#HFR{-JapP4toC$Sa%>@q+4y>LECM88?uWQs*^$#I;z_PK=P613Q#emD8Q2w_&{$9
z=$DrHtt^~7(*ii5#Rh$*ThB^MP??&qtkw|BsPvEA1FF5B!d;+0?&VdE4WfhrK@d)U
z&=o<?U7eilZD}ywXsjCoJtF=R=jZC`N`KM|6C6(9lm`zj)s`DY(k&(+Eugn%N3@uX
zHv$yg9aZ0NEW)2D!-1<YtymzS1=!g&)zLtY_N*lM+1uMY(Z6k{pt7WTWniQn+m0j|
z(6O|f=7oiY9LF(|KvM;5r#c{yGJ7G>oXTnQ7XY?vHZ;!{<_0%xS1)06mu2P0hUa~Y
zhN;ZObn_)Qi3qCrn8PRj%q@!ltIb0|iGXRZO8Ql-G<gtK_nymr&-+KyTFm7fem1E#
zdiul{utu1ZNL<ecy#EEn<!Q}S9BIhBs<yhO9GR6i4qOG8CV(bqvi594@?D(##XRI`
zN%NmPOGAI<Z%i;*E|??p^UWJ4*pUHG%bGdnPs8wyNgsUlr-x<`jd`bH@Xh2!(Na|z
zwDST_+w9G9StWZub%m_f02is~g*QS&NiHz)dGMTFzX0ZVz@WEXN%(2C-|HI*4DaDA
zPxiSA-Oyo+S!8uuo}WUW_XW}tccAdZmIAGz_fi^aJsleo{2}NL2;>wWxA7@*Oi+cY
zNq%MCI;)xFIh*9%(mqKuet1W7=Kf_1S(BGnq>5h<l^maR$9!6+6+eWA>ev-Kj^^~j
zQ#6LTZjV+PdI=Q^zicnUw2u~KIud5a9$<SfrD|}EDnJ9D_S%9@AJez>88SFDmK>7t
zPEgj_``*h-kOZeya97J+>TP0QT$@mF3(-2Zbk>2AOw*qYL>F|jfZ;`=dtj&3ZnAqb
zm+rGaG36W=hP}*m2E~IujY6e@att7;eEZ(NPvjn46P)nN7cEsj>3yN$x|qSGc4JC1
zCg+RT&6G$w38}oU=KwEvTr6nD)b^x=;;M;Q8Mb*`r`;h+x)T1mnmh<paT&~7Y|Bwo
zF<g$mlcP^n@=(DWTng-~1na0%ZZLy~fv2^DUK*LXUWtoK<H;#^25@;<FtZB{Sq?h{
zdZn7(EL&bgXARi=fkIQM$<XmNqx@M$GdcMHSpL?UDq4u4M|bsENhZ8wMbhU|`^%8w
z4ejPX4dUKZ{!FpymL)r&fLLyxvuf}iK}aqy;j5xy!tH|3#8O3{&ty7ZF$rPn$;6dS
zo-!I3y{`8r^XK{7xXXcq?~?P=6^Jf1rj%Yx^kuFNo%_TR`JUj}O;r9`dUj>rm=0t<
z_!Cil8Hn@fl$1y{O%RCM4Q>e8qDzIWx{$A`Jf1Xsei16`8p0z7>eETsn6D6HGs$Dq
zQH|#nW2+~Wh^nOx4MNCQfVE_51w9NQ4`+?F3WjR9i+X%)f;a4cwC4+0H85jqY8*Zl
z)p*Qnwy!_|J{qB>3j)b?gVU7o0RU%#$&zlW0{}iBKmX)5W)_vvSHx~~mJgO#MQ{If
zeEy2QqB;5?XSjxq<xs~c)kMe<*<)&@2SEE?X_+sS)ZAA`Y?LH|tU=x=2)Zjg21bf%
z+?TvzWbPl*J=t|(y;h`G20JRY9$uWtdOEhahjU$BS=nW|U`50!p^n_gBS?*3{qCSv
z@!ePnPmg|vS&7EO)Uh(9T>ptL`y6q&=ACLpOt!ptJDwSvGZL-p%s;@Vo|(#JR8BJA
z*!VQoE6b3X>a#CWEiNu=VTBkg1ybKjr8_7!46_@6X8=-O5DK1CJaUJwe&tdJx)p%e
zQ@;>-tJ=0?j|F5L@p7|a7F1`36`*h#lTrujaI+R;tQ#kmUvn)Nxv>7eQ4_rSQG>EC
zm|+cfe+5;Qk*%n#<U{%aP{K|#XmzIZMvi5tV7PNyHMASA?1G^srgSR=^uFdDweLE+
zwDdc?7F?Nj1v2O@U%>BH-avjsZ8;v}7*Q3|+!HWbU9w!9Jn#wsE=_AFY|X#3b5F;A
zdICVXJU~MY#?nP;5pIbwLsN}qJlLtfE{D{9D}HS-?CX6vD*yxby?|*ax-6%ky|S?0
zH>fgTQmnpY8Pv-XsW$0M(;5l;kgyS&C!&U>n=ng(Y#Dd4)N_m8*v!C@qCQh2i%kQ%
z<%AX%rJZ}aG*jip&19`?iS2|KP2RPllJr3@om4Z~<Ok*F4JSBENp|oGnOHk>eji9T
zr?5FCB}G;^^-Nz$z4ydx5v^qW?+~Al2$Q1cl`dN<mHHE+@pF8YY9h3flJrJb*BZ~7
z0$PMIs-OS<eEa298(=ObhPL+p{+qK&3Z5;~rk^CVuPEQ@MrDVb|Hf#Z!{@(f?VRA&
zxJJB&ilO!&nLCI^`Ql<aE@>_zKh2Z6pR8-+(#F-!Z%69F)RdIq`Ogi6Zp_MZ+7#G6
zG9@+*G2)mMil9zO)V5zN^^cz#U-i&`bA&!n#XsLFB+#N*D>kY#%-v%3^X&0}%T~+h
zRH$u{0$5q$<3J%itp#vtGFu<!EVg>@xW%NNB%dYxZYA@(mS_LDY5(Oxm{o%^T=f(P
zwC{yfX<20@jny%=offkX$z|zIFmKZ=MVDnYu)(YelU0B^J$(v>iW`$6Dh37ohIlR1
zcPtP!Nu0&(hmNcQTwXQ~4Q#fw@E*{kYs(47n@;25K=!KrCMKQqXSA|_;h7nn<evA%
zqT;1xWo4cLv|yjgScp3(gEOhUB&oD%m(w8M@O!qm&>|JMD$B%x%ZLpJ+ItnCTmazV
zSB-ZdYlN%5t-Y7m>S{qc+C>;SGy4Q{LrFH1gI61vDQp>Npo72va9sxg9LoUUh#(U%
zfbRpd;P3++*pZ<}`XF@&>hD0Cs*oyKS%847Pp_Fx3;_TRpfMdrdc$<;>4Z{^4gX@j
zq?R$(2<!rTyt$*V!({=u=Q0F9#D0r~%`!fcK7ixEB#~ESAw~IxI<ftnaAcVp6wpU%
z-N#;`CUmhkhRQM1S&H)oU~0`Qy{qG$S|V$r-I)m>-_zHB1y|->D&VoV_wXo{r3)cf
zR|Z4q%P5TV3{6zuN+NGCl)m@<-(qGH&>7*VpbSlBD}_ZQ03?t@?9eq75R24Ng0ZJT
z($@dYk20URTd*m|p4g1efuw^(OS8z_V>Lcv^k8C9Qc}{!x{vIWGt?7C6klqWk<_35
zG9YV3U0aP{Fo4o%!$+3@3=9RRV;~zRFwAaufYj^p{Sd4A{qv!^Qepl!AnPhUTMcb6
z*_^$yu~sU=g*-oa(7{N({^$8=U8(2({vc~3;0J<0eymCtQlxrH9_%QN4$$k<va|dh
zGz5(u((_04qxjDVjreahAGMMQva!4bP{zRbt|)*Y$<F3d^ZuG<4oVz9L*2U^(+~3H
z2m9VLn<yta0-*CM`3vq?e=h$Y^>=0t?0ZDKiW20F-xw$|qg0Nz39eVA`#KlkiKeI9
zrN+i1q`d3#XHqD$(*-<s<dqA!ZdtgvlvGN>anQjiZpbC^WswB60P@gz%oA2+))D2Z
zSGI(+6pXWmoo4D-*EUES87=@1u;<apldB!whonM+KGeB@q}_qZ+MpaA%pfev)0_)@
zK9F@-u`g)^x=y~Ic|kjONxX}Ki!b0I_oF;~Oz)tI{Ab@odzS`gX0rXKLDp}9J;~=D
zs}Ef7=*T0SMB=*>qO$&e4ZoSyNJvWU$tmxCSR4Qe{$t$2BWBIFa5g{mQU@lqTYci+
z;a`n)_BV^%3&GFe)3beqk%rBQreN!CyKq{krGE=lbvp;US*n0ei)$`!P!1L6a~H4;
zZcEDI>b>k&I_{I*vBc&`)aZasyWA&2L__z&{no$)CCIy~n7XC-p@5#n)Slr&%j!;g
zP58_dKu*Mnn&JcyS4Itb`}|S{ym+C8Lsj0$j!srs`m2L)!$nIcORN}o;;NZJqy+xx
zRK=GN0$jGnM#nbhXuA&cB~RPNQe*AQ3-<VKnea=~@k2>dl8AD8*ykQWuTO<z`c|vP
zj+nC*fy>&A^sh6r!NrX&nhbT+o`~Nx7j<*W^RrqciOeYk+tNXm?zGw0!N4@ttJFBn
zeeCxuEPr1Jg@}2K<hyhRp?p?7VVC;5sv1HpaY`O;oewfQX(qN5JLikbsH8kjQ42)5
zC$~_79w-CN&LwUjAV4<JLOQ8y_iuaQ?Q)7YBnxhL#}}oy_-dXzAVqAXk(yals(y9-
z9U~n?f10Y+Vz7$@IL)m}US7UK?9ldDfC&-^ivVDnj@k&F<O82Yr_SEg$DZ5>o>+73
z|2*a3fy#PCe%0JccMA1>(si?zblXlCEE(jo-0(4Fg@U>Q9L;<hKI*z!w&(qOz<WZ$
zmgeR`)Oz9R6ZBh?&?K$4vsEHc$~)Ytqm=npGv5S#+g0(_CemcKX2og|T&gbyDu2Ss
z*QgF1qFMNfVf=7xLh967TiRdzUE6p=EQE38k;M&;ulRX+c?Hn!@FJfNxkdwA{gad_
zv8VTM7e_TgIjmIDa14SnDkmiXI(80lJ7e2vIyDr)|2RQ9LiKyX_#A6oe|6seveaqN
z;z7;D+{)&*&2YzbCHfMf8yP0M2#!KzkuI+sjtF?zcl7?QbNizJS`be%gKTt5IOwhd
z*smj1tttA>z9FCOkihFxsD>!rnkY%{ihDHtQBSI6_-OC_)9<BUHAg9H7Us%Mwi}UP
zmC<T}YY@n0bVSl~jr!Gotyh+Zsh;0Ngh9uC0;ZDJTnaF!=E><PZdFlf{*xbDb2L0y
zw8(u<o<}w8`)VzAE?IpEdjB&pu&LHL{Ty3>d_Z@<9#wMch}6p(T}nN)@AUQ9A(=<q
z(eJ98XMliwgcE`7fmnP=0|?2+fLXrs{QvfqK^$iv4rJK{2NUZ&K~6vzi#0YhKmqV)
zn9-{baK%Y45^0MOK)C38#0?QGEzIXedTwTsqM$DsH*R-)>FPKJKInAw`*c#2Vo&Gt
za`=QZV7D1v+gFC)XIGtc1NEmVhi{12n{YS*Tmaa8tnt7X?kY1g;((u<P0Um7eHEF_
zCp5(cFx=5n-c@{`roebuC^#+Ic+s~iGs$_K04e;}D4BEcayu^~8K_9N52((2rD^|j
zkIXsea{6D@vP%8sL9=1IL*vcBhK_IY!|5t=HRg-*mun+{Fju8jD8wse#3S`CVMqYR
zpB){U*3RSNJiTa1;ah9O_<m3wl;3?S6LVXt<s~Kd7B!kZ6Pe%@#!z;s<#v=2NTE!5
zIU9zTC)`rlVinhWtfLmgG|Vi~r^6{dIfKfXt#b3sHYZ3oEj&%sRB70;UWMq1{{A#!
z&-a7*n!&~QX<HLpgz<(bk9|pI6Md4B#h9ep2y=Iz5uL)-o0|n+oZ7ouo$qbECI_3B
zRi=F=l8zu_@0`;-*7uyVFXB<T0qodRyK>>J$!>NUgfJ-cC%B8Zt0BpvA}afB^MG=<
zF)X$y3l|aYG>`mE^Vs6G?Y;3pbw+X@qzBuQ=tYuA)ZTW({zWf+hO6AeZ<)&3Tyu=n
zAxLYQpOIwHKi8Z$noxW=r(mDe-uRH_-G8J3R)~x4%*vG5&^#B+9+LEkXFg~rW2(<?
zotnEY*u9a5j_dbbqa96u#=S4_XO4Lc&&C-?-hQa!TQ!k?3*9@Jmgo@e6uD5<xi8CF
zWC2%IM$cYI$^MiCYf&*jgcmPOmn4RXw;q7qMEwbU#(7+q-?hvY-TD(JGMcXziIzU$
zZWr~C{jt$m&7D6M#swaiIEN6G(G}BNeARqelhE-$yrkf5vsyYGnWkJ8eFpX87x|Z#
zDG6=>R<>8S?=#YwiQA{Uk26eJzUDE|AKwky7L*G_D2~Y=eAM>8=qnQg@F;;`{$bYG
z%1WW++@rI)9N#f8n81~U&{%7IeQP!jzh^_+tsa5C`ySx3n+4CZ<d_l{{wGeSj`}Zn
z>2ZHl%M8Q}fGg1UeU47HrFi0Vhhm}^9M#Q8a#2bi@WUzJklS^O;Ze!ujq3<!8*z*h
zaJDSjMTs6ARl}Iti;J<IXRv;(=Gl9;!Pfzo^EAwL5|sf7Y+J&Ecw=-o&HRvCRatlw
z{a2c@M>JKb)aQ9>RE2|Y3FTsDsMpd1NI+RJ|6-15x$JP16sjQ3OJUNd4mM>`-u7eg
z3GRaRyRDm)5+rj-K&@Sn+#X%x?s1}1+iSqgy<x!;-Q|Qf&obl*l{V2R5_TP4KQ-6Z
z$}>0J+Az0uMXo<aMc%EFXvD})W|oTpWRc18_wbeR+cney50qF^FxF2EQ7xs0x1?$t
zewizyJ6*7vc<|Cm9lbF5vZ8`ZCnKvk#h7m~XSBd&i>d8+lzas0YzW<5Ba?G_RMthM
z76-Ke+Uz8zDR^_4zl(nI0o37uMahHPhK6ty^`_aE>8`3TCK;rQqB4&fw)gxaSYAQ%
zG+`Z;rJfzPQuu1s!Qv_{UePIEvUEMQ`rAK0jPyhKlm>~N3KCN&@-$pvBAlr4N7FOs
zxmyIP(xAhCP?C88wa53sE58>URl?Q6bF1BSC@B>_7ceL4P+)&NJUO3VovSZTc43J0
zLGMISf1h94bt!(WRJWV3x*$AvO6ZK9N&7_^>5*-Zds^3gNBdtP`Jcf4U$U`(X97bT
z6jGJS2H19CS?(W00`{K5riB4CZAWg$biwNXukJTAWc*>a+KUwRAF0oGx_3P%2dE8X
z&&$ZVvi9!RJ--tVI;?J;D;kH(?D?L?{vCoMxD~wqrvWIdIZJi&D6uHCl+ft<Ba#)=
zH!lqsD*Voi`Dvk3x??Cv1AFMDN$Oa-S;myEt@YvUc++oT+mFH=;GG2A(gKovExvk$
z)C1;ZAGnUTxS`;rHyrT}|HBf2W3zF+<A8&Xpq*<GOYXEkP|h1+|BPm8E0~dcd`_S{
zR~m64=hIBb0W+#E{qM%w!j5JOTuGME+sFJCyf9cZ^~OYa6DAajFCFwwlQDUaPAF*c
zy@01*F@gr^71=FaJ!@Use84P9YOW<qSb&lr46pQj_u;28w{<s>;k|${atcdhzJzKf
za~h}0A~&-&xz@Ukx4ww9JT#nSCZ;Ig+q@q@Zi^e@v9=H-U3?k-zMFnKwNR4JrA459
zD!V}pkFTC+?R+fgu6fP^t&?o})~<_j$xL6obo5y*est;n4^tYJlTc#YGpoI-6%w*1
zQ%sUpEKmUsEkLOemy{`P0<+N&6@EQ?({N0DBr4^KLLhl`1YWRAxw=OE>xi$)K=u*D
z9k{%|)kpp60;eNdi^DqqV1jdcURi&Q7WBIPnOUl%Ui4@fDppqz&Fz>ISD%xCfue*g
ztI=P$8Ho1*W@>iAkZg6hl4)5d|8b}1T7?&?&@Q`{Q8uEPS`zDXWY+hilAL&5K{~g{
z!clxxjyvQ7SSMc5jJ#F$o?uXIH!$l++2mgWKz!oTeXSo?*J!44C7wmc%-ZIKoIn2L
zgh8dlxJ7WBqN%G#hP?%^5szzcOm5@SEJ+i8Cf)D?7o}bdf4%0h>Y+~G_ZK~IYOmj-
zmw&IQ6yjZqX27B-p6i|Hw0Zqq2qzaebV)=0w#nrFPq$iY1hmI3FpqfS6l;bVeR``M
z^8L*V{BRLvuZqeTGECAZjeDJZwYa(a$Q-u4%5ItO<?YIJ@(pKmiX{!!H7biC(%>x|
z*tm@X4fRnUJ$Pm#+y|fC!3~q#f51a^Q~{cK=G)tUeIX`T&%VVT|Dt<*_v%Uku!Aph
zcNPAh(mT9?y#g?=faCt~1Ou?8iOHO`x45KaveAjF$G5{;{v{dEFWWQwUx2Uw2Us0|
z+yK~S3f+o$JUwl{+O{Wm4<``<DSt-lYQ(@d{$Cz_hsp-VwyaANhkrcke><xF`-0)C
zS_C&&pISgwwmA(+T@F1WUlv%7^sFct<8m;a+~hs@V_AlO(JI^~A<QeGPsBYw;^gE?
zXG0`1tHuD?n90Ji`@5@M_94z#;}1FG^pjl`fn;K9gc~Z@EL`WsAu8_nj|dj7W!|c?
zF`q#gA5AOW)FGs-MLxI})^}!nC>3+hIbD!%)SfC%4hRvfZ=7#V9M%akP=TI|ZgU(!
z@X=gaEPMSw-OmX2ED^#dxoG6n5xX)?TSoS5!3Gqlv_R~U?)7BtkF_rd(~Fgu!C)uS
z?S54fYrJ(eIfeG4{P5M(iZZq>kfBd0b~>5!d-XcK^foGPo>Mjn^KMGbF$SV(QF@S|
zb!fgdq{|Cj09K${43B=|g}DVF-fxDP#qb)HnCRM4(rRJ(+24fIg#U%PF?x;iMme2t
z<~Fh|4p%|DOzZ&9;AZsLLqmz!prct{n!)7{AZ{r1mHg86fe^Du_@TDgAuI_aVxa$x
zi*janC>LpPRM&(4;S{-n*4%z>hy=jH>P;*L4Jt23PEL`Z4m*tdUe{VA{yFMCj~Z3l
zimgWApaN^`roev+r$11Ek6)mRF-smglSe4?IY5=)NL#u{&~Zn_fNAkm{O~}>(9xra
zENdJTOoNs<{@BNBv5Laday2~NxB7B#+_oz$zfm5wUfiI0uBfv5OIh*r0#s!ZJi~-c
zj0!1U?6|8T8SF=~z^u&iuC*3a>{HI2i`(=TbWD#~(!j+Lr#Ub&7>AeLb+ciRrb|CK
z<#nOQ-pTpgQW)b1rA*$~_{)?7MPK8#EdCx(iB%ms7d_zHvsEhV5>LvS9oyr4G~hh?
z0b|ZBXT9<hRo{$#4wuGAyBEp!NB@9)2X$>d2>X@K6Xbr=_mfdk>mCI6Z`m>YEO%Em
zf_qS51$U=kVM|47H(;ovoCWIHw5q=j$pu4yd|QbJ!pM&W`R|7jGqVLCj7Uf%{qG7R
z)91EkkQ+04tG;cuZ;jFm`d$C<-4}S|d*SiP_g*gRhDZJ-$<mOrB_aAI7pu`!Lv2DT
z<QoR_2A*uT<#K6aIMQhr>aHLtfihu4e6ON_VxA4bE_uFYhCF=OUgwS19cF~XLwa@6
z+fzza@qEcw>tVNByyJ@qdD>(}kBr)1?+O^0`6#$9rH;Cq)+KDC4}-h5K6lu&y*R5B
z<#hs{1P}%Qy&KtC^vwU{(dO=6qPy)I2+!t>LixZ3-=~ZSz6;Uos`4k*tlsq~Apcg8
z$G(hv_h3tS2$n!|P0{v8oVQ3UeCVn>Hn@6aUZT9gQDKr)nci)Bi>Qg<4dmJmm7ClJ
z=Qn2z*RwWptZ^%~h^kM=*ty*7hjz|(1-07Gd#9#iY{NtwnyRG53~TmK>||Td_c;wb
z4K&oM@?1-qXH(->a8;ezJ;#j!Ev=?dS_8UxV-pZ3^E)iiyS!zW1r97S$~A8FbxyUu
zJ+%FhA6x9b&OcL*W&3+AOo+t##j3|`jIrN&Anf$fr&IWQTJmqjOENkO<r+e3pnSpD
z_0ssMGfTB91>p7$c9O;%seK?;{tXL@P*~(GH|V%qAs1Y#guO-0wuN@s!+VIe-s^7x
z9X3$p?cC|*7;z{$tNFZKelxOel|-#g>6UX^y-Ry08zVEV8(x2A!6eZ+dM3E=R$I<_
z)5K98wGIotkytu=l;|#;Hu`)_k**yqMz=yhwI%dCkIDu169R7#<CgZ)&TRwMjcOOS
z{dyWJYI)qqJ1C8Z_fT-+<|^9|9Dl>5>bLs57+dle_$U91=CgqODEXE|1i6yO0gHYv
zA8Rfdg&<22L}KKpiN~EYRx3lkC`^{yR2U<17z85o(3+&LZ~X(t5J1HOW%<Np8Rq28
zIKM4iitycu7iTRdD%8d>wHa6g7t2-^L4_RN;l0EcpRJf*AB=$gZ35JnEF|8LBL~WP
zW~Rh>T}ANMD()69tYkB5Pr8B~T(zVs)>Z4ph|e6LS4%5j|ISDnYZ!gRP+UB@&1Nin
z3=<AtM=?@xV-5XKMhc<PA|*sKf^Khh#yUEKLobC#x6i2mt*OaW;2$vH>cNDJuM&>b
zLey&Fm+*#&ttDh<$(I&g+o?QRTje_70AY7W{;&r(RIDj1cOornRPW0SfExx-V^Iwc
z4nLCtA3XclHU*<9nIdp4U#irs!R9mqsq9$0NBd3l)hFNUIF14Ru>~GDu2p=jg!x%K
z!Yh}pV3Jnskp4D6Sip5Gpr&NY0gS2g3r3>079j1N`>5QjqNLYjRiO_;?`I^hS>0Rn
zh6wG3Hu3G7In^jHy_U>-Rbfi_TCJYlvV5bkO*y*1y*FTPP1!%Z#(2$K2UWB*OYQA7
zcSbW;)favjTfblJc$A)QXZS^|_6%*w^8JrQN$bW;F$b-JV$FKkv&D(}(1HY~)KhtS
zanIo+BH20@%XtWkcNByezt%Wyj_|4)nOlvKO=8~2V9|b=vzEFD`&zU>d1x9vnHr9e
zvfj-uml?C>o-8NkUANn8JM{Q1$B?<<w6182Yf!x;K;9XsUiE5}<XHuWk$+wGUBL;!
z)+jv%n9VhpYm^*PYPH|`-XAIM`{o6d=-@AUX1kzbB#w%phc~obD2@%Y^>`WBYa_48
zk@5re>1hLe6wCL=3Y+OhCb64RKABdbFI?Ym1)mv)4y>#t1RG<0&od7E^4|Jid(){_
z%8S+v=+a<_dZfO)kFjhCc<$Fqbru^eH|2*Ksez-?+FizmqXJys>BI-sS8Uv_H`8TM
z$c~poYx$+md+3}qGT$mun;sUNFM3^}j9tdhl*lF8+c%sA`2wdr07bXGW%HsQ_j=cu
zQkQf+qaGOf)^exxckByX%^vKi=wz5507z?mA%;aeQ2T0NHTjSOSRTh+v`Bnhp$ntq
z#7F8M&E+&3j@3NuDC6lYbafiG3R+DG@Lx+gKUvFL|Fl7B^cgwd#$J!~ZiDi(vx&Q)
zp(Rmnkr+jl+%x~Z+7eFajQk}oHu1Jd+uJx}($Vm?>=LhuLhIYG^5T)rUcD;{1kp<~
zCj;W9UeNILJp*=LTv2N-mowu>@Z|&2xCg#s6aFf?QvU>zjOKnF^2$}!4qk1fQBDj2
z?9o2LS9&+G?o2|zW;zDfnHQ(WIDvTc7d&tDg?ENm6EP*x^4F@v-*spvLFV!bk98;V
zbIP>7G_Gw1Pbelm#CvvXtyRLHU28)G(oA2C{n&VM>^E_P@Ire`{apm@{$SOyT%PSz
zuyeUyY6#L+D{L)g?9Pn^m<JriTb_@Bjg=|9EQTWndd=S;9ySz=Mv~+g@t1Xl|2_FE
z#jSY7ODV+qSzmFB{P?7*qCjm%8N>U;@q*_VYvuZPLK(lqa?-Oz3eqC+jGl5;UD^M<
zJUHR>)x-aMh0+T0V3m)hZhkcq!LjG3lpLxx>eWdXcL>NbAoS!!79necN#P%njG%F@
z^pJ|R)`X64Q2~ESBH|mETSaCF786Txb8~Ukv)v*1r?m=COd%91-Adr%L{@KO5mk!4
zgtV&l4?8oWC#6dopi_+4Yb_9@r4iWB>h=rUS5Dgj(ID1u0ha;{_%0)A5m_B<Bsc*t
zlx~8|AGj;kyD~yVvU@)fBei*LSFi8QJ+Zx_2fzdTx&059XVA4NRfFt0I+k76cx<_l
zMTx{O2+V(^_kN0JT>zrq&S61Av*x);Al=srILT+R?Vkp)3NIIyXz|#-;@h4=T&%HP
zix;%}1^NtKkIgx0k=rKv3-X&mk4}9DF#i?i6o8R+4Gj&|)kAaMk|9Ck1cJEiqfOwH
zdtNYPVL)Q_?Di2Oz|ER!ag-*sL%lh85zAnThLn!#7I0{q&Y^bSGw-hm_d%G%0W&};
z1Lz4|IAXouK?fgmJhU*IyI}PzaKL*49Y6(CtF*5v>_g>d+h_jL)cek~K91g@<oF}{
zc4Fw)n}~~x>n*3KdCdN4&YMU)+dugv$8vM3Tx*7R?~a|cX$3K8OOvvc+#5*F5i|}s
z=4bUV!)AQ;>WXZejgwZ;I+-Zz2vY^*2j=?{e+9aq>b~_i^3U||)fL$N$@1h;+__+B
z#G2z%M?fEmW5~t;!cySuS(j`3Cr7mE>gs}kUKh*__NyFX4-#)}BaRKqk(Db=WSWFy
zd~x+zD)U-k>VX*lPEg;I?dNUePT$dicp%@)Hhe*w>B_i8t`jO^&ZI2(@{`sz;FNT8
zIWv8Ml2^+&q($&86avQ1QXVAtijz!%Ed*4VMYK6U>k<Q*<?>!b73OC<IbwKB>d{?O
z_d+()c7#S^4Q9vswwZeXbB@*duYSoh^3q`L!3_n8NZM~}jV=|?uPD@vxQJBF7C%7o
zSXiuY*j5NRPR^~Y-86^R0nBd+JO{s4jDc`Ey=vU&QhzXW;*zDD!;fC!V5(FLTM5xD
zyg1vJq;ErdEwA$mlXo5+`gWsugV8xG=LCh4n!B4~z;w&iZ;DI4ZfH3wPmxZ9{rZUj
zA&4KlV>o{EFldM5uWpX(U@iAz&a<wzm?uZU=T}U|W-Fu&7w%k82(4Ya>DrZ?ELB=u
zfyS?mZ!WEwlMTg&6b?bZcYe64?%g>u;~dRM#ih24)iLXlTUNkuzlh{z%gxlu)-?xs
z-_-7Fj~gOZjf$N8s=^$omn{eCrjuab+&^?}ubJBd+|rvjZ}y2;bqOvXQXJj*NJ6{0
zp?memi@n#B0q<6TJ@#7Nz*{*ZucH1uyKR;LZ3>trphN-g^!0-9ExCu+r~(kWYH7%M
ziQ>^RlWPe>o2+6<x0-ApI1Du@QYO|=u)5eyF;6yP9DXJFJ#NGqCncdri>wsTYG#oa
zE*2DjHHYM93o!`qzDd@97^U`xcMN;IiLN+LG_#fSp!T)~6Q#c>xvxyWc>@Mck9RnY
zP%w)*?+B=1k^t-Y(2VJnh|s8Z#&rS8pNAE&RsQguQ$Yjc2|(kX_As3=ZABhGqq*22
z)`E1Wj*w>L{;}`E+#7YuUq~mmYN4@;0$WzxNOuP>uiiRq(EPRSV@p?59G9B%dNd_S
zfgj{>dS<+e3>{|4VLi^C25tLDn^s|0mFmXZEf_`RWjm<6c6IgxV>CUfZWE4_F5!8k
z{C)i_ZEt<t0Gd56j3O-sx4fX%zV>Ml+UKNlk<Iev_W)i3Kq27!LqI1$Z@DATrm+dM
zDxMgN_K>p`LNc7yl9*w=OFZf3tXYouD|C;p+V<V)!0B<!B(Od{Au7FTs<K{AfHe3)
zXRYH2>=p~J0TTrD-z+5=SvgtRUY0dIT&kp~q$Fi<-}_hJ?`Ue9qAX%|MlMISf%UC`
zAL&0|HA9>Idi~1V+HI(P&~QS}dtya`+O^q=T9}ast%Y%%Jc9cuaGD^!y{)mvS5bTZ
z+6KZ|&3iSE{c`Mk{N)1#;WpcYh?YL$-gg){q30YgABa7D^)zShmo>#-HG>+r=b>l2
z2Ym47r~lWX-->P1X*VT1ae!Xaz6}ScTJBPC3xg%AT32OuCm{WqTS`i*z`CPD2c|6?
z;<55j4kxt55%bGTlQ4GCx$7iA-dV_MI_+qdZn1d}=(`-HT!rpT&RUuy52{p#Ljq=w
z^G1Y?)hMhd98Yp0l|ET#1G@0}c67L~)i!N^{89e)cIw$)BXUmDm>a#}EjiJ7tCi-`
z2c_*+(MA2J(zNOGGSdhauzzVT!q|W%uT@)6+;)1(YJLnP5+E>_^Ji}hsE>5xW>5Ik
zwt8R4SrJ>4-R0`@KM|YU<XYiXJxCV=2)k`rIB26=i3)z<Z}8~(&VpSF23wk$LA+>F
zF=5yjM{lItAw-=loe35h(Zc`@Z;?7SR$iB!cYbxi-#re(1`N0=xS^u7)W%X^_sri|
zS06PvI0(ZvumPL(ygeI8I58*t5zq#7`qX+Y5gPNeM>~ufR$=D?u6|6EwY#?+Y=OO>
z2js=;$vd5>;U9E9&HcS4*t?kgZN7Qxdhx(==)~(`eV*_c*Lpc0qq+}`64i*vf~s<T
z%kt2T;s>xJT61F!BWI}Zy+x?%-tChq4v>Jbn1ye{crwp{5WP$d^cf`ZysN+Md9%CP
zf?!qT@*<$+L$|;0x-j-TB-6qFoJx%70=|I0l=~{+fMA_sX0~OhnLFiqt=oai77|Ll
zmFr)U8<$#+M~Ml!O4p0kwiOM?Bvp<1>NIFsawCD3l#M--_d<7U?vm8<%E}5LqMF+K
zwihK3uXFbr@!tCHisS<Jb&pd;@m+5Nofh!daTaukbN3LFx8uA56IE`F)3T^BB+s6-
zj|L?%i}@Dj3rpT5dr2Al)>GZE*oFo-ONm$ecZ@x^t{D*3s&LXe$XA&qt0q`kc%#N_
z_@V<mJ@av~gJW*M^U5z?M(;XBQ(HHkl{a}z0*_QtW(b$w`6Sdwm50;_I)>dK0cK?h
zi24019&zv3@2e4RBhTxp6hmd`9$5+R_?#>l%s|fPGMYfI{2SXI5R06I5Ss2gPV{^0
zmOsxy3@<1yq;%4;Uk@ko$m%oi-ih5&ejMlr&P`qN^ot1|NYbRQsG#8QF~3=~ttr0^
zE;Xtb)R2VcMOHcth>tv`Nb+bQ*?VbUT7zhHa~3pZj7Yyik;Nq_M=Nbn@B6XN;i~BF
zbHC+?Q~`z9wls4cp<;+5pt>%1f^GX7T?Bh|pcfnt7^NMpvL35YRLdUKxly2CFJF8i
z;PZ*~FZKD0_f+b|uua2sr?neFIWvEL&r8y-mh!*s;5@#2#uGrJhLAGViTp|}IVOC~
z4MskNc@9XmKj2(5e*b40K*!9INDTXL$V7Bou71zj^U}a0wF_CWXXORMyq$l>NJ(vz
zZ9uXAJyHS6ryeGuTmu^eT+wx(KR)bYQ+Me4S=vr_q*I6@C~}9@2hMX_MmO&UGh<V$
zV92*(NO#mvr$Zhbo!+tF4<$3KpRveGN$`65B;jQGnJ#}ooCn17&p|(fu5It+#2<+Q
z?nPS<S8L(s{)_M7{Th0$o1@sSttGRuPQm4*@pGCHE25=01ovMA0xFmKEw+q|>@$Cl
zl{uXpJ4>Zs4u6lkLJ>gsJH5#+8qjNXxSvpiL;@Fa#0<;Uz?sB$U#UirgQ6plDB9Yd
z`%gdm<$D<SlO6zKK^1H&YNJV>j^*vzB4Om1qY=NR0}&BX6TF=lJ+J=!eLYpA<Cwo@
zn`*GTNCxZth*>KOlVPcs=TQE%Sp*QQlLn6+-dUMLGwme}eshEU%(%w^>TG%x0iG&U
zHkK>*Y&@kocmK|$6FIqBDR2dl6i=Vnx*?nWfzEFPMh<=sfi(CEvXhHi*Q73JYm4XK
zThJ%1DYy?K=YAztCvU*yUKb1_j<<9Cinhs@kgX@QGvaHYrwYins)#k=`0g?8D9M|S
zMz1H!?+3$UZM=%li45P9cXKx%nBqG12{FtYP0?&DR506=3NOA7sH^NaI$YDMKkY2d
z-+iqE9fuqNG>4P~HAxSIJ_ugPFG$*|j%S4N6~cuy40IY^EKUtbmZn%DD#nw5zSsdk
zklUekAa*D19ddDXUD`@&J;KuU=%2)hqWO%l<6ASODaHj~x-42Tp2{~8ZK%`T03aZb
z);n8@yxQi}E^DgzVXbOBHr8$y@2`c{=M)vSzN?0!w3E@PPz}V~^_+yPrP|amuE|`f
zh`t1k`S9OYkL-rc35(@nxEj=be%eM^)^NO|D?r<=SFC41sZ`ZMCqd(b4o?BOt%5*!
zGghgfYR;)hbhL#VwsFgG-2>nExz0>^5X<cB=(gF^n@{UCB(;>il-AHHb1+ND>t9P1
zc0?o<fn{$RgfN#%&}qTxW4WO_f|UsiZ=gs4N{|L=>eSC6ct2dUGH=MH0^5#Gn4?mC
zRs%r&JE);{0RS~X;k0;%F$FXX=(&FGf1GD01oca&&*#Vm&W|J*0lk+UVtejw>yje4
zx%Tx>epfFC1J%i;R-gx}#l*8BYrbH#fD?kWwT07?T=Pmo9!P&b5L8EnwXLj_X|7-}
z!%4KYW0$Vr?^5~;28+K**c?0f-D1?=D&QpYxP++K8Tm&$cBw9{dF<5AEDx)r{`~E`
zL7e^oFj3nCT?F^})8K=<NqK)(^VO5z7cRm&_O$3uBsm$uz3<j{CzN>%)ZaUv`hPq4
zL92<1iV6VaSTQ#mff<*RI!j{JFFI1;Q--~B-fqMi`_XRE$nUA^{Lp(%4yG6j@wg>7
z35dM`r~_n5;UGYYFLDC<H{*%co%brf-$JNe_f~-(K|oBLoP=fpJ+t#-LaW6ZJ8?R~
zdY|a>r%#{a#^$kO%!$6<{4<#6(s8&ZIFSJ;%KMB|I4@M-q_l&JJK7}mw>6xOlAdHJ
z73hk5x>O<;-HE6)6!{boPiY&1=#NJMFG~0Tz}9Uc^s&WlnbsMw`dd@2!n4wH!N%y!
z=_7ic-UT(p`^qu;o4oX-<xuiKqp_Qf!6exRfiD|@=x;{VhfIWOtqQxjxg{GN2+raZ
ziCN8u4Xsf9-BxnH7=>znax>_w8>p_mF3dT6tX0Hf9sT9Xo05U6+oQJpRsu<qo!pb?
z9SC+9I2<mqWH93<)jm^SWqO$PyB&!0b1BB7ok@I#a*(3DdRd>PA+?58B7poIEroU=
z?|EZD_}$d`#;!=g3!LkgYB-H;N;W^9X8yTfxj{GeN}!W%cU@6cHu<@NarJ@qVh^gX
zZ<}-F&ttqxx36iJi}YtHoQB_&f)$tI;YQGT=krwFm;Nul9NM*)xP%R$g-QgE&08jw
zuMo@5JH@y3Uy<lLqcdOx*I4cqn|1nhQqD)5@Ho(j;Nz80v2QrfT~E7zUpf4=8L5-z
z>4=^u0VG7#23HgyFW$~!Ckt1&IYtE7L&t$vjVOVn{{S{?!G!-nHl{nsMm3btX;<Ir
zM_QVOFb}Rqkx)0d-r=e?o_eJ3nz4Zy$3_7FfyqKvOv2+%IQpK=H#?nfLWjY!9v7SD
zV4Qa0Opji`(kv~$KY7$;J*4O>yC!2K$&bAW#OIEq2Z6GbqjOV#>!fAA{*#AIL8`uS
zebmE@auq=@)%=*bse!6cro})OQ$Q;JVZeo=mVo)isiEN7V*j<T!9b~`C_z57I|RU2
zl$Lfor5A51_?>#EsnPANqaj(Jm})K~4{!14?9!kPbR^$0`$n|?t*FWlEtYa|=!Wxj
zW8{W{@zyuugz8SN-VX@(w6wH<p4wE%tdWZ0DI%)Nb_cJ-K%q0timz>6<9v&?e595>
z{KE%C_)i*K7YR)+uzQpJ_+cXut?M;>P)SXNHsole3h0fW|7&1=Ni>7?0uG3u1Km7d
z2(|hH{a`?Q@QnQpnO#HRjW-q~tWOF1>54SW#W|6J0%9F&h$BFAO3Aq+JMe#hL0Pk`
zET(D8GHG#sZS?co<d~&NpkYMjUq4Antj|#O>&r=e?vdm_xfsbGB9{Uo$lic_e_aFc
zj+h^#F|g5du;Tog64oFRU<H!KQvrIw(lr0;_0OX_9Pj?l<JKaIB5pJ8I)rU{=(1*n
z^`*@DCmLHN7>mZyE!AbAa}BV6{?8!ZFPgQumUb@0w?=q3Ze9}ikYxo<)Jrqhn}dIN
zqz&rOGNe)y#xyG}8@r$9po_Kh^m{s1+P}?aac%^NyY1}kYKU!uYhkWyB}wK!NJtoK
zE4Ci_*+z;Bi>QJ9bBEHq>@nL*N_2$xR7lZU+Gd4G@Cjsi9&+~=`4Y<@mZ}Fv=J)_I
z;@8crFdBZ?%G(&7c!&K*Q(tqYW`(Mc4ze?Ti}YJhWPu)Dp*^gU%nY7j{n$o87OtDl
zw*c%re`dK@&$3BbgF@R|C8MYqmrDW)ijoDR*ZHh#CzdU4CsG~I6m_l^_v>}%ckh2m
zs#IAb1nE#VgS~rB@n2xV@?}LYea7S7^prrWj@uG<?VOL1K-xH@8M2#50CyJK#RGeq
zq|?HC9(qs(M&UxWsEQ*?gt%0(9NE9luz<JnED!hlul|<7wR=;bX3LD)n6FM3```wn
zJal%xEa3*Tjd2ih#C2QLe3_emz>p-3Hz{)77No|UP4)Nxvdw987GEyT7;}X^z93@x
znQCpM5h@E=ki%$~{9#6Frh6+{2pxcE7uJXkdU_><;72#yJEKLg2y&13n9%6OU7M!H
z?RHdgS_vhO)yhJ1in^lh!8TFx_d6>k^$X^d)Vj!*&9oez<rg*x-L>L<F%H_Dypsf{
z>57wR8vA0JHf7BN138WMtuzlR^>2Tfw>NfwI4@aRR$98e*^kqy8bbmIo72>7bToTK
z&uT6AAV3ZP&6EdNU+<pTz2Knk#1PN{56}w9Nv^;<hXMfdAnrNm-BLgkB#;32aNhsX
z57CbdXc2<0e!3HADwn9HX1)V5)!+UZrwFto4$OJqy9B%zAPuVa<VdP(9wPfJHOj)$
zQl9c4b~h5cd;<$faOnhPkE&@EAUa*I{InCcq&fLad-rD%9NBTquBByh)W!FAC(9vT
z6t-LKfq?nH<uX8oT=(wX{Sb{S>K_(|D+Bs>!@V9yOhoop28eGoLqN0ROVsnyfB)}y
zaX!~}YE}pO2{`h6fMD5%N8bhdG!Eqhpdx?+0@T7ooQi}4hW<|%c3$Mjehcsbe?bv9
zIjsekcM>fHxG_Cj09%!1$N3fD&sHVq+P>Z$Tdtt_C{Ikm@Ix7J_6{@v?tfftdFaWK
zVSwpkydU<tw|9?Ay23WA;kt!wUGc5}h~zpQmC-ORimvUCNqeBoj99r*YW6eDgbLCa
z(9&KloPWDU04#gtt${7@jwrO5e!U>az2`jYk}Vy5Y{gB-MzfPkH=}$8|2_fUc|xF@
z=bo@i$(=Fjs&P79Yjv4qw7E&wA_3C=jO4-+`a5GldhpTbljg%99hZ2>f*EOm3(!<5
z=X{>m!^qBL0Q5Z2k+Dp|VD>CFquQ(b4&h)r<_cBgBMPj%0Co^%$$4J%o&%@pZmf>w
zOLkYgXXn$G+Nf;bFQ+Xfl|%YJ$b0X&rn0qRduD7iVws5z3vgyM(m_Oeb4G;`1Vp4a
z1u0SuC6qw09K}c*=`En3^xj)QC4h91E=_|Fl2D|CUf#7s5`xcpPk*0tzTY?hIUzfH
zuf6Vd_v<cO4e$1_Jx5A-<iwNXvm}`a!gA2UcNR|`sFg@)BUH}@IflH?$G&XADBWOL
z-bZ1QtKaggV-hBJO(x?f<}pg9ET1NZNtV2b5ojg89(m(v=~z)v1xvg9-oB>7hTR8-
zqA78(CvDU)M^T&K+9-SBgx)%^f;TGanSV<wXoVg&1Q^uN-Uj!}c-LQjkxyXCrZ&!-
z{8rxL)T7N`1K9%5;R5Iwks6VKBf=><45OGGDs4A~I;>c>ogdv|1|Mn=PBSb?+IFqm
z+~{COp8Yp}4aA}k`2~RXo#b$qdjLW8>gwv?w%R0S?e9hAX4DFesC*)+Uo~ht&GH2Q
zcftAlC9cO<kXBmnVw&#y=}iRg77;R=R}?|XBXjk0<xpx+ZJ$iA=G>c{5_{K7JK-PL
zmCIcrfrXBq-ZGse7gvzYu~c!6HW(r`S?p)*{}A0mpGx(Zvh(A{Q2}apWm7NQwWlVo
z6mlP?zWMB_KQE&v`XQ=-V^Xnkx}<RJ+Mi1KU9II0vK$xV!*ShF*Hl&ctxTejnP-4g
z5p<(=JU@zT`})c?Q_GVcH|JgzzZ<z%BK-ZMTP*kNpai!!T1=2$3yB2i5VYr5Pv0kW
zk<yV?!)JxUs>J1E*xi(9WJX(ApGx0t%uHA5%*&QS(GZ<#-p%LUWgHc#P+8y7Wg;CX
z(>J;Ff>_2Er+3u_GeoKBx%g>JFh`F)!wfrgjUa~sl_)JvPTRVF0L!snZ%$oX9O&(8
z*GO)ZT^ku*r}#@a`YiWzIW47~y^Y<zoGGO=B#1aGoxG$G;?{DFs}>5JLozWpJrC;i
zk0k4~O>VbjYjc>=KN%)TD&j?WX2#fF6mE>Y4+}iaI9O3QeCrN!>?AdcojW`+_}W~E
zuF^RJ!3uuf9KFH5UQG{WSr5k1IKBuI9e9ra*M*PP2g8(FU>#?1c(0|LT#k4OBKZvQ
z1xdK9bf^a$^tH&BtUP7a4nTL*@Gz{s{{?ybE7HB$24i5LnRRSa2ZN&oINS<SUY^!V
zXGCFDCU?Iu1dq`P^MBP^f4}hQ<*AedX_M({7HkK}QK*|&a8~ux;YXmEnQ`>x;;x%w
zTkNF)DPd)|T$?(EDqXFWh(~?TP=h#a!l_7*ZICy;g1Pyeu2u_mR8~GlgZ?$U<2~w_
z;pZ%WzcZxU-<-ySiFP5B%|?~5eV9wkEuxwQrwxLB9KvBjSrE0&^12PEv_Igx7`h8|
zGBfluI4yF}y|WI{u%t_VLRQgbvhdhzi(__4pe80!Yt)&|qrt+xZ_IfY(vI;2(Ud-I
zF4^_@9N{Lr;<crM2J-4m{j5KTu7pO$Rk{wxp{Z3sGG86&kl^4hB1j<|!(D#u)g+7#
zR4=a9)lVI?m5m!8y{<dh7;EavR4vroFKNz9$=<GQ!cDbtCc{JpoSO*H(O<e3^Al5H
z(TCz2lR^(E$DmbjoYwb;?H2*1Sqd$X+rpDGW>C3u9p}v_#f_eRRrz_}{I=L!c);}0
zK>;4bS&x$lzlX41BA#@W@H4bMA$4RsxrPsOb@#kR2`L_&JP_@3G5BF2&rEBWoXiD`
z52Qk9CduiL?$Xr0V_iQLsKl(Datga877L@)*QAjyTkBspbqc5c;U)#=G-W8jxoeon
zHRdxxQVrV5m@@QNRp3@B-1^1zH!v<~k>{q3es~sx29$-{*{N2uCzv7-8n}(>4cfB-
zSv5QOpRzHxTD0I+9BgeP1`{4@WasC<Fc#ZXy+G_bUSli25&3P4Fy6#;Ov%kB%||@v
z_;;+_W%x$h3h}VGGh+t>Q?r#H0VD<@A`OQ-C|rVfHarlQe8Zxp{0%X+M@pU8_-Zny
zV#^AnE0og<xeSNT26B91c?AI4k%GC@|1q1==q2|ACUJzZZ(8}LK%Ih`5vWrDGTVI1
z;8JPX%Yld|M-(kfJud6l7UQjl-P}tp^siEWo=6CKIEQhwU&aOc#|Z)C*!4iJivEE|
zF%y$+EVulWFQ-G?%Q416Aizfbw5qa;Rf1A=foR}+su7l5MLSzZZLrx+i8v^WFY{_K
zV^bCw&!7s3G40k6-8r4g^7H`(V7j`^^j(WwTtw;A46Nx*+%cJoP-&Y|HOc}4+S*%c
zr#I6siB(JD@vnwAgB}g6mc(lB;IEi!oN6rG==mcSowGLmQXO;{PS1oZET3^L&O*-C
z#h0L?{iIySZbxhB*}PF6lQ&zr2$;3JIg@(t4_R+$lnv{5J3P$4St{oaU&*+hh3s$(
zCYV>(I38aRx1Gph10Ii@Jb+TW;6jdPYnQY0oyZ+J*5B)j$#ZCv?#-zwTkSI&Zz9VH
z2p~S?wM()bY{?<r0p`-JRO`^9fx;Bb&=G(48z!J+{_0HN+1}P*wAj0{)q&bXN`4L1
z=n`C8b5_7*@1~6-Zn`cfqS?yws{ei^@RiTA^^3q(yuf|>x?kki$~7x1jos`zC<y<r
zwQ{vg(Y?b~pNfn;7~TL-s^pK&CU@DNe-b|L#{9q8c=AH*avQ4g9n0?ftA63uHKO(T
zF&)azZhCw7n8YzLmKXdkta#$Qhl(sfoatlPox0L*&Z%ckIIgjndpI3}JeTBK*!&m_
z&Z*2eq<N<7L)_+BPU+(hVHDA~C36rr<7JYlRA_pq{Uw$7)*b%MVr}rws^EtiQw#TG
z_;bA3nx_TwOG0sFA?sawl-lDW4Xf*9K9=3O+$pS}H5oUF^HRn6);A707}FJ!d18{*
z=}R8&CmO(kVG=i%ds=R$FSNo=cs5kh1G%h`7``~%nzs<wjNUz;8SkHlnINy~=$s4b
zzTkC26Vy*Ao^dHm0va+h?tf@VVNq>dO!+0^YeeSkB7v}i&XbKC7<*~vBW~1WJg7++
zBN1BFQ(Y53QocdG&!A2O>0Qf5tRh=0OQUF_eAqiS`uHm~&|_^<iPXb+>u<Wr-b)?(
zfn$5ttV6{rh)A%LM@dIcNw;1Hblh`Gu|kz9B$%@7b%sUi-#m{AE-P1k&z8Yfa(gab
zC^0Z&HKzC@DaPnYjlgsKg@^R0Ko2KxPRFIySNVx*#}W>VV#6fS*K_X|AaFW!j;jJY
z)QMx)a?!KhU>Tm{w<$3+_McVK2j6CHv*f=h)y|gSLn)4Okq(~8IOjr|%izw{X)e6s
zaWwG2b(<1Pw$8SavKKWT@8kV73HP8V3*;b+=ff?m{~bzYs~*qYt>Wppv_NaHX4wfF
zm2Uj(9H8coti|GuYK5{V&`T{qa_N8BRo!Yj(=3Q_s4SAtX^~w1l}!)gL7Sey+IN3u
z8nC-npw`vrEPCLt882H`3#2@+Kn^KnBBz_Ps5cE-Xb5zK7oFkoa_EX8i20y+rZVFh
z_OGk5Y$~<D2R6yaaF#;cA|A2)^Q0aD$zS#(AeL$C5`a@{nJbr*+%<MZEd?&^QfFo`
z)MK6Mz2qG{OtPLzcweXBX<Kn%@_Z>4C_M{vTrf%VAZT!!zk*4cowl{nV)1vyJ>Z>~
z`W@GJa*X8DoSH9;bzBJ?>X?<*vr33M-C}yocJfMDLGiPi^c!}A?$3-TWOYhW7OJc5
zVwSqB8s$C_FMXp#`I39X>ADPKQB?=~^fo<9F$$({=EI84H)IWRqP=CgsP%(Zj7xci
zmKX7}B>IM@&g8_Uz^JaHLLbIcS$5a5aF%E4fWjbZIZAqWD1bqguM|0)c*`-te}elD
zjjH(3sB@+BiEY89qlTh3a{(&0a^lCRJVwsAiYLj&nsSB?%2_e8cYNRhg)s`GEa086
z1d`@nsl?$S1Dqm^ZGo=nZR7IUIe&={5%PZ4g5*TFb;Y@MgpiTqBj5*j576!gCL3(^
zOO)9aC?+VdCMzLv7YnLt9h7vESVC@GTqtp1BHUTYP$d`7z$j%%ZNkEzJ7xql<c~Pt
zrK(Z|(lSbB-{;4UmIUo0k1xkc9Md$-i)x#E!g^HWCJ#`gqkOBTs5gnmmeVP|&0<5l
zkf#BiMIa|?mW+@c$#l!BJ4|qK{K?<+M4<b%ymtd~Wq1pjo_f&D&QvPmd~l1@fB#wV
zRagtaAgGisbv3TIDEa?kyKhibfCc~GYr6k6kN^MC>0sECPXoNn&e8Y~jU}#cS+;#I
z3LeHUNrRf^rDTVPxV1APRyL*>FfpL935sSR(3QB~7OoOB7^)+^2cCH@lI5>^hv1zq
zSA;GqeT!6<70c-!Z!Q?xH4$g1I#`%@Ot=dqO^_gET_<fFFBmaA1Kb0H-;q`6*%THB
zVSE@yxl;ORY*ikCL<@vU?#&)3UjE}nF(MVEVw)ALaB{GkaX^j*x~`?myRA_w4aGs6
zw~dI8b=Zc=RFffAShxe!)8usQdjr=)-eS*?yzAAkGxyN<>Dh&apT>@_U&lFB%+HCr
z9OM(t;#{}l0nxY0)EEW+CZVg7<@mYY3DqL})V^E6c6Re%sgeWDsCDNtzIRStI_kOd
zeZ|^)&lP}?Xu)}*lR?9S<+a-4dYDhlf&C3M<JMQ91GvyW&@WBJbt`l8#uLfTj%^;#
zR#gWHuwI?YrV>!{o8W_*vn<+>L#1mWuWJKu2#4$Hh<dB)hIi|af<lq-T!W#~^xiPZ
zy>}*lF3H*%&mP?oFV-~Ozv2I$xU8|0OW{6F$22jHwk$PI51N0OI{A#@AaDG^cQn`v
z2x<LWK2A=>`}+EFCk2AckcFbD#fOk$pu-Rw3zN#1lY74vL2Txr2GM+F`v2z>5K*MH
zH5}b|(7TMB%zyTu&r+cx*p?g4o_B6)(@zZgqNXZ04w@dz&=Aq42fUbfx)E@vKNwR-
z|D7MRZ3M9L2D?Q!w*5)o`j10OXWqjzW&Rj|QHsju@@x8){5L`pL%%<Pw(Ge(yqA17
zfCrgTo9rze>-%Qa;?yPHZhhr%Kv5TEUS3;R56hkx_BpX7={P`BfY><wB4eR2&_e)Z
zvUa5LkQwDvL4SSbDT*;!ERSZ4_jHUnFC&%Z^srI7jj<v{ypwIz%)`Pb`nFu-B`oRN
z&W54j>q$?0ip4qtu{Nj)<-s|jd`0gaKia*nOo{cmh>8{fkiEA_?JgT47x04TK_J)b
z0cmcviTA|UQ<y~i&oq1bsEKM*x6y23`+RpkzWGITy~3$=>OGHQV#7myR;l<HJrq|n
z88<yMxHgOfXr_sr-8$Dz#bQ-DE6&wWF6Ontdd;bJ*3n76i4va+Xx>ro!c1S^H^|4}
zcO{Ht0|ym`E!P)F8{g#)={C0VAiWSFn=W<Vbuz`BLjV3cae9AF15SnZPBxS+2VqDl
zyDLl0z>F$vlcX0bFD`v=;4+4)I{)WlSIy=&5~4!AoS*e2X4e8+`is%G0YNE%-_pgM
zWdWKmJZ+X?(V+<lm_au0JSiSyYTJ3eZN}w76YDp@>$kYi`p7^&{-tg9SHBJIdf*X1
zkWsAO%vVYV#qW_vZ{M_|H#X*ZO!P+f<-h8mSG6$V;o(gV=W2K&R__kV^n=JN^8q3%
ztIz2tn5NUiVjJ7<TN(&$QyQ*9{4>aK`KLbiv!ZdC`t7BCXO^A#_dsY#fJ)0P%2*vF
z7uNKLQaEX0Hu_oelh70yuj}b#ZHhQ(8Y7IDE-dK*42Q_*Z5xpr#yNhK5SzW1_&r=)
zCEZ)2pLK&|AAv&P9j+ZkKx%hJ*LrldgP9g{3Gd5lM%p874C3x{CuMgYF6{lb1m7CD
z`cci7=CIQbskz1u(hID{j^MZEY3|a*^prNMRNnCJ02?%0Yr<~ijb512@s`-45$1ui
z;*Fk4Sz6FrZhKU+w;^@`lQCAFmsH%UmtK(~L-Z8xxty-|vues!!kEycp6#c7R|(H)
zR)P8TL(y`i<H9XasF^Nt6*<jf2~Jn%SGu3%$DVSKc4-ab@gG)+8T{>BwM@1u24|GD
z5e2V~BaZ9@WeK`pnh;*Ep9L*CtWO(*INIPrW9&qdW$80)-Qs)roV?D|zPIpBmG|Bn
ztE}Q0kH3%m;$_Nh+gx;e)y(uL_Ltt<SH!LC1oe|ZUe+l^>E+M!6L$;rh;~j+y~2Ou
zW7w(YS503J@Z?A}iNSsKBaBW2NT=$&J$zcs|H5&9C;2EL2Y-s~k<e}d5ren&<lcJ&
zFiZYDv$m2OFF1r9`ugLr2wp~(vHlsz97Aw3S_(;HC;TvTt10`Ph1xop8QTzmwAzf(
zB<z8jJD8Dea9!q}O~CU!fU%`|5CN?;jV89c?5K>c3g{~3PEqt6X~G`UlOM5djPeKb
zACG@K8N*21@;vDN-i>&UQ4MhvulPzPiIK&v|C9K415%8d3XPpPKYeMw%}DB=ee8eN
zRgF<%5%R0;_J80fp&JKP;)7Ox8fQ>p8`8=n0v76i>VVXWU}EdBLuOkZ=O0)Urv8O1
z9u3jWPGV+?Zq3rejL_0OD#Sy5BJ}i-*A*<pGrWRyIB2H6QE>q+K06sE>{smoQm6M#
z4NZW6m-f>_w`4v2p;kv!+(VL60bMWAe(Vek9?(!Ulh~;ZaB5?V^`Hkt9P*-}A5_f7
zmuA&z**KkzGO_2h0)(CjTWs}G;SHlZ0jKRVT+ML`_NwC@V`Yx}=Q9(JSeS_98}u9?
z6$OU^dz<i3i)pO#<lH!=oIWUyaEv$4IB=+0UqPQ+uY|j*LQwZe4CoHA%v<`!J*w)(
z(>e=k_wot<^^(sWxv(QK?mB1bQ9Wp#7qD%m(@HKYyrSGAnR4sRpa{+@vb986eOF$v
zhGp)#rG!I=?2RoYDKRoT41RwfF_@lOFeA_^k)791xtuOaa-tfTF8e-6W%!I>slQOe
zM~0vvHQ*i-_syFpW?PpAXulW=_@LvQ*ZR;`+v((Z|NZ$G$s&t$i^)n9{QlXoyvdR!
zp`57Ev&EeAaaTdk6&Q|8sn2#;(F841Ea~7%_tkNrvKtpvPCOL!*ES*I#}^vKN{X!5
z^k!xw4y{Bt`J)eeW7uMCxZ#CIw2zu8k3E+UfC~Mg*O^SlYR;(J!iVw&t&>Pr&P&nh
zS)9i+f)A-V2sRtE9==X)OdLaqM+ewjm%g)pfj*2nxuYf2q-n9X#^lG@km9VYACRC~
zik8!Z*6=5O1ONf%Yt1_hG$*-Sv*EOgvr$y_*B1J4zrZkX=9O*9?OP#pZt3S0NgZs#
za`Os0E!LgQMKx4hYu;#0EgSXJvS!oPJ-IEGC$cj#c^)>!d5oTxp^1HfQh0Z%Y0Una
z*p0dt+9~rbT&>3YkVh6H`umTaCBHs|qsJF!prUVPx@+@L0o|ui20E&8GnWKi{-2ik
z|2KzB@)vC07Ux346gvF0a86(-05cxYn7_#OBdv^zz6+}8L^yX^C>?BFVAK4wr?uNf
zOV8(J1!pWOa}rpN_%Zt}_CQE17}fXlb264=!rHvW;9N+t2NWiUl))Gp@~8>Xpw+9R
zw)j14@`g@TTv1EzH3FIDbc5SFa}mDJzy5~BjWT77>s~1L1wG{jL&9kOd&9l<{@fHi
zF~Q<FX!20WlI>FKyj}F(N4NI`XcRu(J5>d$Pp0a3w8R(vArLs1?WVJ8@HXR2mv#$h
zR<OLwWL|eP*>!nBCS#E0?)PY567WFbO$TqU(Qh*5EV5IABTcmz1U%H!jYlTL`0?sG
z`Ej@u@#F0czH!y*f7qUxpUj<99z=Fcy3&J<Ayc>_?=*R|{5ozebp9>qzIP!7(5p&f
zrDoq0fg;(}IlyaoeRo7LsUc>(#J^F856Xf$HRKWI3<$OyVwV77A#zzf+gk^8HYqr?
zR=CGr^1rI>K;lJ!n5G|)YWd3T2+Vo|fA~;K?)1#7mcWsHOK)^<W7JOc2dkxddN?<N
z`86re@D-MqwFAN;a+h2S+}ONAbXC{%+CMi$p>``9as?dBT@a-?2Q9+C8WMC89g^p-
zMY^vvH4J(Tf8M5`Fl%DG+S~W53H$OXVYL9>Fm$hc*Ok*n<@aIBvDKV7UR;2;j&IRB
z6U_KS3mG-NHtr|(j%tR&R7B&`-_C=V9A|R>=OuZBI?nT6PUfg$C?B7_31B-Pwh8Jy
zJZAmru;Y4|owDsABZYU%9hX-o<MGr_zyA!WjTYh8S3|qy#m+tT6|U1aSN-mUAR_fJ
znBbM!1!xo2o-Oeb(Sm+l*UHn@R{JWzL$(I5Z37{Dq8J4XXfX&WRy@Ib3!D{S7UA9f
zuyBqfeB(Y4ySVe>53q$^6T|7Ihth6Pj&#%${lkXtWPW@jU#0QS;B@)OxEs3t5pWPh
z`p+(`z%~pS=Eq+jDa^kEi44&Ayn%~^dQTw-n)xfh`JkoIS?&TdEB@pE1X0D2k&)es
zwI4o2(L(koAJTW6R_Fql>c<RtEU^8^$y{d;3|Y~_w}R9A_0!)V36C?OTYt<y*|6#U
z*^jOCp^Q18#Z3pD21WsM@xKL?n`b1iy#;pEN6^-b;T74#T>q=4mY1PCd=!WTw6Osc
z{b`lb48%+_BYb}Zc{=F{r%XApo|#wpF?=DEblf4<fKODxd$NA80`ZYv*Y0EY0;Zml
zds<KIfVrfew{1o6DechieR=aa7od_C<}x8LX;JI*DoKt?D>si%#puqvAkf}Ohl;G$
zl<bO>t{9u7h9(#>r)uL%0&Ay0K%0XwqjGgzYRVhCfSh=&V0$u5SJg8&+R&*Jt|lbO
zePBm%5#Hive)IP+AYHeg`GDu9mhsIJppMzHr6heV(P0I9!$BJdS38X!yHgv%vg4oK
zh6kuSwat<pRz1>gXR62yau+HJO!0WOZ22n$TzkmSsSr)BU;9K9$e(LbOT%<c^5(4P
zRLQVDqN;$%1q_b4W^_HmT!9U<^`HG1bWXm*{BX#OR;$S>E?}^03Y5ea5=w<iHJR53
zPO!)mP=d+w`;aaFAO9!Fe*u^W4Xg;7>}iHQQ@TNXP`Y^L$e$Fgwu;e~<TlGDhv?;-
z@BOO-=x>})-@-WuZWk4nW=!?HdBS=Q0*hLfUPg9BX|PunN=}>n><kj!yIc4N4XUpa
zz8zwmfv-7v5ss7Ho=K(bnuJH22Q?@E)B}eATF>{`z)zgYvNxCl&yIsp<l$ZMK+o@1
zNgo)6syMMKovoO3_hL*8+AW_WZwHt}8HS2&FX<}kab7eun7rm3?v-o&<&P9MpM+2%
z@6-(h<Iui=S5ChWTDf2g=B(P056ue?UTTRd%~eZ<>PRWcR4?_YeuI2HIWXG5jB1of
zXudFe$fad^U^UATsOF7@SCB#&d9B10dp7hv8qPwy>*1V?BP*sxN?x9wnVHY@!>#54
zJ3IAqRMJ4Fm$FJ^zfJSWac7bkwxNB|7f0Hy?bSbex`pEYer(`PQ);V0^W4uyqH##-
zAEOrb?&t<B7L)Yjy>NLzt*>t}SsMcdYZa+E%IS(p&4!h#En<17wj5t}Rm9o0yla%%
z>wyKsE5R1?JHsRg^u;|2`Vx7jz$`qy6?c34Z)7fFcC_i}pckSa_WfZ0Y7aT4`xpmb
zfAut6O--@?jz^pXxEbS{d8@GpxT~b5CTI!GvpiGZjJ;`5<L)OH;ah{8RabfDXI&A`
z3r53Q^33_e>Tqu?*pyEQ3V*PqNS8?KB;vPSgwo*V;Dxha#ke%~@s|!5lS!an)r!;J
zTvxr^+*QV+p@O?<qQl{cU12hQB-1&%$ML{ND-1dsw*N=EZMN%KCrmVykq3kB;wk}B
z3A8Ft=;F`t35*&G;7M#dk5RH=m`%T8b^*V!bJH)_{|%foW79a}{6_2R(iZ57fJd$)
zQj@H!uTRsibjz0g3%y<xSoYhD=^YTjqj=@JQN#@l;yrHk5;kB{eoLcALCT#+<RiWF
z7}%&g%jtF9;9l>7Su20_;@7W1gUUhMWwgm5P>lw$5@Zk3pftduNeH5qx5miFE{iRJ
z83pZ;Ce@YtN57+&tDOZpw|(|gUtE~kBP76gM8X_4Z?x~#bNnjfLJwdPU|5*K=6&rw
zq0DTWI?IFD<^!9jk#r!Ht!y~Ck?peoWWOKI>~uR?Wk>+6lG<Id6+wp;tU)>}@77HL
zTn}+pp6`}Sh}$j3!ibE)3+s=-3&E+7@eyk!#@*|6xP8WX8!zImMZ;c}3!c1gns>{^
zv{C=POl!jF(>i%=1bNMHgQoQ{8P(HpPCdp8@YBX{#ek@~n(usC-<)x=cwjE9I}bas
z>w`*TJ+5U!NMpYS>a4gWr#UvAg1vGWnx#!~_e#@}4Jl?cfth=*N35;zDVVJHysTX7
zTGyF)Y~m;jM{9;VWM&LJb`0%H>uPkBFnFHyY<k;J$Fu}0439haEobzkBtk5$8rvME
zgvzWP2(iqoQ^oa+XMVeV5B*8>JWrehnm9ETzl@&xbY3N<k{o^bgGY$5QuzBGHHH0t
ziSs@Ea5cTWaY@VZhdN2)c<JaSkn8TO&}+I%K+}5bs%w7*HQmoOaMJxcSDO}J=3z@!
zVtOmQM9Zu>RBvK3T;g+LUxK<A<_k5u?roaZ@{HUe?b}Hmz=n30oK0`DS*_Ku$FvFm
z<j7q>YP*C{?V4PUDGp=(+O2i|(?;)Rjmx4Y65`uTZJO*jt&$|HEu#iTWnLps4hcrX
zJ3(dm9DNGH_=9!#geLuUvh<_P4dQoGI7dkDEb=t<q8z29K@bsiA<1rS*Xd9B+G^pW
zIV~?b@Sv(SG5vQ-#w-MVZhkNeA*orxVY=f%WZ#VT8I~8b#|h(uBEX1;18Nw{LG#!y
zfT{`vV+&j*yaUC>j2_^lA;tGDV3ujL9GY8b|8dJ#kAty!%oh)=X%bSUI^rlsO3o>0
zQ$+lf0mp{j?9aAPkMF)64A}q{=_^ip1N}cL%>VpJ!G0caD@!{tU}h$0zSc|ZEV)B6
zTp6fvpBbsCdE~w~+ljFf?K%)*2n}YJMD~!tY$=@NVty1D)wj_8)ayzHgp_(R*b7E-
zN%z}>UUYkCfGcc_(OG^}EEG%^Yyp#z<z2^~(x@}sixIyDERl%|vmza4&4I4;ZubN~
z02vBc;6gi3fTm?PFmI`Z?@XE4`fT$_QDRFv0QwyH!HaRcBz%D8`NrbTtU}Bpo$oBV
zpyu5eDHH($2fciQWG-$YKF$+K;tuwXv-w8!RDx-rJeaI=U>-w1U;Q@eUkM6rEgM+@
zM>a~tk;K>)Kwui#@qk{Wl;D@DoZg(DXxRb{JL`L1nFX0DS}&}uO*QPeqaaL}Of-lh
z+$(#L7d2L+T?E-E&t21DJ_-&BGw<%9n)B5i{h2+Y=3tjF_*C=DCpw-pG4zoexqI)~
zLUNC|0Yz@FOLz!BV)_+eKr4uFg0XhxlGIs;%3@Pv@q_ewDjqP6$|Ncd1+Wy3yH+a{
z<KCuPlfMg<e%jGXqHI4GJFa{}egZk$wX1inEY*XI9s$swmKeLp@V(W{g-XSXj+3(2
zZ7;`(DgLB9_*n6wp1GD~I`No8t5GXVy(K>HN}i)<ysa>X>wVcNFz=&lZrsmBP8O#k
zfS7C^&EX0{8Rt2cs(@1ax`bI&V`<NNOr%ux4l-cz(MqO5ehPOpoqM!&kS#Xwu=b#w
zSg=gryaeKNd=WPIgXC``7S8?><Jwb3Q}fYzHtluwmp_j=m*8dvNWAgxiu^vMxg#a%
z*rK9@!RGOj$;_1tv%QO<RMh45ZCKZ*RN?;DS5&zGlw5@CTOQgh9w4SQ!9H2lT)zzy
zvy9i(0n=;FOh~m>VmyDeC`0q|a^tmP74`O!Q;v%&oz~{+!b5d}IrgP3$xhv6Q??wd
zuNE$f_xty4Yr2K9S153osU%M6PX4mK+pFohX4XKtdz<I>XWu}&R?qWC=r}I@(m|G}
zRah;%(ACbZ|7B(M`QX|(<wymf4>xj56=7dQbw;!`eSuM0L!Uf3gnNp50+?jM2B!U>
zHh;E#S}I3Wh7W-@7bV>WB?^^oQXV7z!+>)B)7|evx}VFpKtWP7_QuBThS&*=Ri~%~
zx_L3~j*hek_62_JK<$9>NSLm~OBnIHN%?o!-OZQ|e4wN2Z67DkC3f$_rUrCjuDUT|
zO93yR7_iXmN6Z)IwVJI708?lNe_u{2I+68b#uz1jUo1*3(!jK%waK`&m%MjSF9oaR
z8t=&M+M{l%aLT>6$En~QFV5b3!l-Lf77TjRUOwmj<K{1XB-4k9?pvDfUcAiBYjdJ<
z_C=e#j6ga6<q*r&TP0DaZY;eJ)eo9@P=^12yAO-TsTSFGPOX&%U3M)?UYhIete@LS
z-S@qEP7^dm8k|luxzB0CmXE?~&gcRjl!$1k%xE|}ScC6f_d559x+J}$s!hS?(IeCY
z3OK~jBln)G^z@3^@6ZVckpVd7FIZkww#9ahR2lYuj&)Un7-m46zbO4_iGHw)oC3oL
zopM*BpR5T?eIFt@aKMSG+j3s*aRRrPLN;zj%8eX)Tmo%reC9D-ZXVTg*$Z*l;38#~
zL@%5bURxr8Ay-W*569^p?0Z66(95JxZ3hlvkBWx+*ME7rxWCEw&+?3qqoGNSJ!?(S
z<T2A%WAy-Gu?Egqgm}3o{gqu91-t~%`xgkNVFAh)M7k>x_j~8LY@*~w1T(unQn=C5
zGp{2Jit5)M2JWQWlkEDSV-SFMtSpdA&dYdUv^|aXF<Jh&zOq>Ds;}hO;Nz{<c%`Ya
z5n3Jp;}Q#(Np#K_dzFKimzVkWRccyXs(R+&nte|nCse&TVib6leox7D4-UkosAs;^
zS_^SFK$q`lr$dSvsi~_6HXC}Ae_*y6?rHxsql^SlFn?oYs$tv2o-=!c??qi@b}gP)
z-Ru(Ha`|A;!3*Y7+S`X64PAsFAB@V<^Qx(Qh@>`mX5_rFu`!v^FS$)DB^yuc?G1j&
zEXt<c6Qd;)`VmG?FLYDP<Q{kk&ThX=@CV)eKd-8ofrqAPY0I*if#HF7K4fHodXH4g
zMdXkjx$rrMNwR4iKf|*~uKPVy*U}9{S!U<f>N@OxiBd6h;H^@>=JLj1Xf7xPQw_Bs
z3f2XF_~cA<Wi%>2JDqTyFtCORmf4jt9dg~ZYf<{VgJ*OyMffEC`hG??2ly*(Q-{WM
zl}^OI1kvkx7qN=M`7zN`nA`fA)JGoI^AU2|SE-ksa_<=8un+s1Qjc3KYXq}ZB;{4a
zzT=lM;hJ4BAOn6N%>_!XD>7-@(q`y3TLOH;>DHuJJ`H54bN73m4?1_X-jB6)_BAC_
z5M;v6=rMDQ|NSW0Q|p)RI;Hf;_ZD&;;_i{HN0$oZOu#8`yj7?h`El^J7h4qKSQ-$!
z&T3=^HMCd5+s5;S%!&5;+zA@OZDsFa6p8d7M=r#6=r~B>8oWZNFGx$s!tpP@TAAq0
zRMcH^dFR^dx+}rS<$FG<z)JVUb&nx`aJPk*?^~wEs749(>rlw{6N#a?fwfEH&P&#U
z>ZgAwS-vx`(HU$%?>u6+UimTrIB?{l2#EN1=JU?w!2{fK6sa~<C9H?VYf8y&tltOA
zm)bJ@f|LV#+@D)_TVJ-{6%*~j9o%NJOv=436D_z_)Gk8LJ)QY%EtHcQg~~jtq!Op3
zZ<*OsoD{nl4dxS|a-)r;JB`j6bh33^wnko-in4lGtu^0RK-3ty+_svJl&tIl3nj={
zs0*2MPNp1EPCcFSa{j3?0!7MU0um~+5()lb)@0!O*J}00u&s*GMloD@VcZE-J<CH)
zJqaTpI!Rd{7H_E@_{j5~Y`08#5bv$R!Mvn>wocM6*=G1KZu5TUfK@@d?NLaMm6&`=
zcV+MWTtsZf<WU+?!d2FE=l90jaZ*|v>JIat8k=r2yJLu3KD|b9=c5ywJ~6mZaj_et
zG~6Ol6+>&X-1%q_#BQ-NuI(yxD!{)ylkYFg3}OB+@d(%;03ePuMRV+_ClCl=m~4NU
zYZDu7m?uaXS_@8n`0#;7NWjX=dyN6is!5Dz)X_$0W-J(66c;JwGWQ$m_U*cI&Tn?o
zfO-IW3!1v10~E}q1atkS0b6Qh&6-^_+kN_r1aObtM{HHFzeIQKJikg)7i69(Kw+3I
zX@hvQIy)?iAUiBg^K&y*xQT!J#?)Bz&~RPzg~py>Xh6K-o(Q8j2#h-(uG2`_{!EQ_
z{&ql=kPFzo!JnRE0j6jDPO!uAZ3Q$_Fs%>|07hRRN+(cARic2XN(8tmBXr_1IyD*$
zrlc#-S<x!-|B1Ct8(JP%<jtU+Mf^0Y_M|+(0Rw7UQ^U?@pvMv%5FlO%s&-5JJs>0f
z!I~9q(yC;of(L5-v$c(Ei485|7M3oaIzvV&=o?-)x&2Kt8_iY%gJX=1<$-Mjrlww3
ziu)1FNdg?DP?-1n+ae)D03wpwB;-oi_qna&)dB7Hb%3-xsDq=DY@M}w)KV(=E85FD
zn$+(2a=`@aj&u$D?vdr%K>mcSLwb72^joybkG+8uX=I+@=9Cyi!t@LnvH)JHG=#au
zr-%->ac2Q*l{9@S&BOihn|PlUuKk4u2(e(Bc8fkILcCz@?G|nYBPS3*mut0e1Z2O+
z+v?GQV8%Jk4au|7w|Mjd-=nTW3Q-gUAcO?b$aL*5f826D+n*>67wXGhJ=pqL*j0(U
zsi)~z2r(ris=`3cR&$7f>10u9ZFNn2%IVxoKa*!0i!WlRM+@becR#>_smA)t+W@kj
zN&YQ$p#bU;Fk){c#ln;**EI<JvOhF80mJ6A0xx4AkQOFk{RyctbFJrPd^%Z3da$Xf
zLW$!2xPoW=v$${a@|SqQ`4CBuc-!bQxvaPa5>WhL04npX0{)4@JmA@W-nX>v#HZ~N
z$`-QCfy#&EFIslU;^o3svqYoQJ&O7Ow^qZiEfgC}y0@?L3yhA41&-9laBAblVNMhh
zjE0^D)0hDwkB%Va6UcEKE{em=Qf`*)Y?y6M*flBR6b4||NXDiHGo!~IlAw9S07Cn_
z1s&a2@J%}nnVS9q#!vRNS$fchck3Pj@W~VMayi-EB3tRRy4a(YXQ-zJMLC1q0U9iL
zd~gMgi3{Jklg2Si4}kFlOd|wgb6#HM;zW%>w(y%*du$=l3gBXb#%>%mxy<gH_CUx(
z1R`Dww!T8yG^w$t6Nov017}stCmi99<9xn2m1DU+ZOJ7+HDXgTT%`b*W7j6X0PtFM
zpfEJ0m<2#fXa|Q2IC2OCQ_B}8Viq$zh_a|zQ74phU#W`<t_n<6-8_nRY7%~O`48e~
z&n&<OOPq)RXecQmk!E30DE2@Z;9lm50QP6!SDXXzXaim6u^Sd}&W#&zFj0Kexx(7}
zj90GL%1e_#IhR{;QMB>XRmxYoX;ikg6@Y^RjI$(gmNdu4X<Qx&cTCXUFei1-+=Zoa
z8dg@klSYw4hg#&;=DHkzxJixxV7F&MvcR^5(8y=MVc2;00g$btVnDtt3h=dzq*ghi
zCv5?VnkvAB;jNq@UtD}u7v9p;WDgo{yS8nx*^j~xx9iiH<38A3l)sIm1;LFru9ymF
zGi=4t>W%?N6TOgua=JO{G`8<jlZ}5F|E$O|w@w)-EkuRsh`QVwklvr^NbIPas+-H|
z>g;T^*>?TjM!<p18st;Jm~}LCbe@`(v-g>eG(Ar%T`EBWBAlkf2>+lv72ZnfnP1GY
z-U6fTOM8I+(sSpWn$Or|ghkh%b+}I-aV!WBKFHk!ilfdsP%=`=2zw9PzsA`B8xK1j
zC5U&ugu14yygt{_oV+VhCPgCNfOGI%Z>vm<p-;;IGLGkqFH8=AZ=ZQpRPVo@z(;={
zSCud=##RdM3&%_LjM+}B(jaZGMKQS*xYWUb-Kje7Ui+T3CTl_bw_=L+pV~TtG;gBz
zXYlr+!88p*>&~{a+_XMxj$rp?JL2cE&+sX458_jR7Y3;4s~bh-@Wa=Q3BZ+d{nE}~
z^39kt;nB<B>sKW@<bDWPCRbiPaVhPk=veHBCBTXeuQ<A^qu=e?a3AMsb&cXxtJTjX
zG5MB=4$7%A>mywrGW}^^0Q|XH!cPNC5Qb<50$`#sL}SgftY6=y@=rr(>#7DNQP1s+
z&ur3d3-Ju4<g<ni?9FiY_|8IqR6t!RE*3;wZb_F=?SA$Sr}C`VxEA}=HRIDr&nyn9
zPv&+ZIwhj1-miZ;3l0fzl!v)D-K9HIx>xNmV7JP<+%lOcuAD*0gaqshy8Kkg+=HXL
zqC0IM;AD7gyP|=p&0)LOuHl%MmEPZ?MsLZZ24;m&*uG$Lbf-{gEM$Gu4F@*b?EEv`
z0lW{|@gO+9XcCAB{gLA_qUIcSTj-~>!xoeXBw0j+zj)fPc*k;P^`ZzBc}yS2n}-l<
zy?`wCnb0y%B9M$0Ihs3l61WI5V*6u&C`*X;o)td+BRy8f#wUQd6rSjF)A8xRcpdf^
z9TC8X?yvCbEoY)r1(LJzI$1`GMAvm8pl?Gpl3tJwnav+Wb^)z#sguVa1=wpNfft^!
zplc!11<V@&3codS?9KEUbIH;###L+Ol8eqsZGidqBOOM`Mt}w4W?n8W@Jd-WtA(#V
z<ZOI4;#14HJXW7H^57dL+P1QE!DnGr6P>7r^#B06l9TeHF;#);39`^O$t^xGveVGU
z`@>3_j_~^YHXVpWE9F7Ha%laB1EP;V#jpdat&jBg*FaS#r=QA<6M${2O+0SdLtG(9
zv=~<!H+f$SsG+a+1CjR%GX43VER&dI);%t_bZX~m5Zq6b=bzDj6LkHtZ{hxTjIL`-
z&c_iuzo0}PdD1xgdg$82_4Lbb(`=o@W+G-MJ&j$w5k6}jp`ok4)IDWK8?uGcL!sM5
zXDh#4+X9?*5P1&UkYu+T;?T%$eaM#Vd+u#jb53`ikotM@SdT+(SLTpOo>=5s^$XC6
z8*1%Ej#=9&v@9(5;<(O%^^`}>V#}E~BSDzg4a`pf!xEI~zxN=YJ}e<&J=<?B?2hx#
z(q+GJ#K9@3ggwzt!;*E0xrhftxu?CKovCQZbo11KS>Sr=z4e^oRV~)f=_icat7c=X
z{lqL>zR*QVu#QpFSZzU{LjDb}8Oc<~Y5!Z?MMzBlY-!rwmX#J)u4TX<2SXpg#9A5@
za~qOn=)+E=m+X<3Z3MDJ`JgQFfX$%~CHzu4YL?%NrdP;Hqi%XYoO`wNpn42)Y~8+q
z@bqeQWWt3xlXKMA!ot&Sgt=4Vw~>x>C;DHqVT}U{CmlKE{Sqq9Tr=TJ5e{nP-_Agr
zxmJUL#>wpa+ahyzTOvDc9HWh&7B*w3B*#+O-N-0i7oE)E5uw#W+|;Kipt$aM%z0JF
z`B`rSM+p7#&3+y35%uT)1{7`u#Is#TRw5yEZ0a|M80c7thYz^gCnOiodY?gjNvPN<
z4QyyY?ks}xcl)17)1R+PP*AYR^9~dS;|QA>!pRRR0IYpS;L<TGi1oYkJRNm5b*8(o
zuN(x*tg9j;HTmjVI8dJf>gLh<<WcWslgZT);aXbYQjjav9cZd4nVGo3RhdH{Nl40@
zmrg4w@OC<aYJVum4WyoeCYyuuA#00Ay?MKYllR9?xyqj@^3g;|gJ2mBd1*(4O)L8z
z2K0iK-To3&+~{z7=QKT#_V*BD|1CJ$Y$IXF)7!0F3~>1FI`K?k$WB9ozrR0-$pb|N
z&V7z`WfA~?LWA5tO38Z(pw$Z%-c@2z2*gu`4#Pu?XW7P|BaJG%L+W!bbNTqW0eE&_
zfZlk!`Wl}2Sr!;FU@rD#$2{7()ay5`$Vx3OCR6X*5C~g>O-sou0w85=A<i;MCR)Gj
z>|FEpT(i`AGJh;^V%E@3M>k$D`)jh$ln$FoOhjbr+~hfm_Fu;8PZXLLxF){gK!H<F
zsihnNL>TD95h~Q(zR|v%mW3yeW*z&oggN5q&ZB@#iytYd=|8j-0Wug+5w%=HS|mqj
z`#>bwbu4bc{WCDk!HbSMvU3wntBKKiWZ9ygw)1o9)#~C5>!SP0vS5gHbAc0ES`-%g
zu0C=M(xFas+ZE~x81c;4Gz%z`yUO}sW6Mg@?G|$~2LoNKt%UJj9uDmqSVv@T4^^!&
zKwfN`E{;lkC|y;zL>}isd+ac30tEd4IzfLT7x^cdLqe%39yjLpno-Joj3?4Hr;@Y$
z+jV{)x%3+sV{2*|Gbpe-uS+6Mwq52+jwZ)$ul1su@B~x@_P#%gRJZdo7%fp5^t(W@
zmrZfB-`|#Wr_w#W=;&lQ&eLb`#=z7Hr7muD!j+9BJ9QsiIPb`Zg0-SIYucnc7D>-b
zA5KNST%SG1H=61am6mA5Cg*yo*Y6jOmt6t&4tg1+Cgfz-?zODrd^DXbhk9hwzR4H0
zgIa7rnE0gYY?kwG{o$B5WS1*!*kMw{j0W}!cTt7l=gC~o;XyYI)i%-Fa-Eu%+_e+E
zE=?+xoMqF!Eq@79>wHj^==}M;Z(ZFXvl--xt})N+4o&HL`8x)UPQUk%=`6{Oyf2rp
zE!6ke`@x}>jo~B^=%#BABe8TJkUpqXD&QlR456#dF12Du1v(9X(H3m%6zOR*Yc^ra
zls#hqy21v5zJkL(>Rb)GGyBIIxyHGRV#YYE*Nz*LSC)`ir_uH_35S7mTPd>)TWr^=
zoJ7g*fuChTicww2`_^V+?0YaD8yHvG%Lalzx7sld9xp#g#c}qy1M}U|BB`n2ktsv2
z0D2F2cxJmMTR3Lt@war6=FdMGk`i?y3stT=f|@c~T=aD+_^T@ucUtz00}0eOFc4({
z(Jt4fWC4nyt4U?Nd_#Sss8Uu%mxr)xvE?J=fE~_-qP@ceJ#NQL=A7&v<S0Gt4N&^4
zmBq7^Hc-zn0vwm{urMaFw%X@6kfg^fkY{bikCSK8+6_(Y3R(cx398JP{S+E{Xy#Wa
zJw(5^6?p_|2{^`pZQppOnI!Ig3V~vLxX?qg2w2L+49epK8AlhWUkh&Fl5<T@ti0TK
z9Yju73+8qKVr?&j(f}6E0c5(s+Jh)hw(80<Z{8qphQ*&M$K8`hs#B7@m#YtLre+kg
zK?tCvM5^C@?_$vtsxV};sE4how&J|6-4@=jkjcuqWri98maEP!6`2pOy{Z~m*b%nc
z0^$PEk#><s_Asf29buA7PFE)PPu<SBoxPU#dtDq?;b8Mx;d?Uv))Fx&@$_M>RBDRT
z5}WY2LSKlzq5p>pJ^6eW1$qYU{;wAqm}n3}fPDXlDcnv<>o<?C3Vs^>%^7(~T3)4d
zUh$|nu^thmYCg2H*1W^u?RU01vK9P4<PD_H^pAdme9=2|D}L@N*`N(+1DOU;){t6m
zj`akP=8~Ozs&tRUQ|r<)E#`*wJuY{uQKD-#LW3Pn$&?hRj3ss%+5HZMEmkZ>M#p=L
zSaL+$)5`Hrq&w42uKj47FlQK|=9@P71wGTPnyzI<%=~O9g}vF39aWXYjjnXAD*t_S
z8@<9OTN>08oUD+ZAS!3~wxK{7>=obM;O-Yabv;hb;X=+HQXeWB+!xL?gONaAAW-h~
zGX=(e0Eh527?cIH8yA`~U<gAxT$jwtGY;;ZeUk5@maZP&Hms4|hEFYX6qIl!6^;Av
z?<xm`a&`H#TgL3O4F0697hD_sr&j2_ihsV#@n$!cBxUD<7U2KEDgTsBp-ZH`YRe)5
z8Q!CRw(8n2<VHxX7A~c}Ek6Ztg7j4^2-5|@hUT6bQGlYBjZvs7@PS5)l&?guw}N=U
zNagD5a`x_@8Gr5)E?JnLe@+fH0<`KZC_bp)@gT)BR&w?gIL2h!<lV;`(twFQBKE48
zo|oEw{0b%%lso|nC0lrNQ-0EZFr%!xE~z8=jDpK8E=@H0?Bag%syoo$mKJJQIfa>F
z9g{vBs;ivx6W!l|=<_kxE`#C-3-0(gp7!?02;#ftq<tq8I^+kN1-S}o)6`Z=^7Aj=
z<!9`+Ehya285o8(q0wL&ZCV?oSbDDVe}jVpaAP3Yq;p0ZWI7YR;*e#TRH8TI^m1Q+
zEQ4(ZW59`Po<ED`i-KloCM$6(rR{6b3A45CZ=q4s0Yc7X)ZPV(qhR4|W~3%X7H~*s
zKFq-dq{(2)eg_$NF^f>Qo2HIpGJ=VC#>NIQyPI%MRCd3zx^F*hQs-%aTGaT=2vk#%
znL(Qy+8G)1qzhBK{N)p)p%CKW4K5@BfFG_XD<$D7t+&8?W~mpD$FHis@8^lsxSIi^
zJOtB%qR8XLuMv8xH1Y`u9=9&diFbg!V0zgjkcnfZhivV(x*(=!LcN_MpHT3G;urdU
zA*NfvwX>)>11d9fR(sl!;Aq)+L4uY*V&XP^v($<*S2Q@h>l-m8HZ7GiK=b@n3hst!
z2e586UU8BYN3n;66T?FiLK4RXywqgBqi2AiO(vF)C+*jDS3cpT;08KJD%E9Ste+O(
z>)^w;F!KAwkA%qpv=9d<@(x0Z&KXs)kj3<zlpDKQzNNwF&;8r@<INoF#*U{q_R_ux
zbk2Tk#8nXhDxhbXAS5zK_ZAi=n)+$v6c;CdwQFf5)tj8<|EOev`5luQcphD2V+MqP
z#*zJB0fcQOi~ZO0Z@rvW+7@QgR#u9<-GP-fI2`#8!EiUa5Dx&HpMN+JYHQ5%UU8nd
zQ`wu~YbA8GH#~91%U|swRkf^>WHbSv$j2|*^e?`*>^)kaM%XH5y}j#)G(9TPrXzP~
zg-cf0$EY4`9)LwZY?bbm5`qr|Gq7Ic<1p@|O1|LE%h{7rPUi+-+zAg-xh`Sm1sEhI
zR5^ZX2f1Tb=5^1TS%dP<$8fbJJLMB`{M^S|+47P=Q8A$D(s<xK#=;2ad!<Aa?sQGv
zOVW!FIe6z!P1?Sb%F4E#67zE*v9Lf+=4C7JevGayAPir@by)goX|Qx=$->_On|^-a
z0AEex?~LA6pp1Ze0K?L>{6zRbhh9e-3$HzuPehS1#)9@kjK<@QW1Z1yym5n!Zsv`9
zV6-p)yS@f)1<YR0{|k^nmpeq^^M3EX9Ql(h<F#q&n!0$ltdis`tQgI(|JXWhU0@p|
z2K473i62THdeqSRd`ccx@b<m=gHcTm7O^l~Ien&Qqf6nr<q~g>aZ+)8h}(W9#I{R0
z<`hUPwki4XiU=@xd~?<qE>9=h%rd)^%e*<VEPvm57gm;I3pGX{^3*)TjYVC5?H#y2
zSBSQCq@r9*uk`)qsgsLd^0RJgzJ)Rsshobs@}$c(4Kz4=j{;g6!pMG}xxG}RifQ{r
z@koA?Q7q^b@|-Jd>$z{-#^+qR181HmYmY45RwlkxNR~$yl4ywcjTV1}j~H@vK(N77
zjAThe>9cWOg!3d}W$o6m+ivmL7Nj#@x`Ty!P8m%-Y?82WC>LpLs<N&2<Fj$v+B}FQ
zv3rqLV#>03#=FuWjAin~O*P#IvLykl)#b_YQj6Kg0+u~?l`s&jpM+mU$92n|iW11b
z6d71J)^n8Q8lY;YQ){@hI3U@GFv}g8cPecvL{~@LSXKR6TRbefEZqm+z&rILgN6s*
zRpTr$i)mfM|C7}J*HqQk1NST3<(B3kCK8f1_LZ-O{ScVE!mL>WBbPu*{r~$kyp><P
z4<VfCB_JD<8~*OY=qn++#uT!>tVY_bGK6a{1I=}d!@cSn80z%1y#ZT5v^r47K;Qi*
z2%B<Z=6GTjENy(3PD!KLF4@gj-19ip4HWH4NRCN6nFPk;n=aAOiUL9iN<CM{R8nJ1
zM431=A<~u5{?g&1C<tp^Db#vVW<d5&al7f9m=^xR#ZM(&J0LvCCUHjrCqbT1&noUQ
zv2bv?dw~>0rCy>geCi#ydrMji_zR-AsNju;7;qlxg{0u2b7lxb)Y;qDQZF2r<IBXl
zhh$Cy_DJr1oZ}MGUPgL-<mZ8L6sN&e)7uUimMI9DRm9YOg${<{3n&K@O{M2&XBMKv
zE0;gW08~IVt<u#6cNiK(Oer*P(j0P@#>SsJ94=Xj9d*|3pLOuw1wTA5?jGj+@ECYy
z0G9>9ETFA;a@Nb#E7vM>@U&So2kL``R%cW;tgMAy;i>nsx$+o_{td>SK8}U4B?a}y
zn%8Kq#YjfpABHO%E?>T5&tknj<;@|UyPhOedcMD{a8yVpvlZtRF1ak8k;h?E-rFMA
zIgmb3^#*oCUd5lqp!8S9jO!*IFv`+)r`SbDNupaLcFk!KM)!!V^W<^Jk#x4<dMCYX
zOVw-)2eklQ=u*qIE_zuW<1rH7(2JS=mh15k_$*%$)LCvAOgaE=CK!QGP#{KYqGPxz
zsmgvD46pD%Kl$V@)=h4lLB(yPa^%V)7z|^kXbScFF?183fC!N7KmT*Gearw7%FZ_t
ztBMIMS2+Fw*2VF=1Fa7qcv2HlVvV3E(x_Qs6Hiz;uiQu6wo8u?YZQ;az%ZVU!Uz0e
zlWQ#RI^n9R*G{P}PS8<bGz-Se26cSMu)2J%^jT|(MJe9HEjL??Q{j#!e9qyuUhG5h
zqFmST>2+zFRkxECCF>?e)hw493{dXdByX%Pbmu|j4btt<%TJ9tYaPM#vo7wk^vf->
zt}h*W*}UKZvHj=}k~!LaR$whDFYXO4&1%RxzRY92;}DDU`V~vE!B0z=+o9F{P7J?S
zMX_Y%pn!U!1d7!CTvaEp3smT!O5J9I$ynY6=~uDNHn_4|VF&FDD~)EeGA*`>|D1{O
zA^^TKxOh<Uqr;%&A2NO6N7Iad3zj|NFw@gk=huY+<oF{mTj!k@jg-Ry`zL;bx&gUg
z|No@beq}_1zBW)3SVtOy(mhWjBE{ho8$neNPDq9E1AHx*I;J7aV#tE|5bX4<B7Lk2
z%ZLBFla9cN#Lv(Fe;W@&P)nNmFhz`$&J8?@`Q#w70o4E|Fn9vc3I7wLIQeh63tKgG
z0>0`TRPq81P}XM^>QFkR+L5iTbsm|)YwT3a3adpW;S=;tSc$e^Xyt7dz^!-?+`cH6
ztreUI58;qNL&F+8nwmd{=*Me@%NB~oW+W~p(E>S#75K0#Rkb5BQ~O@@>ctE?Xm`p)
z%3o@o@j$kOxG4*_6lzmhB-?xS1DIaoZoX6#O$@7VY#A(@R<B&T33yeXZh?u`|1#MY
z$oR$-Bz0lqM!<`WF_d%)eKH-U8f1X8h#KhAP0DMw?mSRJELhC?rahruwZGZTvVCX5
z0g9Vf+EQ~JV&&CB=0LwMr&yM#VScX`?f9T$@$SPKDyR+W9m`2UP6Y1#D=N@kOWyN4
zcKA})i&mTjHn#l|F-kAb)zFlZ)0(VAil<PuE>fe&pFA`HBjcWo03v^Q<+ArMi@Nfk
zQ@16(C0S9m2s|%IP49{Lx`@$$rfLJt{a_^3^ofjYF!~6-^hpeA&}V9U-~_w$xnrnC
zGW-b7H)QuPo;Wt?S4)W=VI7@@9=G+?XASGNQRlo`j{AdQElniXYSy1L#<*}aRexGo
z%67^UU4-s=Y8xZM<Uy6>bkZsBxy3dmUGi8_B%oF{MbBz7*2pvuYdgG!ej5rC?O?Pp
zZ$wamDE_-Gcu?hf`}SpyJ`p~Pmcsv5S9r5Of*vL-FSkV}h=93fyH*BBO#KZ!W^doy
z`HI!LbY|w?o<;Swyl*w-b;QRzwTr|!adNc2e5VPHTozMn&KNViI{<V`l=j>5jltoZ
zE(}8=N|(@q5pe=;ZZ8;q=8*NHJPVE%_}2VTA1?E+=iI=431(~6xQm6Us|p~&akFp_
z96N1A<LNaG)E=jNz-zpo8xUp1X0hlA{DH$k{b%^cmRO~p+VIt67W1+3xZ!>CWoPwv
zxSa04Gl!0olu-y%j@hZ}(C790wLZxX9K5irF7D|hf%Q6z@40CXa6_C|1elpruX||L
z^LV$D%Ll1>u?AE#1{FRZGEkbfkoIkX%A)W-r1@4&T^Qbip?=QdBep2#v9-$x=d2c@
z+5{2h+j?#p^x|07E^7LKfpoBRjaHcC=NLC#mb2AH858`AN2VILM8>WUgR_D{IbPJ>
znB_T8(OYckjbxcemWwkqHELQByJ=)<^V|s?V^nYNPsz16Ae?(u;`6!U*ke;$ZQssw
z4X%v77ijZrLTUfSDQ16d=KyWWBw4Z`@isQ^e~Xn2j02Vc7P#dZRFYD|m>zo4dCTOo
zE!4_?E$pp`d3Y4$J_P-G9L6G9c7tLm-euQ&1JhMxS8QkTa`KjO8IkabnR^f6g`8;)
zNI;PqNpxNEEd6!M!T9hpuqY?J(v5SaMJxpCRGAdojdwh!On0=+oJOAHxCDK$H`fVr
z5vE4<z$l;U-i%p0m3qm%j7<lV`z%@_dPC+(9y-29_OUv54y)6-9_!_2y@r~cRLn<+
zlSb}K9~*$t+#k%3ICcXkD}UMLSfsy!=4y9IAu)5-Zt^#qS)FfM53fX%-G9$7stW>>
z1wECGYFUJBfB88sZ**u}<w}nabS1Mx&6jUDbDoH^A}b0tPf9cdPj$5W^<Q#O_6k&0
z8M{)NvT|YCge%zxRbiOyvQ_Zry0QSPy)#rHbx1u@O2l=1V=&X-!=weE1t^+VRG}Wz
zH~hC4v>QVp#gg&b>$%9NVUig%(IG^4&{_R4N@7?R%Sl|umoX53AkfsqDV&3@a@`@R
zoM_B0XBbz$F~(tB#a26@=CbYU#J(io(@%2rG*w%=_KLAY7sWTxv-J6xTaRWYt#Tt2
z%K%&cEf*LJSE^+Cek{&ANWFlHzl}~itF@r7h9msf3_JsUEw4w5LAkaEqX!YJF&Kkp
zY-lLUn06-GHX?j}_Un0PD}tw)QvFYd`?h}3|9{YC*VlWO2Z@rI%jcKZW~P60|HS7I
zYT|}_sxyB;$dp^VuEN~1;7Nv-vSX8VC=Yt<ZDIP`?2|tSU0(f@s`A}SKb(_#b@vxi
ztMKEq=E}#;+_>>@&$As|0=}<giOz8o@`JH$yB@^Ki?)qYGzT5`dU$w5vAYY!?EE2}
zI^U_^V@Fw;UmDjdaT*1MQX$=eu!M8UV>&}Hho%C;{v#uulplvYF~PkfRcHtFYfniq
z*ogU8uI$RPKNgZssAHNAQ`8Rv0OU6K9N>ib!<IQ}U@eUfC7Dae4?P_>W^{?M9%e;m
z3VgV<4lVw!0OR}ID!P>Km$7#%@vZe}&jwTFvGbT!9uegPJX*A}I9*<0&}%W(<H#{{
zPFasd2V=LN=aF3YJG0cd$Nl&sE(-NFwMykAsU@T&R^pL{GfIy+weEbk940C4HdlVn
z2PTue4#1JS;EK0Hx+f=+bcWWw{pC%(mP{wc<@-k8L|#hLb=`MRLcf~4--U>u54vR9
zwC}dE9K3nLG1HVy{Vq&hPI>Ie`g)(|Hz&5k=ay@nJXHHCrn$(gmLYm$#;dRExE&ql
zKh@~lDB4^tkuUrugS#$T%_twPJTwY#=K48`aG*O0-<-J%03Vsp<ufv=7JYtSo2b#d
zffe#wI1-?5e^^jSFM8n}{{<i(cyhQlZus4*zu=Ue{(OY4qRK59|GIB85-u$t4Aqqn
z_qcw{k@$nI&!M6wpJnv78YED$r#z;F(KrU5lQ{twZ!px%O@7!@{V6%Y!^hU_TAO5k
z>tm`_DNZge&j{d6s!#mPpGMifQzd5nOlQX(5ca$WTLyRwMa-(TzNrPC<>e~TsEW*w
zX=+>Ms;Ppq-+SmrA(9jGr#Djk%m<}ycjn_{y@4sXF4ZZiow#WYnhKd$1YR{Dv^|{I
ztr_mVK3xU{yuV{?A27GH{U`Wg#)<?&eZl{+e`Te@CMPEB<K+vBiXcmW2V=#dU|*(@
zOrEpHO_HRh?<a}#l8gm1(SnZ@{n81zKunRKrNEKT@aX@;-Fe3~mF<gOWz?CmpfG}k
zqN4#70TEH8+8L>$^eVlB^iC|JOr)uFBt$`alU_qq0!WwMLFo_zQbG$!-r745ojLc+
zn{)2md*0{$351=!*Iw(_f8Sro{&;1uj!@+T<0$><Y7e{;n5|n=!}V0#Kp0%cvcKqN
zY0MxktxhbAvd@X{6gnbTdb%JcT8|T8a2d;Qmm*i%{=}|8%`@JRBLkmqi^G+PvG%Do
zHpc|y_l!+N9&z0P3WOQ2#Zq~&&}+M$<r@~l)~q2uCRrUjhEynLA(Zi`r`H>v#q~*i
zJZbMF)TLEX9Jo%wbu{yq%1&6cUDPe|6?bhpl#{t%j5vi_AR3RQ7pawIJ^AK&U5yu+
zNGmJTwd!ppACJ#}YN|z2)@q9i$jX%hS!FhZ$6`&00FT=(-ObzOez-j2D1^sFWQwMh
z{Sq^J+QQgDLvj%e6ZH|G*=nM8sP%{L1Z7V&PC%7|_ve5*MlXOy6It~lP541qy*_qQ
zcekmZvXJJ%zNRNX7NiJAJ1Z)_+xz_ND08YMe+*)En~RGF6KY?uRL2`cK29`=F3tRC
zNL#5*y8$b*LOroZoq7dJ^FQO)m#S2@sxeLU2|1A#l@YgZqA+f8U!S$p=h!~u*Jzo$
z87N23>%l=Dxk_snt1gtpSdFu!q68iio*{pI280u1lPCb&LH?)wvszcuQR1^TfQ38$
zJ;cK0?Dd6MxUPVOOE`?kKM%8T8OO_6z`j+nrOABd#S|dm5&;318zSKD1q9qzQ+s_C
zWX_B9nTy<#_Va%FV60|_hx%rg{W~TE*QC`0Ca_E!I}jHYDw=U8*Sd|Ooi}g6Z&}Yo
z%rk9mH6M#Ts?kIGZM$iY!qK?gDx<AuWHb9CqKn8y+gx%K%Oq200%ES6m+DXAy@0U<
z&37A5Gte65R>z8H(L#v{?&XgC=4H#EhMExh8T-e|y~e-!2W~*X_1?Go2K4-F+|$2u
zD)a#Y*Ti12A|e??Xc=b$oXMV^o|BbHexOJminB8|Ht=#Me`DFPv6;b%^Z(ENq^^pZ
z=`Awy3H*8TQ)R%RKMFt6XoKCoq^2*24s&eCKp;j_mzH`n`;8I+zvgd{D%^++&<qOM
z0E+=kyS}~yTy<DsUUv^+sYO#CT}?baS662j`a|0%jxQ>Fp8epxwgDXt%P?GZxSLhR
zK4jtP0zGekKK|Lwig|1EyEWBhb%6S$Yo!;lEa3q)Zl>0WvMAoi8_Fi35Z{yy(Qg}h
z$asQsj`Bd@OtZMFc(oMTWpxiB0!XRz11RqP7y7@s3b?U(|7z^%^td8%QtGm;udR%v
zXQ|R^>%&GvZp+T0TBYtc-zv{WGwI);lfO11IPd}6HzWQq+$%Wh`pS(hMnqG)pdOc(
zEPfIDr2M2<Q^Siq>vzw#>_d;;NvYpVS{yVJ5<j-Rj#4yL(%j=fGk}jOZkaYV%Jk{*
z@vH&K#<WTr?Vz`*Y2#@B^b#jpAg4PR;@)aCq%b@7<P7cx+*@vldrO44w`7$aK@j)0
z=mOy0CZ;ts-yW>FY52|cT6NHYY=I6<7NJT(fsvsalKVnBNvEnCn%HiuEhV#Y8~nzS
zS}pAt<)!JUbO}}dYGc_g$R#Za8msx(cEGU(h?Ek*vGqQV4I-=f1)bJG5d%g=W78&B
zuW@Jd?Dk_UImyoY8bML!P8wgaa{QAg;wq>en2M;^d0P{;+<xuFm|$46uXQjx`8c!C
zijLcZS}wXNcwQBeAO4ufVHTm8ns(z}9Dl5({k=G%2gX1)t&((V^-Wjh@)79OG*aZI
zJlG^BxKDc&`sn2-+4<xtpqOGeZn`?m4XAX}-2f!QIFf&ARHVA1BD24Fv%m-d0f~RI
z@o_)Ot<?-hKM}g^_l@8Ir_9yGMa5s49Ta{3@r?aHWnj#=2oN4&TqYPoUNuw$TQq;@
zu;tmcZQp;DZUC%Fkz7h$ibw{TZ^nmzZ*cwTLjAdfjZz!z%A@vc)#BoR_}$XqHr&6l
zA!Hyp?Z)wr!yC#aVmoGDbVXTB1PIS-SBLp{wo9b65tl~A9SI&rc0RAhvsyrj{5LN>
z-{exLNOel&@$zbFdYj&J4OK(&x`rx65RYd(X~|e*+cHf*uCWe`Fz=!K6zHmuMlLQB
z3+{U{W0m_;JNKky3EHWo>t`-;Fj)gwJNj!h$N9~7_W*<c4<bP6vzuHRkKPndN3=64
zct=C^)y-U|vby#YZ$GRMg5};Ut+9Ul+e_eZ^5~)22Jmei7)~oqFx+Wb{9Qwum|V2{
zTIWO{{j+q*mk=tdH<~cfHn8ff)}j;620*lx+Jj;ch?b!c^@ji}6L4s$?V*%#OwPw{
zq^p)fDeWSvF9;20k~3_-4m^u+NGEFJp#JHh_)|;!4=*0{R;aU$fhnq5-)j97SuZfo
zX`fMR1t7UW{yJk9fhrSc!0G(@YC#Rxf9xl^9%nD+lh+-clS%!<;T_b=T<V?R<-TD5
zYjVXOw4`)}-L<sFZ?@9EvSxoY(j~Ah7Bi%toT31buw|GjIIR#jmvme~dyNf5oK;FZ
zk9#`sY6>Vy_m~c(-M%ZRD*uhwx%&nx*i$<dI|&ArA7UuL-I}Nw$?nNTa-X7$U4So3
z(18utrvhQCzrswS3fG)+$qY=!7b{igjRX4`%nuCc_cF89)yWQI%O3sA<FNX<$-ZuH
z8r4LG%k7qZCgIJ*qOA-Dpl7iff^Hu!d%bUJNDXlV^v`v-GR8~|_Je7S(&$EPpSp<V
zyi?K~JBG+Y=t<DCr_Jd)O(pa3-NJ%XMvPl@m9%iNYce3=i$sFjTqB?O`Hu5V1`;2R
z>5ssR`;B{CvZ6#C3=eP9{`ebY$`5!<xApdTs|KG{>RSiUwm)+zUWgey<4iTQD}Jb|
zf1q#JofAUcx@m~4e(1XJ+H<regNwyGq9;b$Aru_wR%8{Fv;n~g2`-~GsVqe_7@3^$
z4RcmCIZvX^i1PyNbr%*P$HC2i2&+APGsLZK{dwIac)py^cS>?%ml3qj-XHqeNy=^x
zd^V<hcL|T;W06?^2!);5SvUEY_!|X}`R#KNeYd4$1&|#b-Gpqfz@yq(^3x=a{FnHq
z#aPGujNsI~GYGDu>*s?jNGMdJN?xzYdGS``9aR1G`MZ4O9)m|~ha!%a#GEZr9}p0;
zRz}t9P6*`?dEPd$dB0!@+PnUigJeF!h}n%DH8}ecPXf8tjk7p(2}J;i*$tUl^^m3G
z8&@)DJ0b%VvuwypE@oMs%&+o9g6mtS^xNN;l$5+k3L+BWVKW=ozW;NG#)kR*@_UAt
zz5n=S#^K-g<R-(6{{Q3SpcqHob-I+&AHSn-Ujm!s1bT<KxcF$rmCdrJ=>7~nI&r8r
zQ_^AZ``dmiq%QVzpnluWcgx0d0rC1MerSn{!U`@hRVN(croZtgSc-6g@eu2K5u%3q
zf}s!VTL;8W1`WP0=|d%;LG2nx&nbEwpFO=HkYCKvo%_X|p}EV-gj8X}S}i`x-46%6
zR3e9N4tB?`M@!PT(ebuG1Q9<)o1cG1JhEfbtvD;Bu+Bi{kgNn4okD-2Nmauf6RQjp
zn*-6~%8v8eUD<9QT1Q+QrOB6qZ=kIF)}5i;?$G7_M@1xSO^G-MaktOi5;d})-r8^D
zHn$TJXO=4Ijpd4Mc-<xvl+8w1Jr*30>Voq1(Ce@TgG0YQF^O+hS+~qqrVl3BE&-Bl
zkHO2A)a{ieBhnn5EKAMb0T+YSUZez&Z1ZKzGODCPhTc^BuD&7bG94ERaofMKk`;&;
z?V=1SO{AvO*<?t+-;ICCMS68-{%JmYYKonfIYHTjTUXXT+JI|+{imE-{@AoGdwdG^
z%VaKE!@je(oMb>`P6Y*^j8!OGnrmCeVPr=MjYz~&p!6WP){eHDmqZA1_R${^4V(ki
z)9aL5?{&&;IT!(jSo9nC4zdx}`raqfR+5*>NNf8@v~1;3PeI+4>C7;k{eqI?%<|E|
zl1KJ$AMZ@*PcN|5osrZ)RfHO#^$6TD)hvnnKM%9fNw`bg9ts@B@Y{Y#MJj@!MMAQv
z^EkuitqL=FsVBJi@%yDqF1f!%_a~t(JmO})>k04=vd-5S;BBuuAM_;f6NtU+o*oO>
zZAD4Gvh$mT7dg&g;T|fK3lpt=W&VPE|AuHfx`p3kDl|9BO(B}A=84l{(qdYf4cGoQ
zu`c&Kw4^iDJvfuAZaAjk!7Dudc|jc4rbbSpk2PGhAPW#^zuCWB2FGWQ$S}6^AAbD9
z?gq12zP`>sJs4W52<qB=W4M^jJ|l3XTvqDLFy5vxf0`Z`Ob5j_Co3&Y{EJV+t)6rd
z1~lXSD~}nj{LY_VG2)0!*EUX59RA|oje`I;if_aL{+5p)x`HYwD3GQOPd=J{5;YPU
zZ}Mxq<`d~2ZoL)AyB{@q`)(r;!Iq0Z$%HNlV+&{Zk)Ra>MT^FcQrU4&$s{lN5yye7
zlEKDBW<|-nbG<tzQ!!Q@?Jlma^{EeDG5$XZ4~mUe`byYUwsCo_)D|h8HsT_+HTJ$x
zauLV{&|VWguAROcXL%2zzrSCv`0nD29z{*yhq~`%yl*%q%)e-)Qi4XWz2CF3JfO$0
zz-~awmAX^z^9hbTQ6KM>;V}%-R`28#<64$-r6nbv)aK^$s+nq$dy&tTg``U6MjILe
z-QNM+I9<4D<sr&kY;30Mc^zk{b*F_(+6T0)M$SEss8Z}FFM5W9He$hz_W+nrWdc}-
zgyDg}>D;AN0LwM7)#c=kvNikE|F9keJgaXvYbq!jWe&X1|1fh}R1H-tJ@YiDu=EWU
zYXf)ju5XL?ETA=wvQmK=?O*T(u-xgWC-$B$pE4fGr}oTbW;R?cP;Fei(EaI*itT}P
zd^HoW#taN48d#+5Cwpe}eL705k8fDIT8|KAA9dY_@y~i+P;bVuXQxCJUp&fhOtOEh
zb+0l<A5|M95lCIVGa#+5sw7$GH5M-@keLg&3a@KXpcY0Nn!T&0Yp@f{!X9n=uN}wk
z4frvqCZ(bCtw?`tNi2V0%(Ybc9LLg|`2~391HI4n6J5kJg0nJw6J6cqB;3w;O!*GS
zbWBCZG`H*Uxrb2wHMw_7n~5c^j8%{~#6Hp2F3o!-aYjmtHqo@>P+Z-Pu}s=jt1Jjg
z7NU-__p$jw)ZFs%gLd8NgC&DA=gm5jg3-Yrx+b1uovaTW|4PjbE(nUV8*AuwR;M0W
zb@4HyXf`7+&YsAozTO@I6dZ&Gklq3q@btwdKGP@A992d1Y2mae&#D1rUHruI6><L6
z{JfA{^{|+dg{wA-KZoOt(_LH^&cyVx5w5KGi}^m>-niJr?9ZM(VKK~Q&Li$fPOc}e
zMOGPkKj{_UDN@xSkpoy2)T0++1&mu(_y{sDcry%bKt{=D?Y;Jj$n+(dbQIDlwk}FE
zIYGp<NV5#@;S?Whc<sD{lF)vfn}c>5GnfV-nTJ$3HF^=zFk{W5+ulPUKWwlfvfK5i
zjbbu54cFC5%N=+33qX<JcV0b9i1f#3(A=kGWoCjyI<a>-rc7-8NUt*SMQ>}j*CgLj
zNaOJdk%(v7O?zswp_W=ct;ILoM;3<}b%p<Qw%Gn9n74h%g0}E%h%*+gtK0f6*s7+N
zEj93r=Y&P-p$t{P$i1Lk6kIZun8W?Nm(48W+>>U);+T|kc>_hz#~|4;aG)V~<6KyL
zsZQjUrW`W!`LU`&N$iH^&~m(=qNlTloBH$PRn%%1ksEIpVuib($2{ycMC)Bb)psSx
zoFj|UbgEw`>Z$;4MP82gMei*!iJfL#(ku0@YHjzkKn@eO0xa&57m1E&;SuVQU@PM_
zyxa6a!iUh}<4&C?%7&%tq9v9f-fJDy`cB`^w+ENFy_bU@`8v*!O%iz!`R#ctr?<c8
zo#!&=@)(((XAiIcdZbT)Nx|s&f(EHC&EXC+)cAyLh`>g?j%2%V*jD?6*Q0{g+;^wN
zUD$E^?cFwB#ZY^?wwYLF_?qM%`A-*oT&4%kWxNRgk-RR&BTix{WbQ^MpZQO<`VA)c
zB0m8FgJND#M*32n->*m3ttk0Jd1t0|%%$g7X&KXkcZEjAW`hSL3LHj*Ftb<kz|<sI
z+#CH!oSxRB499^506T8Jv)Yqyb#%6H4A=rAR<t?xqJX^pdEfhh({DDg{5i5=!d0yV
z$i;JlJ0GtL2%$WcO~4N9_nB#)TUm72<qgm$R6!+diCcr01}~o+a99Zh!dgQ-NRq+E
z{GJb3NA47wqm6aeOY5KMZ(-+mFx(ctC#L%_&=x*i7Z1aXT>Afg4{>qfm-e@Pd|#Lw
zD=8}{Cr*!X<y&w^SK}$Po`zUMtDzWQEyL5kcvv;Gu!A5eLNlLcXFqdWytX#PZ4>0c
zK=%nOS~$hDZ3~@)%ed){yx{$dUjrG?6I7i`Z|m=G*Ri@ozPg?S*!kV90+xbe3RO?S
zD*e7EvnYB|4|g7S`i(cv{+#o`$A%15`v!*J{rzh-MEe0feKg7zq?U=SO*#j+%W3*N
zOJVJg$tyTjm%c>q3(P}EPyX5xj9FWEkM3WbR2h6nb>}VEmhNyPrG&3+_s8u6ypyZ7
z-`k~BZREWUKh2c()TCgn^1UhJj{=lOG5v+j9xG-bbMyqv?mHk%c<vlsZvMzJKgnc4
zOWSL|pnOYI%ArZ+rgtQbOKpCm#zSev=tnxHs*k&TTGyfo6KR>e3k`#WhxeuBBGz3n
zru)5=1<N&BX46=s&teI1kVoRe{{YN2v6?RbM__JYt952RQKsSsm^6VAkV`8y)?GGB
z29R4245cTiZldKdwv_RJyxuJZ_#}~8qs+BqAYpDCtAhwn_LEEKvCyq)@HXea9;cV!
z8jon-Am?&lz{*M0cr-g9#d}<qu`oFoj<CKBIW&Val>Hqd_X?lqLyBMbiB(G*2$Abm
z=mnU&WJz=pk(%=>n0yOwfzu-(4))rNiLcM8wOM#a|6AX7!&bdeEn<jF`wq>$bLQLg
z5UyJWuXsPNp6dYg-?qUw709qX8@nk%=Mzh6N_Czo2R}A2S1qIKL%bRFij~kw_L8o6
zqrPj7##m+kTRCzyO;^R!?5aZvZ{zBM6UHpicd2h4A;S)Tz0Mbrtib3ZYb!yexRbm+
z>CX{8^=wtXO_!PvHN`o-3C_OG*FFA*kjii6c}6VyArgDRQ>DO&AK6yT>lw94=9yXn
zF_Rg9zK?9|Rr#V>Jv7(+Z*n!hM(bhdw;|%j2({W4r@WIL^}fbmf9qs5I3+g!x%SP5
zOMiM~H>qvn3J9vhHtU@l<w1{)cv6HzNTD9%zN1ghIwoSghVgq7*ciX;WhBa7Nt}$N
z)}|y5x`(;#Ud_6B_&@L~{c)C=sVOjFLEmHS@>qJjiGO`f^P}k+Uv;TM_xS{O#3p|@
zQ?FmhlDZ9-(=FMf>9rWZ?L)(N!1n0?XXURi$ogyVkMahteQIUO%+uGA0`tfKhFx`&
z|5oS;^k1@MrY|+P^n0xhpLcw8r&5}^bRj-?Om7*Oxqw7qq{p@CKKz7_j?az+sp(6R
z8<#js_`<(4eK7Bu>0>qVz6*`!od0?A_b5oxXU?%8ix+3-{iLgb!g%aH9$KR6uX%vU
z=ptmLs@p(}1NN}Mu`O@q8<Rq3XZo>s^!PWugLMfo-}?IcMhY4v={l@VrM}ux@C$q4
zy^pX&KY404&&tZtPAbxK0P_WwI-X5V;!I2D99qL=CwK6WOoH9JHho9`Dg%_b9lt`C
zw5p{unL=ud9A5-xt*2UV35}k4D+=(v!xk0@rd33R@4C1N)`_69*vxFq+Dr&|r=Od4
z4EC?Rf4lf<>`mD6_C&7bFE!goLz(t$g4azIf@_Mpj7Ii~Q(wzuq8v}O+4n_RA-MC^
zJiC0+E?%74jcO$&p}lHGyJOkfCn}vDrDNiIP%*XEO0I_{2>0&Jf0^}c(4UM@-@X3r
z_NXAe&i(c=?(=cTWl~F#>sqxEOULj*=TgM3*NO>6wR!i#tOk=Zt9{kp0~U(GImtjA
zFFKXF;7?VXUCCb&+{CyLU*u6~yRrV+L}MqB91XTMb(ym}T+YVgS5#6dL(C+m7Tj(g
zuGm!MCp*O;voJ9K8@YMY7TC@dCpDN!>y?ISe*%-3by*WxDTqnY+zAIYov3yrwcLqV
z_m}utY}eJz8Tu$qRwmdv3aU~8ZJ%6LC#<`Z3kqo#w;i_jfIwfO4`P&zzi19E?U2wT
z5P}zUzxGp3;H2K<HJeL3!Q+#C+1GNGrLsgo%tE?s5gU}D2VjEtHbHN@YILn)#8<CK
zd?`V?>&BDR>jGxZM@`g*_^Ttb6VzYV$0+;f^bOXuXX4j94G*6M>UuCMvJ#V}diGIx
z6f-R;Gpw~kepG~M4-^WT?VOsP20mKiRF!p+*{2yx5%cAumbd$%Z5MQVtt29WdY-ih
z>6xloK4ZA05=<Qi!AvP#^0K;_PuPx4!n@`_^0~SS<gfHGum95kw^Wfsinr6GdS!hS
zZN`c@X(vFlR+av;=`!Rd#QY}hlW(8lI4YCreZGUqbS*CI{SLXR0rDpsweq)}(Dy3U
z0N9N5GKD-AhV%q6tRQsh(lb_>Y2@sVqF+wmAN@SEl%%vAG)8l=cmKRrVM48EIc*9p
zWpKPlX;#)O@aP1b)Wg)n!i3ny1f5%X*M^ibZ0+n`sBd|@A3CvdxfQkN+mI6AZJJ7L
zyZ0ITQV`SK`H};&Z9v`8=8!AkP=cBwp?eO{l7mX7ZGZyG2A6_u0#v^(P)*c+z~}?t
z3M$K(jzbP9R6(-|grT7?K!v-p9wmdoLA@F4{-f|^&yBJS1p1sA7f<aQnI|s$stKIp
zG`k+%B9}O*G`iwf3!J{CoJOf3_FD!!;V<p(lr6<#y+Igo)~?nKNFi>w3Av(y@wfg`
z%vgsd*2FSOjU7gJGPf-p#0kYmbC}@+?%!N_)3A+6^-;yhqZ!PyRtCqbM36e~iL%;d
zomt`UHaA&|&OuiUAQz4hjDQUUJ?Q0dfXAMns(F#}W0B&Nc<~jA&l&8>qqW`TbyHeM
zyY$c=jkXWMQ|iHMisF=VHHSHAO*glR^qjTglfObj#lQJM*m6r=5D;MDWOTiYFJQBo
zjqJWs2P6y9+u8JvrwHrM^X+1V*}=$9@q*YccVZC6CPIB{5)|AOlHH*`Sj(L*g<B5R
z+4q>M>j?JNDdj=6f`J(qheN4RZz3}nhuhe%BzDVmw0n-`ZBC(o=a$eyS7NXc&YP#>
z;Y0uNrxebXsi-gQy=z(-?X!;tUw7?rB#h=uMHTZ&-TAzCST|?VC4X2%=C_$A4X@vX
zOb?|7D>KV0-QvDlAVK}eA%nT=z$sP2k4YM4M<5+Q)MH%;s(-&9D)a((sccAc$?RWf
z(?$wx+aBQ+JoQ@?(f*5kY?@u>WRLPC(rz&~`>P7rAA=6hJSnl=dZv$G^T!@DbA`{d
zKq~DE+8xm!sym`aj;QM?s2KDNksGu$@p2hapk5Y9p}&Wdg0s`p)6F$SGo=d^I@@-i
zwJ&dm&}}E#-`VT;u|J73&vSk}(%kO+>-~}iU;CRQ?}AT`HJo;T@_tB$%-e`)j;T<c
z364(D)gices3FE)sZUEG?Yl}<-kQT(N^1mBHs{NXp$6ReWx_sl&8ahc_k^v9T-`gV
zYg_wj)RH`&1fIUD?o@X?x_VUvy>_`h=KWA@wDzO?>FlMw<ix7IygDw5F`l2H08-nQ
z>-6`K!aoa6Y@>67zmu+3(3F}O(`I4*pL$xFYHzD5pyi)wckG>W)eLgrUb|-&5iMW(
zVz;H*EMUQMXW=fSk#__#HM;7p4uYrd>(iZ&+H68Uqn2`Oz~>AqJKW%UoRjld@Xxw6
z3u14)v()<lUsk{}E-q5iFYr@wExx%A$6|K;3`Ww<BOI$VeS_rNej-2u_TJw~TfR@C
zKY1Qvx-@SA^4G94+-_+x)hM;dQI;%AgZv<iL@w5x2Yii>WZukZ>DwgtSeTPu)xB%G
z%6#DyfN#{qLU38uhD8W2s}&U<y%9FD+7<$ZnEac8{%vSz=xQ*WR=~vs`z^fYEx5|%
z4xGx4TZ#2sE&ZVipZ)Pbivz42aN-QW#{}ZSAi8YPuju9Rt@bV=C9$6e*o>TDfs+27
z1?e{OkUQGr@KT^Yrdr^X((T7_J7zXFjDdKP9?qu^Kx<EId=v)~2H=ifcvhJuIL1UF
zb32B7^$m}~e<m(W?jmtFc2HNcS2NA=?!>7s-=KkD`bR}c#3ezT74_&Q*;n`n9;~nN
z$H&&%6iD1ki23fw0ktpeiIG`55tZZ60t!6=#(Xl(?K)=hQ3J4=hWlqDC!&#FL{DyA
ztRZy=bd4>D%Ck4EPUSV%V26ZTE=VIOvsN7`D>B38fH!i}Q2t?%bkXY23a%dhbLQG&
zSECfUZsS=ZwgFt8S31RTniJW5ou>V{SGqBMb<DKYu)&3Gh4kBg$f6TUxKH)|4ZZjQ
zM?Eq%j#(*1An*E8n?fH+|1t+T%&CnWlvI66V(+3><3mAY(R}-J_pW={@Dm{VHHlI_
zb1#aPC>94PL*fq7_T4nrJSs+iO@)FX;3Ub?4n0<qO8gS5zCkMlt^NDpFT{h`1K9FM
zmdd0Rj1HzD@2bvu22AzL<`I^wtm|cPLK87vX05a$y@|5+X1TEi-n(76i6fGQQOoKg
zuS>dI6`D>72wDU6)3Nh7l+W1TG6VuO3skS5h4aj&>aT}Xv&+ucywT*Vx}nxH!~*(Z
z6HZvo?f7xXw{u_6jO_a~X6+SbzYJrag>F|!D>BaA#49#!%j!_iCCu|I0Hv*fFm4@r
z!-87B+(L&em#$pT{*bO~7^zp(vrq>@e_|aM9Lb9|^Ol>BLiS9hiaV{`6@+`G9d|`M
zwg(J1_Nvv#Loce9>bO*CV;&>*yo1EKOjk{kLVL}Gyusr(2_T-8I;75JvYtK&zt2!$
zl+K5TCCnToeag<0#AH0*&T{BHIi{-vEQgPK%~}Az?)ZX(Q}G+Mf{OA)r`B+pNxx&j
zB0dUL)mG*fd6O55=KUbMT4yJZ*k~p&60a92Wd5RUWr)>L%paKV)g&P^WP)+x>C-iN
zy~UO`++LHTz!q4)(vRy``l%ZPlsyPjKT(cN-Z!yY?Z}R0R)~n>*UX{Kg)+C%ipq>+
zt@$5RxT1rZb5dJcR7be$k?JPPU`!E1n@qg!Ulnvxk6EpcD>~h3K8VXw9Y8910W}b#
zzg8`tiZc@NhdmmjC|#;K$=b}m7&$2OxwRM%bm6kj*iPiN9rq#SZ&X8^nkof8N6Q6D
zP^NdL9<IDF5a9#teI#{t2*l5U=KX9#ea8Z_8o-X=2RMB~T&lX59e?sMZt?lL+w(yw
zP^{M?CX+Is3086%Nu6=*Nwh3O4qDCf&JP!{tK4hU*C}%$9>jgx4BMG;dMeM)pF8LA
zY)4<HMU0HzBna-*Q%4PL$tv~nt^#;W-J$cgd+zw}f_C(t4?*mi$uviPy)p}_ZBL=i
z00m6wxroDiWa-(5zvEX=Z-lzJy1EKymz8nRj>&~M61(%3h23B1KUNljcF^Ic_F)=r
zOF)?b<HyzA#G)uC_l=WIeU9DQX)1BIe9_7ZA*c#d?O2P`)zkAKW92}}lu8i`B-<_?
z9y&1#X0c@W%r)H_>jnOh1c;n3;g%ou3W^!0L;;Zq8IKT<mdi)G5=_6kh`N6fj86pV
zi*7!g_b7=bsk+%VeQ_~=REw#H_sn9oinAf0*DkAzrV2i+<GT;a#GsY=LCdi1-T>Cq
z0OSu+ZQj_b;xO`dK1Xonj6{N($lOjcIjl`8(o$)PcL%eeu4wIGA#6+@etH*C2H@$I
zZwIie={kq5bC;+p&v)lI_#QDe^+^R)&%$r8Q5Wtg5QCGcc*r+3Q}6HX?LE65-P`#c
zOA_94ugmmWtmVawA65OWRTFhnpn~ZEFdsurWP5tD_nAwIQy^RO<wd+c>(ImXn+C%+
z`uZ9w7O!OXq6wF-9n}h@?Y43dar5C<CoEsKZ=QNo<m{-;t<blR`^}f{=Q1>%#kJ?6
zjspC?*{z!`Q#VNCOqJW4dV;N{7KySl6&mUOMe^Q<=?i~EcCEx!@YllQHar9T;<2Wl
zItne9(VvZx&f-rn{g>2*1Cx@CAcM=kqh7cD2V=R<u~8}8O$Scrx7RPaWGPj|m7Tk#
ze<V3GxQ_5E1v)cK_hGiaEeQ2q&e*(9vG;@1^B*S@YOdYwRbP5EI8H9KK^qk1I&&I)
z5}+7xXt{rRT~j11kGbqKufZ)W<?cz|jC<$xX{GvoIgU1dW&W0dH2qfF!Zgwg!qghP
zK~7|J%gxV)+VSO){8yZJ428yfx*y!<RI4?bazgC=Tiqt1xL;%@^5Vob)U3AUNG|6+
zAQK+{I96uliY7!C)i+Z1!w$fnU%pKyg(_Z3#j~i*7-=2PPc&+e6N~)0Amb>^td)Y8
zwV}COgyfuxtWr)(E^+sno*CUUg8M=73$zu1)dZroOoHAgmfH0ve#(`VX>wAO5x_=7
z>j<4I7%DU+D0`pHF>BhZ;~M!3VMxQuM0l&2IZ?-L&(h{pOb+@Qb+R2!%-_EV?2pC8
z#lgADz_1w1iapM&RS_kJPkGcO#pCHwx0?5<#_{vssgibe?MVR6UjYo!Bah4?&?w8&
zVu)9Zk@pZE2GYF+8nFuxScL8mT$C5%v$kOOoUho|#o<}Th!+T-2w)xGt*53yq!gfP
z^>ubH+Wp3R!SeG9y<|4RM0W$wHCofB=#v`PFEl4BK0Xi?(+eQA%$FVyeb%mk^SRr$
zB&Xm(0f=Q}sAq{;f{UUcdKL1S)(aXg9v+ZRrZs}GzH4jfj>fWQ^bf6@pX>P_IMy4j
z?n9n}60;l0n!|fC6wf;rib=vb_QOwQX_f8GAgys^DX>v~4AkH}hAJQ6Cjh~aM=Ou;
z@}wNlh`gS`12^^t4-A_*AixDd$is$}rjj<rtC@13qcI{n1`^MpMgs=PLIU-dM+k6e
zbu`3cJX<jNP12?ga#W|?l=&0ek<ZEvV)UbZVmrvK-!5BdGVL?hs+rTUPujxg<t)wZ
zQNrk!0^7bbnFpRg<}Wx9+JlgyP-5c(2CGs_#5RI{<<qt1D`c0&L!9}eqb>T)Z%!9v
z+)58`m<a01M(SSmxGOTbY)WozrvMK*8rLfH?N+0^6%)E_1iK$(*kg0}nrBaH4jeM+
zObZ=4_M)b8S72>Q(9^A*bpE}!#%$ksawPB|L1E7PgLkmq^8IT7qwUB@ug9(!Pxm2Z
zD~tD}vu74Zb?J9BYiGM?4M+s0M0*|89BvoLlF#h5@fghtUMi#XBfcKT&~OcYzeas6
zkL6{_qHXf!q5`ss6>aCE2PDE!c|Y<`%hF8^$k82Z5bTG>GpKYj!%FLy5rkT+C)T4%
zeTH1bBJZ&+Je|0bTgZe`h(f2u#FaR`YN>5n)E)fXA_~HAg!&Qp3^{JtyWI23Z(t4&
zC#}BWeTa9t#v@^EQdBR9l%$Jf=?NtE#NA0msk)A6*-keX5FaXaB<;kt`^-Y_Y4~<f
z-VCb%6~mGFMrmnRY8@m`Q{UrF?{uA{YN@e|n#;9Y6VBvC-6sKP>;<hew^d9?q>qGJ
zUYgBNvAe-(DE<QU++Bnk;Q03yb;e91JDfg@k$KBp7S|4~W&6SbhWi&EglTm3^-(A?
z+%d#cQZ94-I>#bjLctZmQ=GVkhOIs=S1jlv?UfwIZ6P<H3;k+$KqmIYnpK;xDWp1R
z%iT*V55b89oAIn5-6G$%<$w~(2y`Dn^;gJbN86Qxllv@HA}~?NkOSU&R=6Z7jG4F}
zNd8L|dpz2v{s6L2zc-FXD1zY_+VPi_fwNMOs7I8VovWzj_BND?Q3GbW3PwrbsycmF
z82^mOc;-1KrGmi(@cSIR4u&g2`xnaWfu3YoQ$tm{aI=)qp6{Vt4P3(s<zFZ;4B)^0
zai|$;YAOOFhZ5`T?7W$I5Z*E1t3bi#WIZLcqNq31=1zhOi09FJrQq)dseTV+BW2qa
zQ%kt09+*C$KLC`5fOz=&{lnc*`@jDc)J;OHP*52M(oE39z(wDX=<!+4I>Aq7rHC@?
zSoNe(S10{Dv)g5*ty`g#5BzPQiWv*4kozyAp2fmf$<##Xy?8ND6IKxdhWLR+2j3!+
zhEMktCpu}Kl9P!0nUg<?=<Eo}1zg2fk-@|XTM&|Q!?;B=W8g|%_&@sQ>rz(NRL%(J
zm^s=l-4?mw8fSccbG~fac^B~_$+ivjYu|#Dwqv?Ek{n^Fl`2WdI008`gLGKd0H)FB
zX@V1erB)vju$YwU)s*lGk84)@)B*L?O~E?fkCL88!h%?eAu5e4R9i@?kMU3kU7fWC
z&dF&gtLe5Z%sCYIbC%)TjpA-_i=d%A0ew-7QT5qwlGxWA@n>zuK3EMNge!lch0J_~
zP^3Kwjl(xBJ!DofT=5>HR|Ug=OGYRPoZ!`75bM;@n6A&vXVx$jxzSzU>8dcq`2MKd
zhLv1Uk_UQ{jsCy&jV1iAy;RW3g3A_7G^}d{6jvtLBKA=Yg<J%vZzmvN7d^!RZ44Zs
zV~Nr2EO-Ne_Fcvuz)8&YodmV=tZyD3$m3bxFaPexLHiykoB@>}29syPrL|Olx6QG7
zGes>*QgB@$z2^_Q33US$W)QUenK2&e+wHnhgZ!t9=c*wm0SacI@S&}aRhRZ|DNs-!
z$89{vc){YiR)dP3P(jR_^ZCUTp8_x;R48Qm3w@i<e9=R<_vwPJo&5201!gVGFC;e(
z81BlN_h9c<OLq$~t?tF48}n&{ppd>Uoe)s%p|vF5B`g-@%rSPU4pa~$PweRn)s9kv
zyQ<(9Jjhazx#sIZJ7B_AqK@$*Wr2eHU(GIwh@`*tw$Rcs0G9ppJ5|KosFQ(rcur)A
z{?;EMd0HUX{m%4`2PeSPQ2HB#dh%2;pz<zNNxu%;r{v+Z7X)m`%}!;RO}8|V<{e^K
zIlVzeFtENIE$HnMom_fSabshPpCR90UGrKRNuAU+4{`r8K7#Y1j)2?1^Xkr|c$r>m
zLj-0XGGl$@_y%uklpB;+8ISjUzB&`Z!gK^|BJl8rlBO%EXDs+1=ypWM*@uZ9;8dX;
zm-RANHiTZD>jyaw{g?f+IM!$zd0d56Kmq;+P60KP=ismhE9Cj3td0_WdvPwZ$gn4E
zFYB-}jMj-#l)Z4%kh96UU^(M8-W2ILb8+H?J+QLjOODIciT-Qn;-3n;Z+8#an!p|H
zj*M>svHbPYe)tgoLzgQ2?o!sf-u}kJ0S^EF_2_{l7Kn0Rc72pwTZ&xK{oR4?C6Hpo
zDZ@v3`>$+P+_cH*#*M3&R02=u?e}5&bzK_l3yT<dq7esW&ew1Juc!nUl-X#(YM-KQ
zTnyaB!dK8F@<=9Pj&T{z1QvqVV#`Fm;IQld2++W^bRy#nLh34AdWu^k6rXo#5qIr1
zlHIw3E<$|s@Jn1a&SdgAhX@w3FAMk2>)Hcw0>Yqj1xc$#)J(JIsDOEoZ;dUXibow+
zFsjuLygLLru`y|Js@`?9eO^2W@K@HKZQwWAZ(GTmlB<9=F^ch$QlKrKu-C$mKgcht
zRUX_L+W5}p$<cAi^vj7dA7#$<44EeKp3Y)COCM!{JUM^6dcDI{NJ(YD>8dT(YH(P9
z@E{+^c`T?Iu5Ot9i9-TIG(V9hT^C~rw^PBIf^3IdzUb{!MxIk837oBwa9fz8xqXIO
zTI-C)Ky8DpwF`t{ZNELZV6{cK$u`98Nit}u7uo{~Rm4jNcoogYS!7oHrNMaeGpmQ~
z{Ureu2S0Ih@WgdkKj<^bN)#sTLvSsU@uNqYj9>BBcsUtYRe${etE{!Is%_)sZ{0vI
z@i>MViv+R|YAQ=6Zdhum7&?ZNp1O%6Vhq<$T>^`6IrIP3CiwQ4{3Q(qv<sLO=wmvu
z@V?nTfi0)^6&{oyLxvNuW@>mQq1vQL1Vf+f3)`OuWvkY;9)KD%te5{m>kHhZ*HC4E
zNo$pMxLPaRf4*_Daem2qafWFCc@9~=|CUXqaB`!y+<Kg$>nGJ=Ed!Nq7R*RrL$vqE
zalWZ!XrWYH$oA?J**CN}^;VZ$e-oirC8#^1%q2d`*q&`^cwoj9zZ=OAW+ok%?bV^b
z$+lEH==h2*Ubuc1?(tN9Ha(MkXvb`&d3<UCj7@b3EJ*Z(u&F<Dhg#>d4;BqEOP%v6
zHb#0YOZqJPm}#39AwMy`hSKI3-ZnPIF4qC2txc#C0erMC1n%Mf=~S*%8xQ+v(^G+j
zi#!Ul&gOA46?wuz%_Jy6F5W4gSm0RIv~r%=o@-#X6ZCgCw0nfzV?1IBc|w)6l5AWy
z*V+SB0afWl1xmM)w4mxEn3#H046Ueq&`&N}S}`|TmAg0yd5^`j5hAAgZem=8+%1iK
zDJ316hT@i5tOXT6d2#H1qpLP&Oo^f&&!uL!hwx>2RW74?tGMIw8D=+JzlXacVZ&$D
z3)7hs((4*}pmE%4(D=vvpqqoA{66(EUXtZ)!>ThdH&ycEIydzS%uN*y6loY5<Fevb
z!x$KVCQrmC#{W#-G87M+xZ07b+P|$QfhSP^?CAX~p`u!^M!8J_<9I2ScfKq?3{qIK
zXq+s0BAb>lu6Y?QQ-KwXDJ>=<86>yX<=DS$-uzR8A9Q0tM&D>)vBre~<=@#_NpM1U
zeQW>CM&4i3W6MzfjrU;OZngfwF-2y&TLQeG`I3l9k&~75a=CwSPyUi9>ga@9JfH?_
zFw0`y<FT`p;}Cn=zyg2`p4yK5MP~ORBL|}HQcrBGyKg4`iqzd`1eYj6Rw9%xuHx{)
z$7hEb)`q$-3t^veK?~?F^YrkT-%)LgcF9E?)ct6l9%-A!6=QAPSjjA*f$Edl)06XY
z)Ws#{7FEfN$jyzncBLh!!nItm!_q+m*{roS!--Y6##kC_A5WTV1n85vx{ImuPZkzM
z!@w!ekm@o~@E9%R!`j$6g^GH(kd+g{SBOnHg_s7PAKlfPKz`447d06gb-!*4Vk9YL
zkS~Q?%o!NzpOyhY(x2^`#6%lH^#n6A8zP9+J52>S#d9ZY7pZ|PW=iZqKDWHjY}Mc1
z8O&w#C8RDa_93C?8gh~jAb|FVdbo)FrC^SArs>i;)0E`2a$C0G=3w$=x?b{zX-(G8
z`^|MfDCDp^3wc|A5wU;Qg1Y^r()tzt_9NIG#a+2&nCiEB-$LQq!MLppm*hC4Pj<Z%
zE0p5%Eb$3@kjR=CGQ};KKmN%QRCUlTNI=XX9O`oZWbJ$0*TZPxE~h%&0gX-&kSrrz
zU2N#uD=#>-_flTIc;FpLv;;z=J(!I%nk9&nZfD%qHstv#e>W;8|2>iZ?ZE_k49vm0
zX*ZqZ7g`|p&1T(b_Wa+~W#7grz!`#ufnm)3#WXH7Hln%cTLU7exC*sdsrY{rKlnEm
zM5zU|W0FeHy_IlLAYH4=!9fG7^xjIR1+2H#lcnhCS9sQI@ZK2se8OIrV8x7xIlivp
zXV30p{9vg$s3=~t2P@J6rkjE|0c6&ZVz4V)^R6WdxLbRk>ro&n(d@D%`}loS#8!O4
z@tytQbrnD;2#FJd<uS42?wpBcvZXHz%w$qwwg@aU^vPq)tz%;)g8Hg6m*eUl$_Pq(
zO@#xE^CPcSx}u7}(-@YXksL8zF2fm95006HrRvLv+RnPOwcH^aixEj8BBt93%Y*kl
zO58FQ7V2VFlbOskfGB}cD2KlTj?Gd_Dr_Z=Bo_cPbDyF>bdl^e_gbFn^nPIlJKMC8
zw9a~upNlf;ky~GK#Y?pk{gtkBp4QT+B5Sv?`wcDMpVfVs$S!HAYF0R&oBH(t>r1+7
zdi!*LC8DgWT|SPzACe4|ofHm^U?+CI7SOUXt(UrsO0T*e#})6Fv82AY%`?T9aAg7=
zyq)U}zUkS#AGPMI;F`f@#UD+K6H!5d$u!)7r96t2R}0z#f)cnujAxF6c=s(!D*x)|
z`$qB`t|7n#1dDN%;#V^sf}ZR*VljxCv8df|s5d2R)k<FIMYXd^s?S~Y_Uf3w4l<K2
ztdtBlh6*F`Wo5(_iE`+3vn@TTP6Rhw$vm|l|CneSa;wvwH3&Y6ClCL8utJn;{<UeG
zw}%U=-aZ@6#|VY!>&n)t!2Rw2ULfmRO#vZIrWb-iQ_%b0hem)7qPIf#wYmP@1cZ?$
z|I5xDTt{wCXy+$A-!Osy!IB1nk)2<4rS@Ke$eIApdVKERIL+$kU}x)4UyLqcCOr?2
zy$wcC(5-J=xw;{8E9mLL`bfX{(enn15J(r|JYj%NVj^V?mtG$5^aWv*jX#-&7d9K;
z8Z3ru**j;RhHG>P746~NsuAL5V2cH{P=nhW>g?hnkZ2ES@`9Km$U=6>C^&tW<DHj;
zU;Vz?B7&1gig5?DMZa%PaZcg@x|oF^Uvqaiz=vvclOcR4w~o}Y6SmQl?^t@s!|KDV
z9AIV{RXhQI@p~9i2BIUFrZH5wpyEJO=d8`0sy2(PMUkHE?f8d1+hy(gRM*<>iN&w6
zZ)g1)P&pr)+Ct=`z3N9^kCaPAM%2u(jsb?KdVJT`$%o;cW&F}1h(M*oFQ&|cVGbFj
z()DjsE5jOI2ik`s1af#{!WfpcNId?=UQYGIVCHZ5p=sXRK}$`qy;Lw`zYiD)WM!CA
zquvN)<te8H<;ZmrHFev)<)XKVE<Np4XHxdBw{40sB_CrPYS(4ix}AV<z;KrS#Zd2G
zIU)Z%+VGzWAA+3lRc}y>lByoC5t{^du2n|{T2l=B#wmK8Td?76uBqYa72%Mn{g(nk
zzxQyn%uGQz+=`!E`HHbY^wa64B%#OKvpZ)_Iger3=?lwA3^VPJvzAmtcFxobMlhp=
zhg$-^3AJ|$L#Efmpf+ugvu_XU-MQj41h(wD`DSo}?loFC*Y7j3de&`W27^Iky4V01
zv=V?pJ-o!@1JeZR(#;wp#6#vMwz>M9542+lUKvyAn;6VYnU^YdN5C0oF6>%IBQDyr
zgjuqPC2@0m&(O6LbK`T_39DIsfkPP!`HpcSt9<vyzn{LcOX8SVkFlIp-kAO^U+_F%
z&rqsTW=bQdr)o<S1azJ&L8_w9-kNiA2%dF5+M#Y%w`i;*B4Xs)6nU$|sD;Jv26HI#
z7b<~?bhj#e$0f#IW!Fc4gI|zZnKS~r_@mLj3{V=t5uT=N;lG3$eTm4gofK=8Qev;a
z^Wh;QS21%J3|1?W3+e1P_c+nKAF?e`B3b<`(yu?=T=DH3iTTLz!w#w#rXn@P>lYWY
znzpPSMznL+Y@G#OZOg>o0p6GojL+=`EbUz#`#v3ygltNzn+SPfRK15B-Z{k)@Qd}k
zSHmsWSSvcGl1)Dm9=~O{ovF^K$Y#b*-yWae?-~2Q5Vr@Fbl*Zm)+3E}U|;W#6KL<~
z_{K>4kA)iH;-azRvAaQM*6*}qmWSim`HQXQ%e(fh2NJ=&ClWP=+~!%=%6M=8#%cRz
z<<whXSB>H$2I6f+oC$Z~bC^Dr?@aZiET;8dfQfyunQf^v2tXcdpWpX-a2iGn+B@`k
z(GOqMSGT|X=HUG|3S(}vpxYZ6`;qY$#r+X6kpm98Bw}t(>budb21!z-ZIzFThk9zN
zS_UWfJEgEU?Ryu+HzQGTp_FBi>Do|_(ijSe^qq{vt&JQ4oB6J=o3ogOnaaCk4qdi^
z4Jb+Hg9;)PME+2e^yP)52dte1_@;L`W4mBBBpiwGjL}rMEjCzJ7gLYz^F5?1nlt_r
zq2d1E^;8YYtLf-vz3gAox{fF$C*r$w8&s`7{{Y-A8M?bg$yAj23xG`6*L<~7(!%q!
zd_kT)_dHI_0flZ<_1Z#ZA@EONj>GL-@EY#!8|Y*iNN^59ndDy0Z;9aeD5jMQhW(5<
zCd<ShagDj>tYP2dRXD@GCzSDmXYPh{o^n*Ej%71t_l*mj<jfAZp)mCE`qB2diN(dV
z1{Z+oU~~L6EiHp}|0(<Yat-zJS;i4$a54XSAo`!4I8f)o=jV8`Ql1~~DuUhCe?(Nl
zj=_J%KLci5ol;2}yH9sKBQN(m4i)?k*0Z^jlK-u2u5U3Oq_-%xyamsi7~A~Mk(RKs
zd@;$AnK#%2!idTHefc0?3~upm%gHs1BQ9R>H2u)`fbr@x*${!Xu3r+i@nz}l5idIf
zFe~d3>Roba<S3oIbAC;0F7p>t@l6%RR{IEI51ij!h$_r$K$BKJM0JCj(h;udUIn|l
zGQ;uQ9Ny-FU^EEt&sLsfyg=7RVc5f>ACI6jE+~=>EAL)@D@@Yec50JUbpz7@7tVLZ
zpQ8EQD-1~2=Fa-wI2v3&nbmmV;F9BtYptx#o4E|Qc?^E>NGbBAsOG(6g2<KY5Mi>Z
zNH+Xom!XP$*mc+3*!Ss^JI&C+x9|RXEMTQPMa$0&RdyeZ?!RbQ@w!pO8buV`ox(8H
z^c6A`wc`lp*Tkliysw=<q+4iy{(!~U-e{}A-k7H0I4&Zq^hf)KjIo2oc+1$@PaebE
z2Ez=45JYg5JDbgS<?&48`8tOCV~-lww-~wH<vw?QRkIf%;Fj?as5%W3e@0~LzYV5@
zwTp{-V%%2SQU_vvX7@@iTi)pXMJ-`V%Us8%y=g=bJW~!a;hA#xP}Y_M@#=Q+4ZRc{
zrV>rwfta?X>y5F8xb0elqm@Ly-B3a9vBp|_%43MZD`z*PqO>eWkU*Amg(&wZG+1@R
zG>!HrpIk6tB<%l^x&-JsuZ;`><7+|O1z;Mw{?P)Yb8X>`{P!1U08IwBPyDg;1Hf!R
z(He}}Em~_zp;NzLZ$K3>P4Z|&`^<q#-w3UpxXtg^ovI(@>HtQoi6I96qR$r905`Fi
z42XU;c6hW0+b!)f2b9dbop}n%KL`usRC!b$I=;P~KIQKBm_<E^?yvnBO%j$n2}yX9
zxHB;adXjGqqCgcbu$1kd$Z_!V)wg|Gw9Zy4<q|nWA})ivxq{%S7K=pYtiZ0xMbCNk
z@@J@=W9)%hlguvwH>2T|GJSN|W!$ATr;7YqNpktr;;YA!Woxf@G5mO3A%4TNs+ex$
z)%QNN<bs>osW+!!d2odH2mibmSV`NS`?9AD)s|1K%BSg#PK$`+mDHVL9wwjL-rD1b
zshE1oae8Sidq&o-mg39UQh&&T&xniZn&$Byip*4j(g>sZW)+<I_%12SCoza_;U$|p
zfCI_(&Zj@t(NV(hppqs!J`o>EfApCTQ`;x!=ljAlQ(RvukG_iwr>(ApgCGw%Ff`2k
z^Ko{x+RDOsgeI!(_9c{V<MSyF8zB>CjOFa!$H%jx)^d`n!$p>U3K8WX4G1B&T?P!O
zmPOY@g{%b|&-6%nThFZs7fC<K)tesNFpIK~rRPw+{Z-8t-X~JV3LI?oxMj=g`TSVt
z#G|L%_w^;+x>muNf`8O#sL<T~;5NU+<>|(3B~*GWVY?Vk3`Nrc-$jqCC8XdNn?GI^
zC_82qD)PhK+-oZQyYJ@e&Irq++6rT?ai8niFa3I1rEjbV3GO_Wm%?<Nxuel)aRS6<
zPS{_hr;-%%@o|C2g&glOB-TGI93lw_-G-s5e?3kQj!d3aN5e*AJi~JViEU734ch3j
z*z~V?HvpPcmigZ)!20%#11SUW9Q4Q#rFJIecdq6?AoA$0CYbA_hCj$iH~j0y?;jbF
z>#{6l|F-q2n+O(AaY}b%{rI7<jh(4gM*MjYP(f$|()@f9=r*I*o`6#sTctR|5He+Z
zLkqn}q+7|2$8$Qdt8ur3#`>od?|LEhZki}$Tk_Q0%|=?~g&$K3?cAL+pLP3dc}vOf
zYfC=6b>NFLfkEDdT`9XRXFz$?pVM=r;06C+R?F9aiqzLp`@I)>Ua<5jD9n043uaoE
zb}D3CAh7VVM+c*}NN5=52z4iJ^E3L!<;+A4@cub15>{vyh`{h73lCC(54!DaM|{N+
zDt$JraQA?4!bW+6NCw^#FJeZp)9pg8T-cFLaZPN)lbJ(0DV-Ax$)V3GS9jBpcO(1!
z7ksyWdLI6eAppb*voJ+a{b*(>RLdzVagQ#KQ)JVuW2J2SisR|L2-sXTKq-s=M>aZ0
zV`yCWE_JrJ28I-^mpcAEX*d~FqN^AYR1BUg$ckkMleSoVjui!)r)Fy;w%YF_2KQ*1
zn3?+2&X-a>L5@tqbiFv?IScO+Xt-{xh+sLtbG>XNjb1hatlN?TkT?f8NP1E?RAcEx
z5gVLE$SQ7vPJy3Xd(-81iQcP<(h_2U7ap|Xramw!ot$>&JlEGx9KZc!I-8xam09yQ
zCDCqoFh7l*{tZY{uL%ICS2UC2*w0;$M0yO>NUyDK2M%5ek5$ZWRq9}luAz5NE8nz!
znO~r!v&pp-5CzHhZlz}M)=%?`rNxLAjApG0+_s<H<9)3!%lpe(>eu*=I?X~A@)<KF
zNG{XFvXmQ9iM9l(`1rbM5yCIxx*kgQkz&ZK^L_79GW~7mN&}%wN~9h19-iW8mYlax
zXGTfY*)(z&f&Sff#~bZ2mQyt*UC)14&R>glJ;{+$c{1xDTFjAhPS?tGDZz+cC~D9+
zA@!D(J79A-P;caT%7uwaX`S;Z=zVp3HUiGHNpP_)AJP_6DfWvC7uEEyxhsY_@7_G6
z*J$9Y%gS3G<(3VnM7e@~2oarVe}f3jf9*LbQ#~@Xs^zI0)@X0c7gh}*kZd8M-Fi+9
z?amH)Y6*CwtB}7s>*k+~7c-rEl93bcu}#kUT$Hc&fp%7IO|B}AE)rlzuDUcC_{myN
z%LYZ-oZlRnKi(7K=D+@RFA=6Exz__^vu-!n`3^t;xJewh$8NX_5?t%B2S{o%z>Sb=
z$$&aSrVa!62q~<gtgNh8{k_WUd}HEYGkE_4Jw*RSKhjfBd_rhX9|>HE#3nteuUD8K
zd<C%wKq0;=Ld}i<YS0{UA0J0{UjP&Wki=*F8Q^O+D2HI@LlwO+9T0l#fBJ{rQgD#}
zMUUvjI)!fAmdL+=K?E%Xmr&_**HFZIL1S@I-fjhB&kqm8Vr)+#1ROh?9<wk*&Gh@f
zf31f&M-OMdLve|m$A$9y`O53so?pu0J{uWQm`|@QwNxMUWFKwMF`4zRA%1#fHGdrR
zCsiHrdWo%=l31Q{@bmahELg2WqDCtXB=*i_bOW-!yKadpn8^+Ep)MZ&Tj+-u58I>0
z)G|`R<dQQ$FSyyy0;VcuT)6Xn8h$0U%;HtL%!Ieoi3<D2?sv{UY!oQ?E!(teZ|dUv
z)D{=R3Ij*x4&OZKG}CpW<o$~Pe5eXK{8Ii^@Zq*CD<zMVpvJy$iH9?^?74tABp`rs
z+xPPOGo3TONwUQ{6Fg?#$)3vCNm$ULiOPnFQdo`@Bq?A7WUY&7AFT#KCKkd7l4y>y
zJAb`7hOBtKBdXs@{kGIeEjDe>>G_M|SY`2+h3f-9<R3b~-DRCsrj!<B$F-019hmIP
z(c5^4vwih8i2BlTj)$Kf4ABTbbwE7WBQ|DNFG4PQ_-1ZB<?XTP_J#>I$wgT}Tjo(@
zHn}F|sp6?NaE{sE5<OMg-4G*2E3H;%Hg#y!ezy+dWV$c!j!N_#WEnfxZp2u!<Fnsi
zK`~!gFRqe!e{=9k;Cd_{RHf5Voj`0r!NBz$_A6Ab{$Ks!HC#6Dq!y-p2p!)jP3tXn
zI}UYpgSHq|)ctapX#j)(9aspiDRlGK^>6z7es#<VWj9cUrDGey8Vl-`Br4s~PU((k
z0J_USv2$(de$m4lJrre*V-2CwUTy#%(HUt5byUIaQ-pgFFCA%q`fdzHmIW#FBg6n?
z^j}<rnS-E3v;}9;=Q@?4b0lImXjOLHdaPdBr!w=B#D4mB>_Jec258HsV<K$tZi`IH
z#oi{ySrH`Xe>V7@uHQiiOZwvhofsUgLU362t$aC$wD^+Up^kdFM;o1N+Jij>b{KKo
z2TM0gnRI`^M1W8#>^t@7S7-}cX3)!iM<WDG4>G`6d~LUR&jJ>JAU{TWj=YxI(oax-
z77M!eoTJT)(Ev<!4g{(YN;k|zE(Bn~7$ne;_(=mHKr6k{0D2*N3+>Cl?KhHMSr|%0
z-p=Muxw26rw>=V=y!ue>SZWN>G54KGQtufpRPc6SHI(Dsq7gn*!&p0<YxTF60lg(q
zBdep`>XiV!4=I+DTLN;QwpAUl+<dUn2O%ImC%Q^_=uOj6l_Z^pxRGIEM5w2~W<xxK
zkym<p4cH;(3x6Mj5VXO7_Lk95Iwtq<Q(m7I@|@BDt$kj-l~#K_(l<z-G9akCT-hWI
z8qb-9?1y7}43!VbeDK<@JETye>ZQI$8J#-lobAYRL0mUGJdmI1+Sx|)k(=u665-Bs
zi}nk|-pG>a8tJP84Kr!da;wb8rLMJO7B<amkt<%DPhGL{@ZFDKYo#@UO4Ro>2_IDo
zCN*WH8@J{TI@xJL;R!>`#N6?o_FK(*njX{5ta%quI@ITR-Ca$!Fd%S5c#>l`mqd?@
z^l7~h35m}<Uq(*V5fjf9%$soqkxn?woNna+eZiI6q#dld>3gV$=DO4>jsZ=)0irV*
zHrVA#h_M)PBgG;>(>6>ni%T~-Nuw#C_x8?8K?rwP{(wbBiKx%&ci|>#Ui`(4aMI!`
z^<_EkBwhcVri6*hZKv_dGwrSS;2Gj=N5+&iH<6DaTm(6`dq(ycdXMwj3w)Wo?{HFs
zH5J8;P@1^snBW*S&_o9W-dP3bRl;HL7x2Is`%~oS53Zlz4b5afO2kMxlwJYZ0Y5P}
z2L*7YHf2*mNgL<#ypwr3CwWi0I)qc47Oy<-8LVr&uI$lA?M<}pTxpQg*U__Jv?5Np
zQdUW0>_D)$ECr!4PS3L|XXV(@i<57@WE@itqy!T!pWmCfW|oVP++I{628K_($WaKg
zUbLqcJ-?w;lC-*LV`WCZxB8ugQdT3>CHxIvbEiD6XVq5`qfAKeCHr(en`Ip;vPwIu
zJ{kMbAaVIQ`E<Fo!9f<txVX7vqxa1lH`V$Y-(Gx<d-P7QXFt;}={r_1I`AStpy}wj
zl{kKyVJk`eFF1o-ps~$tz{AMQtg7@5XpjIsA(Mlk#YD~y&A(zK82J<yV>$B&JK}vI
zmhH~g-?SX~^(B@7P>N4|3m{7YfCT`Y@*I%b0|~5`daX6ft}}XW>6D-ShEOm^1A?yh
zYyF?rzB8<;v|BrhWyS&uDkx1y5e21)2vSuPMyg2f2nq@a(n1ZfAqFW9y$C3%NS9s%
zC;^5(lz?;v>Ai$b@~s_;bKY;}yl38X{Nr`8lbv0j^{jTU`|gRJy-dYH*xSwY*8n48
z9r{odrq@I1)zTc$H#AwY3C~GRAd}_H=KKi5PTZmlV=!ZoMjPB^Xz;e3)cMG!U~SK&
zl$0XuVkb<Nx78Ssr}aqvGws>616fKGgsNIUrMz!YnL5K8@*J50vyx!e$*w8COOIS1
zisAB_q775=)pbh29en%O2?e*vZ(9fL{|6sa)$CDdDo@hMZjwV-5ce4V0>zP~rKOD#
zglZd8t+kvCbuv1he%=`$+s|IJT6o38%+x8A9w3vblaDv%xR6VtatHE1#JwgU+Ju*I
z)T^WN2Ew@kQTKj>Lnmsj6KeR&usT9f)BVCUN$|nMmRQ)J=ldCVWK9Uwz8`09Yt7`U
z&0Wjfimx`s6GTcN^RFKZT};CK5+>Jcc)E)Brv2yk^tmA5wRS6NPtE!+6Y;=#+MgP)
zZ;`(mAuIMpa^idQYc-zh_70^jTb8~qU)94N{-!|Eq_&1p49eN`qQ)kAX+E}0NjGW^
zWqRqGzo6@Nzo)HYFD1?;lEcRR!MXmG#VfV!^p{nMm3-~KVFtG15hT*nE-hCK-=yi!
zYY2#t=gycYO<r-e=ux|&kMEQ-QcwwRTdSHoJd|5{n@aayXsx1W-Y)3$EBOV=I<8g!
ze!H)yzXjVJNxdLVr;5DEx|`tp07ql^3%UFSJLpQ_g|clnNeidxipZBi<L>vXxw1Se
zjKT8Rjd=kP%YSHlN#o@wWaSdAG>=t#h$W;**f<9x^nF8Qbk^9UOM>pkS=l6#yInUD
zKZ!3VJ_)GRo>T}PPq4Qantv0B|3tnvb^w!^#p(Z4S3(!z4qT0_?Lbqsu24tKP$#e8
z$G)p)_em#hV4go-cfRnkK|$uMc>349uE0S!rWQw3bh?dydGMGo`i71T=TV6!&d@X1
zvDm7cXK8g-On;`z#L;}nEbiu1SMxWo5!QBQy_ck${+nFg3h)W4@}Se@%JW|I|Lz>4
z{njKnAO?rl?Dpesc_b6csZiG_@@?hTZpxX<)T9fQd1%E7q^v`$vgW4G$J?ZJa%rV?
zT3EX>v7W&17nj{BdfGfA+M71Nuq`c%Gp6L?LQ8nMjJ;^{v_^z$TI|mc4&1YECojDo
ztfOC>R=Z)|3!O@aBi7d!AFSQ8+1SfK&9h34#CTmHc0X#$dnt)EPtY12u{e1L!Q+7m
zn2p^qh>&<n?GQZFj#;Ps-_mqsoy&jE>t<D46m>2JnT4U+MN``*@!zIG-VT%(wZ@M!
z1f>J89h5QEC{auTvS-9*D~Y_6Sv}c3C?;mvGb^RMya|F+pIs=H5<5^wLDhW)>qdUW
zH5KO|A;3<9+6TV$6#rkH$Sa8e6Vh!2rZ}aX#U`5KfH#CIg9uy`$TsxG&qNHpLij?x
z?l*DjV%nfQj^EZ_ih2m@HSQ0n9NrMTNI*hZuH-fYQ~iBz{D%adDMz766&k#coR2kC
z-O^`5g}}V-Hm<2ybM`2G5fY5w4zv}^-)`FdMxT}x4Fkcblb-aukIA|&#t^|F`Mua8
zFr~~}3G5&Oy!0q}U<lyiP1Sb%?OPlxso~?f9emaSnjf-|dMJ{U0{OJ6xAUW>s@wW}
zsE}>4XJEz~cINOo{I@lMn?nA+82zK9bD@lTP$wVJ?>-o`&|eb{<b>7uiQp)hu`{^b
zer2c4Q$)s6;ba$Q9sWUY+1{D7EyV!%eFFoGuupR;Vt^UWz*+T6o;g?9SnH#F+Vk%a
zU=0jd=GGBpSAbx)+ie19aZrY%r&4d+!Ub!zbvuC~ozSXZI!u%^C+ZN#_H?+s4DF#;
zvRETA!sq9k>t94M@xt5cOJ|R#r_7av_xGm3Ofv>1ih+=?p;3FRv{csWYRu=3aD%({
z%NWeJycEk=y3++!o(3KEEhW9&-=-{TGJA+-d8N*dY5Y2Ii~)`hOw0M_U7oiNN(|KZ
z1E&h&7#&f35GpTBluO*?P^T<sb4sw?VRK%LnJ9eljai0r9ypQAdRDGxlX`?}lsdR(
z-uPsk37SdP#WiAP(X5>vDz^nfD(vhny92vw#ec&NJfe%SO?O~eWfLCw&7<h@Uc<+y
zQYSU)h6JrSW(*>o=TqEBQ8p6`cgm>a6sKXF;<}X%V**K*e-Q!<-LW*xtcbANA-wJM
zf!6Qw_k4LUHwkvx(W?=n<^GtE2zjxgMaGDk4^rSV_CXwIqke666}u`4j|YuL19uU0
zKl)B;*T=iR7JPsE5y<aMu#0PC3D*XzVKID;vaOazlvT73=kkM54vEH#HN56q`GDN%
z0}T7vn8tZ_&l=7PhK&xVR{Q0|>pBJ>EIJndUWiuWj{rf;sDydXvGuR&4`(3aZR>9d
z+@sut?gAN?($_UbC+72I@W?d{U(((Ip(lWmonnqQ%YDkZJ<!_w&>tm1j)nuXAw3<@
zoz?eUvX64O!EiqC=2chiKpD&6+@X`W8GcC)YFbyGJZ=8!-6?Hn`ExPwazzX;6KA~_
zl%3O9qhAku*O$cDKA%T=A{Y*yu8R)xiyjI}UCH(@=_x(44EV0t{yQ`eQ)38MfHDD6
z1MQ0%t&*qFUe$g~b$VV*q^%L6*#5b(_8*^8Pu9~3cbTc^(81bE;ke-=alsV@hA6(D
zsisv~nq4P}o@UN<pm;u`_Z1m_r_B4(DGp_L1=h9`4%#B3jO~D3^)p9NO?A4|b|vs0
ziUDq{QZDhs{1U`9u~>hy-U*ZG7{th5-a<7#L~NWTADGf0YGMbvYA*6`{3<q0$euFn
zeuLM;=@!Zm$dvab6DooD3mE<0DJ}yq55m6XGXtox#FN>nJTVeu!~QAyTise|9s<<g
z{WXUVP(63$SjT864g1HGx!w>OZmdm_*v996DwXdUeT%lP(aaXq>s?5U4`OyGu5~$s
zEw63<kNza|8&x$_8Zc5dbjgIDEV~NgBtjA1i6{e<Kb1~esFprK)pdHP94G-GD}a5A
zD7IWiXIs?t=rliUMXFKNKvhx2EjN*fmRuecaAOhT)1qEp@99+SR7eCqsEVzIHv{|D
z#rg2Pq49{4z~n-ORpE5IX|Tuu@b&B$-*M6%DhXeB?GPz6;H~!4P6bJmUwN4Sg{qLN
zqOO2k6s%sWS42+f4@B`vQ-A5QTw>5?Aj)xt6!m|`SBPwIysLAJ6W9gX7shK|YV~s<
z!dXbXsd={6#)-*fl=fPUd0i#zvk(Z<V1&QAc+TwP)&3;=2Z5ZF-bIQN$P57CQ1xz_
zqhd&KTXczoT*9g0X5Vj`dt#4xnw0Z9&FCN0Jhuc47AquOS0ejf3_R!OyFk5ipw4M6
zqFB2P_37@RJr^xC=OCYM{#nO%#ynTMoYB+Ygts~=ynX5JaPq=KcbS(CHSz7Oel0A=
z3b{r6Ki|yrO;MB<=M%q<+1EL}AZ5#f`CMVYFq-8W?Pm}$=rsCWh^G+KRd5Bh6&Vkl
zLj)8oJ4G576>?uRm`p3A9XHD=|0IA*E5yfJ$!sTz4t_1&FG%7NdtAUho_FwfyX@Pi
zEu!8Cx|jPhvuKEk7&>d919irX&slXJdNHw|7e`r{rI06M)Mi9}klIES<*Xon^2meN
zIOZV5o0mIPbAR$#9xlAWaxEcA;7o8<^6@<#?<BpRaM4AoUUYa?p>lvtvQ5&7=eM~t
z$<9&VRmXa?vm4X7B-a!9cU$-Efe;|o0El+1d&{7h@x5!6PGmeVidLujSZ9(2?&6o&
z53hAvcd04W@82=*>2ug!K&$AzzrpWqDvqw9wh4bU>&;0RQD%jEo>tWwb53A@ECX26
zHc!ijx%_J4AF~vmiz!sSX}|}*`O+HYJ|NC*ZEbH2IgVo}Uyq9h_|W=Y|BdI4GwYYa
zFA0|AzsWIX*4I}@UXyvydB<pI+yEzVAha%02w&C3IsbM^Y9v5968JgWfS)U*<;OV}
zO1Rk(N@8HCqwysQT&(A6)cr;MZ1o)fSd+1l`h&jQ$)D!*fFs&obZ?SGz{Q-f!DBnc
zq@2{WRK@Vz*w3wGvso!!xfwsC{?ZnazVhPa(Nomrx=XI0pn(jzHAE9F4{Uymoc$j3
zyIM7HVa);Wr~ohX8o%r+BvK%=;pRM~I?nnRJcWy&;&w_DOh0n!+aMHH!*MU_H2Q~+
zex5#mM>ubi?W-%>MeFZZ97+pp*2#0BDcq7`fOVUS&2?}!5gGUtT-4!YUa@(6xlU<_
zUgI29q)SvnAOgvQHT3~gaEWR*l-^R`(J-HL0XaNUxJOjd<MJm7je<v#71xP&Wojs8
z>gmslQnx=vwlOibOtOZ&0yFs_!#;!!Wa^7NMQQF2in{Q8oh{8uhu09hTiVX`L#iNj
zDCI*At<#y_=`hHyr`1a5msmR4$n%IFAxC2i4;Qj3Y<A;E7yx6it}^4Cib}0YO-IT>
z<n7_wM`F3$xQ%l7_clxBa4q7c=f)P=>{pDl`Ww4LGB#Lxl)k268>N7yXDY?)SBLb8
zu;_2uzig%QKZ_}<tO|V~Wj~GCUEg|e$T2W+!uy;>bEUPP!X2Ovy`$iE`Ic+2-qb?!
ziRz_~fs~JfveKA{w}sm0QVu;dL_+Rz3$x(TX7{^zM<TJBoENlmZFjSfFR+Yv|9U7l
zQ|?S7w?lZmmahJnuC5Eb2iLzNkFPJv6~n?pvDq84@Rwvfrq7~)5fA7l1XCCuzNG%r
z1aRZLGGni~W7r^&V{yMOwv_c(i-ytLB$m#1yCd{{vL@*1q8gyu);m@^KA!CK8|o>d
z;3u}9-7RCOBV4kw)G#{cb7+#Yf@LFjLvxrWZ*b$7^2bI(e7?<DA%~&%xlgf{h>pX%
z?1f;t;svC*pj0WNflW~_YqSY<{yXX&p!LH#lG-C)j3K<+pHV;gf{$^0OkQX$3$L1?
z#sD+|k-1Q~U72B)L>P2*19p@l^P7%oprQ@re?aqi%aal@b?nu$PbUfVCEB@*Ru>u*
zHa$-xqMS3p%L8p`N_k7+e6gHC<((&S50FwcFnf!)T%1|<mH5tFQv8;B)xI?~HNf4h
zCDE;~tA9hytuMPyLXa|ezRp)soD7(731qHntnor!;gl3<Q8m3o%NZ^UETsq(GZx>{
zAV~s@r)L1JBYvgTG>Y`TU9JjygEA%NHZ3(Xm7#55pb@3yKCzQVg-YD>4mkbd$i0hG
zJ%Tg*D5~VnpIC|iZz+ypI{|eRxAPpshPJki8!VoufV`A9%BrrAJfGX$Q7k{ef|&_L
zXh!ufzCM6#Ljmgdaf|jZ?L#3^38y!{ir6<$C_{^aUmA&bfOQ$^U93}~{x=7d&}*RP
zPwj6uKb};^p&z0%F+U$Ygx)cpWchf9AAL+AvTBvJ@5^<-=;=lgX3io*{AzV2tL^VH
z%0^9$NX{vnV2&d_&Ou}o6>%OcvR?H_0WBsYhmfQpsZ3e*5{`At7wZ>H9Szbx9R7mn
zoR&X2W-`PgUI4PdDOR!99LDeMygBj5*j1&oYzv(8=(Y-)Wfz^X@jpzj;FPI4Y^TP)
zxC0@plG=<$-D*mQs9W*%o?zXWW`TX_r`*uP@>_euOmb_+fbU`Keoba{`}*JkMt8T}
zK<L}<I>m`h2WH1#i{B8KSgDunLh8h7P^PF!HN{i<)pC@}ayV~CluJ3CxJc-BIeGEC
zX0)aK!x)zLLVgu3=e5trmI{_15X_`a_BFv?eq9zt%$N;eA_0#r>Ey3C<=R^d8uIl9
z(LPeb+Bnj#_DDyMW00|cd~TCrk$;8wb`I&9wWk7@@KZ0<0)(;d7bCyPT39ueS43S8
z_%@rGh_n6)S^O~>VL{Ld^H!&qwAU#=vq-i)Uw@Mbl8Fwl3CedOj%94UcopX#Jy3Tw
zKv;xZ)+-E&S)}ig^cY4gL%H$I+86L!UvZqR)ECnNO^w8pp4NG`H(OVsTy&f6yy%`+
z*Qd|k7sM|TFK|eAu3eIpwSCyd$s0yq)P~qQD$-<)y%q?(p~3r)4uI&AzLWVP>774>
zz@bA?Lcxb579J4)yw0IJW6nUbMo3jFx4c`s=UsApUMo`<+&|?E|Hsw|)d7eVbO)39
z>_f4uErNf(hyvHbRfxF}J|KbB8KvEn7u}xE_pd!BGr8&s&g81eWgNc<)gq-4(krHz
zwdYT*g#P6L#}7lGh&9&QQMS%}xwk7By=k?>H+w#vbWaE{PNes6)0g$iLtLlyy}f6w
zLwBkx_Z(xtJE6XmJIA_VR-mB?<XDE(zP+sI8Dx-Pc!JcMTKFbmcbG+Ym^rSq!Glo@
zeao`b0>&Rj<PzDxjAi5vS?;bdCO(g~boleHSmSh3+@i_Lhpm00hMu0a)=sk<ecMX%
zEP1cOH4-xZvQI%QE3@sz<A`>)>}I{5^Tp2jPKnELJEOAOtvl50^4oqG)M5iWP{XU$
z7)Z=JLi`hd*y3hZX`UU6H?8S`ix^`-i?&)yvv5VplU@#%bfD*n_mowfj`+mR-6k&W
zx-{DF^!szEjR%W%R!hQlLnx!KPC4i;j1_NLZQk8ojqlYEe4<d9bs*?VhtHuuwA4%A
zq{;o!I#}NC;{-}06_WO3-<K|C@C-M3nfZWtL8IsPtVHrJc|6BOvw}~j;`P|gzB;9s
zr=65$U0?rGfO{my>ZQysXAWuJ2^78BJ!0Ra$lj={f8j+-8i!(}wphw3YddlP6Qt6}
zR!dve9ihm(T_>~gp8SQjgxf0W`&G^B-o78QG<#8qc}XuCr7e-7zcZXQx+q)$rz}L>
ztdn>+Oyd9a9y?%kZhbqV4jHWPo9AW!>46L=HB32JosE$IE;@)Ee{fvW++Fh>{|D6k
zKg<j?`XKwfpv(@SXi!(Uv1`o<d?XC;+UXmJ<ib2$DA~#O-Z!u^(4shnq^t;ww~-so
zRqtors7Gu5;h*2<fB6QewQQ2mR(VTk7g;H|pbewKXgM~wt}IikuCJ_QV%CU?;15gv
z!X~?C4-(`sy%UT<<`!r)LPW<#)6(6Z<9&y$Kh<k@x>*$pWGBy$0=bZc*Sxj3G5OI{
zS;Ypax3acwPjf=l2a22Ys~9W0_h|$X&rYAkKN6i8RcTqz+9l!?6i6p_DqpT45y>|c
z0=|70UJB{&`XtVIVe=|@4VGe-d}E>EnJx*u-@Z<B_{dkIuVZpRus7c!C!ujE^<LXf
z2``Oyv}Ggfj=5Jr7P7uUN9YsHdx{qN?vM=XpU(*Ku8flnR<A)1vAWkXR)5RLwWP!8
zPsWWhICNN4j0~Z}cEjp%08<|ed4fUau;TK-m&+cF1YpxDS=+hxa;I9pG2fX$XhyVm
zC10#!jBNMGdP%LlH`dSe;pVmVS1)E<n1gY(yccr@ud+r$^vi1{`65So^_>uCmCT*9
zu>@gN>i*q!jGJHJ`{u>|FTF`7hZ~~c0NT)@<i%Kb$~7E6Rd_1^R$<D@w-QA1m1hP4
z5^(PfSQi60!~anF-)l|$SkV8}Iv`X7WWwAHc0@fQkcP_OE`1Nu+C^8FIZ_eUjI3<3
zG%y%m2YC+P`qe`4mh{~Iup9R;|14VjoA~bjl3d4Hu(Km8m>HAd)*S})Jrc)jN5e2H
zN0s=OHlIK168#8Ia%KZv!dRZIO&ybaE+Q_=w|8^1mBw*LbqIu=eH1nOdh?I!?MSVB
zuPzxT)XYCG9h;MQ@3URT+@6@0iP(keNK1#ulti*=wd4&emNQfM-DW!});pB+$3sQG
z{=RvZL%|D0?8}3o!nJ>(!ry9@^a2|MAR~<KSQBm-UG4GSH5%P2+)TJPxioZH^#;)c
zZ7@bhys9kk6XSbtoVBA-t><p`U@pNrO){+a`%GO3*@^q`h9k@{X1vgZc$}8VRb^QG
zv!^vnP5eh+n`a{y)S_%uUf*z2MAC~fam|2cgM|%rGsVd_CXOl=e%<{d{@F&bd{&#G
zNT(uff!)Vor8d<CYT7Zr`4J+j&dTOxqpw{K-LE)u;UI@%dYI_gT|bX1|2j$I(#?BR
zuL7$QmqV<|w3^^}L^d&-pd?Z)D<t8xiXT{=W4ZOi)f@EOJw5d06IZIeRRw){o!=}`
zq@N7)q9zIlyI1XfFFF+}dEHwJ=7*JyY+Emcol<Nr>sm3>aZu*vNbgLuyw=*xJVWQj
zsXsKXW0YPm#%1nw8P_OYT03<WSA%}8Sd5u&7Fg=VOm4cCa5B9B=wAK%yx?zE+JDI;
zfO~m#1WRdJiK(8gs~3ubU!kfC$R>Ow0L8d?Q+a>?d#ApKH`h`Jca9x@oLWy*{y(jk
z|J?q52*<!cD-g7YM8!N8K@#*oJEN5y&yVaa+Ol;$JR?#`=z^hgV6-L{@n7!if0#P`
z=@A`K?Lqp_SYE2a>9f5XUPs$l_FvK^4Alvxp>6A4<`eI3E{3q1M);%S;9s&;j9x?c
z3^Kgt4}z(QaX)e-v!PLBT8+orp{+i0Xzca?44f8NFKxcevs_d8l+`aXGQ1XE!juOq
zJq|vdpivPOef>x%k{o^fauBC5L7E5(%rWc}ci&vH=+V#5{^WX;+B4K$lzlyxBvQLB
zYPZnp7$GFaY@2qrFl@(R-ovR>NNV9FYk{R5;arkyvgT#w$Rc}YMm`DDRIod&Tc^qk
zlyd8v+mRWJk&B&7Cx_3uS10Gbnj4wVmJNCHZ$2a`*~IX$_f2MR6%$wI<FDdki1)RP
zT!iZT9rugf=ounM{`jbEGa)bHNsD)*dHwZRf2$KR`AJy{4|k%|ldoi(lJLqn``%t}
z=d^1xvp?R!@f1aY0H%X$k@VjO<_LD-FC+Fp9e}Lc)PS-KAc#Bfu|9>15CTvs@s$yA
zS?gYDI%Ig{{*NU67H-S=wSXvw@IO&J`o~rPZpPTSWQFBg)2Dy2wf^<#==GQ~AqyD}
z$=g$OaR0weQT}wpf1A`?h~Pl@I!J4biy=W;Av#L6>FtMe96UGc2=|@k3YtBwfG?-<
zNbd$r4jf4)GR;|mOmlACd`oSxA=7r9PZlOU{xZb@Igiv@Ca4{#**RF_(6jsVy{$x}
zCSCTfk#My*wvjyR^Hby}GN&9JV<W`T=E;2>^bsM6ahQzR<WI3oU?>%ZZGY7DiHH97
z<8qcD>kU71tuLM7AZL=Hl5MAEqOPsXKDw6RPrbE!dC<FqitZivH*a$O9=!jT)I~{+
zPnOYyYf9p6o9?re!xF!QTbeK>TwIdotnU6ITM{SA#iKIN>@!3gt&jfxegE`tD)VLR
z!=0l!d0Dp^Fr1>IN}-zkTB9Dksq=AibQ_DlEhQhTN|{m>G;o=dfzGdu%07WsWx;D4
zStA@a+`g|T()?36b2TOo-{0>WsFR4JJt%2R{%%`m1F6lFgniuRj^0i#%I|jmR!LJ%
zeof{+VomOM@9v}|6#b6x4Gx!;eN|TH{9Npco5JXk)dMzBpUyhl$+9AbC}A8Ym?}6P
z%LBFnD}t(A6Ov<yHRg_ZL|<O2FxTYkDH`h;xJ^lM{HHu@GH05}$L5Md5yaV4_2cP{
ze4?>+Oc9`rGIAnG(k3H3olxRB#J3rhHX71%Twt!5ZrP<Xjn@%C@9x_l&1C8#z1pZ%
zb76ROXZBUPmVtX0v>$m5CkRPnw~fd<&m=Sl|70UHLe~&Ubl`v?)ZzUbuP$T<taAdc
z$294*eYLJ!^^T3l$iMe}0%4KF&jEspYql%@WaxD2a+rYe#>#?^#1X0`HjmTD>H_)b
znpM2t!jTMfkZXZ-qhViCUrVqeA}IDA+oh|$@U=v3qZ(j*1O!I@rA$GCqLw|GP;0tr
zsE7PW1pVKEH~`9345JP(hxr#@{p={~3L3i$<wX5_bdpCgbQgQ;vX(N!8BwVBKXV+q
z61=cP8i9#0xd`-%j;<TXpeWTyR&I+xw2)R>)z>i?PJsFlxnXon7iZN~kP8Kjl^!Js
zm`}_vD}<(cFMUr4zJ%X5+{eee2PF?R{jGruF$qOjK)w|%V`Qa~LpOLmot#jH(a@QV
zCQKxf#~EWO5{xt^Ju&(RNDU#3Kch|ps5vlrfi6ndX}pHL??|zH#RsPJO`yhx0#RpF
zXuLA-zHWgXNN*Dm98mL>oUQE4&2}@1m&RWjz5_ZADEX~`_c$}PsSm^s>{oa<L@uq{
zt@z%WvWQVHNT6+(iJab;MfeM_2D=edGB;tlVP!!J2t7RLzWwNe>+5UfA&BFy*@P&-
z0CyTjR8tkny%GrCAyBN&Y`QlwJ|3n)iz)+FcHpgs9y-Y9fhZImzerSlm>?qeZENNB
zhB!7)avv$oi;#Fb$zzHmJ{G-bks;y34xD1GA!jRld3Wp9u^Ig8%jv>1aM=@0dk)Cq
zk@TRH=HXN{;WK6V^Fg&9*?yfm{iQWPt%kVuOmsVtT3+C_3}3v#sczEX6by6?F@C6#
zk#9@aOQlD?^_-sF-!s;;r}4BfU<7ZZf3$OjlJSZR3e|fJ=MIc3f{aZKGsGzTj7HIt
z66`7K)RxzEHn14e=K+hsV}Og$tF}`0@RSTtdJ~*Ab$xh1ww5pS^OGDjEo7v{+mw5b
zZelJ1l`^6glDj<<a@2x_6XFC#qNiJH-T;B5w4`2!>CNu7Z-Ih2Ri9oA0k^OK;$jHF
z26atwv*xGN-yV@`y^=b9rojBWptT6Fo-xOiA7Uef*$s5e4V%O@_B)*18gc->2ErcB
zNH5x9g{xdyIHGvaGr91$W^QefSeHXxecaY7AHL`3ni(I^POU$J$3)SaZs8GmE?Cm!
z{B%=F0>SX~+yJr=p9rUu0O0v{!utTTe_GjDJN?eH1>DXS1^i)yUz^k4(xpZT4d2b{
zJdpjGuq2&joAqSosJp0!B*=d{jkSfX;d-o3fvkoc_dwxH10#rJ8y{}H!XKF*COo|T
zCNBdeg!-r+Hp$8*W!qS-8XuMw8~u0`K`RL-W_Rb$(xv$Hn(D)xlvE8OThooNs>|KR
zcMFaJfl#(vi}J)m?hZZ%c2cw*&$JZJ7I`)fT19+If_sZ((bSV-$_LzG^g3p0k~bJ7
z55&7C*|E+f-GORQEfjxKR8l&q44mEc9~iITS^C|#JiH!5=mm8uM35}Mpg{s}Hw;Q=
z&?>n*21^a^OzB8LaH_)$$?KR3(v^_lZK(Gsj>v~FxUd4-3;u{F_HEYUYjrC8t7bO}
z)%cXY7u7=_PKQFNy(S2w0DuNm^Z)DrA5H~0y12MN>lcIRTzM<I4L#GZK>B%r@#<Fp
zD>!S^Wx0a%^qFsgbTG{Th*}U4l%(P(N+11vo{FEC?5k~n1(S!U&5EPEc5{?%*~XQs
z?TwjSo(H@M_QCL@o%%~R$2AV0GY&^&jHWww!~QeVe(s@lG(q^`K8`}nGJ3#h8IjP`
z*luzYk%=fObe%>-$~AtvWEjA-6M?<}_$b0a)oL}DiO)X*_6Ylx(T+Cfx&lQ+iBtHY
znOs4Bz6)R)O3Eh?Nm{>91LwtbEG5P%6SYkWZUhDuo^%)0T^qU=iAd$<1`1GR$C)1T
zo#Ll`4YdO+E9iuM?^+7I$4q+XxAeH8zy$Rfp7g_Aax1lF^PqMPon~JVAmdym>!0te
zEyfcS%rmpI1zRe!5FW(&X6+$bk9z=-f@=l1(NUDF7Y*Q^kfj?j2Qo61_#xj5K*<X-
zNerFp_blq9+f7^It!~H2u7GbyF&LOorrDxw#BvGf$DL;S&BtJ^FU0uh?*kz2bbI;D
zo)WQc$*D|0Lh(`6Q{l4X=@SHlwC{n1%dp{32Gx59#aEEbMtEHEwM1m-fI+cmr2Srf
zgbP&0U97~-qBx1n`4NNFBu#_sc5M~4tKV}wID6aDE1f3$cpbW+|B9%x^3xvW0Wew8
zfIdtZXz*S4_k&PuM>9dW&hPA!zDlOBhx)hgk!TE_qn2HA$;ZC_O;1i3YUBx_opogS
z@$mz?KYw_D$eUJi!$8<`SheJKUY>!++Rl#ygpcT*PKaBiAJJ~lC2sLC3hny!Bzx}N
zdKQ4>rwVwxdo*BbBF~EoVb0C9FqFzLeMujNuKC>nCWd|e!x@5kI`5TY0yR@Uj^P|8
z1BJ0GcX!dLsTv6`xkih}^c;$kcT<{~tbCTxxb~IrRu;H=_k?J|c$PPeDV3`jxfrkP
z9bLV`JfUUpwaBcq_OTuV{vna~rI}%GnNP<bPCDu@p5(Gq_DqqWxo-+#TG`CSt~y$3
zud<QK)Mx*S_X~0!%FnQ++n_PefB2YNnn&%oulCxVv3HGwQfF<FS%*H+C*YQX$6wvP
z87$oX!Pg>C)7yT<B4*~sb`S+mi|}XFm3c6s)i>!c4tmG@C!a*2wO)LS)k9k6{QQs~
zpJsQX*~Z5P_grFi?bS5WRqwrw<G&7m3shtz5Wl_SFH9ihBh2Z5c5SY_xOhw<pEG9h
zd(r*L`FD@_-w;9yV5g&VqmWx`d*~F!Cy_?4`=i6{VxY_d8qmU6>qQWR5lY$na1t~L
zO92E1($kvMHm|0p2ziuQ($$Pyf20QK^O{O7cS^}bRo#ywJ0-0~FFoaT2m;Jg1H=v0
zBU=o0;RLn7gaN49r6uPSb$xAeNicS)tCv&qJbO!dO}G$|)78PDr2vKab{e8)fvZa3
zLivl9>T(nxa2KdPq3X}l5CP8%TlOVEs%kC&jlEPs+kbo5*n*?WD<sO-y*ODf|Gh-}
z%2CU0z&&dAlqYrg6QWgH+W<V|g1J$wHQU0XipV)j766USENE~8^e-}aLqf#^Cd2G0
z_Y|P<L3me{jtvlVu-^nOZ<noh>=)(5OyN|J1~}4kr`Fo{-T=hD>hT*m;>`v50U@L{
zznexN4ggGen1oO>U<;*cuI`B6A5FlnSo8|X6%``Uk5REa8X2J&t~#Eq8p9R9^g$X_
zfvje&c<O8~I*Y8!lzGd-V8jt(5W<PDm}EOVCc%g@aqi!UskYOAZ0RF2z~1^w;+N{I
zR*ud$*U7ho^w?+QjZj5B;jpGr=25^@a=Pf{ts(#WvK-o6R=ZXncQCn)`qyVKW6VLv
zZNRz~_RovhIAi?_ug}0;#lX~7fzwRp90I82uUnVT9jvuoNL4!NV6;?%D_d9xx*`n@
zxCM6(G6-l(3X?8DO`-sZNQf|%b@+?KZ>dTqlLYNf@(Cr<pLIW}Un!ierK<ZPUx}G%
z9{b%Jw%MU~_b{Q(lRY2Z0$L+^B8V|fV|Ema>k;D?2IFYf%dfn839qW=Q)@swc@8v@
zAzXx}1`W{>X(DqZ-zHb7Omxlj`oiW|E`qjeR2K9exr@!#?DXOO!0vaUK|8l>?**+I
z5wpH@qW8pEk;j;GOXzX!j4s>99Bw^L+1*7e$&0=y>Nyu?%P13)bmucW<O>M36FWz|
zMI4{Bco2X0R#%BBG7QWTIBOlCG<Bfs_z9Oh#p+a9wgGB7L!)BaqY<mu;^Kd^jl0P%
z`axJiWxa4vmWhz^9ejG`+x6R+4Ri6s8ox+rgmh@f``WjZvY_hN(Az^pXAEx9mOdt?
zMl0m&J8oOPy+cW!9s5<aTm-}@AzOmeH&8q)?D0Z+wbCy%Y*X?glJ4$2RB7VU+;aO`
z!s9Rtc^X~2ZPw?e3DE+FHS>L4pdY^W8&9!m9?3D7H=4l>`nAKawH-=*Jqy`iSqdox
zzA(f`*U<CKpAorYcW!RXZl`%v#a_u)n!wkD;`2SRdd)@)_kurcgDc%%w8d!21A0gC
z(EF5~(%B#Dw2<`t!#+6F!Y<jqP}7hyf#_WC;qzw={3a05{ed^IdSsi|Gr02mwzewx
zAxQ)$xug0mBCZuroCKSz=HBK7qx_AE_#uPA<TGbjvCwJA)fA6I=BQlZy+9NK`wczg
zJLR)5QS?NcrHBfck2{gz1e=tz!bo2f2B>%`WP-0vd#o#xpADyDoQImGWtV}$!{*u%
z&?|XuqUsl@-wD8z5<v6ggM%oB63IBAj*P3D1Gt!_#4>2CGZhQ3I8KFeP4)DJ_Zy>r
zhLI2!>ewg^6O4x(ctb#yK?->db|`CL<JkYt55I}02Q~45v3VW<n(}!#y3N;?!Y&>j
zT(AW>DFhFIwYNG`H1|91c=a(h5`6+=Tfz6eFp>a$AP$%hh+OXbRDFz@M6Y6m`oP3t
z@{AqALShV|dJ^#4ubl%z4!gnhfvPW6+hNDUVFfG>VR22$4f-MsmI>+uS~_Lo2nmDR
zIR<fmYg!KYkaEuxr3CJgg!lp|*}H`>caE0$nIY#*FvW3R%uC#PkzH2T0C_qDj!2zc
zGP#HxrQDyy&0HigKhnYMz|ngqH8A@w=2elb#r@H2(<JXs#f)fTW4OWdY)S<_0-ctw
zr!{bSwj@7d0d2WsK07-{QCM^|sw1B-J90dZQyd@Nh?JT<2E}a+*tacBgH>N5A;Z;3
zu2v*Q8gGfB$d2P(W~YLL<5lSmGx^Qlez_|yrWkfwH;5<VQbMK4F4~?hE$=SLvl%4!
z$2oegmLik=^x2NPQi~)4aMmlNrw46TOP@Lh3_Ny%L3q>+JkmIP?l!W>jdkhiRql7;
z)yt*iW|N0CD5vMU#FrLiM@Nm^j5A!D*gZ9+hbrTPCe-UM?~*%HCSj`F^M=+u!W8W{
zHK^h}E^GDHnCOt>e}*40&+!_K6Aa-6eNqR#$6spmdg7vya7DzTKJt3;F1m9e#kXzf
zPM=B5R60L&i<MRU5-wdSU`9Z_0tyr#^zm{QGTf{K(&8Jb+SMSzh*POUpFH##V*TAt
zzs$NA_9Q^K^%Nxpi1^^e5%USkx{bAQ-pY>%(&o=jS*uq@KM5IZ0~O3K>9Q<$h&<M4
z@^%k3PJu~NuahDHq@D6;+aTe#%h|49>(rnC13xM*%aU}U=Bk#gY$E!(_MOgy3I_`8
z@=pW55y{)al-sKINzS-uWQ#~$*Gjxvb52Kv<u#9*RsN*LkK~71Nu3-QutB3UH>Qwt
zb<GCn{LFCY3m4uNFHwC!e>K@;Z80j9Ty4n)<=RC)AS3Nnl|UX8FoYP3X?*rz$GqG}
z@e*eJ@7J-ik;ww}wZ+S>EDl8R+P4iygk2=W=o^u){K<Meoqg4JpJXxeuKajq&1QDc
z9{%TM`Zq@I0hqDE!mg4x@AZvljD&#AkB@dul&8932q{g|PJIa0#Q)LHVFlTmAqx~&
zwiX?n`snM7I}JwZwPBPSHzN)lzLIOtBJ`UFvgS|m3ji%6yp^Plz9OLvL34L$SGAoh
z4ArZWBz+Cirdu=GT_Bxv?ys!Ud4>p9IcOc|=m)d*)capErgfr%E>^o&99cb#NxsYV
zw~>Z&dwO%3Wh_y!-DPI?)SP5)cB3MCT&J#2>~}W~G)pDs6++(7C{7{_sC=AZqFyQ4
z@|%j<A6DYnJ}V_xu}as8cieP^AJ_N`CTK;v=w&)(xjtM#iw-|SEY;`L&mSeO6zDP5
z$ESrxKXH^B6%LS4v{QFZEFb3msaeBxc5GDHT}h;t`jVyQF+C^l)jsbRitoP@As54R
zR=@XJ?7>pIU35KXQ)g~8-^L!YUinV&jIw)0-S<4Q2wDnB_2P28lVR6eDwF9G>bHB(
z$yaJP?!)4UqYkHLOjE-mcH}HvF9)a)D!yfOy&%$fN`#JHJX4q*qggH@ETJk>E{M4~
zQs=j$z4HE)zYn1LP^uGuz^-GM$EL;{^A_jbyhphw(f!&^e(sj@_@&ubi(YgbvMfX)
za{32T_64cMNINg;C1vuaX1aPw-O<~ZbtqV?B>L^Ub_MI*vH<@QH5JXFqgOa!T#jye
zlQ=U`lVY-^b~V>;;H+DN^<Ju7=Mg+?qW28YOFSABSz8!W8Q#FHXD`Cuk6Yifhr%li
z+<A`t_jUuFIRUv?L@kkOEb!rjfMtdZ74#HGzJ1KM9q@6gU<Ps`CXaa8JuG0E#lqk$
ze?pda0MjYNh+vs}!kX-bs1t;m{^?;U$ZhRMnr%!Ed+5SQ>!xi0v2D@8)Sn^a*#-`1
z-MatYAlNoso#=Tg-ehUj4i=4#XcJO<bTJ2NSQ2O3NVaKTZ7<a$imGySg_)PK16#6^
zNEuqiBgz$*bo?raAOkNmCs++C-a%MS_rlYIihV#}k|^1`Kz+_V^mR$PSc(Cq?$k_k
zpf}d3H?xCzUbtMRCv@>_i(uE?A&U#c?NfTr1D2evv5i@5Hy^OzmD2R0p5S$ykJOfD
z<(Y-H<CLUQ99B7e6dnDljF9)U+*Ji^W(i>_l9a#>m-#Oylf!m58&5sD-jLWiIu`%@
z-cb@-1Gn2p<%Udo@Kzt&k5L+R5*$8rb+z|Lsf!7lJvoGR8^-?^d+S~$P7C>v?}1~4
zY|}*jRrGzDcV0nnh5^^5r7MGb;ln_*o^)x5j_E3IyYr4J#KGiIvViHiyM?QzT>UL+
zFa%dsD;4y`o&_IHdpm=pY788bOeur-+(V99Moh<=Z7obFhJQXt<j!6#HaBV+jHr>I
z;Xq5w8FDo1G)VTIfY|O5>Byu*Z0Y>nr22#BH3DO7V&!g+q)r(Lac7JOH*1y#5@#by
zUP6a`eEHoapkxO3TLO(nC$lRddWSERDr{xBU(rl3>p{u1lO%@FE!ML%>E2rEjZebE
zMCxu8(VH$SISR5+w>{P{n39Snc)6^3mT)NY0Y4P7gaiT{pChOK`$eP=QUJz_nKFtj
zw~(D0pf{IFVOjvP-*?%(2oTZ3u}Lmb|L%;R5Nd62XA*Y(&x5^x^&;?75bg$vRtbL>
zsTy{_!0SYV*wqa++@hYm0+Smf!=D1Tzc-069jcI2WX*lAa$Ajb>awN1kF!@;20K`p
zvwOyEy;h}4n-CWfDC!fR{zi4KqKQc35E5}Y9a&cZCLk|C3%cj_5jWSW@s5?jIl0tV
zF6nAKRwap<pITI+N<c;4pC?a!56=}EzwTXYnqi_~6;kg$K9bN3`DFYV>rZ+xbhX{V
z=F43SizJ`RFXqN`2d09zCndLbAt7M-H>J6{$SS9oKU3e}YK<IwoS?PZ3<<lKk~=?s
z-7E7zGe#ktF|%g&98dJ`Z)bR{aAPvpT1rU%p5DzRF=G`KgU1Q&rH9|E*sY)Ant9JW
zmllJhwGsb(nRqCbq{6-db_Bn%+`zkOI#YUu^rFYZx<BNxVL#NJ$XAUNcc(47SON~@
z+_$w`pT`(=D%vUwg$lnzJKM4!>V`V^xboEC^GeeRQ}a6-I3gk8f#7w^-5cMK(lF8!
z+@EBJ3DvpVcJ@r+W>H-)Rs^_FA^P@6BKUlM$M_*>q*%n>?9FNQceVMh96mm;+=Mjl
z%eNE`QDd}2U!$MMJ5n9X%Ru3KZ@)0<rTC<oaxuHBcV}s9KF}a*JJ>xK(Q4RTH8&&8
zs*oKnbud7)`*(Df`b_P{Hy@B)j80Y~p~B|Q`1eV`##+KdVY6)79Ff9c=~3ndhRTPY
z5MoC}M95hg<bW{ezr-)FM?Zk^h5vNx|5wMMs@9{EZF$xq$ohBtAmZ-(`qMk0=2Hea
z5$HaJ@qw1bKf4=TfFoc!T9jfD$onVBBw|-rv#y-QD+Gy~l$m(8mwB=LXY>&$EL5o2
ziPFsb+(90?)hLIhy_(#p&v0=D$a(6;sF?QMKO)Dn5=R=i5AfK$B=X08feS&gwbYHR
zOxH-y$Mx!b)G=AHio-Irq!w<U7dr!lLC?mJrA)^N|8YiN%R4Bm|A<AwXnJ<Yu&~^j
z@Y~{*7A#_EtzX8jR@sT4vxf`_yF`RWM=eXd@m#;?6zTiy$6Al_DF0cOra3#IW!Gp{
zLi!gO?uGOhriZ6pU8&2-_^kD(&pe^0_FPvU?VwFRnKie+T)90zBKmmw>2tAfeP6OQ
zTgR6~>YumP8Y}3l<H~L6YMd1&8(n+l8}^<1$@e4nX}*rbw<1eZV`o%Egb|-NUm^q(
z@$6BQSpb76_qU=aa12oB8DAL;dg~-WtY;89$}XAtg!pTM&~ktyU$nbSvtVWO;L>b^
z`cPwfcy`^;JM5uG<<$qNON=`;{Kt>Z9l$oMNX-sP=DQtA7oQJ3Jgqf*fMP91y#e2q
zC1bT72s$a#2DTHOMzi@vqmLqpgZiTP%z7f|)O$WXJjm9nVkDTSUtg;n{Y(Nso7$tK
zt&AgGHKoS}@@eBbu`G4SBJVPdqI6?nS8~suHt%@iqs>6+tq`)c>Y!oJ+aI_;5SU)7
zXyJUl2iRH-j9gq+6q?^C@`k+xADr(=pHC5v1f%D}KLcz{nB!>^`=&~>rXkmc*}<+H
zc0X_832T;2ao7;dpK+(+g63zZ+jmwn-cPOLT0Fi-&1hBTP`kp_q+WtRQ~Fhvh4LxH
z;S2#WH0kQzUz49#zKG7v_v0yBRc8p4GCkd1ZV_<N>+$VQod>t^^}rV>+Ai5zj&Yuj
z>pgrXs`V~gc%RCs79z*!l#>}07!`VV4jXiPmqa^Y*|r!uv%V$B>%pF0JR40=V1nSG
z@ddpQVAoLcys{lnsdsV8ngN#Pj}OS<FBhe*v;i#&)q%;wX=KMnM|GW-KLb6n?Q<DC
zVbj~7PU4^k&UYOa!^7**1Qbf19vbI{e((b*|Es`!5OM;3v-pIv5ejuOwwpqsX-V1>
Vpgnc>H46S+zovLK`HJD={|D#aJ!}8~

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 4528a29fd8..f947451a77 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1465,6 +1465,13 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
 <td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>MaintainProcessorArchitectureOnUpdate</li>
+</ul>
+</td></tr>
 </tbody>
 </table>
 
@@ -1600,6 +1607,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
+<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.</p>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
 <td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
 <ul>

From f58e9b2c1e321b511ee065167eccf45e4d75e307 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 6 Mar 2018 22:40:24 +0000
Subject: [PATCH 086/119] Merged PR 6197: eUICCS CSP - added one new setting

---
 ...onfiguration-service-provider-reference.md |  30 ++++++++++++++++-
 windows/client-management/mdm/euiccs-csp.md   |   7 +++-
 .../client-management/mdm/euiccs-ddf-file.md  |  31 ++++++++++++++++--
 .../mdm/images/provisioning-csp-euiccs.png    | Bin 14272 -> 14803 bytes
 ...ew-in-windows-mdm-enrollment-management.md |  11 +++++--
 5 files changed, 72 insertions(+), 7 deletions(-)

diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index e7ed3131c8..1f6269d889 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/02/2018
+ms.date: 03/02/2018
 ---
 
 # Configuration service provider reference
@@ -1127,6 +1127,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[eUICCs CSP](euiccs-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [FileSystem CSP](filesystem-csp.md)  
 
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index ed10ebe33c..eb5f1186ce 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/15/2017
+ms.date: 03/02/2018
 ---
 
 # eUICCs CSP
@@ -61,6 +61,11 @@ Required. Current state of the profile (Installing = 1, Installed = 2, Deleting
 
 Supported operation is Get. Value type is integer. Default value is 1.
 
+<a href="" id="euicc-profiles-iccid-isenabled"></a>**_eUICC_/Profiles/_ICCID_/IsEnabled**  
+Added in Windows 10, version 1803. Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created to enable the profile once it’s successfully downloaded and installed on the device. Can also be queried and updated by the CSP.
+
+Supported operations are Add, Get, and Replace. Value type is bool.
+
 <a href="" id="euicc-policies"></a>**_eUICC_/Policies**  
 Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile).
 
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index caa165bd48..06be1ba347 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/02/2018
 ---
 
 # eUICCs DDF file
@@ -17,6 +17,8 @@ This topic shows the OMA DM device description framework (DDF) for the **eUICCs*
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
+The XML below if for Windows 10, version 1803.
+
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
@@ -26,7 +28,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
     <VerDTD>1.2</VerDTD>
     <Node>
         <NodeName>eUICCs</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
         <DFProperties>
             <AccessType>
                 <Get />
@@ -45,7 +47,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
                 <CIS />
             </CaseSense>
             <DFType>
-                <MIME>com.microsoft/1.0/MDM/eUICCs</MIME>
+                <MIME>com.microsoft/1.1/MDM/eUICCs</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -229,6 +231,29 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
                             </DFType>
                         </DFProperties>
                     </Node>
+                    <Node>
+                        <NodeName>IsEnabled</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                                <Add />
+                                <Replace />
+                            </AccessType>
+                            <Description>Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
                 </Node>
             </Node>
             <Node>
diff --git a/windows/client-management/mdm/images/provisioning-csp-euiccs.png b/windows/client-management/mdm/images/provisioning-csp-euiccs.png
index a4c67a8b7e6469ecf14d0a29392968d4dad6eed2..387fdae3fb5ee2aa07af4d5bb8a79d5a1d42be27 100644
GIT binary patch
literal 14803
zcmcJ0XIN8Pw{EbZq7fUoB}h|H>7YPB2nxzZs&uIWDo8i<Zo{BRlO`n~BE5t3ri7;S
z5_%^j5D2}u+?n9s-?{gEr+nu;_lJ+HthwfzbIeiR@s6?HsVd8zJbv*w1OhoJ|EH`P
z1ad$Z{JU`U0Qf~b726N~qp??$y93E;flY&pLuR*?ZbKlsfpj~@hr#tRyFVY=Lm*HL
z<sVJGZOUT^1a2-bdt1ZBkTgWLhfShK7k8Yu4_2wxYCdr6>V957w|Nfvj`0kuLhj2?
zH)mlp-#IUP=$X{iwU2L<1udKq3AbuyJofOz6U&_39OKK4>E?-l-VqN|=@?vgKnQp4
zHhpMoTK;p_p><m`?#qqLSpMSVEmHCo1w;x2(ze>b27%z{Aur~e$HvD^`h*4HQiiZ6
zCW0Y}U%b1tw6(D>4?$*AT%n>OB1txet&GTn9Q7j#RqS}|9@nXLmPaOnaz|p<0{d$R
zA9>wa$F5}3p1PDGLkBUx*E-hS-Q7Ih5mw#C^tx5baVh>a*WUYgtGDclW6naTd&e;&
zErXi%7a(n{p_u08=0!`Nbt%ug5{W|3Sr$d31K$ppIGNtrag<}Wf=EkCqQ+$(7Dq`A
zdP_@$2)&E+-o*8#_tbSQ9)TR{vfrp(T{QAsQYRhyb=j(>gN%2OXGTJ#!+wp;&MJ;1
z7JXAENGY+E8T?$cU?K&Ksn24#2kYT+k_F$s;aHp@FI4b$mX_S2;!A_ma^IHmdy4al
zPuw}LkjpwEEY?y-!=d#VW(5&!h?E<y@~LVMZBAA0DUQVSjw|JU7D+4Xd78vuab|d2
z1rzsr$aQ*l!c=>CZ;TeQ@fb?L;{!a`lAJmQv*pioPde1`hp*qBQeO?f;Qs)co}Du+
zOp3?N#OPh46~bFzTXkVs|Ek@!C(-4JQX$pmNFRduH;uVGzmYcoIe6x}X7Hms<+(2J
zI!5CUWVZ!|>vv3N+b3p==0q3W=<49BN5d)wH)gw<XZ9o@5Y`45p031q?_InO9NWnr
zLSL+Wf$z;=z8gH3L8K&CCy05q5Jjg^rT<Vl;uYL#OLh26&gjUM4Y8BicAV!=e64yg
zOFukS@%3#vsjZw@s(^91I<o$F9AU>90+HVMQCC+NRvqM2I+z?>dz`2Lj^Fi%p~NsX
z{zq8dL)8-~Ub`##m%fe~>=<sToO8SC%2*&-tn#QjTlFsYhIl%QrT<EI!Z?l0%%9H4
ztDJF!MifMK{WTVg^((ne(l0@Dw!QeS#^d5D94aq3d|!Dubi1djxENz#5qEr!Bbj07
zk>^Z8MK!T`YbNykic_2Yl>gv`l#KGSo<F@`sT7gnu%AYFt|A)g=2Jii-!A<D=H&1E
zDqWD`d#kHQGtW9cNJFnf9HqM^-V|S%dx>{dY?ZO?1`1iuI8UycZ7bhxHO>ke8XVM^
zKLD9>L(mgspFizt3ELKQi!6VTF5Vvhy<gdgx%+9LHtJ-y06niQIdTiiYkxuKerX8C
zOj$C9WzrICiQviIZ0=;V*B*aDCi4$=$m*(*XSvIpz4llAy%`Ld_EVGhB`bCHx8gny
zSf0AV@ijI@9?E27ETFqI@m=Py{Z&L(h3;mW#;4cLJx?hL0TW-Z>6QKAO$+==Bu1~O
zYG-wHx&IIQQ=CDVa5|~%EB#f)K@&qoZi(Oe3z?BR>7R@8cf>UAgY8X;;Bxx7Pu%5h
zgA4W(RcqChJz1QQ8)LPizb0*WDQ6l4*Vok*kCRM93$8op8tFPb8T9ty6xJ^;uB@D^
zItYQhYKj*Sgzs69L;B_ITRF?q?4N@X=vIkH86%~Ur9cVD_he*oVWHEtIQ;r9r&la|
zb)jKOfLwC`a^pIx+Pi54;hd-<;VvY9aj^%jI5)VolqZgZyhw9{`sf*XUwhwhQ81XJ
z+vkgqu>BLq92y8sJnXoMzYCbod7R5C;KVISA@QbCdWdej{nd=jOn*kX+WX@@uUq9-
z73kN^ympewOCbo!3~R-XTi#pkBWUmESK}gi&TqQ0L1sV8Lp@EdJfB&M*lf3wier4H
zIPCF}M2;RYlGs2!w{{o8o7kwrig$FJwpy$g*O?quX&}7cnv8?~G+pxWv|Y?~w%yt2
zjUYPZWn^Wgy{3iq`WQ?K1mm?Y`NA&EP8f~SKpNQKhaf>R$fFSYfBeac0^XIC`YZKM
zY3NTji1hD2*SS%Cetwfk*K)C6HP35u&&sJXD?sFBq3a^3=;-L8s>(2a+>v_$RS{m3
zc4QjP0FD5(*sF1|_X*bmQpHOlXWqc(jG++`5&5POBjg*kwi?QHz7tmio;s~8#WCWs
zf=7bR;q0=J8>FTo#X0>vZ{x?#EyBr{E;Yr{*K0FBgS?Z5u3tut>$@U1Qk*V6`FLY|
zLrs=dz9D`W#>da^=g7wRXNctZ#`^@GfC6zM#3TTw+XCFWmW{(3%dbNM<5&Gmc>{{Y
z*C68`D0hB4+vTSwoSN5dvsV&dF$sIxhatr~SMnvN!+ts4Rmxqc7?=<p*YV@X3Xpsu
z#(@gA|HRVF>GG^sLcK3m-baKXZy?OdcEaolC%1iK?3PkhXl7x(eN8TdoIbNV<oP|Q
zHQvtAaTT1Fgej*vE-lMY$o2qt^{AP8?W1L4r-l0mIoR{(gIEcOv{kT7G&}~4-W{zz
zO>+37HF!v^M|dV(wB$iq;U7AuyAj+>4-JHlBxBcf0>#G1i_<|Q=q0Yfq&89f$#b4&
zmVEjZtI<EayObjqndaS|-gJL?(`dBR-0{H6(DkJ%-`>Zkr<Kx4i?I|{18TFHb%0)P
zC>m3hK}H12%q&kJJTlOH6Cz{ghdYXA<`bUf`K}~k*IZgbJX9Vk&l=W*n54VgU)|{(
z9g6dE*q+=gE5y$uN*5c|ZOxM#Kl%4m^%r@*Pd#i^G$MCaSN{lj_)}{(ZCsV(w!&&S
zc$ooOX6D!AlKZswx6UU`Nk7j&xOoyDI@3T5AB|GWIuLDe&bmNym?NNAY>vnbVJ&Qk
zR{{zLLU;if&S|%+&NR<tOpN>Jn1K>@VC&k}@Kkv&SM>@=+^yy`!5KkwOd4wa5%Do8
z$bUP~Y&kDEEA+_BmAaXSj<2}ymLv^gV|iKFVmSf|#Kw0XU1X(ch<_52I3D~mxgdly
zr0aCOF6_DEEKSWH@Ncs}Uej{;7<+j+i+&LM^>5C9O=)D4i1Ev|OjhP}<p{_V>n5fg
z^o1jfxhjjL_R>|n($JETm;J>m$FHVOoMhc=7>n&49E3$*Enk1uL~cLaX)>%#MtUGa
z=RebY1ojXg-I=)Dr_PV|)R%}9T0}Fp+!7H$dJwxW^By|$7B-ien3$NG?)v<Ir|Cl9
zW3uun7kL-e9}eE&G=B8`gwDpT`YNGAXWqf)XrCWIm%2(KqMEt7%2)ysYjY<TjT|Lh
z@8yplJ#&ZkM*|y=n4lCt^6Fl?%|YqGAQ>HLC`}DB{LNt;z4T!4|L*cpEXLMsE-eoF
z-Uex3`gNE_x(mEdpmhv{ciR(E>ARPXarW64lfSz>*Qhx7B8B?8Na$Nw^)(zlLy%0;
zYc`bKaj+H^{G1;Qs?3)%K;l3dh~em!*-$y7r1*!ynD}S~qSJPRF(VZIMjgz~ilU|K
zBi%359x#9AW_Eqxyx^q6J+ejyYJXA(73h=5r)vH8;3D?DA%@3pDJ0ouU8-J4Hj&z&
z^#$xAUSKC@4DWL(5_Z7d2UdLmX?_zmb~>=UBcelu)1-kd<_^^Ob_8D4ur9+(GrKG2
zt$N&XYaRx*+J1vqJqYZ*)zJd8V3uzi8h&P{1C5j!cNp<oJr{pcpL-dH;h45n`OxYt
zVw-HcGZESItuyg;LeHO`vvMuAYIfU3iT5Xo{VmxM_d`8mzDMyd<eU`6q+^K5x{?YD
zVa2~!`MouMY=_j|*gxIzBNcUhg_-ZAUt+(LcL}HMuNUX(u%t1+bZbJ+WPSszJFb@W
zTZ}`+;wRR5Vq|iq==^)QW&mK~!O>6A0|5_h6kvw3pqBZ`>6rc?na?sn{tlBx9SsXj
zVQ#p3i%dL$cSW<}yN3}p+T&$Tsac3hfg1zzsDm%8`c+nw@j|J2p|+QPV{}g%@n+K_
zPQA&TJ=NjY^X#bciKNy$(3enfwr!H|$2@-@lOnAQbnG1RC|v_v=Z_#6F{-2+90dM4
z1|jAXf1T(*8@db|-h3(^ILEPf@gIuC29fon9N1CTIjSl^#smI$m#>VTRGx>!%JRS1
z6a~gT>_=}zCfd;gf$^`8oQKDhuA@tbq`VUDGD54`4^Wiy1?<0AH}aotajFHj)}m2p
z2K3VNcpvE(pOd8!h&3&97ovY39WDp!>-k>zi*MiXTa{;>3+6cbUTunzVDKT+(IIT1
z#@q}SrI=z3GH-_5{7ZyseqZ)7RuaqoQ`P!L;@56FmWRbv<quvePAzO0+NqBqXG(pB
zZOZQH3cF;_8+nTVHY{n}LRF>x#Jq~K-zo8E#yy9L+7MfdWQF?VSecUJJjufS(3f|O
z&1v~fU*b2n-;C?-h7PiCGnUTlr^>n0M-Ds^G8Niig7k`F2J|GsHUJN_eB$g;oiv?A
z?(@C34X&-)b_;c<p)>7!S1Pw&`!crS1esZoN0WgA8YS4-A&rT{&gkaRsnxC$8KC5g
z$7mH9+RJQG^Db*!StvN}9M<2pFf-RB<Wz2?XCHV1#hfzS+~Zd%71@6=u#c3e(xFP6
z2e*G|;kB6yMD<1=bQFM-6@L1hB4t|_d;S)zlvm1qe}(UOqqVcA)X4qD8#CTN>KR#D
zn;#dXXDh`@YW>#JQc2VgTkcf`pC2Ewb!8sJ^$e#cH*=zA&CM02Zto-?l}yr>CG#Pp
z^j|o7{B{z~_#i>p{;s5<|ID%Bf~FtskEMY>7QgWChU)wrn-?a_#jr%qMS=hw469}a
zhyIDMfWXiD33GH>FO!-KR-uqD_n^ivU7<9rx>Uyrc`gSvrhy-#cm6LgcV;)NgE4)H
zCmop}<G}O2dhJ;x3nge@N*RFAi~i&BA5sK6YisL27IRBW(*j_l0>E<D*idwIbRmf*
zUN<6I38<w=#W~p7h>}lC=j3>e8Vt$=1rdm<f`UZo_0cnw;Wtq1Z#Hvh`x@&34&H4_
zMHLvGsi}DqE56xgd5~5G%F^r~(A3gGf47*jkc!5!u1xvU)dUqp8d@)Mqs2a%Wx8yo
zd!wKlk53YBdT|igc&{JqJr;wtG__6kPDLw5K5iP@JGhz7aqjdSD=Oy^KhlL%S5xIt
zJzuY~w4Zqdq$k-O0v6nDFXl-|KgC~}1!6O<*|r7YJ<(_h;&w1QD(AZml;xI-fZ7Ew
zB2K11Rd}%zAiFHzYstbV2h7xd@XANUdpxzaR$_K%6$divZ64F^EE@g^>rjpgP$_ua
z>|U7ubEO$O4?;{Tmp~tUg)fq!E0^|*3^=AC7+x;F740P}@l0ImhY9fa%I|d=Y_#(#
zh))?ORh$0YTY60^Qnhfx;RSGBesFyQgNjc~0Kd(t6zim#B&zXrA<EKE!}X^Xo-tL(
zdq5Ev-PZSZw*fekeM5aBCN2&E_t20qC`IrhuS#7_rt`Fq=S~^^rDC9^*?8O4x!|s(
z@&e647SWPySV>-njcvO|1i_hL6jN!h2LiD#)e09F&F0Dny?g8o#hx!Go~0njxj;jH
z?Df7{)uM~puezm}44Fk5ji)M?K4w&TPx%Gp#&8@|Q3<bMIZuBDoc9i_KPq;Z8<_9z
zVzpMZF8N|s)Z0qwtDHHQb-Ze8Y|%=n=;Uh<VA24Z&R#>n1>sr4iqf*+SQqR+RqRHj
zx{v(P5;ilkX6T|v*~|~O!*y=Z*X?2Io_3pJ!{Iu7XGbo0I1%xVt4|NGgQ)znHk+A`
zhbN}OLy<CmI}9_Qj`rBuIKNo2!aa$6_<L`U1Sy$G$sH}qpt9!pst<HdS>fO3n~gUt
zQO#VjMsiKK7G8dSfTihAgN^XuRWI-dT$)3CMhh~>84y&hHMAuT?hf3A*4F=+=Q%&Y
zdt>r_PG#=cw0;~lac)jEJtYee$AL1qzP>)}0z3<SBl2qtiqR;payd+VP1*tMF(+Ea
zc-CSsF+b3fpv39A3}_o<0>_RTT`}d{XW;rqMl5_Dzve4d)^0g2u~k|ebq441ND}o*
zOu;K^`x85-ON;&{rU^EpdR!aa$zg<_lRaH~anVOO@LBQ$&N<4A9VNowsA%a?Ao6NP
zb~d9_D;g$s|6GV*Yn<1&`3}93_Fy0KPQG~E3nq#=mBF^~1j5~OC_2VK&ow*%<%UdR
zF2!W&YJ7wlc}{x%JHIj_*;?g$c|ZB9m<5Zzm{4ddu0Ah6U)W>*1WXoc{KJsY#-;V%
z-rjx^x!LdkZgJea8lS1cSra#Ad!(|hkn0gAXMOF1Xf%4VXc+SZSkJ5qG=x;MQNAI3
zj;vWkGs_P|-VhH*9^DV-<^iw+?Z75S7uS<(Qg?pf3rqdif@P?#&Ud-^g5yDEHk9-?
zuzFS$zJZON_n$xh0v5&b?}wFmHjd>Hfb~47shOS4@a_^36~#WNxdfaCcwk@##>dO6
z6#jnm4qu1_7d|208SsYHH6~KUb~Ol#k~>aTUs(69V_Kz0=%}vJ-aP`dy1KeJKD9ZU
z3XA~(4vr+sC%70TLx`pK4*TgXl~-Jx0u|t)Vuh%I1lXRdu~+fJG;mw}55oYn2(tc{
z!4sm%3Pb_S5$aY-DjLR`^j!tq$0OBGS#qg!{;@oqoUIsMsY=UKx4-QSf}N`?JVc@%
z+y1zfmXW;4U@5Dxe`^-MKuKE?Fd1}Z#w}(lyu7@r2TvW`U#^q=2B13ullg6#Go-<F
ztjW}8k!Qrxf(o0=TTGyn9XSFqpBlfWs=2x+@@tNC0EcF!-F1#`Bwy0SdGom=tu63d
zm5Z?<7&!vL+6!AEK}GS+51Zn}gx@bGIMscaU!h_f;!^;%)grl9yKJ{oEej+)*4tz@
zMbAE{(cX@W`2^EOv7o^z1F7eK!dQxO0=-K?3z|wGo3%;$X&0;vJ$0=a&z8F{n0h-E
zo5tW%LrzT|*XO@^mlEl2m<ghMTJ8B`Toolu>zp3v?r_HqC$@0<m1qrAq>f1L<X*I{
zxG++pcA>wwS9KoZKyj2v^SP-8NpfJjhnv)=oifC(zf<XlnTGVwAY<?tEG}G5#yZ&&
zo!1fFY1ihXKfs<M3E>eD*yv+G-*Ubq=+c>{8m5nxh=03@*ji5p$*UsQg1>-Lx6|;q
zem*&}R1~ou+c#agco7LyxcUJ3T!sy+1&Dvk$t+mq2to8#t>S$2lc=xh;5AMgQWxPq
zRwk7t4#jrQJv|L74z^KTPeZ&qFc%||x0-}Oo&77uJCpab`tG)C4b&c*A9hi4L`l@y
zB7JzO_I^@eJg)5;u)BIGcXi6>JB-2=-i!}+?|gP%><oOEP8usiUHWCD&N-3()&#oF
z0(@E;CQzArUg*5s+~<h`UxCEoOD0b%>`ls-G`Z;W@dK}&BUotHjv=fDlYzScc1~PK
zP^W57&*ho8OF|OOATIy(4_F9<HdCiE$S*7u32ik8PAwSI(FU>vu#4Bf@<(FIV`5ma
zbvMvGN4$`${h!2f0w5mJz#TdP!_LCLt0nPL=-nUf)zz9_BGCZEf(+2ibGMlUGGS`C
z3=ztWO;(m#*-O5b%ZFpp)&brIJl)sPp=RTNoAU8iZaXDJ8g|8ZVL*22o@h6{)>G6)
z^Y#jLs(OH4hBlv;F1Xqh+bzycn$9O0$>Vk~ixad`4VCs%iPkE0u<hAqzmgw2<~AUv
zc<HVivZ4fTRxL??TX@9ct?mC3n6{6P5Ax3L)JRf|-eP~IEtd2+GCEq%z(AAsj63k#
z=iqNRYNA!k&(|`k4ISyf4K;obt3HjR=WJk843-gl1*-<w;~Mg)T#(EsF!^2R*iq!s
zvpD*s1~wQN4DM5A0E5AOb`%Au977%j;tl|V|KG`~1yD>(OhiI_d^8Uq-<B<8f207#
z@?x2ZonCe#A+ysJ3vOOKGgUPE3#h(@8sACTy>o@LZ+T~0?k8IYz`=*$kNcUCN2950
zh;#yhi<7#-q#>Z_?<ngJdgk1~W<_1l-$R3AU{AO3*TbxB-}}66ots=~Y2ZS0uf8d4
z`f4G1765S(uwnLVaK-a8w~6xEkKJYBh6Wbxiw#l{*WiboK%#c~*w1+Vi{YJ-Z%Nxi
zhC5pw+^dJ#f8UbVWftKM(z%w#o$?YJ-CGjFx523WMD|IA)|Og<`}sU9+S${2v1`@+
zCO&8JIgXBxp*$i}q<gKsba>^aEPVg%<KAoGHG1ujV|VOyBn<8e=iSTu<7M`kD_iQ*
zYns=!qX}|XgBV;#bl>1A%4z#ZL+Oj@^DHg#gNED4r>p8eXdgUSSr3-z8W<%0JtYtz
zd3!{vQ#s;vz=?aj!dvGx9x#)Wnp8FhtSye67_{th&aTgn!rDP))RlCnZr|Ca)r!nC
zk_iQ>eij_<M`Z2|0U<WSf$~#3S4^$T4}kSoE~I6Dck*19Zt5~oZjE14B~1$0$=QC>
zt|b3{>dYrhznV(n*J<4}d1$%>EuYog*4#-!?$*Ouc3bl4B-=u92f$2FPDoY=d6nrb
z^kYO&8{_bSP9BtD2>xlFeZe`>*4$XZXJ`K059!v&CRK-v{9%P2Cm(=>TnXscpG`zn
zhPwvJC-{=no~uomCAmT?pwCEs*dYvDW0%e*xIimVRXHM$gi}@Q?4h3wlIfL&j``N$
zg8GX7LoG>~^W<u|4RU48qL%<v{^$B+9E-`9@%-YexUM+w)3dLcZ;YX$qM~<Cw_7tX
zGVY2(_HE|^p56d>)c?Mv{HtaMUfa{%UFVmeSk&AzGPpJZ%8L{WHU5M_mh9B~*)q=|
zzB{zS{&0z689Ql7xf6?7-#DydAhPp{iz1k#$cAqc`%3r<CPexzWLA`7+3yo=Fplm7
zvGg2Wf8E^0ecKDpp|SwnVWh~=LP^c*jU;Z*)P=P*GZgHX%1x<Nn|qbBL}o1cj%QxQ
z7@7m5%M^<ZZh{eyfx28+N!ZdlUf@$ALq0$J#4X=-Zw+O$E+s~gN>Qx&vH(ihlU;#A
zN3Y${dXuBgLk|dgbSo6Dp~sV9nR)WJ8kj)UmpaTpvzR2LBosd2#S<AXzZQLc`?ysE
z(=P1SWKxmfH=Fcut7K0oF#fK!Ewk6hPIzV98?KE9rc2c%Dt2dFjGcY-_Pz7)7VajX
zt;bTr4{bl#6^oIn(iwBVDIeTZEuHfIa8&^D$K>AFoSVdaPM~vNw^7Lv!^aD*uUWL^
zh8xlIBS5j_W8@mx^cQN{Ke}*7HF<lJ(?F26dv$v$or8M{n`rE)6W5=-a_;8Ca3AsO
z{Foz^%71vQ;kVyh%Bf_6%dP{1s3C7HC@gC2)J95-5B2^iw;RW|BE%EWd>k=u3L0;S
zKS3p?QKQTxmBG&KeRaWd9S;hf360i(|N5=h?{@m**K>=$M5QKQ4VB6EDKH_85Zl}}
z3y$=x^}$g{1p(ZHQ@_P$1FZ<W>zF30M`%;f;6=qRG~^s+X#=bR0e+4}lrDNNFP$Yl
znveHnEifPrp6vJbZHSXz2{s2$%i95i!^(Uy;0Y7OUeAo-)8w9fB6Oj>&CQ0;MdC!o
z6T&9ulL!JiGMygxD5`aGNdFAsa}nw()|!?5SY!OeL_tpMz0A<(fBfaj*X^S+Re!RT
zGEqXx*j~VTZNpYU+eU#ZVAd!$|8Lcit#fYQr2o0*3N(Sj$gJI*38!<wbZkiw(}mqz
z^M3~w0hFGeUgMP1%*@Ol)9)yF!rqq;un_-W!(U@#<3#O)qyan#^gI9X4mtXK<i&A4
z)b=TXAz@J3$BXKI2R0`6i4bJ8&}EI`cX{<MZl4tu5Au1<>jT5*=uXBxDgVpk2?&6M
zTu7U^C^bika22EqVPL%)kBad5jYDSumr03%uVCGBd?y>HKUAV&7Jr-nBOFm6=0@&4
zjUMI6F2wmkK8E13!RC<*+rQ^VY$h}rudNvYAKLRnF|<;-s|QN=u*wjtkc7M#?kR*U
z$mZ#m8gMA;57$U7ujq(K^A@QCvv($|`;Eg^_QKqWBJ{yr0U!Y8PPk4qVPz-Vm?E>j
z19eLOT+lLIHXUJD+mZh>tXGWUow(`<wW+c@+CxX!moVPjYUSt2V=L&0?Rh7GdOkxH
zL+GT-hzT+KbTm$2;baO@7cY<#DEf25Msr`;e)K@~K9qO$-9i}>EQ|+Mi30GycWV8(
z*FrMHNLE8I1Wo7F#~&&)UuJ6oKQYI!*Khpsw|@%4j5d5trHg*)V?fF?E3n4$^SPCU
z<)ytkS>{ufuc3ISvLy7shf8il|Jx7-`16vIl3S&%SbnMXe>iy=2atUJ2cYX;4JH3M
zg1Zl`&tkx~=E<&KJqH?9eo{eV^?hh<$%9)*J2jW<Rk%PpzW+0bBWU2I0Rc!cTr(hE
zKtuzm*x3gR_ck@;H~`e;1i189u>R=m79PzyK69qYa@XWM&*Tj2!DoCtw%Xw%T_WPY
zhka2%7TX7TN#*7mq#jDjKNl?X*^^RgS??Uhy(&Ek*rfNtaQ!H<D`rgu1v@};cQ@B6
zk9%vwmpTAgn)nOIUO?PaUhQks6#qeKwKPTh2LpU%S?iLzgl){G`jk4BHq|j5czBpd
z#k_z0-VKCa*~B5ZY!55S?oAwKZ@l{5;${GsGCUM}?5$G3S^<W5ymdaj|Dn{Y`$=(<
z-f@qJcedRFQ$Hrnt1FqZVt$akDE{mq*tgen{LCmkEB_sqs9N{bX*_+@%vqmV%eJui
zMd}q^yIc*aVDEg#54BRmO4bsL3hk00R6cheBfnoC8-3i90iB%c5guqU-mOj&-A7wE
zDP3{{TPZDE_G8Ve-m}M!k53OY#z%bXUkgvie7DKeMq%3vLu4FIA$>2uvxKIf7HWtu
zYCD0;$;@Uxa!)Ft^v#T<6kN8574_#wu}M`eUXOUS#PrJCs4oog6Qp@hMsrCNlNsNJ
z;Ifpa0m;X7Ry$t=JDYmkO%GR(qaS(+W0xOnWi$0`V4DR~oI&>bP)}I)V-SW9aL5u3
zY@jmeG)5J8@MT;M9f0XjuogCIK@6Pw<zw*KYT!IxgPHCjs;<BHwaG6pSERV$1Ap%4
z2GR$pX$9mA)khx++J`kS4pB1^n#=p}3RFNTY6t;k)BoVnu00&3d_5=X3?LGb>jb+^
z9p~{*XB&P%nQ<H!0~Xz7NMVbWG!{&37Dy|Nz!Sr6Eov*m2yG=?Ue0^9pmCyCb93S&
zw*7DnNNX%q>?!5_c#pToIiDGdZx{QHcV+&}%;a_aL_-Uf++PNJFN~LynK!4hA5L2l
z6CnvyidSGYy{U*DW$LWeWvyVN6d_f<QR)N*O#oF}xMU-J7VUZ_-;3}!slbuFhba$j
zD-RWp0q#7mtRtC1`}%J%wXUGEyB^T810La*8?>mf5Rh=xbkmX3ic&xnzGiJ&)U3|M
zQmR(`EjKqlK$0HhO6q_<mXPRlp5`T$Pj567YFel(o2@WkOpe0DuKa2-*coOXm&`s1
zD+ldg`y_Ev20;K3?zy*;&@bP)c#LmVEpf@_{h!d?({wdfW4|br_6~*nRP1XW+uGW)
z8~fr^=iptfEu~(2KT#*eyKwr=d<WKkZ7J8s=P;oBDSYQI8z_N50K_@q6XsNAU~ZNY
zj;C)9=nWYulK959kE~_eoS1DJZ$I8gtoyZg-zcq6l5@FinO}LNBokC)DR0|^&+_kW
z0`_eaR&ir@tG=p-GL^uyB~xr#n`6uOwKjv5{=;kQ(YixyD-T`eyZMchY;By4G98>K
z%`6Ykc>6%UfJFRP>sW|)@wGk6CvI-p=E(}{^$G^oY0V*ig`@8U98MR=L-pP$kv@BC
z-HP&7mzvd2O)m7F#oLizE{><TA!tssp#&xg3;Fzvl%@r#2(GG4(&zw%I!@){6(iwQ
zM-b)7O~wMH$h1ICmcD^AjZen^>OfH07u#<CSao$ZC@z3n)3zxWiUdHMzegP)e}M)%
zSCu6E-Z7BxUyWZ5-cf`$qi>o;jh+Wa2pyMEBo9)~<}7FATr=SB60dj}ak7KT3J|kT
z?z`%Edlhpt#d@xw8`c&Pf~)hJR^gb1J*@vr=5qFKr-g`E<XxQ+9X-!FN<~98D`?Wp
zl>-S92XOEKh_JWQE}%fLWw8~$&;KeuY&DM9X;QoQLFZz?xwoL)@cD1my2`Udi0dp7
z9@kF=TKcAWx{+nL%3FomkyQ=Mx5kdT<GRN5JgciER`DZ#S4Ew|7P=gKz=0Adkb|GA
zM3+SWM7skTr2kpyyKP@b^3O)OWE-V4j+0`*@Vka5RdoyvTLKKdxa@uDlHWy&9*JYV
zcES%^wa)@8lAb|*Kr>@@lI;^Z?G{5Rr^lnym|fa4aQ?XM#gWwt^7wSzvw^e1<Gp}O
z7XMgv%W-+@V5ResIdF&tJ@A!xR{;sH82)~uwq3SGFHX@HQ8#kJBi>r2$=6gAflxU*
z#se&9I|NfB0eTPiF4THsts&ch5I6___KHgO0%9bSmCDuvPsF`X>Z;?~j_-5A|C3>$
z>i}4lP-zp9m?pj>08W)?R&VRKyfNGHw$wl16G6bJ!3;_GloiFjIaXVHcNO{q;AnN)
zZJT$?8#~7lQGLEXF#K|VwwlQq1Q#l>rPcoB5R?KFz^W)U-8S}r?P9-I=o!<xrCSGg
zn91#dl%xtqEovR8zfO_~X?~iL?3&;Gfc$hltVnxH?c~5oE**5;fr70J55chekHi&D
z!vVSwM4BIl&)z~Y7@qk1@-hk(&%c4%JdhOo9z68!GpAaioQg|foDzD?@o_~O4<zrx
z(d`H(uQl}Asapmi5xiWTqS|Gq?_hQ3sjscgt@d23cgdMgr$9gv^1_2fIhNf5&@1Wp
zOp7)9><|6JLT3l(GQaPvHSk)P*`gldUa^SU9P{Ea`fxuuhKSi3Qqv6C?lH3KG&@C_
zmwYPuEZ*}~Yx*VO;-OR5;U7SK2uSYzL|h{_ehjvOQRtsW@+ZkdSGnKh9T$Ql`@Uv2
zt)xoorjOnPlMdo)8;;$yMbUl2mZ8?OE4=2D+{AaucV{Ptx(e-cZxm7^mR{W)kIK+?
z)&zXLFU2WqFyR>oDzjg;s&uMZijea&e_jan(%rQaM-GP7F;I3n<$JZtsrNc+>-{gL
zZ0>^Iu1iX%45zL=&cff9Ty1rV!Qfjj4I|1`SW(SdrTtFG3wjh9AfAJLSL<S5)l<Qc
z$YVAU{>N(T$`Xp~1(17E1$#fuPF$`xgj%-FRkRS*T~xGHbXTYEkojK*pZa2$wmymz
z06YTFX}MWTXoZ50g$7&sw~ezz^+)bG#uf?dnV<aO=Mp-`RjvxSL1)UaYgTBm2);G`
zWV!;g6PX7Nst_o!p+2Lk%PM>46Rhsc{ysb#*(O?oWc>E$rXq%Y{h2yS1rogM6t0o^
zHnhyHA^z_EE~q^-`%2<)hzcDTf+?h906qNHp!bXEw9SoQ&ynVI`)^2%?x_cSh;}n}
zoB+~1P;3;YOvCoCg9p%9@D3)`JE&De!}=C1_#MOh2ci(xSnArTsKa6eS^UAJzrSA%
zMQ?WjL~qIFF+3g*63|{*wzyV`nTjb_2621DmTfnq{ryim>eH<6!vsoGh=kkbYdSe7
z+WpRUg@|G~9@N7s&|aJOji=J5^~STsh>(MP6i)@}WoAvF|2n{Mg8<5Q8EBnI9ZDl8
zC?E5j9b*L=+HHST_iD?h?2|jPpke#xr-&9QugT@stL*v!n}MhR&_Z4Ic|fJNwZsEY
zyxAFum#V7PRHrnvgbu-m_qMvX<C4DRbA^<{9p>KUzI!E3q?D}{A2#jB_-cSFI+W3h
z>}HQ}8{^|&KxhChQk2`jTcpr8Ooe@Bof7jTJLftIxhgt-RD2WwePJH67KQ*<Sb#II
znxyo7YhQRbU-S`lk^J2x!m)N@B^z|+;qM#!&ZoYlkjj0(#+H_loX*OiJn&S=(_ZLJ
zo^|aVj2Y%^i?McVZtHMNbhP?Bgc@bQv|e6&xP=FRzKM_z`{gxe!J<*Gx1(7eJaAAn
zU0W-fhXD&M@JTZ2(|BObpDeuRWV_?{jnZ&pF)$%eb;)C|o5T-V7<~axcMXBUFOTf4
z*6lMdra~|8#_Mx-BPR<oqr_crVh7~(n2*>Hx3&GIMAalS1`Qhxr>4h6e*>tBkQaXf
z)pQ#-m#5RKU&fq5fnv+8dz3DcUk=Tb`f>EPv?tI>asG`&xf0mQ@rw<amC=K8k_IOT
zpv9kyvmPsPjIs>wxsfVzds|umv=9Rae^57{_7Q$vqN}>;O_YhQzN|l{e82acQc4HJ
z#rePc3}HzOnZzyzpY2@n6CVaI<+FR)jWvLJp&Km(v<ukP;_*)l?XGx{k5tLWSoA1N
z(iSYeo86QT*`@PnRrnk*EY6?f?N~H4De%@vuKW`dDCukNiy0dE3FciumM49f-Z*5U
z#WKH?YLw9**7V&bPj8iXOz!Bck;>B<*ss9!ZA(850->Zc5GR*U?4<;IyM~UAj?LL?
zq_00OJ8tn++?0?=01)CP@@SEMnc!mo_uHiMpO<ZGIs`<;^C)c?x2X4Sxhy<-Y&8Xx
z)xu1LQ+~PYCyH;f)6$aC`v3)rS%8>=;q{ngUwJg8mfeDWxY3FLU5mvpVbyoP_?q}P
z@Y5&{mpiOIUvy^HJxU7*4k9Qpf>;l_b7w1iLZ6AFS|pz%H>P^Aw|f2@1LR{esHLkY
z1`z1r?X~M2*_V-q^JLP<CEl+sJL!dzg7#AG7MHzUt-c5#5ZM9TqnD7r7kc~q&lvD<
zb<HEnc6-Z2YrL_fnuof&XDmG(d1$mj_16Rt7NGu4K@JZ9QmAQQ8wGt|vL9dv`2MGt
zO}9|X%gdB{iY4emS!xU+v4e@5>_4><3gV)gFMA1buq<=5Q-96Cscu`}R~#n*13{WI
z!VdwQNNMoVm4m+Y4W@Q3c2ibKZSaYA#L@d+pf>oJGymU1?}lLjdt;E=^)#z1f%NDZ
zzyhmgsjc^o?vLb4RS1uvK~ETTTQah;gy?sT(%}Vo!x?~wa<AI!SblUaEz*(g%YXa!
z=1{MLQ<Yh|p!b{aU*E4HU=P-<Y**FGJQ&jX@12By110p+_Ux!al|CgF>va|5Jrk?F
z`GzX)P)hBk%!?tKKS><dCJqGH^b>X@+pe2Y2DDKU>-w=Rb&?ouxr2Y0Yx&?+x=LA;
z)=yc5u3Ky!h(ZJxEpaE)?G>~w#q@G5n5pe@d`!nM8*M^cJG%XznKn?j-Mg(l_YM}-
zM0O$9o!a*Lg66AozQ`Z0RdpSY&PX>SZ`mj@$n&mQwdcR}k1uO%)f#AHM<L1m5p!wV
zQ>Vt~>Al{BtKf`|W{!kbWbYz=xu;rw#a7Xp_k=LTC5}zr9LaQ2-&XiJhuRnY-AI`N
z>0|hKLHFS;`QZ~@$C{(V-7RQT6Kq5Mk7fDeCVEV@yscO34$1j^tqp5xvoG-avQTew
z;Fy&Qju@x28y~f2yVbeGPn$_@>j#Bf%5mYp*Q(i8sOcp%EIX#$GkLYRQ0QW|(Cscl
zdQ<tF0268cu=Zj6=FF)toGVAIaXEYSXJ#LImNTkuOT63@XEHLJu#wnZEEN1L-*?%}
zZUl2jwQv^i5x2WX>c}7UmL;Rt6i0e(ps)G!*0%J@``b9ag<y!`ZDFn74}}Ldizio=
z<I5cLU|qiz3?7VWyC$(xn~6_ondV&&4P<ax*s5!55xP~t`=ji}?6gvf=&<MHUVIPh
z+!PQY4R2h^Ludsv?u*iSjlJ7g!w=;37Zy!-PGNT@Z_XA*BZdtCUZg6?Wz^W&3g=(p
z@<-p?o>Lvsk(?JDQ2)?#q~wa-aD--?@aPjv+;_icg~_nZDD2*(!!^AMh0)s<>m5eY
z%Ul*wGOONc6-dYRg=)SX9$rJk3BPBHsBQpFs7jjxsv@w5{B%9S>kj+saRKgNz2cZ3
zA_L6?-5E6v@unQvk1fcRZ9mvh|1AT0_;U<2sQ}pC)KHIW<D+OWC~<z%xfc<MMh^i9
zF%RjL1~wT<pnpMWDf!<xh`*j~vUjmBy#YQkE42W{dGJ+Pmjpy42v|EF-b7fY(9Q-o
zS&ZN<feVFx!0_@v%8-i40`FM7euVtTp5VWB8k3LzQEnAF`Ip4Tew_W!IB1c5wfg{b
zQ@|j_6KuIq62Fgn*?wcKZMLgoUOakb0pR5i0}WVXv1ca!DOu=WsovL%4S3k2=Qu^X
zvx^z>hGPo?(<Q*y5Ig>huzj;w8)$th3%WZ|o``nP&Jb;pk`|#jd4p&B4m#b_i7-Tj
zTjd_{pZ<OH?`*aA)?V|I_i!tXyUr5PW&sA<?Q-6k;M)Q*(4Oiyo>l2|)p<?JrL5U_
ziaRuyh58Z`{s-i?>TL#fgsu|u!p0E|IB8P#gR`cV@@&LA>dtBm^Y(_~KRjH9x$$N=
zX6<5)AK~g;7=x+qpx4hG`UH^AbZ_oE@ok*skB7O<l<PuYm-!r+=BH&sULa?4e59(T
z`!OBnUoUQgmTrTKnRR(vwRdfc)U-5njElbCZ3j?0BSPj6UGIdLttG+OeaX*WnK8MR
zpT4iAYx`gtSWvDU6=PG*S&|C9DSAB{OyTe-&cq~;%HdJ0!JQoyIS5Zm$KUsIF*d$k
zaq!VWaNm~FWH}_q?4@%DN&{g<LBQ8I;7cj+K@J3bne$m~lU!GE?IzlO^)&bp6C!_C
LSvKp=qgVe2Vimku

literal 14272
zcmb_@XH=72*JiA!K~T{k0wSP*V(3LcT2P8o6a+D$NRuEXNbj*l6s7neDAJ{aG)d@1
zgCZauLJ7^#L3*!YP6B@O&YEx5yz{R4@vLXva+h=V+2y*fz4Pjpw%XAnXO2K1kfR#v
z*K{F}z4suHJ&T9-f`553n_UL}x5rsm4FSn&;1~xN`>mC=lp&DZVCbgV0dRfTQT?7X
z1j1BF`)|)rOsXXWBCW4+P5F+8$yD#QGl!Mm@41bc`F(5O^b-S$6aL}-nIyoa;pn--
z$m)N2|K7={_s>Imhr6BP>d(Lrq6`DxNLCqskr0R9YrjzyZf|KPenN~Wn0-F+qyG7N
zd7Tw;@!rO|Lus*U6Di((+3RiL$tk1Iv-TBBi(|jAX?r0}U1)AdTx&A|qLi}n1eTSR
z)lgp__G{Qyy8Lu3hn21<%iXFUH~D%huviNVm9lWiV<}{TqqFnEaxW?=mw5l;Hq|=2
zTzq!k);h*7ZRRlFsf8Q;p#v9KoYx2DKHdFLESvk~%O?{gL@5*o-<+l*9=QyaHTt>X
zN8hS&Z66L@mTAY1`OLi$;IX|1L2F<rncb!_7kxH08!O3k?=&_x|D@==7Ye>}>D1DV
zeUOJd@X|-N>(a3mS)3{nb#)6VT<mP@My95Bv!x+lJJ6H@=!%zr2_b<$H21j7q7bW;
zv@|J$36ffH>+>nq()db#t`?@~4N()b4CGjg6q&Qqzti8kFnGa$iWA24GMczU9>*cC
zxVjD)ZgWq?6)Cn#qIy5p*K8Y4HxP<1m0lS6@Z&R8Vu*nR)43>Z9Nt~osMs$roWCkQ
zo)$PUvJ^3O)-cH7aPoNnx9OMJ9^X6Uqb?qJEZarAkt8;G^r2ea*2f-8!qpIFr(x`|
zqV(e@5=0-GO|eOtC-;W=#4P+8zE!yiZ)MmDW@fsau~ne4A$51^M`<W_EkjQHn>7TY
zlt0^7=FP=ap2;b+Vm%aa<HGqKX6)sd2#LasCUM4q3#`uT3r5q^N2W%Ej}WqcJxal;
zd7r%)c<N~*1oGI9@;z+s?s`lc)B6oE^ZK^2fJx=C#rqP>PL1Sy-@QmfRT?^~ZT)BK
zbp|h6dES@pA%?pT3sXyf^HDZzyk6uLIdVP=H1{7<-M%PEu#fz0?@T&duRhL`qOs@P
zIn))mqQ%YepLmO5zc+RI=pxuX?V6}I?U41Q^dz1;(QyysSv~}w!C_8(7xRd#Hm-?G
zouc?6SbSfk8&XE^Z5TomD^8qpKYdSGmPGW)b+@s(xOyJ)n28@{ct-I2yx@b6dygTX
z;~F2Tp1D|MT3PejX}gL&pt~p0Pv3(}W@+F>Yxn6Xwss+@m=w*pif4TY>`>J$^Wpj}
zrGqSfg<BZP`0JlD{S{n3Cm>4xH*;|Cc|G9(w2H;`3ze`mb@=%yRH~%#1L#s<pn2Mc
z&DAI2@OOiXYriY3B7aX|p&M%2mxY85#_oqSQ7oZ9`PED(yb*E+(`#e*=G8JsuRTX(
z$od)^#>$(pO37E=%H7<uW|za;o1u@7-+?mRTqBW4ze6Dq*(f_oeZ-&aSebNA!Ik@#
zrzXA~Q`@ep%@*~O;Zcl@lghtweFL_hsk@RL9`;S&$$Kly@=4o10@`droRRgWA4hS9
zBXs!ZlC@xLSh~~d2-(h=WKu^7Wj<AE=BF<W*>4Huy6WMW?|4JbX!_f8WT#u&sQ<MM
z$`Ki=y)D1Gtyy<6ZfXCz+^=BXh&wB-0uFjmlzgRnF5)dqLMBxI;;_UraGC5yd6`F6
zS63M!kZPENg9A)WZFvEshgVD(t1aAS)EcS$Rxs0B!s>Gn0<nbRii*0Xp%}DUoqXh&
zSHq7-+iX=_bJv4cTl`HMk3wA2aRb$3fvhoGL${|2Yb-G!J}Zpx-#!F6nvQ$AnVFct
z8WbfP$0-|exqf35>$cF2_o~?gDOZK!l9H0RXE-t{KR5V4!x%?UqrGzXKqTM7j@a7T
z{+Oe<HxB=^hI&!gM@s|0SiLJ^$`VW-K$KqgA<Qf+EJiXSEBg-I{%+}~Gp^9k@3U%3
zfZzMbo5EB|-cD#`4GuOIn(J2E6BiAGGv2urR$|(J{O2vRYB^zpQ(ckPI&T!#mr21w
zKI!(2Rqsm8ZSWpeUjOvV9f5S)b`x_51j*d=>X=cl2iKs&^_NqBbrE&6AYYlLQgQc|
z%=<Z;iMIVd*+TmuvM1n)I7rhtnj60Vv9=o2h8yA{i&Tg1q2*lUAxLx(tOWrXbHRte
z_9~?$;PA&FvYfk*P!tG`uCA`&1STfFuMP=>78kjCKQJ=`yHhEPf_%ZjrahrQMDY^H
z)0c<)w<k#!TmB{!-cL1pH|Hmv`ThF@y$;NgG?R313&S6Oj>CC(A|5qyM9zK}U5tqF
zCsZVVPjvZySG=<CH%Pka9jBG}nuui&DYdn=vtu|`FRl)zWX*#k9i!XVFCSaGc~0p;
z6H(rVGBGi6Ko~pJwrA>et>pvi)MRtNuV|JD269miI#u9kVUgfrvx;uyB{zrGbe3YN
z*3uZQjJuplADa;y@KP_|8<)@E2l+y4*e(y>y?d7gWj;qh#}C5-coVKDfDBou=}=rs
z=!u46>f9Ue{@S+|-f@=0Fv~%or0JztDDUh1dAq5Nba;upPaTd#7vZF>vnu@f@?I0O
zx+dD~guXNj+UY}$>pN;y4MtO#rGySf*cHeV#D}6yQ7AoO#m6q6aN)F+V!0BHD2lPQ
ztcz_ziul+&h;fuw;k#o7)|S>fYKOB)znITOqvPvg0ZUH|FQ9+cx&*xmmksPPET{=2
zU#xFJ<~+(|w6xDX9pl!mCr^(U97f<kOJ)LUHMp#R%Xj0oG{dOES<@V`pU~lcKR*LG
zgJjHR>j%OJ&cHjqHJ)&obi418$6(Hn`Q})+?pFE6SU<Z-Ck@{ld(=~c94P%96&Kra
zZljI;Me}VxvFV&bdXmlNxZ=V=Oq5No&tgjNvP)xgjM@#014|bVoQsw%#{EFuRFrqV
zi|UT3!>E>1*RVdxoPv5%ew!2hLl=`xvZMV5H7)P4eFQ63X!M&;bx%uGNP;BlsTDL8
zU*1%@{+cEJ;YXyv-4FttLP|8+Cdjgq9lVQ2lgjz4_|-_(5SsC%>_I{(BZ8b`<Nr%S
zYYd+vMRhNi$oj{|?vA(<wY4HWH>J=l<SWfA6<0TUGP}hm#34$u&4^#gS=t<b6cagx
zS|$A!+77ok7JpwA&Cv1)6u28IN6wp)Pjs9A(U+8TVQGG!IzJNKH85blU43}UvBuJM
zwTkT=J38Lig5@kWJxxW`r<b>U{kHJc$8Dc*%QcFfch0D<l)R{88Zq3~d!JI(mcewc
z9!-fUbf1Zgd0o-Y6s;LP0-W;4%}RE5_K6D&ArJ75**%*RUNer;8I_t1(6Zp*H%AQs
z%rM`lE`u!eFE=ifo-|h9C<qgy$T&?Xt>C1q_yYd?`7>d4FvJh<h<TM%*+zQBJ+m3P
zPgr52CV~7!^5#NE#TFNKqdC@wU0mGUSGYV`MrP5(Y;mBcXL4jD+3U$3%f0X(W{|(!
zr~8(LPTgd4ec-s*T#!wz^behITK2d;Cs|J<?!_G28*vS4_KkokXNCLZ&IA=RLedaW
zvpw+rArJA#U`+@}n(BXexgWkc9#JwO21z^ue||t2+RqWC_ud_2WtB8!wY)<36n&E=
z0i2lnN$}SZxRIgZ6`94D<qqx-b-~r~>x_^S*J&TN95@Pp&Wq;09EZ~^jmJ6e2Y2H`
zUP<GR1;ycV9>c`uUciXQX-g%l?4m8?M-ZY0`kJ2SvQ5L5cb|!FMMNZZMdjZPs)vC%
zXOh2B?p=QS+nD}17xIu=6T(mldK7iKtQ$Scv!V%oBCkyQIG#)#d+BX5-C)C>C${s&
zIFSW^ZM*oZ-uJxuF~v4Z$yot*QHxHYOOelYywd|G8vX?HD59P9Bh`+tn4X<|${+r8
zh1G_e1HA9s??8r6IIR18`_Dn>+(-xOOliA2Qtp=Q6|aD{pURY{=Wqqv8V<!qDAIv(
zUEhCJSdde=>HKkX7h}Vc^xlN$u^LBqH@hD$5u2g_s+pj1q-qjRf6ED3wRC%C*u(ix
zpF0xocAu3`DgFb?_dVG~tV+0|xVv<g4qWqx>nH((2XE&FEz59lE*xy{Be3^l_?)~x
z;hyp090l)Uq0h|l{R6<baV)5@yVic|ahryjEl=~W_tik_nF%>RBA*iEQAVWc+i31%
z4B$98yNI*nO^ElKg?&<rcL;j#DXRIlW`kLqa{bECA3y)=D@`(R%Sonx^E45BeNBif
zPhrHTak$=u{`6lZYEU_6G~JNOO~l}ztZl=+3AkvPoxOc6#R&=uUdR>*dNU^Qo=+7d
zkq`moA!r@y5ajSDnxpJhmju^n?#Fi${%@B`cR-O;7yjRG|BQFEva&kNnXH?Z`kw2r
z=NcJt2pt`MU8boPC|x@<@`43;s|bc0oAOCK<$HhHWA=Z?d;e>{dy&=O*>_yBDHlHZ
zG1H-b1RuEWfy<m=a<dg>U<e=V6_HedQVxOjJ%z;-Ihh*wl`$6FniQ82bTS-!SbQTg
z**gLERUsaia}G@bPB$?>ZIzE(oA$h?e2<`!Jx(5*M2AIW{*9(v+KxgJABLx+DnzA?
zncPybx7e}utdo}u{DsotP6fZI!`toCw}O1)?uW6JlbEyRI5~FKcMLx}qtok^JEL8?
zR+A=dIxUmIDbO3M3LRe0z8ccub_mYEE4O+SdO*07U$>pC@AUeO=}`VcD+599ZRXJx
zu?zpTi;s={ev8)R+?Kh+BthwWM^Bt0D@UI@D%8&2E)+F|>YUGCkABJDG@!t_8?C@&
zy%+mH+6tD&+2+kK`J~dmj4rce+G-6;*Ko>A&Tr#0ESA)EQcd=Svi~ZtTGz=J@fsy@
z`Q2<G?C!kO^fa664ZUR16Dj#OWhJ}uIc_XPN_MU-l9{_JLz`JXy`d#7Ohs0Z_@@)+
z{LB{RD`vM|2aj4q$r>H7;F$EkRuq}nN~Ai8MCGopT5CP~K+;Kl;TC#4(C$@_#_X}T
z8;j1Td#-7}UdRe!-id%!*EtjG{1DMyTh5OB=73w8GycDZ$6i7BW-x_CcuD@7OWRJw
z>|KCmWo8=3lu9Vb)Vj18mCWIG)9DjW=$>=R|88CfVYUM<mD1_?aZlnITJk-nl-^8B
zmphjmUBvqO`U{Em6BFrPTM&NmryORuk&#iU+u-XKbneipg&!t-#^Q#x?{8d~(Vc7P
z?GC$fy)5;yIEaeQR#?{O&u_Fmws`qX<Q5j+>M`II*DDjz0K_*-GnjBJAFL>Kb*914
zuaEc99w>o@k50!3$9TrCJeo?aP4w!kt+-VxQTIx(@EOPzu`xv@taR!=be;MYBQ*+2
zG3$+eE7)y->7QH!i<<?Y`44<^V!Doj)i0h?39te1)fc7CpjLu%{f`RN?8y>L!DIHf
z9p#<dnB^B~b63M+i7!P(X(k@$xPk2qF_g~X7C;4BgCe6vjPppD=^y5m%5666gi0@n
zxB5~7i;C_o5%(Pi@%PmM%F4<LNF7>Db0sA_w_UWmd8lNRUHa;koSre$7buU_A(aD|
z4;aDgU%>Wqx`~3Vq1nsZ>T>4AiWH;a<X?}R#!ls@<Ahvu^^gK1i$4ZeX8P|6D~9X`
z(SJD~2qbx9fr)dYhZ2fvwG1*sO$N!FfoO`8yLR`OPCiPYeDSy`B&`v0?l5iTc4kSs
zY|94;7FL&%wV*#3hWBK9D>x0bnJ%Q|r9I>pz+~m8ZXE768ykcbgz<K~BTU&potV6e
zUC+(^bzzAOa{dWDAA=GWzWUWM=1;_0joO7N!-#<9)+EG*gwwAK7HS&T3C*r%88B4`
z!N%_gH`Myjn*AIyu5l8`JF%KdC%`U`9c6*zC9!i2tUA8$8k`fC!tU|<Y4P9W#T*GZ
zJT?0a-WEA3EIWMNlOLoC+ipE6e;tK8^JwmW08#-yxk>6b-5Bw%j40gN(D7Gn4GK&9
z;8={XD8o?(YSVg)O1ZE%*I_T`Qy709nFu|sz85&HGW2>)o7Fyms(6!LlXJyR<(a}a
z<J)RBbnY>kj(a-|)E0se`9}#H{tws@3l@_zShf{y)alE=iElGjW*AVXeJgU75@*XQ
z0U4b3^HnR`q;Dms8}Z2SB!k+N<2ZG)5ce=awuUXBp9v|Tz=Y*WJB@vHvEylApceD!
zI-}?4T4tg;jJ}xBvz=?~ne!59(k|fq$;U%$h5%rdaCJqLEh`~_i4GwPb4s&>*f-|e
z>kH<E(F|IA-n``lMYqoUW@h7gwBv;%BO|NtR&@JW$nk&y`CM6T@5n3FdpQKW{C*jZ
zSXHHJ<C7@9jlAw(S2F6<;b3w*Tbf=Jmp|c%>+8ktMYGwl3YkFQ!Z(5#0DKwK^U)w%
zB18iC)^aM22tELi=Qmx2Ky1-dn;2`avwkyqv8Pmp{Yo5l%BucG<UxbGce6Eh!b=B$
z^wH1eArrdL-qk}HT*JyPmFLTgF978(Alv3f0<PN~GuLs1a)$Q)V%(lw)l%%XpG?9*
ze#~oZrL|&typVN6PY*}G@DXdU3CGlp5e2+Rcb4x$*{bwOQ~lImkmcjF6x754-+uyl
z!ydSV8uZD2aIX@yz8SHb+MMyn)Q|mVw-sREM#jd*NM!9SChynzxqlARl2t%XAdI*d
ziFU|F37qh79`Ullix}39zAj^<!bc-G=KgsFf~xH14?ykjnT~GThVLwB$`~pwC6(2?
zia0;JB(4@a?rFHedqcB$q)X?l?~0LwrOOx)Hzy9fI7-jR&faZA0)a4)MCoXlT?rAF
zRMY140QNSHIWw4T+67QKaDI~FJoeWrIKYgI43)m31o>dJnl2wZAggID!^fS_2k8Dq
zI`G}R3>S98YPDtbxkxv!(-l7}7iVX^vWb_k={srgg8t+yrBm-{&E=6^=c0&ghxEIg
zk9JnxWl!0qL~%8iPE4^rXaGq@<!;u~>p*>%eY|_x>Lh>gLx%cy+B-Db)=uV1j!|!V
zdc>mNeeczg`9U%h^<;6IeXBfX*mQLsc2k9SXPYooVSc{UP;>{=`|)TxnbtO@QSb~9
z?d+`28VKEI%RGm&p1zK#rijZkzgLA$469xK`|K4(MeOE6tgZjAwjiS^63_ccMuu$B
zsr=W6`>$?366x*{u>!RwJ1Z-_5i)reSOdF6bw#49&7qhEBkWe)ZIG_WZ;Os-d#qbu
zL0ujs+pnZNS{VEJ5FcjlHM*N$WA}8*10Vga90fb`@uTr!DqH<%#rDMOZRY`2kUcVa
zb^O8^<_88x^o>QP@;6!wJ!f;nH9foS@UyF<im|b=cVji_Z+NPbQ~cP_V7qXQwIbkr
zy(N=-MGBzGvhg!MHo55wDZOqo>(UKv3R(4T1zH`Y+g%yX&dwld0kCVP?6|4V8iKzZ
z&1)Z3xmY2We7yiH);bas^>*--*g|Gv6t5&b23!IRxnAl&b^EM2`n(ZaD`}MB98Wh$
z>DrwMDQV6ADB+lU_wL=^-4!}sPi#^A)LZ8d)L^ByzRiV3&x03i3*@~Ps*Mk1)Yz5k
z3A~6+69FsO19#D~`5c1lzjmq7Op1rUs?o$Aaly7s-p6_E5ju9PH`$j~wF&H|sU2r?
z>AqnsE-l^dOF26AlE$Se2oQ^aM0VIYID`uY&Z=FKHKQ)Irle$Pr?Q^iaW>AO3R{oq
z>a=~dEY<>Qjp&TilZr0OAey6&C2v%0Pv_}w14poBxW&i5fS4KNwRlF0%03a0uE7%9
zX*yEpD3C_dI8{L^L#?p_0==2WhXRQ-4kyI&=fx|*L2GDA&=OZmP>SZn2>4ibw5M0K
z-1cy0WYihLOZunE8JN#%8b=Fw{_x3N8EW#LVJwX*^P~(_Y&UL8FAMutH04`ctgC4Q
zYhDb5W%sU{+uLiEW#v4lJ^cY@ejyi+$LHkSYWQ?_W4NE`&qd!PA?sfQ13VS?9?Z~<
zLwO3Mn(w1@NG_IR0Zj99UsL>a<iy^PW5}1C^yND4fnT$u8?Ep$j7JK1A)4Dr33{BJ
zme7s~#o=DkbI~EzCd7BZ%qN&_w>6-Yz4XU5;g_>p5xdXn(TNf5Za}bk8Bv8rMKaRT
zDSm@&vQ?X#r5;N*+?vgZE5sb!&6_t>ek_nN-yeu69>65(rZpixe8M?C_k;rIHibDa
z8WC%zLzTBg9@=@Q<{N-)0NOeZc(^G3m>V5+iirYh%0%Y{d{s?|PGuTFss4T%c}NbB
zwztu+k&@925**7{mTbG?RQzE0S%VJO8@q^llJElzntL)1=XlKk`61G-ZS40~r+7i9
zsXpx{V&=m^WgG4skU4^?)uF?ma;}D8$mPO=@3Xz{7v)MM;=Trfuk+meLo`@BZhOsj
zKmzZ;BKMx5^mkPH<y6fMC-*Er!R%Yzo<F5onR^TMouQF4Y6=vMMlAWEg)bL;0v@YE
z1dtEVSYB%GO8)8{iHM3#Qdq^-SR>xTYA>(e`De$y`Wv#<Gc}6Fo!}nIPY}j$3o=>N
z0qzWq?khDYuc9`?YNwV8L~QTkX0DwQ?Npm?I^<k38Zry4a2!9&AM2AOwC`|@uh(6l
zOVriM2-c11?;n7m8|33y^9r`kYkM2>#&6)xdHzCyZk8?TN3U%}0eP;TeK<o>l1!{_
z^MVzHR#W4btTz6>^A^XAHmh^oY?~2Bx|kL1s0`oCa~1sjKB77eog~{$<jOr$Eg!O_
z6x=Gw=p~4_s9^EdG1WU~@{%z>r@T6p+omYsVKb535Wf%sZr7`+U5ICiRBoKuh|Gi<
zv+W*QAguQ5HQS*T-uVY8G?LK7+_GtBR^AuS*?+b8$Rg$f%y9|+7FOFm{RwCPKkX=%
zC-hF{w)OE!Xc{u2ZGWImFG3N4^l)=oKtuI6i73l-lKeY{WN3*^{D<&HZVGTFi)m#X
zjCkPQRkhm5HL%b}Q;{<^G`Ej9y?Z!lZWfCjFWJAtk~rz^{olAEu@rYb`<zp?OWV6r
z9(vFOiP*)Tb9$+r_vH(ZiPw%71AZ<Gu-HYq!_opNfUY9tHq%{yKRpJM>1qQl^8U@+
z(&BJ5UDWvC2?RZ0!S#ShA~<|eJ4#hm6~Iz+HMf%!Mkbch>g%<37h*?gX=xcv%G+UZ
zZ{EFF?d<__1@ZU@ylz1{QWmossr9eX_NLb)83(ciohxz<Gy$eclMHqPO&RJg10;fs
z(3t$(!QF_o{EVZql!vaiQYrS0TJMLKho_BPHm0p3VYL|_xxDy!W8J1+Oen^S;<CmX
zga8Gl8MhkrsQiZbGDvH~^UV1oJ&96z!f?jkSKFp{&Q@o<4*GlBeW-QG_0SO@f#-W4
zxcyBiSE8pIRuyZHOwBhmY$gMGOHTklU?W3p&9|<8SADB$pMb2AY*2Y2{KEDmSxEXI
z{2f#aYhn4r;8&;H21l)XW5!gVZRHje`&qT`du9^%&VmjhJLSD*$kP2kKim|Dav87Q
zk-Nor<<fbIN1H-WzDTwHq5)iX$Y116nuf4?La}oZR-%~N&^<XAn|ZYTb38wrU(f7M
z!rKC;33j&~SNbl_)qf&3;Kf1*7qtkK&xb_GBmeNSjHM*m7<YbH*Z1;AUasaj9%gN-
zGNbi^t87W(t(@JYDzrHsc*Y#I(GRY03cE?Ed+qCPUgs<?-WYS*cVbYH6cnbR#d|(o
zDX?!0{_b9SZ0enx(q$^mZEF_oM2|m2n1;5;ZpL#AlCYRzUFX`cP3uzi=YcP(7&elq
znb0k3eP&1B*eR4i!E?dsue-53ncuW+cs|7~*B82_Kti2P3;K*)WqP&(9W1!z)06&i
zy*11Cvyg1Qz{%aH5$ge=7Z`vZRUf`iP!MF+>^LzjEoRhIeZyg+VJZ>#_GcK&WO9KB
zUgeh?pTbTm=dpmh_-r1NDo(W$yZ$%&D1O=*gp2TN3<)#^wx@rt|FK=vUM;IbKX#V(
zFR5O6Cur4nG&+!`{@W^XIv;eL2xF(NF+~J@Y(YQr^^N{ps03be1dzC8Ysut~9^;@$
zMN@m-LFM}!vA30xe~aJ$kC^>mL;D5%^PNk5=)=)fC3nc3opCsk>!6NR!i47BFUdNs
z%ANYxNc=bI-mWod<poGd^SukCiEzbGlU9PJJ@9}-NRN?PUspEuLvThdhcC$JScNgH
zkK_HKreVwsUHC(k5Mnr|!vjH%1TUD}ckDhCZuiFMBtW0*ZphB7f2;2c)huX&JWGa(
zYwaEF!Sq?TT%R6_!?&u-v?vAgX$zw8_j^`Ls43?v(#IEOu`blR<#JwShSdvq&X^#c
z<n$5d^Tlz=o#jtQeotok1!?0x<aC2%mevY5U$fO8SMLAHlP~z5GLV45QnqKZMyu!2
zbcB39aSF65d_l#B^(^x%{(0N#-r86gaNYVfOU^~kow$GG>o+w_mE#v0hn8~&8L}=j
z$F?)QyLWn<{l+tr*=yK~^4>ez-LMzSbNu4{kvC|S_?ndE$|!W0t)U&h$a^=N9Mpk}
z0E`i2kuTgg;qUY_erlFKO1;6y%j%aQ+=AHdwx57A&cJ*tL@em;3ZAz!7Vu7PuznHl
zvXmE1$RYLJT6B*TO5HCt1=~{4742Fx(A|Au$*6k76g^MAw2Pyw$pFq+?t@R((J>AW
zJKD?|NY)@Bb}7;IX8=^H4<b7wc0bibY}m<gU(D?7Gl#;OY)YG3s;UmsYsR@LG!0`x
zYyg%H0E)64J>@Hr=|u+80ub(<CL*zptIZ0c4kTYaWoR~_x}XJP1K$4kf$ga6k2~VE
zp73&SJPx8uhjjZx-0;Vems4;+(||&udUyG&_*TQ-UX(y`#B!9$IB$L1=eK-N=o3za
z&;jr1?EJ7cG4fK{#c8aJ*1R3_HQJC|c(dU=)b`~4dW^?bU2`5z56syN41Dr(-6IVU
zAQ@<LSy`|up>l5_cbZB;3DX$onDR`-4t<{~Kh0`7ocf+k9VminWwx|&7@>CuV*taI
z`yj^l0ZU!{2^!}&l0KQ(ox4q2XDSY8aJ@=%EaA`CVn%fo`JAdJXlPc1zzR1)q1fje
zIAvUw<h;b#A}zLb0Oi%omJI=x)$?v9re(1FTxYiVSwE@OVMi}wllXBinQsLx=YSHD
z{JDVEyv}*o5%gg?m=Q%#7=BV(uCmaE^l-fIxgkLP&2%va@Z@(wfq;di1KA!3LKpwQ
zOM#65D<|+KZ?KpQ0i{i@h8xbvXF3VkzwVB}rq@nu;Jze0bt`nie&WCC97>u<>?q71
zzJ_Tj;@y$fcHdV*OB|JbaiEI)z+>Vo()C8Qp~i%*A8nWuW%lT8a#a(P{dB!xo0LI8
zc!~4Ul+6dgzPTc2+d!iNXnEl5q2kz851(&73IYw~&7gZJs3%H^sR`Ck<w=oN>E@Mg
z)?+0r9(ri+Urm_Tv<oToS=nspi+6DbRxgx5-ip<sDN>pT;677E_cpULJtq<tw<K`=
zMeA)(`QO{dlTeF2Hm_m%X&=eT6$U*h$J>2Vn~UGpscDhAX^9H4kI#ccKZ3mC<~_bR
zQ{D>m6jl8U?U#>y;+#n6vWG5hC3x4uUc44eal_2VY{AD-=V~z*I4z7{o(JwcutmH-
ziFb4dIGmSD)JkS(3vnK}_q$%$k%(1=mi5(N1hQL^&KNriiFcHqVa<<;UTn!-8}1r)
z=#9DkU)C02dOh$vl~brU_EsZ4Ew-$!qB2h(ny}F!^}=n|*|4A6(504e-@?MTHzJ%e
z3VnNpZaCKP4w99{#jP@N%~DV5qJ_o#wJNsrZ@}l5U`IITH`LigHx+aNEh4sUD~JM}
za9$2A<Qr4vel)_kz9L%QYia$R7wO3m*uQL>Z>tv+2c~GCNqeYvdN1fbX}~589O%!V
zCEPMZBG1e><jU3!mCDQp^E}_=Hl?+x+WNqsP$)s;Gvnp6Rdl+l$Ctz#{%p;Bh7ftz
z@Hi3VkmO}N?&%eCF!>g)3I&YRMA7*Uhen>PB6YT(N@?r21>Ic0V?BYu!R$E-rhnEB
zA1MUcsm-JyXZqVS1~7y0n%9Oe1!HNnDSmd#@kVz{L`0#Of})}@Y<*&QzY!3L9`++Y
z*msn#nQV%ece<+?AIu4+XCXl}cgQ(lFMQJx<e~F`@}7j_pThQn<`}4PnQ=I!r~lz?
z3or*eyUXzlpd<ER=M{A*+GN{8OP5dX`|&8YOEGjsWDkw62f&bKeZ;w%W{`E7s7fb7
zr#!8H4?7ioR@iqR91wj?G%863JGq3WOmMC38&;)*|9CjCAGM>R{}{s~*F8WxpwUb~
z@ikxZUZKf=G^$`9zq=Xp;s+V1JQ@2zzxr=ah9?qJ?C<22@Q=`ybo;?RMmQeu4e&7@
zV|bm`ds;+lbsy!AiW=F(ml!BSJd~7}lf4F&1KI5&5@>2CSt@X_7)JOc8ms{we+qw#
z5#BSk^Z90kpja~^BGiEYl1exGb(`Eg66~P;FRgTc0p_74+l1iqUTVC*?Hqm>2>*Yi
zqmpss^z4oV+%UVZLdfYfCdlu~(qv6682*s|Xs|ZNd)z@kRg^MCB?}%3?)l`l?0$$<
zX!FrR`0UU5npCEmv|jsT@GyxY?BL-7pT%k_)mO?3*2TYBIH6G4{p@24@!gIYKA5Jj
zZvWHq6x-;rFoaQP2@3O;fFo05PruU$DSHd$v)4-2+3F*cvOI6D4#IR)wa<HWM-_bT
zy;_XjTH9bHRgQ1N&AGNe<wrXwUIa?hr7K4=pduo3OJ7dsD!q}8Wi(w+>EkC@44<tR
zLUsx<28ISuC!L|FtLsdt)5T$ma4Nfv*%5lN3sPU*BD%rbI&`V4x6|Gy`(eDMc$m3S
zl8U}LkL)L5`F@LI)Mj4<+>TI1%5No}q<baj+r^cJ>Q%y}2s=%W5=PBL3F^_U=t>-P
zIqj#8f_bX+GSU$1vhCS^mWVA>ZG6bgx`sI%Sjw_=XG<;xmqs_Uta$}$ESCFD!u)Ud
z3m?>@5Z#q~^w_sBrFIVSr%7S=d0d-Oot>HG)*E0EF1c9GuNjKwmRqb|h36uc(t522
z(_qCzKk*_~bk|m!w1%>&?YL(EO!g_v?e||V0DzZ?1Br&xTxJY#l_!7Qky9Be=ZL1e
zFFGEeI0mL&?{j&MrU*AG@B^;e;NwU=O7k?@!!NU~XI^rMMN0u;1`J3Xr1|(Uh2?2U
z*F6wj5V+M7T+-K|%&z@+-tRewLvz2mOp|@+DC0S7Z#4vY2<RnB2b&P50a_3PQFRDR
zbL_z%199}25tLj6bdMzj{`@%d&^gdkdjq!A(cT^&f}qWuT-a{}#x5+mK>s1f(aP(~
z&?*1Yg*9{G&|<cW#+L(6IW!oV8XM~iU-}IQC$Be|2t>0t#zN5?UNa;r7pKBn$a2TS
z4=3xvzz|4oE;;X5P1|!cpFg90#~4~sEa#l>II-3mY@?>nN8&C2%*Muv9MBQ`3Unk@
z021ydV^_Z6Ows<gfu;?x2~gswGZlKmQom`t@@_`t@|=I(6$8d=*FU#a&<1{;&e?!R
zKNrk`^awI4UWGrjOoqImKHgGI8-$_IntrEq`-q@{)yF#-;t6#35y6caiG8BLKDph*
zA3uIj-?EU8i%SlI>_E!wiYnh?7y%O08<dq9P`*=tAH~?&(YpNr1|BbgM-|IH`n(<D
z_FeOrOT7WV^>rqwvDRH1-etxg+0H0|5g;4_I5sg%?<9UVhe}IJzc%5{R8;#g6Z8Jm
zJG02ek6D4*cpRrZX!DKLE+*3YPQX*at%6~-Int?|f~{geY6>Y>XCTbI_tnP^EjRrj
zA11+mT_dRYzG6Es#s7(d5oR8GHbvb(`rz5U=>}3kiWzO}aYpyH??Ffnh<+aAYJXqx
zdS^*1z>K0%KyC7yzpVi#!z>ZMl#7%;7t}JNGM(qor&k2$3o#nEtz-|297-%k6_xds
zR#zrrz@+4@Gf6mgAfUfh{JfQNDBkc4lCF%=r%r_QL?-szINo-%^;^Gh@BR7~!9L!I
zg6ns92US*#jc=bQsqt;AOmd{z545As2g8V`Kz~)G&y&_Hd^>vmkM+gM(MwDDX}M&C
zsC`3pve}RhThJ*Q7y_X0uAQCT$ugRtUD@_pKXTp4QL!Bt|F&B%yb??mM-_@?DeQX;
z%JmgXJEAwO5$rg=ju+6|l1ST(i;-_Gjk6Z>i^n(}PHHx#;Fhze^7CNHpmk>&i_J8m
zB0=lU3GjEGU97<wd#mQmV65a(Cw;{yY-BCfjNA)e%<)_7Wp@3DwMX_?d(V$A*ybCu
zGc(h6yg)@tO6rIOE3Ka+XD${I1pqaeI0F(mZ6E|SGV-8AxHO(qB4V;046hyaX1x>^
zu;YhUM%_){Y%ioJ(#FK9MuvW@)H=J9ZZe$*h+YPaizUsyUG!x+nl}i%bedc*II(n)
zLkUXxw6wI8`)WXL)TBKqUXwfuW-7h^_Ue8g1PT_IlndY;32~=_5KLNPbrX+2e#(c|
zsjCv&?bLy0dsKdYz8i?>u~R_9E)}13;v3D(D^jVDSqTmH%dl^(qjeviCHdIk9XF=o
zR3vxLHR#*D=7EKUg@z5O-)g#p%YB!+f-$MTB7nwUP+XjDa`USOXtj0z%kbF!e$a(8
z1OG^C(5XV7eE&}`AM_Dv^Lc+7nlx5#R>Nqo8G!?4v-NwEou*WOkxyYLxy}T}eBRLh
zW`JC!^+Eg9&A-U=_~V;+0K|C%qXUWS&?nD#z(NT?Kq7Rh49!Yk9t|=~eZnabcL0Vl
zSht}r9T23G*6Vb*+T3y^fSAS}+(Mg<DYv#Levly7ID+R~_6Ag*z%M>7X&m{z2|;^t
z&Uus}^FP?n1s_z{@{%7DdODrl%B@R8EBu>=_}I6v@J!*d$og_VCo^<ZkHYb<0rGPG
zgv$@^fX~>EGMiB??Wm*G!Y6C@ttC&%`JIf^NtVJl34v|Y)xcip*hz&e`<Ei@Ew;{E
zFT^y5eu_Vczk&F}@Q^Dwe8XR=7De#co5@vex)27W?~`axlS!6!>9j4D8dpkwqfew-
z7b&z0NHz3@rgfcaMpVl5Y~{Os-uz~xpoaA3uT#|RVA=}oMP3djPj>M=&|>G6e&5kf
zY)ZyCZLfE`5_}is4!gbVQ|V?n(two`s_pF9W*^RMOKT>x?jhR@ji}jpd1bn1n6{Pk
zbO8l-*CMImd=x1O=|)qTn%9(q`c0dX6t~5@37B_J4rd1pZAsr~_izaO`dm#vvHoyf
zwFLniH}=yUv1MC4O0F;*%tBJF54J7~K3m>Kmz+V;4{hYDj4n1w*EG8Nnd|xM=EULI
zf>r;SW$*kq&&wZy5^ncq`Q?DjANNmuPRu1}v%%O49C=l%I&stkPpDTTV@(zuy0;dl
z&C&6+!~P)Gua+KEJwM2WOsg*5kI5tS<yqA&2A0^Ht!lK#Vk52Di~M`>Ir$fyh~g6Q
zIE#$xah>cXhexod<efc=tdzU+&A%}CbDLo?-@Dcu+UsdyVQGCYdOdtr>*Mkw{|WZ(
ze5dVd=VQ{0ZZ8#{<TJOW<ETtdMalCQx8o;t_*Qx148Bww6a2iiN~VTl-5GX0lEcPq
zQDBBE+lm>XA0j6q)y}k@xqNcaU)kX>=c3h##e=K$hxisPky97d6s!qY&-=x<N;Jl_
zCkk3(m4I7xA(l+j<(*v@#{Lmn7qE{pSqQaR2+og;$GOqMMS~DxBPV7I)3%rfgL^x1
zF-9H}e8BGyBku&vPt};OZGJ&b-*z9Nt9W#W{O{umj3I&09QX~eOw`%QWZZ7Z8X=J<
z{I9!w1X2J%_-}yMi(|MUD!}-sK?s88J%~*ji~r9qBMKbd%CFL<oXDT)9pBRlAe!q?
zfJf3sf^Yijh(wEXMPU=_W=8V;!N>Dj5RV+&sL9NLcld)Q<Ej5s9ym?c*Xd!JfTML8
z=yv;8Bh=Q=de$hark7TSnAYD!LWvKisRWyg%G-m__Wi;MVZG^^1uHpoY0|Oa&2H!?
z;Hb1-R!2cA(H@{ln#m8qH%mebzB9~?XwK;#Y{xanyduTRT3t$cr0-E;sF2^I<zN?u
zUOGaJSqiq56Luec8aNK{CM}amxp`~gn;c`-fBS;^`Xx<2-7Wc!cI#8&6GiKU?wNM9
zStQB&#_rK(QXeg32lrpu>=rhiEMdXKOqb6uzOn#q?ZD7Tp^fW3%^Nr;Ypi`iD@?U7
zOml0;KfEH=BaYBSJ9F?Gk+E*A;mItV`DSRYlWv7lBHcJkUzQedUo10GWBxg3i+Z!6
zD!kIkav&FjB$jAGMhRpX1m8>56?3A@IKIL+nNom&-3QnGd7rzpjks9hu1-(I6IS<)
z1^$qHmcRI^;tgua>;Y7V)&pT*lY0@P2&nNqvI6(z%Qsb-K%9l_&W754wae%}P}@0x
ziDo(o2S(8irekxOZ+qc$_U+!AfaAQfv!b)`$*()7y2O`Ur6?R-&*~k~5D`D%i9{a<
zk7w(q0Zt2mNNOVlcol^9n~FWOUs3F({cd7E?Z*{|AY*o<iERcxPQPl6;#&{FukIik
M*R`)@A?`o@A2JJBa{vGU

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index f947451a77..62bdf664f0 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/26/2018
+ms.date: 03/03/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1403,7 +1403,14 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 </thead>
 <tbody>
-<tr class="odd">
+<tr>
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>IsEnabled</li>
+</ul>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)</td>
 <td style="vertical-align:top"><p>Added the following videos:</p>
 <ul>

From 3a5a7d6a9b431f0fb987f1d2ecb5da11552c22e7 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 14:50:28 -0800
Subject: [PATCH 087/119] update note in restore files from quarantine

---
 ...le-alerts-windows-defender-advanced-threat-protection.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 6708631bb3..c3162d20c2 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/09/2017
+ms.date: 03/06/2018
 ---
 
 # Take response actions on a file
@@ -48,7 +48,7 @@ The **Stop and Quarantine File** action includes stopping running processes, qua
 The action takes effect on machines with Windows 10, version 1703 or later, where the file was observed in the last 30 days.
 
 >[!NOTE]
->You’ll be able to remove the file from quarantine at any time.
+>You’ll be able to restore the file from quarantine at any time.
 
 ### Stop and quarantine files
 1.	Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
@@ -101,7 +101,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
   ```
 
 > [!NOTE]
-> Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
+> Windows Defender ATP will restore all files that were quarantined on this machine in the last 30 days.
 
 ## Block files in your network
 You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.

From 6386aa97e57d0451ef902937c600e83e2abb756a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 6 Mar 2018 16:00:07 -0800
Subject: [PATCH 088/119] add line to access threat analytics

---
 ...at-analytics-windows-defender-advanced-threat-protection.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
index 6fa550565a..e2bb30d5ac 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
@@ -45,6 +45,9 @@ Threat analytics helps you continually assess and control risk exposure to Spect
 - **Microcode mitigation**: Identifies machines that have installed the necessary microcode updates or those that do not require them
 - **Overall mitigation status**: Identifies the completeness by which machines have mitigated against the Spectre and Meltdown exploits 
 
+
+To access Threat analytics, from the navigation pane select **Dashboards** > **Threat analytics**.
+
 Click a section of each chart to get a list of the machines in the corresponding mitigation status.
 
 

From f86abfb7d629815a9ebf7773b1a3089cdca23a09 Mon Sep 17 00:00:00 2001
From: Kaushik Ainapure <kaushika@microsoft.com>
Date: Wed, 7 Mar 2018 14:05:31 +0000
Subject: [PATCH 089/119] Updating CEIPEnabled column

The first table incorrectly states that the default value for CEIPEnabled is "False". On Windows 7 machines it's "True".
---
 mdop/uev-v1/deploying-the-ue-v-agent.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mdop/uev-v1/deploying-the-ue-v-agent.md b/mdop/uev-v1/deploying-the-ue-v-agent.md
index df6cebfaaa..8656b04ed5 100644
--- a/mdop/uev-v1/deploying-the-ue-v-agent.md
+++ b/mdop/uev-v1/deploying-the-ue-v-agent.md
@@ -82,7 +82,8 @@ The Microsoft User Experience Virtualization (UE-V) agent must run on each compu
 <td align="left"><p>CEIPEnabled</p></td>
 <td align="left"><p>Specifies the setting for participation in the Customer Experience Improvement program. If set to true, then installer information is uploaded to the Microsoft Customer Experience Improvement Program site. If set to false, then no information is uploaded.</p></td>
 <td align="left"><p>True | False</p>
-<p><strong>Default</strong>: False</p></td>
+<p><strong>Default</strong>: False</p>
+<p><strong>On Windows 7</strong>: True</p></td>
 </tr>
 </tbody>
 </table>

From 474847d53043dec9d1f605a20673023de61f5aa5 Mon Sep 17 00:00:00 2001
From: Barry Langer <barlan@microsoft.com>
Date: Wed, 7 Mar 2018 09:55:40 -0800
Subject: [PATCH 090/119] removing note about Azure AD conditional access

---
 .../surface-hub/manage-settings-with-mdm-for-surface-hub.md  | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 735c1a071f..238158def7 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub, mobility
 author: jdeckerms
 ms.author: jdecker
-ms.date: 02/16/2018
+ms.date: 03/07/2018
 ms.localizationpriority: medium
 ---
 
@@ -24,9 +24,6 @@ Surface Hub has been validated with Microsoft’s first-party MDM providers:
 
 You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
 
->[!NOTE]
->[Azure Active Directory conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access) is not currently available for Surface Hub devices.
-
 ## <a href="" id="enroll-into-mdm"></a>Enroll a Surface Hub into MDM
 You can enroll your Surface Hubs using bulk or manual enrollment.
 

From 03c7e994c5598f35dfbb9cb0e253d12a79d0378f Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Wed, 7 Mar 2018 22:45:39 +0000
Subject: [PATCH 091/119] Merged PR 6230: Added video walkthrough about
 ADMX-backed policies

---
 .../mdm/enable-admx-backed-policies-in-mdm.md | 12 +++++++++-
 .../mdm/understanding-admx-backed-policies.md | 23 ++++---------------
 2 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index beaaf83a87..3cbe681524 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -297,4 +297,14 @@ The \<Data> payload is empty. Here an example to set AppVirtualization/Publishin
     <Final/>
   </SyncBody>
 </SyncML>
-```
\ No newline at end of file
+```
+
+## Video walkthrough
+
+Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune.
+
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121]
+
+Here is a video of how to import a custom ADMX file to a device using Intune.
+
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73]
\ No newline at end of file
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index 6e079fbf78..16f22e3436 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -15,23 +15,6 @@ Due to increased simplicity and the ease with which devices can be targeted, ent
 
 Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support will be expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the Policy configuration service provider (CSP). This expanded access ensures that enterprises do not need to compromise security of their devices in the cloud.
 
-## In this section
-
--   [Background](#background)
--   [ADMX files and the Group Policy Editor](#admx-files-and-the-group-policy-editor)
--   [ADMX-backed policy examples](#admx-backed-policy-examples)
-    - [Enabling a policy](#enabling-a-policy)
-    - [Disabling a policy](#disabling-a-policy)
-    - [Setting a policy to not configured](#setting-a-policy-to-not-configured)
--   [Sample SyncML for various ADMX elements](#sample-syncml-for-various-admx-elements)
-    - [Text Element](#text-element)
-    - [MultiText Element](#multitext-element)
-    - [List Element (and its variations)](#list-element)
-    - [No Elements](#no-elements)
-    - [Enum](#enum)
-    - [Decimal Element](#decimal-element)
-    - [Boolean Element](#boolean-element)
-
 ## <a href="" id="background"></a>Background
 
 In addition to standard policies, the Policy CSP can now also handle ADMX-backed policies. In an ADMX-backed policy, an administrative template contains the metadata of a Window Group Policy and can be edited in the Local Group Policy Editor on a PC. Each administrative template specifies the registry keys (and their values) that are associated with a Group Policy and defines the policy settings that can be managed. Administrative templates organize Group Policies in a hierarchy in which each segment in the hierarchical path is defined as a category. Each setting in a Group Policy administrative template corresponds to a specific registry value. These Group Policy settings are defined in a standards-based, XML file format known as an ADMX file. For more information, see [Group Policy ADMX Syntax Reference Guide](https://technet.microsoft.com/en-us/library/cc753471(v=ws.10).aspx). 
@@ -47,13 +30,15 @@ An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policy
 
 Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX-backed policies supported by MDM, see [Policy CSP - ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider#admx-backed-policies).
 
+## Video walkthrough
+
 Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune.
 
-<iframe width="560" height="315" src="https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121" frameborder="0" allowfullscreen></iframe>
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121]
 
 Here is a video of how to import a custom ADMX file to a device using Intune.
 
-<iframe width="560" height="315" src="https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73" frameborder="0" allowfullscreen></iframe>
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73]
 
 ## <a href="" id="admx-files-and-the-group-policy-editor"></a>ADMX files and the Group Policy Editor
 

From 832568758c590eb674a3bc71b79a99c13b401584 Mon Sep 17 00:00:00 2001
From: "Tim Mangan (MVP)" <TIm@tmurgent.onmicrosoft.com>
Date: Thu, 8 Mar 2018 14:51:18 -0500
Subject: [PATCH 092/119] Update Applies To

---
 .../app-v/appv-performance-guidance.md                       | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index a9ee4e4cc8..5fe043b48f 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -13,7 +13,10 @@ ms.date: 04/19/2017
 # Performance Guidance for Application Virtualization
 
 **Applies to**
--   Windows 10, version 1607
+-   Windows 7 SP1
+-   Windows 10 
+-   Server 2012 R2
+-   Server 2016
 
 Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 

From 7860d83fb61377c1b6bfc3bb43cc55f3cc94b835 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Mar 2018 11:55:29 -0800
Subject: [PATCH 093/119] capability / feature rename

---
 ...ows-defender-advanced-threat-protection.md |  4 ++--
 ...ows-defender-advanced-threat-protection.md | 18 ++++++++---------
 ...ows-defender-advanced-threat-protection.md |  4 ++--
 ...ows-defender-advanced-threat-protection.md |  8 ++++----
 ...ows-defender-advanced-threat-protection.md | 20 +++++++++----------
 ...ows-defender-advanced-threat-protection.md |  6 +++---
 ...ows-defender-advanced-threat-protection.md |  4 ++--
 7 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index fea04741f7..489d6db5d4 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/09/2017
+ms.date: 03/12/2018
 ---
 
 # View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -135,7 +135,7 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
 
 ## Related topics
 - [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
 - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
index 2ff55bdc25..fc7325015e 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: Enable Security Analytics in Windows Defender ATP
-description: Set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard.
-keywords: enable security analytics, baseline, calculation, analytics, score, security analytics dashboard, dashboard
+title: Enable Secure score security controls in Windows Defender ATP
+description: Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard.
+keywords: secure score, baseline, calculation, score, secure score dashboard, dashboard, windows defender antivirus, av, exploit guard, application guard, smartscreen
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 03/12/2018
 ---
 
-# Enable Security Analytics security controls
+# Enable Secure score security controls
 
 **Applies to:**
 
@@ -25,21 +25,21 @@ ms.date: 10/16/2017
 
 
 
-Set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
+Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
 
   >[!NOTE]
   >Changes might take up to a few hours to reflect on the dashboard. 
 
-1. In the navigation pane, select **Preferences setup** > **Security Analytics**.
+1. In the navigation pane, select **Preferences setup** > **Secure score**.
 
-    ![Image of Security Analytics controls from Preferences setup menu](images/atp-enable-security-analytics.png)
+    ![Image of Secure score controls from Preferences setup menu](images/atp-enable-security-analytics.png)
 
 2. Select the security control, then toggle the setting between **On** and **Off**.
 
 3. Click **Save preferences**.
 
 ## Related topics
-- [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index 4c24bf012f..b25f671461 100644
--- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/23/2017
+ms.date: 03/12/2018
 ---
 
 # View and organize the Windows Defender ATP Machines list
@@ -80,7 +80,7 @@ Filter the list to view specific machines that are well configured or require at
 - **Well configured** - Machines have the Windows Defender security controls well configured. 
 - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
 
-For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
+For more information, see [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
 
 **Malware category alerts**</br>
 Filter the list to view specific machines grouped together by the following malware categories:
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index adef15a6bb..14d4fc1ac4 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: DulceMV
 ms.localizationpriority: high
-ms.date: 10/19/2017
+ms.date: 03/12/2018
 ---
 
 # Windows Defender Advanced Threat Protection portal overview
@@ -51,11 +51,11 @@ You can navigate through the portal using the menu options available in all sect
 Area | Description
 :---|:---
 (1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
-**Dashboards**	| Enables you to view the Security operations or the Security analytics dashboard.
-**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
+**Dashboards**	| Allows you to access the Security operations or the Secure score dashboard.
+**Alerts queue** | Allows you to view separate queues: new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
 **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
-**Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Security analytics dashboard.
+**Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure score dashboard.
 **Endpoint management** |	Provides access to endpoints such as clients and servers. Allows you to download the onboarding configuration package for endpoints. It also provides access to endpoint offboarding.
 **Community center** | Access the Community center to learn, collaborate, and share experiences about the product. 
 (2) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
diff --git a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
index a7f177c650..6ea27c4f75 100644
--- a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
-title: View the Security Analytics dashboard in Windows Defender ATP
-description: Use the Security Analytics dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
-keywords: security analytics, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverage, security control, improvement opportunities, edr, antivirus, av, os security updates
+title: View the Secure score dashboard in Windows Defender ATP
+description: Use the Secure score dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
+keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverage, security control, improvement opportunities, edr, antivirus, av, os security updates
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,10 +9,10 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 11/17/2017
+ms.date: 03/12/2018
 ---
 
-# View the Windows Defender Advanced Threat Protection Security analytics dashboard
+# View the Windows Defender Advanced Threat Protection Secure score dashboard
 
 **Applies to:**
 
@@ -27,18 +27,18 @@ ms.date: 11/17/2017
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) 
 
 
-The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
+The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
 
 >[!IMPORTANT]
 > This feature is available for machines on Windows 10, version  1703 or later. 
 
-The **Security analytics dashboard** displays a snapshot of:
+The **Secure score dashboard** displays a snapshot of:
 - Organizational security score
 - Security coverage
 - Improvement opportunities
 - Security score over time
 
-![Security analytics dashboard](images/atp-dashboard-security-analytics-full.png)
+![Secure score dashboard](images/atp-dashboard-security-analytics-full.png)
 
 ## Organizational security score
 The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings.
@@ -52,7 +52,7 @@ The denominator is reflective of the organizational score potential and calculat
 
 In the example image, the total points from the **Improvement opportunities** tile add up to 321 points for the six pillars from the **Security coverage** tile.
 
-You can set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard through the **Preferences settings**. For more information, see [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md).
+You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Preferences settings**. For more information, see [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md).
 
 ## Security coverage
 The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
@@ -241,7 +241,7 @@ For more information, see [Windows Defender SmartScreen](../windows-defender-sma
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
 
 ## Related topics
-- [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md)
+- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md)
 - [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index 75aed7ba70..9ec694fdde 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 02/13/2018
+ms.date: 03/12/2018
 ---
 
 # Use the Windows Defender Advanced Threat Protection portal
@@ -31,7 +31,7 @@ You can use the Windows Defender ATP portal to carry out an end-to-end security
 
 Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
 
-Use the **Security analytics** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+Use the **Secure score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
 
 
 ### In this section
@@ -40,6 +40,6 @@ Topic | Description
 :---|:---
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions.
 [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
-[View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Security Analytics dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index 42fe8383b5..a82528a68f 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection - Windows Defender
 description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, analytics, threat intelligence
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, score, threat intelligence
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/13/2017
+ms.date: 03/12/2018
 ---
 
 # Windows Defender Advanced Threat Protection

From 5980e1ed82a39eef75574b8b80e0e09e8dfc7b3f Mon Sep 17 00:00:00 2001
From: Raymond Comvalius <nextxpert@outlook.com>
Date: Thu, 8 Mar 2018 12:10:37 -0800
Subject: [PATCH 094/119] Added configuration of the settingsstoragepath

---
 .../configuration/ue-v/uev-getting-started.md | 35 +++++++++++++++----
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index ef86f5916c..5ec8571305 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -6,7 +6,7 @@ ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 03/08/2018
 ---
 
 # Get Started with UE-V
@@ -25,7 +25,7 @@ The standard installation of UE-V synchronizes the default Microsoft Windows and
 
 -   [Step 2: Deploy the settings storage location](#step-2-deploy-the-settings-storage-location). Explains how to deploy a settings storage location. All UE-V deployments require a location to store settings packages that contain the synchronized setting values.
 
--   [Step 3: Enable the UE-V service](#step-3-enable-the-ue-v-service-on-user-devices). Explains how to enable to UE-V service on user devices. To synchronize settings using UE-V, devices must have the UE-V service enabled and running.
+-   [Step 3: Enable and configure the UE-V service](#step-3-enable-the-ue-v-service-on-user-devices). Explains how to enable to UE-V service on user devices and configure the storage path. To synchronize settings using UE-V, devices must have the UE-V service enabled and running.
 
 -   [Step 4: Test Your UE-V evaluation deployment](#step-4-test-your-ue-v-evaluation-deployment). Run a few tests on two computers with the UE-V service enabled to see how UE-V works and if it meets your organization’s needs.
 
@@ -73,13 +73,34 @@ You’ll need to deploy a settings storage location, a standard network share wh
 
 2.  Set the registry key value to *1*.
 
-## Step 3: Enable the UE-V service on user devices
+## Step 3: Enable and configure the UE-V service on user devices
 
 For evaluation purposes, enable the service on at least two devices that belong to the same user in your test environment.
 
 The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
 
-Before enabling the UE-V service, you'll need to register the UE-V templates for first use. In a PowerShell window, type `register-TemplateName` where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
+Before enabling the UE-V service, you'll need to register the UE-V templates for first use. In a PowerShell window, type `Register-UevTemplate [TemplateName]` where **TemplateName** is the name of the UE-V template you want to register, and press ENTER. For instance, to register all built-in UE-V templates, use the following PowerShell Command:
+'Get-childItem c:\programdata\Microsoft\UEV\InboxTemplates\*.xml|% {Register-UevTemplate $_.Fullname}'
+
+A storage path must be configured on the client-side to tell where the personalized settings are stored. 
+
+**To set the storage path for UE-V with Group Policy**
+
+1.  Open the device’s **Group Policy Editor**.
+
+2.  Navigate to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft** **User Experience Virtualization**.
+
+3.  Double click **Settings storage path**.
+
+4.  Select **Enabled**, fill in the **Settings storage path**, and click **OK**.
+
+    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+
+**To set the storage path for UE-V with PowerShell**
+
+1.  In a PowerShell window, type **Set-uevConfiguration -SettingsStoragePath [StoragePath]** where **[StoragePath]** is the path to the location created in step 2 followed by **\%username%**.
+
+    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
 
 With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
 
@@ -89,9 +110,11 @@ With Windows 10, version 1607 and later, the UE-V service is installed on user d
 
 2.  Navigate to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft** **User Experience Virtualization**.
 
-3.  Run **Enable UEV**.
+3.  Double click **Use Users Experience Virtualization (UE-V)**.
 
-4.  Restart the device.
+4.  Select **Enabled** and click **OK**.
+
+5.  Restart the device.
 
 **To enable the UE-V service with Windows PowerShell**
 

From 777d6169e62c46f4320b05e0ad8a50c801ecfa30 Mon Sep 17 00:00:00 2001
From: "Tim Mangan (MVP)" <TIm@tmurgent.onmicrosoft.com>
Date: Thu, 8 Mar 2018 15:39:02 -0500
Subject: [PATCH 095/119] Update
 appv-running-locally-installed-applications-inside-a-virtual-environment.md

---
 ...talled-applications-inside-a-virtual-environment.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index 4dd867d228..c404cdd892 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -6,14 +6,17 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 03/08/2018
 ---
 
 
 # Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 
 **Applies to**
--   Windows 10, version 1607
+-   Windows 7 SP1
+-   Windows 10
+-   Windows Server 2012 R2
+-   Windows Server 2016
 
 You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you:
 
@@ -42,6 +45,7 @@ There is no Group Policy setting available to manage this registry key, so you h
 
 Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
 
+
 ### Steps to create the subkey
 
 1.  Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**.
@@ -79,7 +83,7 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo
     <li><p>If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.</p></li>
     <li><p>Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.</p></li>
     <li><p>The key under which you create the subkey must match the publishing method you used for the package.</p>
-    <p>For example, if you published the package to the user, you must create the subkey under <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</code>.</p></li>
+    <p>For example, if you published the package to the user, you must create the subkey under <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</code>. Do not add a key for the same application under both hives.</p></li>
     </ul></td>
     </tr>
     </tbody>

From 29921aaa71eb600399a6a22b03fc8270c115ab57 Mon Sep 17 00:00:00 2001
From: Celeste de Guzman <celested@microsoft.com>
Date: Thu, 8 Mar 2018 13:43:27 -0800
Subject: [PATCH 096/119] updated the Microsoft Teams link for IT admins to
 point to the docs that's on DMC (new)

---
 education/index.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/education/index.md b/education/index.md
index 3e75f1c5ee..1f982844d6 100644
--- a/education/index.md
+++ b/education/index.md
@@ -272,7 +272,7 @@ ms.date: 10/30/2017
                                 </a>
                             </li>
                             <li>
-                                <a href="https://onedrive.live.com/view.aspx?resid=91F4E618548FC604!2261&ithint=file%2cdocx&app=Word&authkey=!AOgLvpbaerOOfwM" target="_blank">
+                                <a href="https://docs.microsoft.com/en-us/microsoftteams/teams-quick-start-edu" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -283,7 +283,7 @@ ms.date: 10/30/2017
                                                 </div>
                                                 <div class="cardText">
                                                     <h3>Microsoft Teams</h3>
-                                                    <p>Make the most of Microsoft Teams and find out how to deploy, launch pilot teams, and launch Teams to the rest of your institution.</p>
+                                                    <p>Make the most of Microsoft Teams and find out how to deploy, launch pilot teams, and launch Teams to the rest of your organization.</p>
                                                 </div>
                                             </div>
                                         </div>

From 6a35f0ab3c4db6b5808b0cecb5f35ba1065f8812 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Mar 2018 15:16:09 -0800
Subject: [PATCH 097/119] update toc label for secure score

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e0c3ba2050..d5c63e1673 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -39,7 +39,7 @@
 ### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
 #### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Security analytics dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Secure score dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 #### [View the Threat analytics dashboard](windows-defender-atp\threat-analytics-windows-defender-advanced-threat-protection.md)
 
 ###Investigate and remediate threats

From f7eddd127e4e2c7041165f0d2726a8406535ec74 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Thu, 8 Mar 2018 23:42:40 +0000
Subject: [PATCH 098/119] Merged PR 6260: Updated description for the
 ShellLauncher node in AssignedAccess CSP

---
 windows/client-management/mdm/assignedaccess-csp.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 554704a16d..b08768dc86 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -101,6 +101,8 @@ Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration
 
 > [!Note]  
 > You cannot set both ShellLauncher and Configuration at the same time on the device.
+>
+> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU.
 
 <a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
 Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.

From 9349e1eb5776b94282d79afd935a9021b3293032 Mon Sep 17 00:00:00 2001
From: chintanpatel <chintanpatel@users.noreply.github.com>
Date: Fri, 9 Mar 2018 09:52:03 -0800
Subject: [PATCH 099/119] Update configure-wd-app-guard.md

---
 .../configure-wd-app-guard.md                                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 07eb24860e..991d95bf12 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -29,7 +29,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
 |Policy name|Supported versions|Description|
 |-----------|------------------|-----------|
 |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
-|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
+|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may use "." as a wildcard character to automatically trust subdomains. Configuring '.constoso.com' will automatically trust 'subdomain1.contoso.com', 'subdomain2.contoso.com etc. |
 |Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
 
 ### Application-specific settings

From e814dbc200e8b73424228ee44837951ff18e5c76 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Fri, 9 Mar 2018 11:26:26 -0800
Subject: [PATCH 100/119] typo

"manage" instead of "manager"
---
 browsers/edge/available-policies.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 8f9901dcb2..016f1295f1 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -24,7 +24,7 @@ By using Group Policy and Intune, you can set up a policy setting once, and then
 > For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
 
 ## Group Policy settings
-Microsoft Edge works with the following Group Policy settings to help you manager your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: 
+Microsoft Edge works with the following Group Policy settings to help you manage your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: 
 
 `Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`
 
@@ -1007,4 +1007,4 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
         - **1 (default).** Employees can sync between PCs.
 
 ## Related topics
-* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
\ No newline at end of file
+* [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)

From 3d599f14436c376c0718d20fc5ee5d682d49461f Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Fri, 9 Mar 2018 12:06:56 -0800
Subject: [PATCH 101/119] populated some content on the WA landing node to
 unblock Greg

---
 windows/deployment/TOC.md                     |  2 +-
 .../update/windows-analytics-overview.md      | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 windows/deployment/update/windows-analytics-overview.md

diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index df889e6bbf..634d132448 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -229,7 +229,7 @@
 #### [Olympia Corp enrollment](update/olympia/olympia-enrollment-guidelines.md)
 ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
 
-## Windows Analytics
+## [Windows Analytics](update/windows-analytics-overview.md)
 ### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
 #### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
 #### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
diff --git a/windows/deployment/update/windows-analytics-overview.md b/windows/deployment/update/windows-analytics-overview.md
new file mode 100644
index 0000000000..d500f271dd
--- /dev/null
+++ b/windows/deployment/update/windows-analytics-overview.md
@@ -0,0 +1,51 @@
+---
+title: Windows Analytics
+description: Introduction and overview of Windows Analytics
+keywords: Device Health, Upgrade Readiness, Update Compliance, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.date: 03/09/2018
+ms.pagetype: deploy
+author: jaimeo
+---
+
+# Windows Analytics overview
+
+Windows Analytics is a set of solutions for Microsoft Operations Management Suite (OMS) that provide you with extensive data about the state of devices in your deployment. There are currently three solutions which you can use singly or in any combination:
+
+## Device Health
+
+[Device Health](device-health-get-started.md) provides the following:
+
+- Identification of devices that crash frequently, and therefore might need to be rebuilt or replaced
+- Identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes
+- Notification of Windows Information Protection misconfigurations that send prompts to end users
+
+
+## Update Compliance
+
+[Update Compliance](update-compliance-get-started.md) shows you the state of your devices with respect to the Windows updates so that you can ensure that they are on the most current updates as appropriate. In addition, Update Compliance provides the following:
+
+- Dedicated drill-downs for devices that might need attention
+- An inventory of devices, including the version of Windows they are running and their update status
+- The ability to track protection and threat status for Windows Defender Antivirus-enabled devices
+- An overview of Windows Update for Business deferral configurations (Windows 10, version 1607 and later)
+- Powerful built-in log analytics to create useful custom queries
+- Cloud-connected access utilizing Windows 10 diagnostic data means no need for new complex, customized infrastructure
+
+## Upgrade Readiness
+
+[Upgrade Readiness](../upgrade/upgrade-readiness-get-started.md) offers a set of tools to plan and manage the upgrade process end to end, allowing you to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. Upgrade Readiness not only supports upgrade management from Windows 7 and Windows 8.1 to Windows 10, but also Windows 10 upgrades in the Windows as a Service model.
+
+Use Upgrade Readiness to get:
+
+- A visual workflow that guides you from pilot to production
+- Detailed computer and application inventory
+- Powerful computer-level search and drill-downs
+- Guidance and insights into application and driver compatibility issues, with suggested fixes
+- Data-driven application rationalization tools
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+- Data export to commonly used software deployment tools, including System Center Configuration Manager 
+
+To get started with any of these solutions, visit the links for instructions to add it to OMS.
\ No newline at end of file

From 049ea1f190f15b747f94e18cf1359db77264bb04 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Fri, 9 Mar 2018 20:23:01 +0000
Subject: [PATCH 102/119] Merged PR 6278: Add troubleshooting info for
 powerwash

---
 devices/hololens/hololens-provisioning.md     |  3 +++
 education/windows/change-history-edu.md       |  8 ++++++-
 .../windows/windows-automatic-redeployment.md | 24 ++++++++++++++++++-
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index 44d24432f7..2c07c79718 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -68,6 +68,9 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
 
 6. On the **Select security details for the provisioning package**, click **Next**.
 
+    >[WARNING!]
+    >If you encrypt the provisioning package, provisioning the HoloLens device will fail.  
+
 7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
 
     Optionally, you can click **Browse** to change the default output location.
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index ca5709975a..0775c1d4c7 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -8,13 +8,19 @@ ms.sitesec: library
 ms.pagetype: edu
 author: CelesteDG
 ms.author: celested
-ms.date: 11/27/2017
+ms.date: 03/08/2018
 ---
 
 # Change history for Windows 10 for Education
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## March 2018
+
+New or changed topic | Description
+--- | ---
+[Reset devices with Windows Automatic Redeployment](windows-automatic-redeployment.md) | Added section for troubleshooting Windows Automatic Redeployment.
+
 ## November 2017
 
 | New or changed topic | Description |
diff --git a/education/windows/windows-automatic-redeployment.md b/education/windows/windows-automatic-redeployment.md
index cbeaace1d6..f65d87c10f 100644
--- a/education/windows/windows-automatic-redeployment.md
+++ b/education/windows/windows-automatic-redeployment.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 12/11/2017
+ms.date: 03/08/2018
 ---
 
 # Reset devices with Windows Automatic Redeployment 
@@ -25,6 +25,9 @@ To enable Windows Automatic Redeployment in Windows 10, version 1709 (Fall Creat
 2. [Trigger a reset for each device](#trigger-windows-automatic-redeployment)
 
 ## Enable Windows Automatic Redeployment
+
+To use Windows Automatic Redeployment, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).
+
 **DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Windows Automatic Redeployment. It is a policy node in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This ensures that Windows Automatic Redeployment isn't triggered by accident.
 
 You can set the policy using one of these methods:
@@ -84,6 +87,25 @@ Windows Automatic Redeployment is a two-step process: trigger it and then authen
 
     Once provisioning is complete, the device is again ready for use.
 
+<span id="winre"/>
+## Troubleshoot Windows Automatic Redeployment
+
+Windows Automatic Redeployment will fail when the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is not enabled on the device. You will see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
+
+To check if WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+
+```
+reagent /info
+```
+
+If WinRE is not enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+
+```
+reagent /enable
+```
+
+If Windows Automatic Reployment fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
+
 ## Related topics
 
 [Set up Windows devices for education](set-up-windows-10.md)

From e7244ca35ee7750dfa0faf52ac5ce835c1c540ba Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Fri, 9 Mar 2018 22:55:01 +0000
Subject: [PATCH 103/119] Merged PR 6285: Add new yaml index to deployment node
 with cards

Add new yaml index to deployment node with cards
---
 windows/deployment/TOC.md                     |   2 +-
 .../change-history-for-deploy-windows-10.md   |   2 +-
 windows/deployment/docfx.json                 |   3 +-
 windows/deployment/index.md                   |  76 -------------
 windows/deployment/index.yml                  | 104 ++++++++++++++++++
 .../change-history-for-update-windows-10.md   |   2 +-
 6 files changed, 109 insertions(+), 80 deletions(-)
 delete mode 100644 windows/deployment/index.md
 create mode 100644 windows/deployment/index.yml

diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 634d132448..b110f3c3c8 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -1,4 +1,4 @@
-# [Deploy and update Windows 10](index.md)
+# [Deploy and update Windows 10](https://docs.microsoft.com/en-us/windows/deployment)
 
 ## [What's new in Windows 10 deployment](deploy-whats-new.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index bd0da028fe..5f48b4eb49 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -10,7 +10,7 @@ ms.date: 11/08/2017
 ---
 
 # Change history for Deploy Windows 10
-This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
+This topic lists new and updated topics in the [Deploy Windows 10](https://docs.microsoft.com/en-us/windows/deployment) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
 
 ## November 2017
 
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index 0c1117e840..353f473c8c 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -3,7 +3,8 @@
     "content": [
       {
         "files": [
-          "**/*.md"
+          "**/*.md",
+          "**/*.yml"
         ],
         "exclude": [
           "**/obj/**",
diff --git a/windows/deployment/index.md b/windows/deployment/index.md
deleted file mode 100644
index f63641d04f..0000000000
--- a/windows/deployment/index.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-title: Deploy and update Windows 10 (Windows 10)
-description: Deploying and updating Windows 10 for IT professionals.
-ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.localizationpriority: high
-ms.date: 12/13/2017
-author: greg-lindsay
----
-
-# Deploy and update Windows 10
-
-Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10. The following sections and topics are available.
-
-|Topic |Description |
-|------|------------|
-|[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
-|[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
-|[Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) |Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). |
-|[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
-
-
-## Deploy Windows 10
-
-Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment.
-
-|Topic |Description |
-|------|------------|
-|[Overview of Windows AutoPilot](windows-autopilot/windows-10-autopilot.md) |Windows AutoPilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices. |
-|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
-|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
-|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about media available in the Microsoft Volume Licensing Service Center. |
-|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
-|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
-|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
-|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
-|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
-|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
-
-## Update Windows 10
-
-Information is provided about keeping Windows 10 up-to-date.
-
-|Topic |Description |
-|------|------------|
-| [Quick guide to Windows as a service](update/waas-quick-start.md) | Provides a brief summary of the key points for the new servicing model for Windows 10. |
-| [Overview of Windows as a service](update/waas-overview.md) | Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
-| [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
-| [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.  |
-| [Assign devices to servicing branches for Windows 10 updates](update/waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider. |
-| [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.  |
-| [Optimize update delivery for Windows 10 updates](update/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
-| [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
-| [Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
-| [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
-| [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates.  |
-| [Manage device restarts after updates](update/waas-restart.md) | Explains how to manage update related device restarts. |
-| [Manage additional Windows Update settings](update/waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
-| [Windows Insider Program for Business](update/waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |
-
-## Additional topics
-
-|Topic |Description |
-|------|------------|
-|[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
new file mode 100644
index 0000000000..649a715cf9
--- /dev/null
+++ b/windows/deployment/index.yml
@@ -0,0 +1,104 @@
+### YamlMime:YamlDocument
+
+documentType: LandingData
+title: Deploy and update Windows 10
+metadata:
+  document_id: 
+  title: Deploy and update Windows 10
+  description: Deploying and updating Windows 10 for IT professionals.
+  keywords: deploy, update, Windows, service, Microsoft365, e5, e3
+  ms.localizationpriority: high
+  author: greg-lindsay
+  ms.author: greglin
+  manager: elizapo
+  ms.date: 02/09/2018
+  ms.topic: article
+  ms.devlang: na
+
+sections:
+- items:
+  - type: markdown
+    text: Learn about deployment of Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10.  
+- items:
+  - type: list
+    style: cards
+    className: cardsM
+    columns: 3
+    items:
+    - href: windows-10-deployment-scenarios
+      html: <p>Understand the different ways that Windows 10 can be deployed</p>
+      image:
+        src: https://docs.microsoft.com/en-us/media/common/i_deploy.svg"
+      title: Windows 10 deployment scenarios
+    - href: update
+      html: <p>Update Windows 10 in the enterprise</p>
+      image:
+        src: https://docs.microsoft.com/media/common/i_upgrade.svg
+      title: Windows as a service
+    - href: upgrade/windows-analytics-overview
+      html: <p>Windows Analytics provides deep insights into your Windows 10 environment.</p>
+      image:
+        src: https://docs.microsoft.com/media/common/i_investigate.svg
+      title: Windows Analytics
+- title:
+- items:
+  - type: markdown
+    text: "
+      <br>
+      <table border='0'>
+      <tr><td>[What's new in Windows 10 deployment](deploy-whats-new.md) </td><td>See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. </td>
+      <tr><td>[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) </td><td>To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. </td>
+      <tr><td>[Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) </td><td>Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). </td>
+      <tr><td>[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) </td><td>This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. </td>
+      </table>
+      "
+- title: Deploy Windows 10
+- items:
+  - type: markdown
+    text: "
+      Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment.
+      <br>&nbsp;<br>
+      <table border='0'><tr><td>Topic</td><td>Description</td></tr>
+      <tr><td>[Overview of Windows AutoPilot](windows-autopilot/windows-10-autopilot.md) </td><td>Windows AutoPilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices. </td>
+      <tr><td>[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) </td><td>This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. </td>
+      <tr><td>[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) </td><td>This topic provides information about support for upgrading from one edition of Windows 10 to another. </td>
+      <tr><td>[Windows 10 volume license media](windows-10-media.md) </td><td>This topic provides information about media available in the Microsoft Volume Licensing Service Center. </td>
+      <tr><td>[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) </td><td>With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.</td> 
+      <tr><td>[Windows 10 deployment test lab](windows-10-poc.md) </td><td>This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). </td>
+      <tr><td>[Plan for Windows 10 deployment](planning/index.md) </td><td>This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. </td>
+      <tr><td>[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) </td><td>This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). </td>
+      <tr><td>[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) </td><td>If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. </td>
+      <tr><td>[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) </td><td>Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. </td>
+      </table>
+      "
+- title: Update Windows 10
+- items:
+  - type: markdown
+    text: "
+      Information is provided about keeping Windows 10 up-to-date.
+      <br>&nbsp;<br>
+      <table border='0'><tr><td>Topic</td><td>Description</td></tr>
+      <tr><td>[Quick guide to Windows as a service](update/waas-quick-start.md) </td><td>Provides a brief summary of the key points for the new servicing model for Windows 10.</td>
+      <tr><td>[Overview of Windows as a service](update/waas-overview.md) </td><td>Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools.</td>
+      <tr><td>[Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) </td><td>Explains the decisions you need to make in your servicing strategy.</td>
+      <tr><td>[Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) </td><td>Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.</td>
+      <tr><td>[Assign devices to servicing branches for Windows 10 updates](update/waas-servicing-branches-windows-10-updates.md) </td><td>Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider.</td>
+      <tr><td>[Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) </td><td>Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.</td>
+      <tr><td>[Optimize update delivery for Windows 10 updates](update/waas-optimize-windows-10-updates.md) </td><td>Explains the benefits of using Delivery Optimization or BranchCache for update distribution.</td>
+      <tr><td>[Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) </td><td>Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile.</td>
+      <tr><td>[Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md) </td><td>Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.</td>
+      <tr><td>[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md) </td><td>Explains how to use WSUS to manage Windows 10 updates.</td>
+      <tr><td>[Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md) </td><td>Explains how to use Configuration Manager to manage Windows 10 updates.</td>
+      <tr><td>[Manage device restarts after updates](update/waas-restart.md) </td><td>Explains how to manage update related device restarts.</td>
+      <tr><td>[Manage additional Windows Update settings](update/waas-wu-settings.md) </td><td>Provides details about settings available to control and configure Windows Update.</td>
+      <tr><td>[Windows Insider Program for Business](update/waas-windows-insider-for-business.md) </td><td>Explains how the Windows Insider Program for Business works and how to become an insider.</td>
+      </table>
+      "
+- title: Additional topics
+- items:
+  - type: markdown
+    text: "
+      <br>
+      <tr><td>[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) </td><td> This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile.</tr></td>
+      </table>
+      "
diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md
index 6df6256b76..e76b08389c 100644
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@@ -11,7 +11,7 @@ ms.date: 10/17/2017
 
 # Change history for Update Windows 10
 
-This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Deploy and Update Windows 10](https://docs.microsoft.com/en-us/windows/deployment).
 
 >If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
 

From 580647e1ce85f09ba910c8a58c4000d384d8093b Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Fri, 9 Mar 2018 23:00:00 +0000
Subject: [PATCH 104/119] Merged PR 6284: "updated policies supported by GP"

includes new ADMX-backed policies
---
 .../mdm/policy-csp-applicationmanagement.md   |   7 +-
 .../mdm/policy-csp-appruntime.md              |  77 ++++++
 .../mdm/policy-csp-credentialsdelegation.md   |  79 ++++++
 .../mdm/policy-csp-deliveryoptimization.md    |  48 ++--
 .../mdm/policy-csp-devicelock.md              |  44 +++-
 .../mdm/policy-csp-fileexplorer.md            | 111 ++++++++
 .../mdm/policy-csp-internetexplorer.md        | 193 ++++++++++++--
 .../mdm/policy-csp-mssecurityguide.md         | 245 ++++++++++++++++++
 .../mdm/policy-csp-msslegacy.md               | 175 +++++++++++++
 .../client-management/mdm/policy-csp-power.md |  44 +++-
 .../policy-csp-windowsconnectionmanager.md    |  85 ++++++
 .../mdm/policy-csp-windowslogon.md            |  86 +++++-
 .../mdm/policy-csp-windowspowershell.md       |  82 ++++++
 13 files changed, 1232 insertions(+), 44 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-appruntime.md
 create mode 100644 windows/client-management/mdm/policy-csp-credentialsdelegation.md
 create mode 100644 windows/client-management/mdm/policy-csp-fileexplorer.md
 create mode 100644 windows/client-management/mdm/policy-csp-mssecurityguide.md
 create mode 100644 windows/client-management/mdm/policy-csp-msslegacy.md
 create mode 100644 windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
 create mode 100644 windows/client-management/mdm/policy-csp-windowspowershell.md

diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 5822ec21c5..634f53cafc 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -569,6 +569,7 @@ The following list shows the supported values:
 
 > [!div class = "checklist"]
 > * User
+> * Device
 
 <hr/>
 
@@ -582,9 +583,7 @@ Most restricted value is 1.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Only display the private store within the Microsoft Store*
--   GP name: *RequirePrivateStoreOnly_1*
--   GP path: *Windows Components/Store*
+-   GP name: *RequirePrivateStoreOnly*
 -   GP ADMX file name: *WindowsStore.admx*
 
 <!--/ADMXMapped-->
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
new file mode 100644
index 0000000000..941e26cef4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -0,0 +1,77 @@
+---
+title: Policy CSP - AppRuntime
+description: Policy CSP - AppRuntime
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - AppRuntime
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## AppRuntime policies  
+
+<dl>
+  <dd>
+    <a href="#appruntime-allowmicrosoftaccountstobeoptional">AppRuntime/AllowMicrosoftAccountsToBeOptional</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="appruntime-allowmicrosoftaccountstobeoptional"></a>**AppRuntime/AllowMicrosoftAccountsToBeOptional**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.
+
+If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
+
+If you disable or do not configure this policy setting, users will need to sign in with a Microsoft account.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft accounts to be optional*
+-   GP name: *AppxRuntimeMicrosoftAccountsOptional*
+-   GP path: *Windows Components/App runtime*
+-   GP ADMX file name: *AppXRuntime.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
new file mode 100644
index 0000000000..1e465a7a21
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -0,0 +1,79 @@
+---
+title: Policy CSP - CredentialsDelegation
+description: Policy CSP - CredentialsDelegation
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - CredentialsDelegation
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## CredentialsDelegation policies  
+
+<dl>
+  <dd>
+    <a href="#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials">CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials"></a>**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Remote host allows delegation of non-exportable credentials
+
+When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.
+
+If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.
+
+If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Remote host allows delegation of non-exportable credentials*
+-   GP name: *AllowProtectedCreds*
+-   GP path: *System/Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 2dda85153c..849fcb5d99 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - DeliveryOptimization
@@ -1217,6 +1217,13 @@ Added in Windows 10, version 1803. Specifies the maximum background download ban
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *PercentageMaxBackgroundBandwidth*
+-   GP element: *PercentageMaxBackgroundBandwidth*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1273,6 +1280,13 @@ Added in Windows 10, version 1803. Specifies the maximum foreground download ban
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *PercentageMaxForegroundBandwidth*
+-   GP element: *PercentageMaxForegroundBandwidth*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1377,14 +1391,6 @@ The following list shows the supported values:
 Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
-<!--SupportedValues-->
-This policy allows an IT Admin to define the following:
-
--  Business hours range (for example 06:00 to 18:00)
--  % of throttle for background traffic during business hours
--  % of throttle for background traffic outside of business hours
-
-<!--/SupportedValues-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
@@ -1400,6 +1406,14 @@ ADMX Info:
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 <!--/ADMXBacked-->
+<!--SupportedValues-->
+This policy allows an IT Admin to define the following:
+
+-  Business hours range (for example 06:00 to 18:00)
+-  % of throttle for background traffic during business hours
+-  % of throttle for background traffic outside of business hours
+
+<!--/SupportedValues-->
 <!--/Policy-->
 
 <hr/>
@@ -1443,14 +1457,6 @@ ADMX Info:
 Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 
 <!--/Description-->
-<!--SupportedValues-->
-This policy allows an IT Admin to define the following:
-
--  Business hours range (for example 06:00 to 18:00)
--  % of throttle for foreground traffic during business hours
--  % of throttle for foreground traffic outside of business hours
-
-<!--/SupportedValues-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
@@ -1466,6 +1472,14 @@ ADMX Info:
 -   GP ADMX file name: *DeliveryOptimization.admx*
 
 <!--/ADMXBacked-->
+<!--SupportedValues-->
+This policy allows an IT Admin to define the following:
+
+-  Business hours range (for example 06:00 to 18:00)
+-  % of throttle for foreground traffic during business hours
+-  % of throttle for foreground traffic outside of business hours
+
+<!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index e418951b10..5663570085 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -66,6 +66,9 @@ ms.date: 03/05/2018
   <dd>
     <a href="#devicelock-minimumpasswordage">DeviceLock/MinimumPasswordAge</a>
   </dd>
+  <dd>
+    <a href="#devicelock-preventenablinglockscreencamera">DeviceLock/PreventEnablingLockScreenCamera</a>
+  </dd>
   <dd>
     <a href="#devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
@@ -1030,6 +1033,45 @@ GP Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="devicelock-preventenablinglockscreencamera"></a>**DeviceLock/PreventEnablingLockScreenCamera**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.
+
+By default, users can enable invocation of an available camera on the lock screen.
+
+If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent enabling lock screen camera*
+-   GP name: *CPL_Personalization_NoLockScreenCamera*
+-   GP path: *Control Panel/Personalization*
+-   GP ADMX file name: *ControlPanelDisplay.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
 
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
new file mode 100644
index 0000000000..13c169e91b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -0,0 +1,111 @@
+---
+title: Policy CSP - FileExplorer
+description: Policy CSP - FileExplorer
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - FileExplorer
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## FileExplorer policies  
+
+<dl>
+  <dd>
+    <a href="#fileexplorer-turnoffdataexecutionpreventionforexplorer">FileExplorer/TurnOffDataExecutionPreventionForExplorer</a>
+  </dd>
+  <dd>
+    <a href="#fileexplorer-turnoffheapterminationoncorruption">FileExplorer/TurnOffHeapTerminationOnCorruption</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="fileexplorer-turnoffdataexecutionpreventionforexplorer"></a>**FileExplorer/TurnOffDataExecutionPreventionForExplorer**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Data Execution Prevention for Explorer*
+-   GP name: *NoDataExecutionPrevention*
+-   GP path: *File Explorer*
+-   GP ADMX file name: *Explorer.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="fileexplorer-turnoffheapterminationoncorruption"></a>**FileExplorer/TurnOffHeapTerminationOnCorruption**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off heap termination on corruption*
+-   GP name: *NoHeapTerminationOnCorruption*
+-   GP path: *File Explorer*
+-   GP ADMX file name: *Explorer.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 23a0b5a050..ff5dd18eae 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - InternetExplorer
@@ -238,6 +238,9 @@ ms.date: 03/05/2018
   <dd>
     <a href="#internetexplorer-internetzoneallowuserdatapersistence">InternetExplorer/InternetZoneAllowUserDataPersistence</a>
   </dd>
+  <dd>
+    <a href="#internetexplorer-internetzoneallowvbscripttorunininternetexplorer">InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer</a>
+  </dd>
   <dd>
     <a href="#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols">InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls</a>
   </dd>
@@ -406,6 +409,9 @@ ms.date: 03/05/2018
   <dd>
     <a href="#internetexplorer-lockeddowninternetzonenavigatewindowsandframes">InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames</a>
   </dd>
+  <dd>
+    <a href="#internetexplorer-lockeddownintranetjavapermissions">InternetExplorer/LockedDownIntranetJavaPermissions</a>
+  </dd>
   <dd>
     <a href="#internetexplorer-lockeddownintranetzoneallowaccesstodatasources">InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources</a>
   </dd>
@@ -637,6 +643,9 @@ ms.date: 03/05/2018
   <dd>
     <a href="#internetexplorer-restrictedsiteszoneallowuserdatapersistence">InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence</a>
   </dd>
+  <dd>
+    <a href="#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer">InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer</a>
+  </dd>
   <dd>
     <a href="#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols">InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</a>
   </dd>
@@ -5530,6 +5539,50 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="internetexplorer-internetzoneallowvbscripttorunininternetexplorer"></a>**InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+
+If you selected Enable in the drop-down box, VBScript can run without user intervention.
+
+If you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.
+
+If you selected Disable in the drop-down box, VBScript is prevented from running.
+
+If you do not configure or disable this policy setting, VBScript is prevented from running.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow VBScript to run in Internet Explorer*
+-   GP name: *IZ_PolicyAllowVBScript_1*
+-   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
+-   GP ADMX file name: *inetres.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols"></a>**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
@@ -9180,6 +9233,54 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="internetexplorer-lockeddownintranetjavapermissions"></a>**InternetExplorer/LockedDownIntranetJavaPermissions**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to manage permissions for Java applets.
+
+If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
+
+Low Safety enables applets to perform all operations.
+
+Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
+
+High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
+
+If you disable this policy setting, Java applets cannot run.
+
+If you do not configure this policy setting, Java applets are disabled.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_4*
+-   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
+-   GP ADMX file name: *inetres.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="internetexplorer-lockeddownintranetzoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources**  
 
@@ -12619,11 +12720,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.
+Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
 
-If you enable this policy setting, any zone can be protected from zone elevation for all processes.
+If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
 
-If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
+If you disable this policy setting, no zone receives such protection for Internet Explorer processes.
+
+If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12635,8 +12738,8 @@ If you disable or do not configure this policy setting, processes other than Int
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *All Processes*
--   GP name: *IESF_PolicyAllProcesses_9*
+-   GP English name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_9*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation*
 -   GP ADMX file name: *inetres.admx*
 
@@ -12747,11 +12850,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.
+This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.
 
-If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.
+If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.
 
-If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
+If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.
+
+If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12763,8 +12868,8 @@ If you disable or do not configure this policy setting, the Web Browser Control
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *All Processes*
--   GP name: *IESF_PolicyAllProcesses_11*
+-   GP English name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_11*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install*
 -   GP ADMX file name: *inetres.admx*
 
@@ -12810,11 +12915,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.
+This policy setting enables blocking of file download prompts that are not user initiated.
 
-If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.
+If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.
 
-If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.
+If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.
+
+If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
 
 <!--/Description-->
 > [!TIP]
@@ -12826,8 +12933,8 @@ If you disable this policy setting, the Web Browser Control will not block autom
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *All Processes*
--   GP name: *IESF_PolicyAllProcesses_12*
+-   GP English name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_12*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download*
 -   GP ADMX file name: *inetres.admx*
 
@@ -14197,6 +14304,50 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer"></a>**InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer.
+
+If you selected Enable in the drop-down box, VBScript can run without user intervention.
+
+If you selected Prompt in the drop-down box, users are asked to choose whether to allow VBScript to run.
+
+If you selected Disable in the drop-down box, VBScript is prevented from running.
+
+If you do not configure or disable this policy setting, VBScript is prevented from running.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow VBScript to run in Internet Explorer*
+-   GP name: *IZ_PolicyAllowVBScript_7*
+-   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
+-   GP ADMX file name: *inetres.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols"></a>**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls**  
 
@@ -15560,9 +15711,11 @@ ADMX Info:
 <!--Description-->
 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
 
-If you enable this policy setting, scripted windows are restricted for all processes.
+If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
 
-If you disable or do not configure this policy setting, scripted windows are not restricted.
+If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.
+
+If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
 
 <!--/Description-->
 > [!TIP]
@@ -15574,8 +15727,8 @@ If you disable or do not configure this policy setting, scripted windows are not
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *All Processes*
--   GP name: *IESF_PolicyAllProcesses_8*
+-   GP English name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_8*
 -   GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions*
 -   GP ADMX file name: *inetres.admx*
 
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
new file mode 100644
index 0000000000..8dc3535360
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -0,0 +1,245 @@
+---
+title: Policy CSP - MSSecurityGuide
+description: Policy CSP - MSSecurityGuide
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - MSSecurityGuide
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## MSSecurityGuide policies  
+
+<dl>
+  <dd>
+    <a href="#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon">MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</a>
+  </dd>
+  <dd>
+    <a href="#mssecurityguide-configuresmbv1clientdriver">MSSecurityGuide/ConfigureSMBV1ClientDriver</a>
+  </dd>
+  <dd>
+    <a href="#mssecurityguide-configuresmbv1server">MSSecurityGuide/ConfigureSMBV1Server</a>
+  </dd>
+  <dd>
+    <a href="#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection">MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection</a>
+  </dd>
+  <dd>
+    <a href="#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications">MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</a>
+  </dd>
+  <dd>
+    <a href="#mssecurityguide-wdigestauthentication">MSSecurityGuide/WDigestAuthentication</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon"></a>**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0201_LATFP*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-configuresmbv1clientdriver"></a>**MSSecurityGuide/ConfigureSMBV1ClientDriver**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0002_SMBv1_ClientDriver*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-configuresmbv1server"></a>**MSSecurityGuide/ConfigureSMBV1Server**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0001_SMBv1_Server*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection"></a>**MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0102_SEHOP*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications"></a>**MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0101_WDPUA*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mssecurityguide-wdigestauthentication"></a>**MSSecurityGuide/WDigestAuthentication**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_SecGuide_0202_WDigestAuthn*
+-   GP ADMX file name: *SecGuide.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
new file mode 100644
index 0000000000..68078ca276
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -0,0 +1,175 @@
+---
+title: Policy CSP - MSSLegacy
+description: Policy CSP - MSSLegacy
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - MSSLegacy
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## MSSLegacy policies  
+
+<dl>
+  <dd>
+    <a href="#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes">MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</a>
+  </dd>
+  <dd>
+    <a href="#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers">MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</a>
+  </dd>
+  <dd>
+    <a href="#msslegacy-ipsourceroutingprotectionlevel">MSSLegacy/IPSourceRoutingProtectionLevel</a>
+  </dd>
+  <dd>
+    <a href="#msslegacy-ipv6sourceroutingprotectionlevel">MSSLegacy/IPv6SourceRoutingProtectionLevel</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes"></a>**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_MSS_EnableICMPRedirect*
+-   GP ADMX file name: *mss-legacy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers"></a>**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_MSS_NoNameReleaseOnDemand*
+-   GP ADMX file name: *mss-legacy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="msslegacy-ipsourceroutingprotectionlevel"></a>**MSSLegacy/IPSourceRoutingProtectionLevel**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_MSS_DisableIPSourceRouting*
+-   GP ADMX file name: *mss-legacy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="msslegacy-ipv6sourceroutingprotectionlevel"></a>**MSSLegacy/IPv6SourceRoutingProtectionLevel**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP name: *Pol_MSS_DisableIPSourceRoutingIPv6*
+-   GP ADMX file name: *mss-legacy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index c69cf5db4a..89d381dddf 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - Power
@@ -19,6 +19,9 @@ ms.date: 03/05/2018
 ## Power policies  
 
 <dl>
+  <dd>
+    <a href="#power-allowstandbystateswhensleepingonbattery">Power/AllowStandbyStatesWhenSleepingOnBattery</a>
+  </dd>
   <dd>
     <a href="#power-allowstandbywhensleepingpluggedin">Power/AllowStandbyWhenSleepingPluggedIn</a>
   </dd>
@@ -49,6 +52,45 @@ ms.date: 03/05/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-allowstandbystateswhensleepingonbattery"></a>**Power/AllowStandbyStatesWhenSleepingOnBattery**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
+
+If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+
+If you disable this policy setting, standby states (S1-S3) are not allowed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow standby states (S1-S3) when sleeping (on battery)*
+-   GP name: *AllowStandbyStatesDC_2*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
new file mode 100644
index 0000000000..87aa32bfbb
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -0,0 +1,85 @@
+---
+title: Policy CSP - WindowsConnectionManager
+description: Policy CSP - WindowsConnectionManager
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - WindowsConnectionManager
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## WindowsConnectionManager policies  
+
+<dl>
+  <dd>
+    <a href="#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork">WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork"></a>**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time.
+
+If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
+
+Automatic connection attempts
+- When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked.
+- When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked.
+
+Manual connection attempts
+- When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
+- When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
+
+If this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit connection to non-domain networks when connected to domain authenticated network*
+-   GP name: *WCM_BlockNonDomain*
+-   GP path: *Network/Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index cc10b25f2c..3847749f8f 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/09/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -25,9 +25,15 @@ ms.date: 03/05/2018
   <dd>
     <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
   </dd>
+  <dd>
+    <a href="#windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
+  </dd>
   <dd>
     <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
   </dd>
+  <dd>
+    <a href="#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart">WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</a>
+  </dd>
 </dl>
 
 
@@ -157,6 +163,45 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows local users to be enumerated on domain-joined computers.  
+
+If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
+
+If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enumerate local users on domain-joined computers*
+-   GP name: *EnumerateLocalUsers*
+-   GP path: *System/Logon*
+-   GP ADMX file name: *logon.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
 
@@ -219,6 +264,45 @@ To validate on Desktop, do the following:
 
 <!--/Validation-->
 <!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart"></a>**WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.
+
+If you enable or do not configure this policy setting, the device securely saves the user's credentials (including the user name, domain and encrypted password) to configure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the session is automatically locked with all the lock screen apps configured for that user.
+
+If you disable this policy setting, the device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Sign-in last interactive user automatically after a system-initiated restart*
+-   GP name: *AutomaticRestartSignOn*
+-   GP path: *Windows Components/Windows Logon Options*
+-   GP ADMX file name: *WinLogon.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
 <hr/>
 
 Footnote:
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
new file mode 100644
index 0000000000..4ed6d00d53
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -0,0 +1,82 @@
+---
+title: Policy CSP - WindowsPowerShell
+description: Policy CSP - WindowsPowerShell
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/09/2018
+---
+
+# Policy CSP - WindowsPowerShell
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## WindowsPowerShell policies  
+
+<dl>
+  <dd>
+    <a href="#windowspowershell-turnonpowershellscriptblocklogging">WindowsPowerShell/TurnOnPowerShellScriptBlockLogging</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowspowershell-turnonpowershellscriptblocklogging"></a>**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
+Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+
+If you disable this policy setting, logging of PowerShell script input is disabled.
+
+If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
+starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+
+Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on PowerShell Script Block Logging*
+-   GP name: *EnableScriptBlockLogging*
+-   GP path: *Windows Components/Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--/Policies-->
+

From 5b500aab3a02cb00edb6823c7a0b49b5144da5a1 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Mon, 12 Mar 2018 15:44:06 +0000
Subject: [PATCH 105/119] Merged PR 6295: Fix link in analytics card

Fix link in analytics card
---
 windows/deployment/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 649a715cf9..04a15dea0b 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -35,7 +35,7 @@ sections:
       image:
         src: https://docs.microsoft.com/media/common/i_upgrade.svg
       title: Windows as a service
-    - href: upgrade/windows-analytics-overview
+    - href: update/windows-analytics-overview
       html: <p>Windows Analytics provides deep insights into your Windows 10 environment.</p>
       image:
         src: https://docs.microsoft.com/media/common/i_investigate.svg

From 96813d40b337d9cceaafceda3d523d3286e8ff95 Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Mon, 12 Mar 2018 16:21:58 +0000
Subject: [PATCH 106/119] Merged PR 6288: Merge nibr-Index_Updates to master

---
 windows/client-management/mdm/TOC.md          |  7 +++
 .../policy-configuration-service-provider.md  | 56 +++++++++++++++++--
 2 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index ca5fd03714..c29fa0959d 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -180,6 +180,7 @@
 #### [ActiveXControls](policy-csp-activexcontrols.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
+#### [AppRuntime](policy-csp-appruntime.md)
 #### [AppVirtualization](policy-csp-appvirtualization.md)
 #### [AttachmentManager](policy-csp-attachmentmanager.md)
 #### [Authentication](policy-csp-authentication.md)
@@ -191,6 +192,7 @@
 #### [Cellular](policy-csp-cellular.md)
 #### [Connectivity](policy-csp-connectivity.md)
 #### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md)
+#### [CredentialsDelegation](policy-csp-credentialsdelegation.md)
 #### [CredentialProviders](policy-csp-credentialproviders.md)
 #### [CredentialsUI](policy-csp-credentialsui.md)
 #### [Cryptography](policy-csp-cryptography.md)
@@ -209,6 +211,7 @@
 #### [EventLogService](policy-csp-eventlogservice.md)
 #### [Experience](policy-csp-experience.md)
 #### [ExploitGuard](policy-csp-exploitguard.md)
+#### [FileExplorer](policy-csp-fileexplorer.md)
 #### [Games](policy-csp-games.md)
 #### [Handwriting](policy-csp-handwriting.md)
 #### [InternetExplorer](policy-csp-internetexplorer.md)
@@ -220,6 +223,8 @@
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)
 #### [Messaging](policy-csp-messaging.md)
+#### [MSSecurityGuide](policy-csp-mssecurityguide.md)
+#### [MSSLegacy](policy-csp-msslegacy.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)
 #### [Notifications](policy-csp-notifications.md)
 #### [Power](policy-csp-power.md)
@@ -246,9 +251,11 @@
 #### [Update](policy-csp-update.md)
 #### [UserRights](policy-csp-userrights.md)
 #### [Wifi](policy-csp-wifi.md)
+#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
 #### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
+#### [WindowsPowerShell](policy-csp-windowspowershell.md)
 #### [WirelessDisplay](policy-csp-wirelessdisplay.md)
 ### [PolicyManager CSP](policymanager-csp.md)
 ### [Provisioning CSP](provisioning-csp.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4f14d81f4f..6f733c2214 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -3269,6 +3269,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 ## ADMX-backed policies
 
 -   [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+-   [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 -   [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 -   [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
 -   [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
@@ -3311,13 +3312,17 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
 -   [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
 -   [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+-   [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
 -   [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
 -   [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
 -   [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
 -   [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
 -   [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
 -   [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
 -   [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+-   [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
 -   [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
 -   [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
 -   [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
@@ -3328,6 +3333,8 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
 -   [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
 -   [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+-   [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
+-   [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 -   [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
 -   [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
 -   [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
@@ -3401,6 +3408,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
 -   [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
 -   [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+-   [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
 -   [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
 -   [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
 -   [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
@@ -3456,6 +3464,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
 -   [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
 -   [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
@@ -3533,6 +3542,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
 -   [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
 -   [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
 -   [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
 -   [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
 -   [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
@@ -3575,6 +3585,17 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
 -   [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
 -   [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+-   [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
+-   [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
+-   [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
+-   [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
+-   [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
+-   [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
+-   [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
+-   [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
+-   [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
+-   [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
+-   [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
 -   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
 -   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
 -   [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
@@ -3624,13 +3645,19 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
 -   [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
 -   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
+-   [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
 -   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
 -   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+-   [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
+-   [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
+-   [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
+
 
 ## Policies supported by GP
 
 -   [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
 -   [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+-   [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 -   [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 -   [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
 -   [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
@@ -3726,6 +3753,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
 -   [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
 -   [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+-   [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
 -   [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
 -   [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
 -   [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
@@ -3781,6 +3809,8 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
 -   [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
 -   [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
 -   [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
 -   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
 -   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
@@ -3791,6 +3821,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
 -   [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
 -   [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
+-   [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
 -   [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
 -   [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
 -   [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
@@ -3820,6 +3851,8 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
 -   [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
 -   [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
+-   [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
+-   [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
 -   [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
 -   [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
 -   [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
@@ -3894,6 +3927,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
 -   [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
 -   [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+-   [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
 -   [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
 -   [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
 -   [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
@@ -3949,6 +3983,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
 -   [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
 -   [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
 -   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
@@ -4026,6 +4061,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
 -   [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
 -   [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
 -   [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
 -   [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
 -   [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
@@ -4082,10 +4118,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
 -   [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
 -   [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
--   [LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallysignsecurechanneldatawhenpossible)
 -   [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
--   [LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-maximummachineaccountpasswordage)
--   [LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-requirestrongsessionkey)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
@@ -4094,7 +4127,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
--   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
@@ -4107,7 +4139,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
--   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
 -   [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
 -   [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
@@ -4123,6 +4154,16 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
 -   [Location/EnableLocation](./policy-csp-location.md#location-enablelocation)
 -   [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
+-   [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
+-   [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
+-   [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
+-   [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
+-   [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
+-   [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
+-   [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
+-   [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
+-   [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
+-   [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
 -   [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
 -   [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
 -   [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
@@ -4133,6 +4174,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
 -   [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
 -   [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
+-   [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
 -   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
 -   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
 -   [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
@@ -4369,6 +4411,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
 -   [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
 -   [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
+-   [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
 -   [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
 -   [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
 -   [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
@@ -4392,7 +4435,10 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
 -   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
 -   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+-   [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
 -   [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
+-   [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
+-   [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
 -   [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
 -   [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
 

From 956c6fdc4a1b05fafc509d8e981fa1399ae7d10f Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Mon, 12 Mar 2018 17:54:50 +0000
Subject: [PATCH 107/119] Merged PR 6306: Adding 1803 footnote to Policy CSP.

"updating policies (id=4934)"
---
 windows/client-management/mdm/policy-csp-abovelock.md          | 3 ++-
 .../mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md      | 3 ++-
 windows/client-management/mdm/policy-csp-accounts.md           | 3 ++-
 windows/client-management/mdm/policy-csp-activexcontrols.md    | 3 ++-
 .../client-management/mdm/policy-csp-applicationdefaults.md    | 3 ++-
 .../client-management/mdm/policy-csp-applicationmanagement.md  | 3 ++-
 windows/client-management/mdm/policy-csp-appruntime.md         | 3 ++-
 windows/client-management/mdm/policy-csp-appvirtualization.md  | 3 ++-
 windows/client-management/mdm/policy-csp-attachmentmanager.md  | 3 ++-
 windows/client-management/mdm/policy-csp-authentication.md     | 3 ++-
 windows/client-management/mdm/policy-csp-autoplay.md           | 3 ++-
 windows/client-management/mdm/policy-csp-bitlocker.md          | 3 ++-
 windows/client-management/mdm/policy-csp-bluetooth.md          | 3 ++-
 windows/client-management/mdm/policy-csp-browser.md            | 3 ++-
 windows/client-management/mdm/policy-csp-camera.md             | 3 ++-
 windows/client-management/mdm/policy-csp-cellular.md           | 3 ++-
 windows/client-management/mdm/policy-csp-connectivity.md       | 3 ++-
 .../client-management/mdm/policy-csp-controlpolicyconflict.md  | 3 ++-
 .../client-management/mdm/policy-csp-credentialproviders.md    | 3 ++-
 .../client-management/mdm/policy-csp-credentialsdelegation.md  | 3 ++-
 windows/client-management/mdm/policy-csp-credentialsui.md      | 3 ++-
 windows/client-management/mdm/policy-csp-cryptography.md       | 3 ++-
 windows/client-management/mdm/policy-csp-dataprotection.md     | 3 ++-
 windows/client-management/mdm/policy-csp-datausage.md          | 3 ++-
 windows/client-management/mdm/policy-csp-defender.md           | 3 ++-
 .../client-management/mdm/policy-csp-deliveryoptimization.md   | 3 ++-
 windows/client-management/mdm/policy-csp-desktop.md            | 3 ++-
 windows/client-management/mdm/policy-csp-deviceguard.md        | 3 ++-
 windows/client-management/mdm/policy-csp-deviceinstallation.md | 3 ++-
 windows/client-management/mdm/policy-csp-devicelock.md         | 3 ++-
 windows/client-management/mdm/policy-csp-display.md            | 3 ++-
 windows/client-management/mdm/policy-csp-education.md          | 3 ++-
 .../client-management/mdm/policy-csp-enterprisecloudprint.md   | 3 ++-
 windows/client-management/mdm/policy-csp-errorreporting.md     | 3 ++-
 windows/client-management/mdm/policy-csp-eventlogservice.md    | 3 ++-
 windows/client-management/mdm/policy-csp-experience.md         | 3 ++-
 windows/client-management/mdm/policy-csp-exploitguard.md       | 3 ++-
 windows/client-management/mdm/policy-csp-fileexplorer.md       | 3 ++-
 windows/client-management/mdm/policy-csp-games.md              | 3 ++-
 windows/client-management/mdm/policy-csp-handwriting.md        | 3 ++-
 windows/client-management/mdm/policy-csp-internetexplorer.md   | 3 ++-
 windows/client-management/mdm/policy-csp-kerberos.md           | 3 ++-
 windows/client-management/mdm/policy-csp-kioskbrowser.md       | 3 ++-
 windows/client-management/mdm/policy-csp-licensing.md          | 3 ++-
 .../mdm/policy-csp-localpoliciessecurityoptions.md             | 3 ++-
 windows/client-management/mdm/policy-csp-location.md           | 3 ++-
 windows/client-management/mdm/policy-csp-lockdown.md           | 3 ++-
 windows/client-management/mdm/policy-csp-maps.md               | 3 ++-
 windows/client-management/mdm/policy-csp-messaging.md          | 3 ++-
 windows/client-management/mdm/policy-csp-mssecurityguide.md    | 3 ++-
 windows/client-management/mdm/policy-csp-msslegacy.md          | 3 ++-
 windows/client-management/mdm/policy-csp-networkisolation.md   | 3 ++-
 windows/client-management/mdm/policy-csp-notifications.md      | 3 ++-
 windows/client-management/mdm/policy-csp-power.md              | 3 ++-
 windows/client-management/mdm/policy-csp-printers.md           | 3 ++-
 windows/client-management/mdm/policy-csp-privacy.md            | 3 ++-
 windows/client-management/mdm/policy-csp-remoteassistance.md   | 3 ++-
 .../client-management/mdm/policy-csp-remotedesktopservices.md  | 3 ++-
 windows/client-management/mdm/policy-csp-remotemanagement.md   | 3 ++-
 .../client-management/mdm/policy-csp-remoteprocedurecall.md    | 3 ++-
 windows/client-management/mdm/policy-csp-remoteshell.md        | 3 ++-
 windows/client-management/mdm/policy-csp-search.md             | 3 ++-
 windows/client-management/mdm/policy-csp-security.md           | 3 ++-
 windows/client-management/mdm/policy-csp-settings.md           | 3 ++-
 windows/client-management/mdm/policy-csp-smartscreen.md        | 3 ++-
 windows/client-management/mdm/policy-csp-speech.md             | 3 ++-
 windows/client-management/mdm/policy-csp-start.md              | 3 ++-
 windows/client-management/mdm/policy-csp-storage.md            | 3 ++-
 windows/client-management/mdm/policy-csp-system.md             | 3 ++-
 windows/client-management/mdm/policy-csp-systemservices.md     | 3 ++-
 windows/client-management/mdm/policy-csp-taskscheduler.md      | 3 ++-
 windows/client-management/mdm/policy-csp-textinput.md          | 3 ++-
 .../client-management/mdm/policy-csp-timelanguagesettings.md   | 3 ++-
 windows/client-management/mdm/policy-csp-update.md             | 3 ++-
 windows/client-management/mdm/policy-csp-userrights.md         | 3 ++-
 windows/client-management/mdm/policy-csp-wifi.md               | 3 ++-
 .../mdm/policy-csp-windowsconnectionmanager.md                 | 3 ++-
 .../mdm/policy-csp-windowsdefendersecuritycenter.md            | 3 ++-
 .../client-management/mdm/policy-csp-windowsinkworkspace.md    | 3 ++-
 windows/client-management/mdm/policy-csp-windowslogon.md       | 3 ++-
 windows/client-management/mdm/policy-csp-windowspowershell.md  | 3 ++-
 windows/client-management/mdm/policy-csp-wirelessdisplay.md    | 3 ++-
 82 files changed, 164 insertions(+), 82 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index d0b77e50dc..16115c79c9 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AboveLock
@@ -202,6 +202,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
index 2d0549e77b..7cee27e382 100644
--- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
+++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AccountPoliciesAccountLockoutPolicy
@@ -180,6 +180,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 0fb29f4870..5eb439322d 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Accounts
@@ -244,6 +244,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 925504ac0d..2563d21bc2 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ActiveXControls
@@ -95,6 +95,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index dba53edc54..5aaf01d6fb 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ApplicationDefaults
@@ -139,6 +139,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 634f53cafc..47b9d1e09d 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -722,6 +722,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 941e26cef4..7e6fb10c8d 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AppRuntime
@@ -72,6 +72,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index bbb346e93c..562a5224dc 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AppVirtualization
@@ -1836,6 +1836,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index c80e44f614..7b97a87a4b 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AttachmentManager
@@ -229,6 +229,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 02a363e078..f83bb3905c 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Authentication
@@ -309,6 +309,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 2e2ecaf426..c748e76ae7 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Autoplay
@@ -245,6 +245,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 852a915bac..fa358dcb81 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Bitlocker
@@ -114,6 +114,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 3a6b797bf3..fb08f30dc0 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Bluetooth
@@ -293,6 +293,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 22fc158c08..ccafd7cbed 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Browser
@@ -2616,6 +2616,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 02a242ec12..3cbf216e52 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Camera
@@ -91,6 +91,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 5b9aa0d665..431c59baa4 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Cellular
@@ -324,6 +324,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 249cc6cac3..faf33814cc 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Connectivity
@@ -898,6 +898,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 229109756e..b606419501 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ControlPolicyConflict
@@ -91,6 +91,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 039a57e0fb..f3f12c6f73 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - CredentialProviders
@@ -219,6 +219,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index 1e465a7a21..e347fbd029 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - CredentialsDelegation
@@ -74,6 +74,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index ec0f9a0c5e..900ad6176a 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - CredentialsUI
@@ -163,6 +163,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index b2360eb40b..7dadd07af1 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Cryptography
@@ -133,6 +133,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 1563402e93..28ad8aaca3 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DataProtection
@@ -136,6 +136,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 2aa9b34cd0..89086b22bb 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DataUsage
@@ -170,6 +170,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 74091500ca..76c96ac41d 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Defender
@@ -2318,6 +2318,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 849fcb5d99..cf43d37c41 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeliveryOptimization
@@ -1488,6 +1488,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 2957bd78f7..36afbf2a08 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Desktop
@@ -93,6 +93,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index a516cc7ab4..b541578089 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceGuard
@@ -214,6 +214,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index c8b4f6b9d9..38941fd46b 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceInstallation
@@ -158,6 +158,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 5663570085..1a791a7b71 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -1192,6 +1192,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 827b347c3e..0cf8a9740d 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Display
@@ -355,6 +355,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 8eab86d6e3..e1fb1b9965 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Education
@@ -185,6 +185,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 63d4b5f3b2..4b5b961ad9 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - EnterpriseCloudPrint
@@ -328,6 +328,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index ed18d1d8d9..d2a31d1077 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ErrorReporting
@@ -367,6 +367,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index e0d3529cc9..835be83eb0 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - EventLogService
@@ -290,6 +290,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index b741cd983e..3f96460055 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Experience
@@ -1304,6 +1304,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index ca51c9a7a7..bdf443d549 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ExploitGuard
@@ -112,6 +112,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 13c169e91b..9216df0e67 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - FileExplorer
@@ -106,6 +106,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 2a651204e1..d14fd92fed 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Games
@@ -81,6 +81,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 438387b1b6..bdbcb764ae 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Handwriting
@@ -95,6 +95,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index ff5dd18eae..304792e860 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - InternetExplorer
@@ -16786,6 +16786,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 6831acebc5..974db5f350 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Kerberos
@@ -360,6 +360,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 933c3fa2e8..27f995e4d9 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - KioskBrowser
@@ -314,6 +314,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 0e063d9b5f..eae5cdc5d7 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Licensing
@@ -150,6 +150,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 1ffde8a086..27c960d639 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
@@ -3529,6 +3529,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
index 18e7a7fd97..8117114323 100644
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Location
@@ -99,6 +99,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index be9c02f1d7..228d2f75ec 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - LockDown
@@ -91,6 +91,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index d60af40683..8b44913146 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Maps
@@ -148,6 +148,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index 2ad6d83fe0..f1862d266d 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Messaging
@@ -201,6 +201,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 8dc3535360..8759b6d49a 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - MSSecurityGuide
@@ -240,6 +240,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 68078ca276..54107559ca 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - MSSLegacy
@@ -170,6 +170,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 70db29303b..d5d98f64b1 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - NetworkIsolation
@@ -480,6 +480,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index b4363ef967..8dddbe0d18 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Notifications
@@ -93,6 +93,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 89d381dddf..5bee576aca 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Power
@@ -667,6 +667,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index fd0939f604..be94af174b 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Printers
@@ -251,6 +251,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 3595219241..c084709cd0 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Privacy
@@ -4485,6 +4485,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index a26dd4c251..01e2f7e4b7 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - RemoteAssistance
@@ -339,6 +339,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 3af7f7ca34..0e4be98697 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - RemoteDesktopServices
@@ -450,6 +450,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 67d82bb4f9..96324dc5cc 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - RemoteManagement
@@ -1032,6 +1032,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 41fb1d8539..295bf5c56e 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - RemoteProcedureCall
@@ -174,6 +174,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 20a0ac4151..cbb9717f73 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - RemoteShell
@@ -487,6 +487,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 85b59673d8..dfdf82afa1 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Search
@@ -858,6 +858,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 9d95aab726..b03abc2582 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Security
@@ -662,6 +662,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 5031440194..5773e32200 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Settings
@@ -847,6 +847,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index be4301165b..3eea69f19b 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - SmartScreen
@@ -212,6 +212,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 9a691d7670..33cdd64750 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Speech
@@ -89,6 +89,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 50809d5486..d9d149dd3a 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Start
@@ -1763,6 +1763,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 536aac2ce2..b27f3af35b 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Storage
@@ -158,6 +158,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index d943b9d855..6c6ed3c4c9 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - System
@@ -1052,6 +1052,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index ffdb12f42a..9dd4ebd067 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - SystemServices
@@ -342,6 +342,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 88a19a26c4..7fee0be3b0 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - TaskScheduler
@@ -76,6 +76,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index b5cb108686..6b2f4389e8 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - TextInput
@@ -1306,6 +1306,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index c926c03e45..f577d940bb 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - TimeLanguageSettings
@@ -81,6 +81,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 7a92fffc6a..70198e988d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Update
@@ -3064,6 +3064,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 6e52bc893b..3584468818 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - UserRights
@@ -1542,6 +1542,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index f4e3dbae88..358dc3fc01 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Wifi
@@ -386,6 +386,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 87aa32bfbb..c5ac238f1d 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WindowsConnectionManager
@@ -80,6 +80,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 8329d11f77..c94d1e9dd5 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WindowsDefenderSecurityCenter
@@ -1196,6 +1196,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 3549c95e06..27f04f2813 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WindowsInkWorkspace
@@ -152,6 +152,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 3847749f8f..16e39d3e9c 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WindowsLogon
@@ -310,6 +310,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 4ed6d00d53..ee96a4746f 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/09/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WindowsPowerShell
@@ -77,6 +77,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 9e122a3f3f..cafb7be12e 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/05/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - WirelessDisplay
@@ -453,6 +453,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

From 8f0298db30a3563323ff0a00518a09103917545b Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 12 Mar 2018 21:44:24 +0000
Subject: [PATCH 108/119] Merged PR 6314:
 TimeLanguageSettings/AllowSet24HourClock - updated the default value

fixed default value
---
 .../mdm/policy-csp-timelanguagesettings.md                  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index f577d940bb..731fc2ae63 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -63,14 +63,14 @@ ms.date: 03/12/2018
 
 <!--/Scope-->
 <!--Description-->
-Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting.
+Allows for the configuration of the default clock setting to be the 24 hour format.  If set to 0 (zero), the device uses the default clock as prescribed by the current locale setting.
 
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 – Locale default setting.
--   1 (default) – Set 24 hour clock.
+-   0 (default) – Current locale setting.
+-   1 – Set 24 hour clock.
 
 <!--/SupportedValues-->
 <!--/Policy-->

From 0292ef2bf3d68859455d386b1c1e3109449aa8cb Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 12 Mar 2018 21:44:51 +0000
Subject: [PATCH 109/119] Merged PR 6313: Updated the Policy DDF topic with the
 latest version

---
 .../client-management/mdm/policy-ddf-file.md  | 1158 +++++++++++------
 1 file changed, 779 insertions(+), 379 deletions(-)

diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 406db3df06..0b6035ae0a 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/26/2018
+ms.date: 03/12/2018
 ---
 
 # Policy DDF file
@@ -95,6 +95,30 @@ The XML below is the DDF for Windows 10, version 1803.
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RequirePrivateStoreOnly</NodeName>
           <DFProperties>
@@ -7848,6 +7872,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableEndSessionButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableHomeButton</NodeName>
           <DFProperties>
@@ -7966,6 +8014,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisallowTileNotification</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Printers</NodeName>
@@ -8284,6 +8356,34 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
+        <Node>
+          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AlwaysInstallElevated</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RequirePrivateStoreOnly</NodeName>
           <DFProperties>
@@ -8307,7 +8407,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
             <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
             <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly_1</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -15167,7 +15267,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_9</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_9</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -15221,7 +15321,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_11</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_11</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16382,7 +16482,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_12</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_12</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16409,7 +16509,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_8</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_8</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -16910,6 +17010,31 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableEndSessionButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableHomeButton</NodeName>
           <DFProperties>
@@ -17032,6 +17157,33 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisallowTileNotification</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WPN.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WPN~AT~StartMenu~NotificationsCategory</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>NoTileNotification</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
       </Node>
       <Node>
         <NodeName>Printers</NodeName>
@@ -18024,6 +18176,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>MSIAllowUserControlOverInstall</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RequirePrivateStoreOnly</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictAppDataToSystemVolume</NodeName>
           <DFProperties>
@@ -30441,6 +30665,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableEndSessionButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableHomeButton</NodeName>
           <DFProperties>
@@ -30514,6 +30762,52 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>LanmanWorkstation</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnableInsecureGuestLogons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Licensing</NodeName>
         <DFProperties>
@@ -30994,38 +31288,6 @@ Note: Domain controllers are also domain members and establish secure channels w
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallySignSecureChannelDataWhenPossible</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Digitally sign secure channel data (when possible)
-
-This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it cannot be tampered with in transit.
-
-Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
           <DFProperties>
@@ -31059,81 +31321,6 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_MaximumMachineAccountPasswordAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Maximum machine account password age
-
-This security setting determines how often a domain member will attempt to change its computer account password.
-
-Default: 30 days.
-
-Important
-
-This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_RequireStrongSessionKey</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Domain member: Require strong (Windows 2000 or later) session key
-
-This security setting determines whether 128-bit key strength is required for encrypted secure channel data.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller within the domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup, and so on.
-
-Depending on what version of Windows is running on the domain controller that the domain member is communicating with and the settings of the parameters:
-
-Domain member: Digitally encrypt or sign secure channel data (always)
-Domain member: Digitally encrypt secure channel data (when possible)
-Some or all of the information that is transmitted over the secure channel will be encrypted. This policy setting determines whether or not 128-bit key strength is required for the secure channel information that is encrypted.
-
-If this setting is enabled, then the secure channel will not be established unless 128-bit encryption can be performed. If this setting is disabled, then the key strength is negotiated with the domain controller.
-
-Default: Enabled.
-
-Important
-
-In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later.
-In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
           <DFProperties>
@@ -31385,52 +31572,6 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
             </DFType>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Microsoft network client: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB client component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
-
-If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-
-Default: Disabled.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
           <DFProperties>
@@ -31880,7 +32021,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
+          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
           <DFProperties>
             <AccessType>
               <Add />
@@ -31888,12 +32029,12 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
               <Get />
               <Replace />
             </AccessType>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
+            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
 
-This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
 
-Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
-Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
+Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
+Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
 
 Default:
 
@@ -31915,7 +32056,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
           </DFProperties>
         </Node>
         <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
+          <NodeName>NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</NodeName>
           <DFProperties>
             <AccessType>
               <Add />
@@ -31923,18 +32064,123 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
               <Get />
               <Replace />
             </AccessType>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
+            <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
 
-This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
 
-Require NTLMv2 session security: The connection will fail if message integrity is not negotiated.
-Require 128-bit encryption. The connection will fail if strong encryption (128-bit) is not negotiated.
+If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
 
-Default:
+If you do not configure this policy setting, no exceptions will be applied.
 
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Restrict NTLM: Audit Incoming NTLM Traffic
 
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
+This policy setting allows you to audit incoming NTLM traffic.
+
+If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+
+If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
+
+If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Restrict NTLM: Incoming NTLM traffic
+
+This policy setting allows you to deny or allow incoming NTLM traffic.
+
+If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+
+If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+
+If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
+
+This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
+
+If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+
+If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+
+If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
             <DFFormat>
               <int/>
             </DFFormat>
@@ -32721,6 +32967,30 @@ The options are:
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>WDigestAuthentication</NodeName>
           <DFProperties>
@@ -43215,6 +43485,89 @@ Because of these factors, users do not usually need this user right. Warning: If
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>MSIAllowUserControlOverInstall</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>EnableUserControl</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MSIAlwaysInstallWithElevatedPrivileges</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>MSI.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>MSI~AT~WindowsComponents~MSI</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>AlwaysInstallElevated</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>RequirePrivateStoreOnly</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsStore.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>WindowsStore~AT~WindowsComponents~WindowsStore</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>RequirePrivateStoreOnly</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>RestrictAppDataToSystemVolume</NodeName>
           <DFProperties>
@@ -55097,7 +55450,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_9</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_9</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -55151,7 +55504,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_11</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_11</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56312,7 +56665,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_12</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_12</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -56339,7 +56692,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
             <MSFT:ADMXBacked>inetres.admx</MSFT:ADMXBacked>
             <MSFT:ADMXCategory>inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions</MSFT:ADMXCategory>
-            <MSFT:ADMXPolicyName>IESF_PolicyAllProcesses_8</MSFT:ADMXPolicyName>
+            <MSFT:ADMXPolicyName>IESF_PolicyExplorerProcesses_8</MSFT:ADMXPolicyName>
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
@@ -57022,6 +57375,31 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableEndSessionButton</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Enable/disable kiosk browser's end session button.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EnableHomeButton</NodeName>
           <DFProperties>
@@ -57098,6 +57476,53 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>LanmanWorkstation</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>EnableInsecureGuestLogons</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>LanmanWorkstation.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>LanmanWorkstation~AT~Network~Cat_LanmanWorkstation</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_EnableInsecureGuestLogons</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Licensing</NodeName>
         <DFProperties>
@@ -57614,41 +58039,6 @@ Note: Domain controllers are also domain members and establish secure channels w
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_DigitallySignSecureChannelDataWhenPossible</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Domain member: Digitally sign secure channel data (when possible)
-
-This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
-
-This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain member will request signing of all secure channel traffic. If the Domain Controller supports signing of all secure channel traffic, then all secure channel traffic will be signed which ensures that it cannot be tampered with in transit.
-
-Default: Enabled.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Digitally sign secure channel data (when possible)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>DomainMember_DisableMachineAccountPasswordChanges</NodeName>
           <DFProperties>
@@ -57685,87 +58075,6 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>DomainMember_MaximumMachineAccountPasswordAge</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>30</DefaultValue>
-            <Description>Domain member: Maximum machine account password age
-
-This security setting determines how often a domain member will attempt to change its computer account password.
-
-Default: 30 days.
-
-Important
-
-This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="999"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Maximum machine account password age</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>DomainMember_RequireStrongSessionKey</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>1</DefaultValue>
-            <Description>Domain member: Require strong (Windows 2000 or later) session key
-
-This security setting determines whether 128-bit key strength is required for encrypted secure channel data.
-
-When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller within the domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup, and so on.
-
-Depending on what version of Windows is running on the domain controller that the domain member is communicating with and the settings of the parameters:
-
-Domain member: Digitally encrypt or sign secure channel data (always)
-Domain member: Digitally encrypt secure channel data (when possible)
-Some or all of the information that is transmitted over the secure channel will be encrypted. This policy setting determines whether or not 128-bit key strength is required for the secure channel information that is encrypted.
-
-If this setting is enabled, then the secure channel will not be established unless 128-bit encryption can be performed. If this setting is disabled, then the key strength is negotiated with the domain controller.
-
-Default: Enabled.
-
-Important
-
-In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later.
-In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Domain member: Require strong (Windows 2000 or later) session key</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</NodeName>
           <DFProperties>
@@ -58039,55 +58348,6 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsAlways</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Microsoft network client: Digitally sign communications (always)
-
-This security setting determines whether packet signing is required by the SMB client component.
-
-The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
-
-If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
-
-Default: Disabled.
-
-Important
-
-For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. To enable client-side SMB packet signing, set Microsoft network client: Digitally sign communications (if server agrees).
-
-Notes
-
-All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
-Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
-Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
-Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
-Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
-SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
-For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Microsoft network client: Digitally sign communications (always)</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</NodeName>
           <DFProperties>
@@ -58571,44 +58831,6 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
-        <Node>
-          <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DefaultValue>0</DefaultValue>
-            <Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
-
-This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
-
-Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
-Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
-
-Default:
-
-Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
-
-Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
-            <DFFormat>
-              <int/>
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-            <MSFT:SupportedValues AllowedValues="0,524288,536870912,537395200"></MSFT:SupportedValues>
-            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
-            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
-            <MSFT:GPRegistryMappedName>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</MSFT:GPRegistryMappedName>
-            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
-          </DFProperties>
-        </Node>
         <Node>
           <NodeName>NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</NodeName>
           <DFProperties>
@@ -58647,6 +58869,157 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
             <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
+
+This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the  "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.
+
+If you configure this policy setting, you can define a list of remote servers to which clients are allowed to use NTLM authentication.
+
+If you do not configure this policy setting, no exceptions will be applied.
+
+The naming format for servers on this exception list is the fully qualified domain name (FQDN) or NetBIOS server name used by the application, listed one per line. To ensure exceptions the name used by all applications needs to be in the list, and to ensure an exception is accurate, the server name should be listed in both naming formats . A single asterisk (*) can be used anywhere in the string as a wildcard character.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Restrict NTLM: Audit Incoming NTLM Traffic
+
+This policy setting allows you to audit incoming NTLM traffic.
+
+If you select "Disable", or do not configure this policy setting, the server will not log events for incoming NTLM traffic.
+
+If you select "Enable auditing for domain accounts", the server will log events for NTLM pass-through authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all domain accounts" option.
+
+If you select "Enable auditing for all accounts", the server will log events for all NTLM authentication requests that would be blocked when the "Network Security: Restrict NTLM: Incoming NTLM traffic" policy setting is set to the "Deny all accounts" option.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Audit Incoming NTLM Traffic</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Restrict NTLM: Incoming NTLM traffic
+
+This policy setting allows you to deny or allow incoming NTLM traffic.
+
+If you select "Allow all" or do not configure this policy setting, the server will allow all NTLM authentication requests.
+
+If you select "Deny all domain accounts," the server will deny NTLM authentication requests for domain logon and display an NTLM blocked error, but allow local account logon.
+
+If you select "Deny all accounts," the server will deny NTLM authentication requests from incoming traffic and display an NTLM blocked error.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Incoming NTLM traffic</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
+
+This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.
+
+If you select "Allow all" or do not configure this policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
+
+If you select "Audit all," the client computer logs an event for each NTLM authentication request to a remote server. This allows you to identify those servers receiving NTLM authentication requests from the client computer.
+
+If you select "Deny all," the client computer cannot authenticate identities to a remote server by using NTLM authentication. You can use the "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication" policy setting to define a list of remote servers to which clients are allowed to use NTLM authentication.
+
+This policy is supported on at least Windows 7 or Windows Server 2008 R2.
+
+Note: Audit and block events are recorded on this computer in the "Operational" Log located under the Applications and Services Log/Microsoft/Windows/NTLM.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
+            <MSFT:GPRegistryMappedName>Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers</MSFT:GPRegistryMappedName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</NodeName>
           <DFProperties>
@@ -59472,6 +59845,33 @@ The options are:
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXBacked>SecGuide.admx</MSFT:ADMXBacked>
+            <MSFT:ADMXCategory>SecGuide~AT~Cat_SecGuide</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>Pol_SecGuide_0101_WDPUA</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>WDigestAuthentication</NodeName>
           <DFProperties>

From de920d843565108eb32c34195b2d926f7fc5ca85 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 12 Mar 2018 21:45:48 +0000
Subject: [PATCH 110/119] Merged PR 6315: UEFI CSP not supported in Pro

---
 .../mdm/configuration-service-provider-reference.md        | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 1f6269d889..3764a9326f 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/02/2018
+ms.date: 03/12/2018
 ---
 
 # Configuration service provider reference
@@ -2136,7 +2136,7 @@ Footnotes:
 <!--EndCSP-->
 
 <!--StartCSP-->
-[Uefi CSP](uefi-csp.md)  
+[UEFI CSP](uefi-csp.md)  
 
 <!--StartSKU-->
 <table>
@@ -2151,7 +2151,7 @@ Footnotes:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
@@ -2596,6 +2596,7 @@ Footnotes:
 -   [Reporting CSP](reporting-csp.md)
 -   [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
 -   [SurfaceHub CSP](surfacehub-csp.md)
+-   [UEFI CSP](uefi-csp.md)  
 -   [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 
 

From d12118140d5d977f5f49d5f4c7275dabeea41d5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Akshatha=20Kommalapati=20=28=F0=9F=90=8D=29?=
 <akshko@microsoft.com>
Date: Mon, 12 Mar 2018 22:03:20 +0000
Subject: [PATCH 111/119] Merged PR 6316: Set up School PCs Technical
 Reference: Updated the topic's date and removed an entry from the GP table

Topic: Set up School PCs Technical Reference

Changes: Updated the topic's date and removed the 'allow the system to be shut down without having to log on' line item since we no longer set this policy via the Set up School PCs app.
---
 .../windows/set-up-school-pcs-technical.md    | 621 +++++++++---------
 1 file changed, 309 insertions(+), 312 deletions(-)

diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 59d779962f..c4c3cbd233 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -1,312 +1,309 @@
----
-title: Set up School PCs app technical reference
-description: Describes the changes that the Set up School PCs app makes to a PC.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: high
-author: CelesteDG
-ms.author: celested
-ms.date: 02/02/2018
----
-
-# Technical reference for the Set up School PCs app 
-**Applies to:**
-
--   Windows 10 
-
-
-
-The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode. The latest Set up School PCs app is available for Windows 10, version 1703 (Creators Update). Set up School PCs also configures school-specific settings and policies, described in this topic.
-
-If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app will create a setup file that joins the PC to your Azure Active Directory tenant. You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. 
-
-Here's a list of what you get when using the Set up School PCs app in your school. 
-
-| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
-| --- | :---: | :---: | :---: | :---: |
-| **Fast sign-in**<br/>Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X |
-| **Custom Start experience**<br/>The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X |
-| **Guest account, no sign-in required**<br/>This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X |
-| **School policies**<br/>Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X |
-| **Azure AD Join**<br/>The computers are  joined to your Azure AD or Office 365 subscription for centralized management. |   | X | X | X |
-| **Single sign-on to Office 365**<br/>By signing on with student IDs, students have fast access to Office 365 web apps or installed Office apps. |   |    | X | X |
-| **Take a Test**<br/>Configure the Take a Test app and use it for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. |   |    |  | X |
-| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**<br/>Student user and application settings data can be synchronized across devices for a personalized experience. |   |    |    | X |
-
-
-> [!NOTE]  
-> If your school uses Active Directory, use [Windows Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the Set up School PCs app to set up PCs that are connected to Azure AD.
-
-## Automated Azure AD join
-One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated.
-
-To make this as seamless as possible, in your Azure AD tenant:
-- Allow your teacher and other IT staff to join devices to Azure AD so they can sucessfully request an automated Azure AD join token. 
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and in **Users may join devices to Azure AD**, click **Selected** and choose the members you want to enable to join devices to Azure AD.
-
-    **Figure 1** - Select the users you want to enable to join devices to Azure AD
-
-    ![Select the users you want to enable to join devices to Azure AD](images/azuread_usersandgroups_devicesettings_usersmayjoin.png)
-
-- Consider creating a special account that uses a username and password that you provide, and which has the rights to join devices if you don't want to add all teachers and IT staff.
-    - When teachers or IT staff need to set up PCs, they can use this account in the Set up School PCs app.
-    - If you use a service to set up PCs for you, you can give them this special account so they can deliver PCs to you that are already Azure AD joined and ready to be given to a student.
-
-- Turn off multifactor authentication.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Require Multi-Factor Auth to join devices** to **No**.
-
-    **Figure 2** - Turn off multi-factor authentication in Azure AD
-
-    ![Turn off multi-factor authentication in Azure AD](images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png)
-
-- Set the maximum number of devices a user can add to unlimited.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Maximum number of devices per user** to **Unlimited**.
-
-    **Figure 3** - Set maximum number of devices per user to unlimited
-
-    ![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png)
-
-- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time.
-
-    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these. 
-
-    **Figure 4** - Delete the accounts automatically created for the Azure AD tokens
-
-    ![Delete the accounts automatically created for the Azure AD tokens](images/azuread_usersandgroups_allusers_automaticaccounts.png)
-
-- Note that automated Azure AD tokens have expiration dates. Set up School PCs creates them with an expiration date of one month. You will see the specific expiration date for the package in the **Review package summary** page in Set up School PCs.
-
-    **Figure 5** - Sample summary page showing the expiration date
-
-    ![Sample summary page showing the expiration date](images/suspc_choosesettings_summary.png)
-
-
-<!-- When the MSES Get Started goes live, add a link to it from here -->
-
-
-## Information about Windows Update
-
-Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the Set up School PCs app, shared PC mode sets the power states and Windows Update to: 
-* Wake nightly
-* Check and install updates
-* Forcibly reboot if necessary to finish applying updates
-
-The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots. Notfications are also blocked.
-
-## Guidance for accounts on shared PCs
-
-* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** or **Kiosk** will also be deleted automatically at sign out.
-* On a Windows PC joined to Azure Active Directory:
-    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
-    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
-* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts created through **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new local accounts created by the **Guest** or **Kiosk** selection on the sign-in screen, if enabled, will automatically be deleted at sign-out.
-* If admin accounts are necessary on the PC
-    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
-    * Create admin accounts before setting up shared PC mode, or 
-    * Create exempt accounts before signing out.
-* The account management service supports accounts that are exempt from deletion.
-    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
-    * To add the account SID to the registry key using PowerShell:
-
-        ```
-        $adminName = "LocalAdmin"
-        $adminPass = 'Pa$$word123'
-        iex "net user /add $adminName $adminPass"
-        $user = New-Object System.Security.Principal.NTAccount($adminName) 
-        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
-        $sid = $sid.Value;
-        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
-        ``` 
-
-## Custom images
-Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the Set up School PCs provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx).
-
-## Provisioning package details
-
-The Set up School PCs app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). 
-
-### Education customizations set by local MDM policy
-
-- By default, saving content locally to the PC is blocked, but you can choose to enable it. This prevents data loss by forcing students to save to the cloud.
-- A custom Start layout, taskbar layout, and lock screen image are set.
-- Prohibits unlocking the PC to developer mode.
-- Prohibits untrusted Microsoft Store apps from being installed.
-- Prohibits students from removing MDM.
-- Prohibits students from adding new provisioning packages.
-- Prohibits student from removing existing provisioning packages (including the one set by Set up School PCs).
-- Sets Windows Update to update nightly.
-
-
-### Uninstalled apps 
-
-- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe)
-- Weather (Microsoft.BingWeather_8wekyb3d8bbwe)
-- Tips (Microsoft.Getstarted_8wekyb3d8bbwe)
-- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)
-- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe)
-- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe)
-- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)
-- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe)
-- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe)
-
-### Local Group Policies
-
-> [!IMPORTANT]  
-> We do not recommend setting additional policies on PCs configured with the Set up School PCs app. The shared PC mode is optimized to be fast and reliable over time with minimal to no manual maintenance required.
-
-<table border="1"> 
-<thead><tr><th colspan="2"><p>Policy path</p></th></tr>
-<tr><th><p>Policy name</p></th><th><p>Value</p></th> 
-</tr> </thead>
-<tbody>
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td> 
-</tr> 
-<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td> 
-</tr> 
-<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
-</tr> 
-<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
-</tr> 
-<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
-</tr> 
-<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td> 
-</tr> 
-<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
-</tr> 
-<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
-</tr>
-<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p> 5 minutes</p></td>
-</tr> 
-<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p> 5 minutes</p></td>
-</tr> 
-<tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 5 minutes </p> </td>
-</tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 5 minutes</p> </td> 
-</tr> 
-<tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0</p> </td> 
-</tr> 
-<tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Video and Display Settings</strong></p> </td> </tr> 
-<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 5 minutes</p> </td> 
-</tr>
- <tr> <td> <p> Turn off the display (on battery) </p> </td> <td> <p> 5 minutes</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Energy Saver Settings</strong></p> </td> </tr> 
-<tr> <td> <p> Energy Saver Battery Threshold (on battery) </p> </td> <td> <p> 70</p> </td> 
-</tr>
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Logon</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow users to select when a password is required when resuming from connected standby</p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>User Profiles</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Biometrics</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr><td colspan="2"><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Cloud Content</strong></td></tr>
-<tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Data Collection and Preview Builds</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> Allow Telemetry </p> </td> <td> <p> Basic, 0</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>File Explorer</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Maintenance Scheduler</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> *MaintenanceStartTime*</p> </td>
-</tr> 
-<tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours</p> </td> 
-</tr> 
-<tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>OneDrive</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Windows Hello for Business</strong></p> </td> 
-</tr> 
-<tr> <td> <p> Use phone sign-in </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Use Windows Hello for Business </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td> <p> Use biometrics </p> </td> <td> <p> Disabled</p> </td>
-</tr> 
-<tr> <td colspan="2"> <p> <strong>Windows Settings</strong> > <strong>Security Settings</strong> > <strong>Local Policies</strong> > <strong>Security Options</strong></p> </td> 
-</tr> 
-<tr><td><p>Accounts: Block Microsoft accounts</p><p>**Note** Microsoft accounts can still be used in apps.</p></td><td><p>Enabled</p></td></tr>
-<tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
-</tr> 
-<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Shutdown: Allow system to be shut down without having to log on </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
-<tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny</p> </td>
-</tr> 
-</tbody>
-</table> </br>
-
-## Use the app
-When you're ready to use the app, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). 
-
-## Related topics
-
-[Set up Windows devices for education](set-up-windows-10.md)
-
-
-
-
-
+---
+title: Set up School PCs app technical reference
+description: Describes the changes that the Set up School PCs app makes to a PC.
+keywords: shared cart, shared PC, school, set up school pcs
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.sitesec: library
+ms.pagetype: edu
+ms.localizationpriority: high
+author: CelesteDG
+ms.author: celested
+ms.date: 03/12/2018
+---
+
+# Technical reference for the Set up School PCs app 
+**Applies to:**
+
+-   Windows 10 
+
+
+
+The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode. The latest Set up School PCs app is available for Windows 10, version 1703 (Creators Update). Set up School PCs also configures school-specific settings and policies, described in this topic.
+
+If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app will create a setup file that joins the PC to your Azure Active Directory tenant. You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. 
+
+Here's a list of what you get when using the Set up School PCs app in your school. 
+
+| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
+| --- | :---: | :---: | :---: | :---: |
+| **Fast sign-in**<br/>Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X |
+| **Custom Start experience**<br/>The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X |
+| **Guest account, no sign-in required**<br/>This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X |
+| **School policies**<br/>Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X |
+| **Azure AD Join**<br/>The computers are  joined to your Azure AD or Office 365 subscription for centralized management. |   | X | X | X |
+| **Single sign-on to Office 365**<br/>By signing on with student IDs, students have fast access to Office 365 web apps or installed Office apps. |   |    | X | X |
+| **Take a Test**<br/>Configure the Take a Test app and use it for taking quizzes and high-stakes assessments by some providers like Smarter Balanced. |   |    |  | X |
+| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**<br/>Student user and application settings data can be synchronized across devices for a personalized experience. |   |    |    | X |
+
+
+> [!NOTE]  
+> If your school uses Active Directory, use [Windows Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the Set up School PCs app to set up PCs that are connected to Azure AD.
+
+## Automated Azure AD join
+One of the most important features in Set up School PCs is the ability to create a provisioning package that performs automated Azure AD join. With this feature, you no longer have to spend minutes going through Windows setup, manually connecting to a network, and manually joining your Azure AD domain. With the automated Azure AD join feature in Set up School School PCs, this process is reduced to zero clicks! You can skip all of the Windows setup experience and the OS automatically joins the PC to your Azure AD domain and enrolls it into MDM if you have a MDM provider activated.
+
+To make this as seamless as possible, in your Azure AD tenant:
+- Allow your teacher and other IT staff to join devices to Azure AD so they can sucessfully request an automated Azure AD join token. 
+
+    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and in **Users may join devices to Azure AD**, click **Selected** and choose the members you want to enable to join devices to Azure AD.
+
+    **Figure 1** - Select the users you want to enable to join devices to Azure AD
+
+    ![Select the users you want to enable to join devices to Azure AD](images/azuread_usersandgroups_devicesettings_usersmayjoin.png)
+
+- Consider creating a special account that uses a username and password that you provide, and which has the rights to join devices if you don't want to add all teachers and IT staff.
+    - When teachers or IT staff need to set up PCs, they can use this account in the Set up School PCs app.
+    - If you use a service to set up PCs for you, you can give them this special account so they can deliver PCs to you that are already Azure AD joined and ready to be given to a student.
+
+- Turn off multifactor authentication.
+
+    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Require Multi-Factor Auth to join devices** to **No**.
+
+    **Figure 2** - Turn off multi-factor authentication in Azure AD
+
+    ![Turn off multi-factor authentication in Azure AD](images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png)
+
+- Set the maximum number of devices a user can add to unlimited.
+
+    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > Device Settings** and set **Maximum number of devices per user** to **Unlimited**.
+
+    **Figure 3** - Set maximum number of devices per user to unlimited
+
+    ![Set maximum number of devices per user to unlimited](images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png)
+
+- Clear your Azure AD tokens from time to time. Your tenant can only have 500 automated Azure AD tokens active at any one time.
+
+    In the Azure portal, select **Azure Active Directory**. Go to **Users and groups > All users** and look at the list of user names. User names that start with **package_** followed by a string of letters and numbers. These are the user accounts that are created automatically for the tokens and you can safely delete these. 
+
+    **Figure 4** - Delete the accounts automatically created for the Azure AD tokens
+
+    ![Delete the accounts automatically created for the Azure AD tokens](images/azuread_usersandgroups_allusers_automaticaccounts.png)
+
+- Note that automated Azure AD tokens have expiration dates. Set up School PCs creates them with an expiration date of one month. You will see the specific expiration date for the package in the **Review package summary** page in Set up School PCs.
+
+    **Figure 5** - Sample summary page showing the expiration date
+
+    ![Sample summary page showing the expiration date](images/suspc_choosesettings_summary.png)
+
+
+<!-- When the MSES Get Started goes live, add a link to it from here -->
+
+
+## Information about Windows Update
+
+Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the Set up School PCs app, shared PC mode sets the power states and Windows Update to: 
+* Wake nightly
+* Check and install updates
+* Forcibly reboot if necessary to finish applying updates
+
+The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots. Notfications are also blocked.
+
+## Guidance for accounts on shared PCs
+
+* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
+* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** or **Kiosk** will also be deleted automatically at sign out.
+* On a Windows PC joined to Azure Active Directory:
+    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
+    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
+* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts created through **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new local accounts created by the **Guest** or **Kiosk** selection on the sign-in screen, if enabled, will automatically be deleted at sign-out.
+* If admin accounts are necessary on the PC
+    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
+    * Create admin accounts before setting up shared PC mode, or 
+    * Create exempt accounts before signing out.
+* The account management service supports accounts that are exempt from deletion.
+    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
+    * To add the account SID to the registry key using PowerShell:
+
+        ```
+        $adminName = "LocalAdmin"
+        $adminPass = 'Pa$$word123'
+        iex "net user /add $adminName $adminPass"
+        $user = New-Object System.Security.Principal.NTAccount($adminName) 
+        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
+        $sid = $sid.Value;
+        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
+        ``` 
+
+## Custom images
+Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the Set up School PCs provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx).
+
+## Provisioning package details
+
+The Set up School PCs app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). 
+
+### Education customizations set by local MDM policy
+
+- By default, saving content locally to the PC is blocked, but you can choose to enable it. This prevents data loss by forcing students to save to the cloud.
+- A custom Start layout, taskbar layout, and lock screen image are set.
+- Prohibits unlocking the PC to developer mode.
+- Prohibits untrusted Microsoft Store apps from being installed.
+- Prohibits students from removing MDM.
+- Prohibits students from adding new provisioning packages.
+- Prohibits student from removing existing provisioning packages (including the one set by Set up School PCs).
+- Sets Windows Update to update nightly.
+
+
+### Uninstalled apps 
+
+- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe)
+- Weather (Microsoft.BingWeather_8wekyb3d8bbwe)
+- Tips (Microsoft.Getstarted_8wekyb3d8bbwe)
+- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)
+- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe)
+- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe)
+- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)
+- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe)
+- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe)
+
+### Local Group Policies
+
+> [!IMPORTANT]  
+> We do not recommend setting additional policies on PCs configured with the Set up School PCs app. The shared PC mode is optimized to be fast and reliable over time with minimal to no manual maintenance required.
+
+<table border="1"> 
+<thead><tr><th colspan="2"><p>Policy path</p></th></tr>
+<tr><th><p>Policy name</p></th><th><p>Value</p></th> 
+</tr> </thead>
+<tbody>
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td> 
+</tr> 
+<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
+</tr>
+<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p> 5 minutes</p></td>
+</tr> 
+<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p> 5 minutes</p></td>
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 5 minutes </p> </td>
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 5 minutes</p> </td> 
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0</p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0</p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Video and Display Settings</strong></p> </td> </tr> 
+<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 5 minutes</p> </td> 
+</tr>
+ <tr> <td> <p> Turn off the display (on battery) </p> </td> <td> <p> 5 minutes</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Energy Saver Settings</strong></p> </td> </tr> 
+<tr> <td> <p> Energy Saver Battery Threshold (on battery) </p> </td> <td> <p> 70</p> </td> 
+</tr>
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Logon</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Allow users to select when a password is required when resuming from connected standby</p> </td> <td> <p> Disabled</p> </td> 
+</tr> 
+<tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>User Profiles</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Biometrics</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
+</tr> 
+<tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled</p> </td> 
+</tr> 
+<tr><td colspan="2"><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Cloud Content</strong></td></tr>
+<tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Data Collection and Preview Builds</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled</p> </td> 
+</tr> 
+<tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td> <p> Allow Telemetry </p> </td> <td> <p> Basic, 0</p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>File Explorer</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Maintenance Scheduler</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> *MaintenanceStartTime*</p> </td>
+</tr> 
+<tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours</p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled</p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>OneDrive</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong> > <strong>Windows Components</strong> > <strong>Windows Hello for Business</strong></p> </td> 
+</tr> 
+<tr> <td> <p> Use phone sign-in </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Use Windows Hello for Business </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td> <p> Use biometrics </p> </td> <td> <p> Disabled</p> </td>
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Windows Settings</strong> > <strong>Security Settings</strong> > <strong>Local Policies</strong> > <strong>Security Options</strong></p> </td> 
+</tr> 
+<tr><td><p>Accounts: Block Microsoft accounts</p><p>**Note** Microsoft accounts can still be used in apps.</p></td><td><p>Enabled</p></td></tr>
+<tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
+</tr> 
+<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td> 
+<tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny</p> </td>
+</tr> 
+</tbody>
+</table> </br>
+
+## Use the app
+When you're ready to use the app, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). 
+
+## Related topics
+
+[Set up Windows devices for education](set-up-windows-10.md)
+
+
+
+
+

From aaa60d5bb37d4b2c91f4b9e62166463ba8353a93 Mon Sep 17 00:00:00 2001
From: Douglas Plumley <douglas.plumley@dartmouth.edu>
Date: Tue, 13 Mar 2018 09:29:31 -0400
Subject: [PATCH 112/119] Corrected spelling error, changed 'Dekstop' on line
 53 to 'Desktop'

---
 ...lock-potentially-unwanted-apps-windows-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index b30883b882..9f225964af 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -50,7 +50,7 @@ PUAs are blocked when a user attempts to download or install the detected file,
 - The file is being scanned from the browser
 - The file is in a folder with "**downloads**" in the path
 - The file is in a folder with "**temp**" in the path
-- The file is on the user's Dekstop
+- The file is on the user's Desktop
 - The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
 
 The file is placed in the quarantine section so it won't run. 

From 4ffd88ad0328d6c15b8bbb621e854f4dbd23b89d Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Tue, 13 Mar 2018 14:44:01 +0000
Subject: [PATCH 113/119] Merged PR 6328: Diagnostic data changes for March
 update

---
 ...ndows-diagnostic-events-and-fields-1703.md | 38 ++++++++++++++++---
 ...el-windows-diagnostic-events-and-fields.md | 27 ++++++++++++-
 ...change-history-for-configure-windows-10.md | 10 ++++-
 3 files changed, 66 insertions(+), 9 deletions(-)

diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md
index d6c2534f87..819b8ca97a 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.localizationpriority: high
 author: eross-msft
 ms.author: lizross
-ms.date: 04/05/2017
+ms.date: 03/13/2018
 ---
 
 
@@ -832,13 +832,17 @@ This event represents the basic metadata about a file on the system.  The file m
 The following fields are available:
 
 - **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **AvDisplayName** The version of the Appraiser file generating the events.
+- **AvProductState** If the app is an anti-virus app, this is its display name.
+- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64
 - **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
 - **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
-- **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64
 - **BoeProgramId**  If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
 - **CompanyName**  The company name of the vendor who developed this file.
 - **FileId**  A hash that uniquely identifies a file.
 - **FileVersion**  The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe** Represents state of antivirus program with respect to whether it's turned on and the signatures are up-to-date.
+- **IsAv** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64
 - **LinkDate**  The date and time that this file was linked on.
 - **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
 - **Name**  The name of the file that was inventoried.
@@ -847,6 +851,24 @@ The following fields are available:
 - **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
 - **Size**  The size of the file (in hexadecimal bytes).
 
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents the drivers that an application installs.
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component 
+- **Programids** The unique program identifier the driver is associated with.
+
+
+## Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
+
+This event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. 
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component.
+
 
 ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
 
@@ -1628,15 +1650,19 @@ This event sends data about the processor (architecture, speed, number of cores,
 
 The following fields are available:
 
-- **ProcessorCores**  Retrieves the number of cores in the processor.
-- **ProcessorPhysicalCores**  Number of physical cores in the processor.
+- **KvaShadow** Microcode info of the processor.
+- **MMSettingOverride** Microcode setting of the processor.
+- **MMSettingOverrideMask** Microcode setting override of the processor.
 - **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture.
 - **ProcessorClockSpeed**  Retrieves the clock speed of the processor in MHz.
+- **ProcessorCores**  Retrieves the number of cores in the processor.
+- **ProcessorIdentifier**  The processor identifier of a manufacturer.
 - **ProcessorManufacturer**  Retrieves the name of the processor's manufacturer.
 - **ProcessorModel**  Retrieves the name of the processor model.
-- **SocketCount**  Number of physical CPU sockets of the machine.
-- **ProcessorIdentifier**  The processor identifier of a manufacturer.
+- **ProcessorPhysicalCores**  Number of physical cores in the processor.
 - **ProcessorUpdateRevision** The microcode version.
+- **SocketCount**  Number of physical CPU sockets of the machine.
+- **SpeculationControl** Clock speed of the processor in MHz.
 
 
 ### Census.Speech
diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index eac9fde18a..963fb2a1f9 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 localizationpriority: high
 author: eross-msft
 ms.author: lizross
-ms.date: 02/12/2018
+ms.date: 03/13/2018
 ---
 
 
@@ -317,6 +317,8 @@ This event represents the basic metadata about a file on the system.  The file m
 The following fields are available:
 
 - **AppraiserVersion**  The version of the Appraiser file generating the events.
+- **AvDisplayName** The version of the Appraiser file generating the events.
+- **AvProductState** If the app is an anti-virus app, this is its display name.
 - **BinaryType**  A binary type.  Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64
 - **BinFileVersion**  An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
 - **BinProductVersion**  An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
@@ -324,6 +326,8 @@ The following fields are available:
 - **CompanyName**  The company name of the vendor who developed this file.
 - **FileId**  A hash that uniquely identifies a file.
 - **FileVersion**  The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe** Represents state of antivirus program with respect to whether it's turned on and the signatures are up-to-date.
+- **IsAv** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64
 - **LinkDate**  The date and time that this file was linked on.
 - **LowerCaseLongPath**  The full file path to the file that was inventoried on the device.
 - **Name**  The name of the file that was inventoried.
@@ -332,6 +336,23 @@ The following fields are available:
 - **ProgramId**  A hash of the Name, Version, Publisher, and Language of an application used to identify it.
 - **Size**  The size of the file (in hexadecimal bytes).
 
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents the drivers that an application installs.
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component 
+- **Programids** The unique program identifier the driver is associated with.
+
+
+## Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
+
+This event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. 
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component.
 
 ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
 
@@ -1593,6 +1614,9 @@ This event sends data about the processor (architecture, speed, number of cores,
 
 The following fields are available:
 
+- **KvaShadow** Microcode info of the processor.
+- **MMSettingOverride** Microcode setting of the processor.
+- **MMSettingOverrideMask** Microcode setting override of the processor.
 - **ProcessorArchitecture**  Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture.
 - **ProcessorClockSpeed**  Retrieves the clock speed of the processor in MHz.
 - **ProcessorCores**  Retrieves the number of cores in the processor.
@@ -1602,6 +1626,7 @@ The following fields are available:
 - **ProcessorPhysicalCores**  Number of physical cores in the processor.
 - **ProcessorUpdateRevision** The microcode version.
 - **SocketCount**  Number of physical CPU sockets of the machine.
+- **SpeculationControl** Clock speed of the processor in MHz.
 
 
 ### Census.Security
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 144f6425e6..02dee783c1 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,18 +8,24 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 02/12/2018
+ms.date: 03/13/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## March 2018
+
+New or changed topic | Description
+--- | ---
+[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the March update.
+
 ## February 2018
 
 New or changed topic | Description
 --- | ---
-[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) | Added events and fields that were added in the February update.
+[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the February update.
 [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
 [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Updated the instructions for applying a customized Start layout using Microsoft Intune.
 

From 97f4b6e9820c80c9738df61d9218f51b9846ed0c Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Tue, 13 Mar 2018 10:17:41 -0700
Subject: [PATCH 114/119] switching to new feedback system

---
 browsers/edge/docfx.json                  |  3 +++
 browsers/internet-explorer/docfx.json     |  3 +++
 devices/hololens/docfx.json               |  3 +++
 devices/surface-hub/docfx.json            |  3 +++
 devices/surface/docfx.json                |  3 +++
 education/docfx.json                      | 13 ++++++++-----
 gdpr/docfx.json                           |  5 ++++-
 mdop/docfx.json                           |  3 +++
 smb/docfx.json                            |  3 +++
 store-for-business/docfx.json             |  5 ++++-
 windows/application-management/docfx.json |  3 +++
 windows/client-management/docfx.json      |  3 +++
 windows/configuration/docfx.json          |  3 +++
 windows/deployment/docfx.json             |  3 +++
 windows/hub/docfx.json                    |  3 +++
 windows/security/docfx.json               |  3 +++
 windows/whats-new/docfx.json              |  3 +++
 17 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json
index a699361d13..31eafa6401 100644
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@@ -21,6 +21,9 @@
 		"ms.topic": "article",
 		"ms.author": "lizross",
 		"ms.date": "04/05/2017",
+	    "feedback_system": "GitHub",
+        "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+        "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.microsoft-edge"
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 056939a089..b7a205ddd2 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -22,6 +22,9 @@
 		"ms.technology": "internet-explorer",
 		"ms.topic": "article",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.internet-explorer"
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 91c25a934c..7a67485a17 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -35,6 +35,9 @@
 		"ms.topic": "article",
 		"ms.author": "jdecker",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.itpro-hololens"
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index d6a3efaf96..dc151c3165 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -24,6 +24,9 @@
 		"ms.sitesec": "library",
 		"ms.author": "jdecker",
 		"ms.date": "05/23/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.surface-hub"
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 502700db32..86d594455f 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -21,6 +21,9 @@
 		"ms.topic": "article",
 		"ms.author": "jdecker",
 		"ms.date": "05/09/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.surface"
diff --git a/education/docfx.json b/education/docfx.json
index 067964f4d7..c01be28758 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -20,11 +20,14 @@
 		"audience": "windows-education",
 		"ms.topic": "article",
 		"breadcrumb_path": "/education/breadcrumb/toc.json",
-      "ms.date": "05/09/2017",
-      "_op_documentIdPathDepotMapping": {
-        "./": {
-          "depot_name": "Win.education"
-        }
+        "ms.date": "05/09/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+        "_op_documentIdPathDepotMapping": {
+          "./": {
+            "depot_name": "Win.education"
+          }
        }
     },
     "externalReference": [
diff --git a/gdpr/docfx.json b/gdpr/docfx.json
index dd5fca1462..d426f781dc 100644
--- a/gdpr/docfx.json
+++ b/gdpr/docfx.json
@@ -31,7 +31,10 @@
     "externalReference": [],
     "globalMetadata": {
     "author": "eross-msft",
-		"ms.author": "lizross"
+		"ms.author": "lizross",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app"
     },
     "fileMetadata": {},
     "template": [],
diff --git a/mdop/docfx.json b/mdop/docfx.json
index a9a41d5222..a6ff6398ef 100644
--- a/mdop/docfx.json
+++ b/mdop/docfx.json
@@ -22,6 +22,9 @@
 		"ms.topic": "article",
 		"ms.author": "jamiet",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.mdop"
diff --git a/smb/docfx.json b/smb/docfx.json
index 866b2b152c..181bf75fda 100644
--- a/smb/docfx.json
+++ b/smb/docfx.json
@@ -31,6 +31,9 @@
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT",
 		"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "TechNet.smb"
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index accb0bcea0..d739d26b28 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -37,7 +37,10 @@
 		"ms.technology": "windows",
 		"ms.topic": "article",
 		"ms.date": "05/09/2017",
-    "searchScope": ["Store"],
+		"searchScope": ["Store"],
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.store-for-business"
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 285dcee673..7d3ae2dae2 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "elizapo",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-app-management"
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index f649a5d1af..4fc5382798 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "dongill",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-client-management"
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index e5720e332c..abe019f76c 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "jdecker",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-configuration"
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index 353f473c8c..e722db5465 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -38,6 +38,9 @@
 		"ms.topic": "article",
 		"ms.author": "greglin",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-development"
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index e33995957d..781df2941e 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -39,6 +39,9 @@
 		"ms.topic": "article",
 		"ms.author": "brianlic",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.windows-hub"
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 18fe87fb57..394ca15239 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -36,6 +36,9 @@
 	  "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
 	  "ms.technology": "windows",
 	  "ms.topic": "article",
+	  "feedback_system": "GitHub",
+	  "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+      "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 	  "ms.author": "justinha"
     },
     "fileMetadata": {},
diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json
index 1bbc64ff9e..34346b0e9c 100644
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "trudyha",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-whats-new"

From 402dc5b319998426eb1ab5acbe064ac5864f3522 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 13 Mar 2018 10:40:54 -0700
Subject: [PATCH 115/119] added screenshot for cmd

---
 .../application-management/media/cmd-type.png   | Bin 0 -> 25765 bytes
 .../per-user-services-in-windows.md             |  14 +++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 windows/application-management/media/cmd-type.png

diff --git a/windows/application-management/media/cmd-type.png b/windows/application-management/media/cmd-type.png
new file mode 100644
index 0000000000000000000000000000000000000000..a6c13e8c7c0bae4225dad0b0ced0dc0f3b510a60
GIT binary patch
literal 25765
zcmd43WmH>HyDo}rkfH&KyA*;$aVTD(Sb<`pXn__l?hs1RqQ%`QT8b6d;%>z$#XSUv
zyZH9E?VNkZ*?W)k<BmZFk(I2u=6vV#+ViaNSL%v*IFvX@NJx0fN-wmKkWd7XkdPy>
zP=I&7z3Dyz{vo?)Das;Mj6B@|UZ7dasL3E9Rmb4onxO-)u^p8RT#%6PyB;6NeGbJI
zNJtjXm0!r{c$geyXv8rIN4wu}Kac!Tdqix*yEi}bdQdd9+=0GUQZZ}u#-v;Bo=Dm2
z#b#S+|7j<`urMK-452F~e?Ha@Z5IUeAO3FlZ`;hkFtba_sb5S5R50MVqBd)M!Uy0z
zFpXNqORc8Ik39t3_>^}ZKV2LDUk~(i_ItRy@XQQbv+fHnVOuJ@x@dbaW~{v3l6ug5
z`0db^xLYwQ^>AAod4Ceqc7I*=ou^}(*8f&B$}}>wS3?;EpM7!KV<)RcT8>A>8(HEk
zNC*o4kS=8Z)cMD~@6W%=9>gw^cwN|4EF=Zqf|(j*BxT@Et&I<6%AIm`4yz=pSA+Rm
zFaa+bp8*P_o2&eX{k*jG7aWb|8!$?Y)KQ77^&bns73&p)MiUOF^DF3!)LTw{-q>2s
zJ)Fv$Q{c@g9!|FgDi-Dk?9$>}lSkGe>lNAa1mU_~IT!s*rBJpq3M!uOm<zo)gT_4L
z4EkeX;2k4V74F}Ty=_#VLPFK0?hvCm>Pl}80~!3yWcVqXJkb4v6|xMPn2#4u7*NOK
zxQW~i<xUKLKMU$QE;z<}rgC9hj-JHN5q;FSsZjA6Gk->>*=$o~9GUv{26p1>3c1Ml
zC0^L4l5^m+T5#l~jCi)wL5m3woWycpOWz@o*Xpgf`zZ$YhT}ni9N()byZG1yVnh1|
z&V0`K?L7${3<1^8$7IYwb~1$L0V%c37H}K|B8SEE)wpUI7&DmlTQ6zX>qAdqE%(}0
zuV3z%M9I@9AaHu*H%*v3-k4i@;_1XL&CP#%E2fV8S|I0YSUFifP?yImjjUnB4X(nI
zzz$FD^k>{x-!0VU&x<d_86<+VWG~L*3*7uXAqd9{48&SY;ih!jZ7mMTM>?TUlcspU
z9dz83u8er|gTP#mM8+#*OpgO>N=>eM1Ob@_dPx<yR<gL&F7SwQu?1GllA}lH304$e
z6^7|Z1ixq?)o|2YEW3MQG;cZS<r`+g7Cyrtus#>D^UO=P2fG5FwGOwVaiY1L+Hr2{
z;C`I5`Sy^*%-X|riioIJVEU;-nT(*&@sZJ7LvcWs@w@M?yc~leH1zO99OA|#GjJ={
z&z?ua(5Ln?-d;SaQ#aTX(~0U*YT_&#)hhikzPFI$g2xph>%wlbKq!rqm0GZS072uA
ztaB&J*tauP(iMzfyilHQc)tH-d=9;ZoSXS-+lQ~eI~b&lB{aZ`8oEsN_J<;_faYs+
zR6T`$UtYr*B5<4<c0{kTx0Qe+b{E7)%|khheW|QkT{EWCH`FUfc&<#juaw^Dt=VqD
z3&+Iga|aG)i3ujss?!N%l2zE_NLE7H^V5tCK09vy9i;E#mGeS;tAm^jzQ07cmAs_<
z*67h(hoFHBAGYb)Qd=pcIt7_D9%UFC2bVi*e6d1&HdBrH5!RQBM6ZcXo<?!AKz}pQ
zQnG{0ud)fOM%d$On8q1y?yv?0&FujT)a8gtP?+o5bzwGA1R%ide+wTDpZ&q@cDNIM
z@T1jGaU;{$Y@NB4zQyqt1i-{ksA8*&xWF4XQ{$=7bZgDS3>tpo{hI<x;r{j`_~z;C
zEy<4B>Xz?TJa4;L>)(3o9p5eOhn_eoj!qXp<B(CV_bX%fzZtuVdlNzB9}QW03sSQf
z@Vbs)kfO6M8P1Ke4vd+YjPI*l{=Etjj>sc+(t9viz4gU?aK&OIz5S-YBIVa`o%8WZ
zEFkLlXpyhn(!i#xOnh}`v1JPWEj)u7wq_kRaQt#-xzlch^*#OrcdNhTGi#y`>>pdm
z%Bsl=^i8PKq=uecYbMApCU%(c+HXV(r~0NCKtV}Fkp<T;nr+}&i5TyZMg<!A3AZ@n
z5tgLAj0IjLXw=+H&!$@^;)kYU&r3<*%1Z5A<~^5XPMb3eVP=;-Ieg;UP4&<cl^nFe
zsN!l{_q1#$L81NOcDwhtE#9g-FDjwpi=<<D`M9bPmAbmD)yXeIss*1TvsrLE(zy$O
zFDA-m1fx0l{HB<g1h5b=(2x=Ay*-?-w2x;thrCANS8fB(iR<=6OawZsRv|e&-Bp>E
zs3H@`n;N%a8e=M;nIF`Jq)VRf>d<lBkiemoqN=;}zP-sbD(WeL(8apV&I^S}Gc8oZ
zUFxoHaqKfe6M=JLRl)v@Ib|3|;qg6bP8?LfiF&8^_~De&Zl(qp4E*SH@Vej41ej4}
z<3ZhEgH8HhMOMBH$unJ8HgC!B69YyE(T2k*U~)HrQOJ~I%kL})P5ZFxzD>zXq9${%
zE~BJ+J}Qm7X_A-0R$%nBnT=Rk-1XJ^`xG7gWN9X})%~S3d7~?ckN^#-S>@%RbeL<c
zpFLf+9zLaBUPeb1*Pqy-X;$ZVVe{==W%yq$_k%o5_<}KSb<DvqQ!15ie!v7@r<mx=
z@knEZx%H{&MKNyIweLhV%YD`CFiGdRCm5v74rz(=qIs3@#T|94)4HzGqW|s7T06wt
zwk1@sV!Jd3MWN)^f|Rr5P7Y-yo#YcDsnmQMgM`Uv*oyIV<oMdD%miJKR}7heT~@ii
z;SD9q6Rt{9E~!Y^CEbd@XRaG%FSlg(U%*ns<lZFW%43h9AtlnwBzsFL$yEq_GRh?s
zJb1LM<>Q?+v@H2<RwT5;E=CRIqlqPCVKraX{<*>SJZw(qX46c&l+zZZVdO1X0ag&K
zfXj#D(!$IFN^!LSdy*I9`dHba@+Rsx)V$?JL`NBSlPC1|pR3*KWPUfm8`#Mfcon)j
z(EB^Jo%5KM<tOY4T}dB*X{)>wyGy>q%?M4C+olZ$_H8SRZdJbPV-#_0vuhDIf%o_{
zuOwbsMffqch$&QOVPAR-GsIJ$r~Lo=z+1=r%MF6e_6HzXnWllQCI2IWF}&QXY_mO<
zx<A><^3Po}IpBO~)r#V*R_49FyIAqRIjHZ646<}^?{|$zi9cM8H;MdG-O=W?2Tiww
zNkhiXBe^IpDd8;r1$RhRg_JyZRHcK}<dEJ%>mkU?)Op7Oi__=p8T&W)GDiLB8eI@H
z&X<}^dgjxH92q^;<f$f4pA^3sl>Rf-P_Vi?T<t8f6J4;l8yT<Tneg&Uq1EO0Ra=L|
z*;O^jKp@6^mmjT%;Rx%UcW)JU*T>wa;w*S-&eI!Lmsce9zy+CI;=i&6jIK<yT$`-V
za7&wm%QD&J?M~>X&qB=SE@gLck3QqCt3Ud<-=9!oU@X#CKa0o7!#@u+!NcOw4)}tk
zJ@)4V@l=2(@w&hi{_;94csqCdEtf3I^z?M8*Lg2>)Sz&nhg?#b=lN%$CN&R%b1Mhd
zWg;eLjNGY2vjERSeum%Z6j-)TxtE;5Fl{Y|=7hs%`KMZHQ}7y;sV~5#e*dn}ch7gK
z0*7vXwjMW}E6aa%S-!e>0%cdMa-EoZhC=g7;g!L%DUFiAxeIP2HTqCl9Q~4VU(g_*
z@lGolYFTd`h2Aeidn1P<mA{PHLq;jomhHhQ%9TNb%1B>x(4vs(a}+A^WPh6FadtuS
zKR_p$;d4#Cub+du!q*c00ekOWz<gcNQqzs3HBzn!1P29AW5+oS<M>{{dyj2br0Yk5
zFb65zTgDTgm&rw$TOApiC7=>Fb`pIXkVaxFJ8>pIwo)Q`2ylraJx-Y}d6Lnruo;q1
zw9cOzP%Y|eZ%r|>FVv$%c>Nc}3y6HuLwD>=$gkhxUgu`V01hT$>Nj_RH@T=@IU~CO
zlzyYtmA-6eQ_K&|liktFkmDYIdN>e_x;fOeSWO-V-XJXZT1;NQRN)ppe@CZ|)vlau
zb0912fV68&8A~SU!OygFf0DgVVx^@wfCUyY8bxr^zq5A`##N2Q4UyrIC7aH%(|j(r
z{OQ>snsv_XU&{=|Ep5OPU!t!*PQ_7>?OXQm(fMQ2m0nov`k=<4>j{x_b$i5maecx1
z(duG&WY}DJ0D^_-Foha5x!spNI_M-va;z*+caH9)@V9hwwV6G5m$@ZitgrVW4$a;s
zXgJ~Y18mh3N`t`roT80(kW7c#tFW!^Rv*A(hYgyijbrA(yUxehAp!<L`j0_W_NEf)
zyfHwr>>23HFe&?5)1{3kh})u&y!%Fuyw(sMx8CcxI2)Gx%P8P9>*1F5V(NtiWB#I?
z6iw1!{CjHj@D-$Pq_|w2HA_wW5J|Ge8&*<F_#X)Wg3iZhSiZGi@zpv5EDA@r-%@WA
z?o?!d=Si-Vkj=&67UJi&(||P#UlflvHv=nU@whVoo)8^c=RM>+yO7#^L^#tdj_v=L
z7^$NSrr1?9`hBqzp?^%2)MfoYZl&5)xR`cfKf<Cr(RHoZtdUE`4W+u$V@?%6mbKLQ
zH+64u)=~BmK{JAqAL=r2{RVjm1a43IHgUjn(|ruq{YF{Nn|d#Qy?>C<9cuNwYGyy|
zzqiGe>i5++Fm7FKoTJNYbUUveT6gFr+~%|2y!|w&$>Tq%J0Qs};@Eb*(dTO8<rgQA
z%*E}ac`bfqXPTgT>&Qv3dfQ%%U~Iy*iJXZ|XAA1~Pj(R%A2eFWM3H<m<tS?#T;R%@
zLvy(4iwM0akUdVEMDj5NcS<L^_#RrGSF?B-P&6{eBWA5z30z&AmPccZ?s$*i=1qfR
z)DdM;G$u>_rnpIzd!>CCl6uYcU7Rsl>R*|O8((IvVX0QSY(6&<b5(P{8Mga%Jn@H*
zri;*vSRo5H$)>SNp!3ir+|yL21>V)zu<ymTq}(80H|UaH^wdZ0+9igUTo$L>$f1c#
z!n<dOywMnBV--V~O<pLbCxx1xI?#};TG5hjIRV;lX}sQ8o4(tEO7~K!v79#UR&O>g
zv{0Kg3~XSE7_oF}%y#de+l5t_VS%rND=m|JwFC;2H^s<XBtXdlNH}*W7;h(qE&pFe
zvhV%rZ`0gh;#O;0E~OGjkI~A{p|!inKvB$RjhwL`BQh-S(*7}+&xLd+!4Iov(jXkw
z98>Nh!uOF?!OO~xlV!hYs4k5x*Mj~YcLrng3Z*kCvF5%5`(lkyZ0_GJ%(n8BrmZOs
ze;X{}cU1nQ3;`d8i&u+^d0FTe){@H*j8Ezu)$x>?T(22T(WnA;Ceb%YwHN%MMM?X#
z6q4UY<>I@JuA0Fx{eief<<PhPTNzc6<L|`W9fcJy5K{qShSdCaZ=PNtQ4=AbqZtdt
z3#~3|91RStM1rvKuvH&Zmf4)RG9HyE(Ga;CBMDS*ZM>0MeLAX;Cvk-BFXsn!=^Fl2
z91Z8m<FWp!*~@WdT|1pR9IYO0k&m+TJZu54tMbhjnT`#{*MZ984%K-+x^s^r)lV#>
zYV9TZF4Cg1=$>7-U?`kBr`w#2$z;tn-K}-~F!feSVWUZUA;VX~GTVyqL(Xd|#Psoa
zhS4m6-}q@v7s*ougqk#8z0=TWG&m9c6FB!ZiMVD{yrZY>#nv48&5X-Y525L|#${K{
zd}xWtp#0n6_Z%KPbq>SguV|knd1aUc&(os9ZIiavW;Q3jmL+ez#OZ&tPPS!0O$h-V
zX3uBXX~?pufY})HXO%NJfiV~@8CE!8%=1?XHy)4qq6AXIkR{%1{4$Zg<<g|~q*Cv<
zoR!;A@7yd|%GxNPp>B-=Vb?DoG$IDCYo=!Ia7rX+L_F+%EU7tZEWJ`@!lEALBVSCd
zC-@$RaNgg4xbPpP<VHO%-lnI&n9H7p`#l+o>q?jIhlT8utiLcaE{XR&xXHa{Yasoq
zH!7Wqtamv&;#~c7U9pk1af40Cf%fgLm)=(CQ+1{HRSAboQ+eV5w%nooE0%=Z?~e%1
z3UlA<n6Adad;YrcNCxf0HE3K~HUao)A^qRs=l>AES+B()e3$(nZdUxcS3+8Dtu}dv
z?$6*yB~QGxbzX0TulU^@@O7vr1s>lVwV6|x<6)sjVMx2ss{X+jrS;VwdT2J&7#t^c
zx7Ca@aj{eJ#i)`|AE8!)^ry~;&bMmUZzl=d@bxHXFvo<bX*PBfu=)YfsN^}m(vEsy
zV*kWsHG@7EnkoU&U_qTS1+%eU8LsLX8AwB|dT|@CK#<LEVlV%KbM;qMklu#zSBZMQ
zWv|Yj#Z=FU%w@}!#!2)!F*H4RQ)2V)Xus0&Ia*mRJl%qL6IP!SB(7nzOTo2g9)+$&
zP#(Ou@>Rvy%&6w2FyN$6X4%O-e7@f42D~meX0pn|A2%|;_P2@^D{?FE@Kryo1X{xk
zQ{ab~*p$T4Q9&(OzAKu1gu(V<s0Y(D3FKq673g}G9foz4zrPupJ8I!w8(|#RN)dD&
z%Xr`d0U7%-9=YmQ{U=Smg<h%n-+kb5$N~<!#rRz}Z0UJsT*cv8Xp?!NS>GXzpB)N6
zZ8pE$S3T!`Y5#*L<!1@V0*uE$(Nl=D*4PN2Nc7d~4}Z&pTAPS9-+|tzQc}^Kre-b&
z0ij{OU5&)R5b~esgMuY-mxHWT+!?qCWA&CkOBZabp>d*kp)0?SOXs|p$K=DYEY-jf
zD85DC8?SkC)b316!1Bsc3(rQ$qtKiOQmgEMkf1!26vFozzG6D8L7m<XW4Gt-(?XMJ
zePeuyo)u;`cQVbU;{N=)@vXcPdX7cI#~cQIN{As>&P^j~UeejS67A+J(<&O~(P=+1
zdo>{?hklM`Lkpq`WHmmG%nM)lW?m)o3h>u&7OOSi#0Dh~Z~WYhR#%jH9kqs`C;Xr`
zmgEbjghSV=?>c0hC<PrX%#6ALC}>F-xQouQT*HR&9g9lsh%A>WM!l0^25wdL<v_(R
zhRTw^Y!g0Y(OuXx@}IXJNrDB8(N}T!lWWC=>h-OT?55s}(@mBcHtnk^sk(su)c(0N
z1X?-Q2?)!a>ePG-eYN}h8;8Rrupqne%8d_BCD(~5o}QDGeEE`~EYYdtqGZQG1sWfL
z1e5cP>BG6H>$97C|JeupM#_D`?eSi}qO`Sd-+3;K4J07wdCrn0;r1-eWkA6753763
zoBo+XRc33=Tq;Y!K@Pb>&Ac~~pp|g1zW-6~lo5324!JL6x|EBTS{Thgl`of^F>QI8
zO1;kWrhBE*6)&Dr!LKqnAf?TB2Rh@g8@~c&j`MhxcdHG>xORwJ4*N|a)o=Aq<BOV;
zoSH~bhlK`pTA?=6RTtz|$>ZkHcIP-F5|!{02b&a_Yd+@`C2KBmwUsOm$GY#km4ji3
z=i~lEV}Go_k||nd56V*bt_QYU6t$CdSZ8QJy`DJwePs|}Nm1715E=6z0`bXxM=si?
z0>W{E;QFH!AQEb+fd{h+vdMaR2SzvxPeSQ8dG>n_O&_kw-4kYBgg9hsybQ}M$qVdm
zjP#;oVSPf=Nz{*O=YB=o;lsk(&$J7XUsQ7zNFD!!kC7***CCN=_*(+h<sSNvUq|6o
z&F+ThG3!Q(@yU(^*q{~Y+Vj@B2XZgLOg`bYKSW1|#?d+1?V$DM>cAwFFipfv(H0dY
z2+6;mFXt3(E;aO6O_U7(%FJcs=ef!!7e!IApD4QnvbbaEf14XO73a_Ti|D9=G#Ejd
zT6JmEvJT>d1y3bO-=ZG-Fo?rP61{f02BgW=l*Ida)lZBS?nvO@e^S+d1$~vXaH%Q!
z)NG*z6G`7Uvx1!m2WSn7X2I41jaC*|RorntWN6qRA)_W_5@IbrQ-0kv7$9UJEM{>u
zEDd3LxT2{slip?T6-W#Ww273V5=5|!SWamm8#KlD>b;fx6;pzw<@J@}u>bChbha``
zfO<NHx1*eZ0=9;^k*1$;NV1>E9EQht-hZw1Oin>sgD0=aKnj(N{}1)SO+GBAMIBxV
zW8urI_|dmTEDI0EL@bAGOhoQV&Ti~Xj<8yw(Vc~{%bLffkQ7j2qU615s<o}L!|{~^
zN?K;e2np>bZKx%7Lebr-Orf7a6;f19flB$?Fsra_gYs}=xk(5Xk8x^;^8_SfbGnXA
z+w2Sd`I08R<wf7d#38MCxM>Z-9r~t5rvJlXCW8g5v-QK4|9zM@Q2}kFIf2b_qm=wK
zu*?@lCgT68_P|-3Ab9Ho6to~dIJ$-f|Bb4}@!6_g`&QaY*D>j;+8^IP-^vkv4VkJM
zz&w2|%&wu-yTv1R|8omtX$v^H5V%swRMY$=EfLUmBg*w<kih0NjmrNMF~Lxo%q8Fz
z8~d!2#jXyb)hzr`^Ffkq3O0W{1FlDZ(xJ8q``Ud_Q?ZKkk(rE|6hIC8HShFmKGc2H
z)#_Y(Y)vd~B`c*{?#&dFcYo!}5n)gF;&oM>D9p85y{O;d(m%|1Sc41A{-!3VgYn@L
ztVUFj$otDHtu}A57h!SMe;FHM#bar^+dl&v>z<C`52@Q=yyS|tFwC0=E^ua}FybhE
zytbW$8$nUy#ZohGXDNKVraEVQxJ^rF!yrQLF8h{Dac7uL(-wo`vdhu5RkUPp_ZPhf
zN=0woRdm0xv-=JHT%kBCZC@gypoKKZ$@<r`YI@f!?yI*KW|ClA|DUv>F{Xka<cbTY
z$hR1q83z|OXvZdvoFiTqA5!yzF(`){%+F5dfEJA@L8mw1hv^8`Ya%{0Qh~&ovzax*
z-TK1X0~ZfYJ$IMOaU&i=@8?A8@SkkI^`M=jeY^B`e8*Yw;nIvt&4PLY4Q3%fN4N1B
znZG@=A|h|J{cF@8vJsOg43*y38#t+lpIHX!t;EL!oE2r_f>%j)hkpd3CsxZ;&GY*V
zuUI0!1{!-Ap7!Q1fNAnb+9epAE#A|`zrInKp>hb9QB7UkFxUqgCycHN?X5g`a25eK
zyJYh^VP}~iCA_W=wnS|)Npw6{m`3j!YbzxX10PnV|8&-Tzkv=BqA|W~$K6(|QC0u0
zYVQ?q-(fdH^AH<5wk;IDJ8-`6dt;nmsNa=70`cmgh-Bv(FRPHZ*hv!I6F$OuNIIo{
za}s61lh0?Ls}E8Q6TSe($CMV!6<nfx9p`?y|CxZI28caece>a9PN~T{%+mWZ)<$qV
z;mf<!XS>;UjkJ)_<L;mz>3M;L$W@fypv*`x$rgs@jk=p7`O4!`KIIP4bTtD`tfRMK
z3%&hYMdhAV*vXPK$C#}-#)|rm!3aYfPcbh_#CTuz2CZdjPPxpfXDCgJD@s&WQI)0i
zqc_J(a$|uG1071DAfrAB^SSv~7zob`c}oTh?<a`%DX`&;tagr=3{)!wUk>gQ=6leu
zZU%)#VW^_X4XCs!kFL>}L3DU&=wSW05}*)=iVUldOnaZBWDwk_h4ZY>0T7n=(pIjt
zTZ`uN8he>SH_e!B(d!X`Dc!}k37(rWOoh(bI%bML4cg={5JR6g-zJ!e<7uiwbC=~$
z#2TkF;&%<aHBm6hAy-3K^)2CWZ2XYIS>+ly%r%ov7Q617`}*aCf*E5R8e7LN*86UE
z7qg0MH_d`E;18WkSgZ85<dccbOxt}v<C>k^z2~{hx){ze)}Yw;D8`hkL-xC5>%>Ij
zULe9qJfdgYDyZWuW0oEP8Z7cDCCI+BHe-y)cWkuWIP>&RT)hvtyo%=tK`4}5m3N7b
zp@V2V8~M0uf*)3kW50S&qJPACSsPkT@^mj3IzJX#jt?o^$q#2W${<CwS{*D&<q5o|
z`)eOaIo`<W+=9)H9X@J<BDZduRt2*DnD&;*^%=#aA$h(cmTy7av)BUnoXC9FqU<)~
zo5@&sP9L9GH_g6bgn_u@(aj$&PzeIo+><}u8Wdl)k$c3fX4%!=Hq7k~kE#BG<RVYD
zm}{Zs%lDZXTARP#2Nj>bBvU9JVxx0Tz}k-g_=l;l?srdIwSYXgb{KrYjaqXnp8c(e
zvpb4V&K6Fs2Voux5KM;oVs}ap+f&k52?es4111ye`pE@EL<L7jIVA#%{GikugQf(A
z^Hbt+7iz#?rO1ZaRQ*KgbtXm;=kiJo)VI?u%L3iLTI>Du2DbX_El2t?)W|hQt!6?m
ztJO5SqkC+2J|Tr-&cl9>K}S~S;G|fA*Dm017|}~kCKy(l)C`M>>N57PN)O)UbCwaa
zmiE@SpFV~bndn3bAnvpm<VjfIY-<7mAiYyhN?x1SNfYye>eOXrmU>7FAwe)KhbN{t
zqwn#MkiSOgTC^xsXyMUqyf+x^<Nf>6_mkZsD>D;(+NOa4O?!CBKpOQ`WqAs=(@Nbe
zHl;V-#`9blF;R>35ly7$O!(IpTk&!2RFR7iIGwjg&FG<D;F@JQysiOlGdeHnJ5Pk{
zN1QZ7ZZ-B&rg9yVP^d4xG&#mVL#MPTG=Oh#einZYl2O}?CICH3Qvxj>dGzlhsm42I
zob?c<R*XFJxLep*$!Gq>P5TlHKe5>$1P++`j#aY0sX|!`_M#Iu7Od&(8V68mbE02r
za3B_WHyVjyaOzv-10ZcXmnx!UK~Kk7SlcQ}BDU-bJz*YZ!yu;W|ANf*cYPoIv`wWj
zM78NU4+HQAD@acdAF_n`uYJa*$=wV_&*eysb1<(YBO5hbv9!e)EwmKI7x{mc4##+&
zH7W)_r5`Ix@!Phnh(s?^cSsQMK6aI%#ky&#>Ojh=RC1UoLY-y9PXLYTi<cq8_zAtG
z9nzPB^B~2DL}qAu*^bqcg2aVw+joni>#j&)Z8XXN^W?c2A2!`G(+UAK{h1Gw+{DEv
zb!}A_g1{=w#xZkQDAKX-?rEh6E7c2_HX;t&SdGF`#tYSr#GF~swZ{d0<qMi*wQDnN
z;|Yo06U1oRIHnZ`MGQv@iS0JmOF+E@#qxnY({*floO5(^Jlj#4Q12C{cX7XW!B`D8
z_yAigT6N|MoxnTlw5@Y2@@PrijG<0(J`+4~=)KbzF$0^#=vJ`(PnsS@tH<8I?l>L&
zh-pvjeB111+tLUYo=!ZY-g6-7F1bm*K9vi+4@QF8yHERfRMqn2Q0mnbzswO<oZs_G
zsSe{^5uk#tm1%AQRYsih&O09!V+F+AtC*K=h0(t^HNTwwoq0FTDH&?QzmF{QAhJVj
zW?qRItnw>AV65v<q{Iouuc41-3s(K|^L)mcGCx`iPz&&RQmhKJ#7Xu;TlEg6Y%B(z
z8|zr(x=Lkv8JM<<DC!My7fqg{eJ<3X9F2_9y3WsJ+a+Ib>yl1RX>7tw498TPS?&^n
z-@b<Xa9#opV__Ky&qsTE^KOl7*Gip4i3cV0H*t`a6o=LT530!ouGdiRkmeI)XC)5^
zS`*(+2F2R(cIR@a1;R#p^x=B8tzqSP)|5qm^LPyJV;o1g`|A<wy@w^lv$$3S>PBVc
z`3Jft8N!geL3lxPJtSX}&y)*9N}j5-ie?d3xr#;ybqC*GpDDYF0qK@o@hKDV?bmC5
zlIMBrRSI(ITp-BV3r!O!RK5AB_$+^!WQYFAO}>|cqgG;^@<oOEtsF{wra>gKl#O#_
zATpDzz~F))P#C_neU<%~4OQW2XOu1N@;OK2sd(C#--~kW4|`UPar#B$NYHK5vZi1W
ziVGov>Elsk37Yff`QGiPyiv;{iHh&#ayc;bAq;kZq}UM1{&SKjxKfj>I<m8Pp#~QZ
z8uT<m^<ySeMlnT$gw~3OLhOq)Amj}{Ha?D1b<<8~$@zkEVn`-jMP0<gTPn1?>5=I|
zyZWXg^FP_5>NRUjtcLMQ_$Ggn&I*up@<@|P{--ec-xJZtob>;@mshk}zvqu!oVR?`
zvst7x)|TnMr>EG(8u#s_=ne4AFnu;4()_ei{~&`g_{Z_{L>Id$+0oX_u>@4{7WwFO
zV;i{C(7|dFpcIjG_A7PU|8IMY3Vb95Zt!(Z>}o2Y4LkO35E>^1>UzfZ1hByuTw9Y_
zvk#>7C@K$YL}i)&18@V6+plYKrzzoG*!(4}!0#m+MHjqkB9^(@+tQ9^zPGREtJ!_3
z1KB)nUcY*Ax|A@uBY;f{Tf<1&%ynfAI!!+N)pjVxwlggCHr4s6#R<2DQ36PALAYeQ
zz~{MH8uz#ao43I%lH&BQgf&O5;4<QVhqR)i@ktJafcbI#ql+89y*254TV;Y<pqStq
zy!OrKY(*-(1fz`&uuw-OU7Y{X<N||`qHlY+znQA$U+d5TcHm{cir*LQ1I|0|t%9a|
z!T}y-O#keSqXNW{oY>3*N~qL!I9~jO&f&IHEu)B0qqj7odEvw!Opof%Jp^LHJ~IEM
zfZ%?|>kyGbb<JKCYp8nZ7k{dBspEs@uPxJ5>Wij27;(lPe+Y*CseZsh3oo+;Nl8gk
z$?vGkEEgLJ4*vD~?0WOFHz{qCbb^RL9Sw_&s~O)^w0R<;#YGf-dDT|mJ2(IXxwZ@9
z$88kBSJL156Sa2jb?>vQp^w?FVnZ~tLfhJ(9x`aC;#u-z&e)evp?Wu1NxdkEQkD~;
zn`%#C)S0nBT?*%#YI?8#^mTp(`e=-wm7|_MK1OOoovPZ<p$_-mq@4%WNDp<Cq&bY%
zCs(F@6%tt~_qGB7!%)5DKvhcy2`tftIku%5je!Ea)1lDKmgjyIRW@;d;D;i4B8*-0
z3EP5uW@81;IekeGI7T$HRRWAD`HRMAz6fCx1&vPc1SDO+W^%Hu-d21KXx0dUg=9^=
zF(wKWsHD}~HMzG3NZjJyTMOTN$d%Y5q%BRGy>e77KibZMOv&6!*_PNFerjm&zzDvd
zp1y|nEwD-+q1MDW4<!kwm`HCMzud+B0S>!wT_ZE!dP^77vQ6sPN#g2MRIi9zU+6*7
zoBsU>EOlY)5R3PklK-&$I&M?yUdalQ7rwc!W}axlg8h;lrFsdQXWP`wiRfX;Ua?jh
z!shPKkHu{kGi=gJle%+Y>k)AO<n2n1>gcp&XUnVT_y#<I_z*Y)l5CRWf$2DC2pf_|
zY<WYH-dXjeLF|iX^aHp*lVL;i5cg>-i~Y<antJACOV!=!5=i#NUeI4|-%$Q}7H9L7
zji4#1et>M7mS53K*+cVfl}$Rjst9O<wezx(Ge8$sFpoCzmdESRpg9fPA7`~#*_vfX
zhJpaSP)h#uMWmY^8PAUd3Hbq*16wwvS~8D_KU8Z9^DxPjPIu)`TICqa)}z=iHPgtF
zN+-EC-!PK=UB7(~K=0t34caK%6T}?8@<^Q?K0Fm~2_rI!H3+^GC?WsI8><94dyv#=
zXf<g&dS+$PEZ!5|Nah#2jhTC1O6q^OrmA2$X3^=ZH&MUi7k6L*g4*0^Da0a0klb9?
zWuxOkIIXB%5iZ_4qZ#!|J5v<`n_g;B1Nq*$&IGlhh_#E_S#xtPXL4y)2@tE6$#%76
z;8L0^!HNAb7Jj#~u(@Uhr&UfLY|NWip?1h}#9{o-S_`5HJ)*(LzerqNoC7P_bM)+x
z73>s5X!^=|V?blR@mO45SEW7r)ITytrCQ6LY4nvH85d@r#6Ee_S)lLXK3khpZOE$~
zja8#|8)7h-TU3myu#*DEcijdDjQUnHn+wJ~=El?*IFwa$tsf()acvtI-RnOn3P&#v
zlfkV%ROay@Ln?z*(k&{D_kA6DVZ_5t!sCWXNLV&iI_8z^vU!HXa0PHb(L>X;@^-B?
zsSrVj-#oiz&faTq)u>;Vhs!UH9&w&pRJpjMDjUR{0A#IeHf$K+gA}!68go5=b->x`
zy)-1ed+b}qjpjv>DeOoQ^f>4_;qH27cf9nywuhUxs8`#}QxcK8_mm9+xWm+5BgR2B
z?8AK1weD=gMY_6UaC^8>-~b7W1?xoDx1Y=qP(z*>8TzXjLVmAg&#oG6g^3pQL_)n0
ze4GYZ<w}+P_%*h`!YfP=(qIn@56X*`L|n>%ignXClfN9(+TXG88|9L)4aDF9DV@s0
zK7HSYxbEhWWVPDzvA|jf&33e{D32xrc!+=Hua4&N{l5IWk_Z4Ts?K=A|Ae>#K$QdE
zX=3BOIhMckxIf70G7Wop>N1!B2KBt$i>e6mm%6K&Fm<?0182Anw*7c;f+1hb(bekR
zY~7}qjUE{K`_?dh``!gfPw@I(;93;G*nL*`&>FK|%%^{t_(UB1k-y9~8qe!n;?A^5
z0cLo9KEsxeR$~^o1Xw?{>gHjGPEUEGrs?JqbtvmZ381X_9uG(XrM33JwG`w8*#U-5
zzhgK@3VkyL<yag&9C7w*A|=>bH0$YC0%drv!R??{%>~YV&nPPjqj+Zp;z_x2Fq2wG
zkE}W!IcK%$2&;9%%^7~z@ucR_55QWDqEn0b>8!&QL+8@?+f~9gb0{b?9IdeiF3|{R
z4mnUI$MwH7+93c^jEmyYoO;lcG-NfNKGlMI9I(lR-=}$L2rHIoR@21GbwW|2B;Qba
z+pl}~Kn?Ep=M*jvfI2PCn_M}FXPf0&$Vp0b!(*#xgpfR8Ni)$bFI~4!p}&{wGc~4d
zwlVQDe4P4W9gM|0w2?-Xot9_O_%u-+!+i3w#CBlV<mzu@V6bqMt?(dewMZ@e(SRio
zUI9O?>9!g(dIU?*z@3jQwBPbiU2^lLn;G_B$d4+_D{bkya!yR4RN)K_*<=G!3kA1f
z2#7V{;`%XDBoUEXyu3I!nOt#|q_@#<;9#fAR($2@AxQyid0x%no&?1=$8{CmnOz$h
zr|O4c7#K@s#d-2K7AYa{nzG6O8k>Sg2|(&(&-R-xU68uXsYu-2ycj&dYo>4?WsONm
z*NFSPm>A$R!aDY?DESO$ZAWOk>bEq$kO2-{ul;Pt56aXr-DqJk%BozEeMFb({UJF)
z<s-n^b$JCW%m=U^-QC$F1SEG1<p4-mQn5gd*i5ARk$w$?Z~tB1m37X;oBqnM^Q^&3
zs?-k~N6vo!S1T;9+HR}ZrRsL@-yOF3PuLf6Wp-}2oj>ts*>wL+q;YXH8Y!?1&2#Fb
zrP@qZ?&t0><qDj9SBS|U?3cn|=TFPsu_LK|I-}QebhBsnDW(GgBIv7c0Gy>rc`(WK
zluZuU;O<*zLapSOR|aK0sAy;IcwoKx5}Rzs)~JJP3r+2g5v(8mxu7u*xgiO>5zGFm
zuh6O&rgdY1vDxQo`FR-)->K|Y<{>iU>>aoj>u1a(x;~vLxr6p!g)k$g*0I>!oCSZ5
zg&7VA;#P7+dxLATGz3zxZX{^XQU}61Tm{-=dW3sJ0*MoLHFG;6nb{zO%m^%UMR#7e
zrluaV&pIk4LIopo7t;JCb9X$H7K|2w{j#+hnB{l2_qXp};;CUORL(;{S<#jHnoZhc
zg9f&o%!N7{SwzKrGt^~Ox}d0*MN%fOxji~A!4Erlye_-YUuC_MIYCgh7mm=T8t$|e
z@hl>jNVoNccMOmxlgPax$;+|I?(jwaAMxPQCCNqx{+YFAgRu5bRg^rVtmd&HpUVSX
z%!p-z18TfyUd}5c(|0wlDE9*qf8fO)V6|9-PxUj4xm3^d7j2MAUUNKY&<@v;rS;R7
zCP=Jrr|MmjJi}2dQcWCk&Q6xM5RjNc$NTz8*)7OvF?W`p(rSo<t2@>AHR-apMUUPO
z@<51@cag*Eqk>=UwnpO`@Lx>s7HGsMgIqQOgkFNgP2K6x_Pbg>ptRn3Ugw?bTEw`e
z5+ePrS_HuzF>9jSJZv_-9JbgO?r0egwc$XW90!5-vbZ}T_6E26Hqub`MX;E0Htunx
zlXDQoScH}yZ8y@g6R^KftB+bROrsQrjQkD}L6dIGd?##Of}hFF#&9v@Y9C2cE{#9a
zb6ksp3k+P7nlQGXMXQpw{x!eba_}}V0wLDDvn;iOa!MlOmqR06?j~Qvv^#ny|Bc4L
zfMxS`Y`hA#qpt8LFTjAbgQ_%`+#!Dt&H9+(ByJC|z-)so0aW7%D_MTrooo$AdFbC7
z(`@0lRpBx*{sh4$5UbQj!g?0g(d=W$MDpd0ZkZ(+d$o>PQYtC4h`8?Pb5gC5QeR8q
zX5Gfp8x^C#c#b_43VoDnw*os&lh6Cn7@0UDr;na;kvJ#w;cC=>q736JNlTr`VoJ|h
zN!C-bFm^sBrFj*kAs>W*cDm$L1KMlvzox=fcey&o{b^TqO$S!@(|F8(-zVWXSZ
z3lf@5W+K#2Iqr^uGQi$HsM(j|9JP2jmgl~-x5eLMNAcR|u9S2R07xS8af$fv_&km1
z6}8G<ASq#`c`3hRGJL9AeY;)rz#%_Oe<#dV-wOR3V_bR?F+O?8uH0_+@J-`l)FeBH
zyr3l@(^G~D0uolIYNJm6=1*JcNwnO}nyGPLtXlK(F4%LAQhQ2fvKDCiah_yw0CET*
zk!O3&8&c4_)ENgKUJ-iUqjk@>(?}mh)~q3liWIi5E|~hSx{jis|0e4&#h#J3f1!WC
z`KPMrNnEbn4IFS?EFNh<T3)7XET^8aKJ7dF`_u4g9PR)!kwDTo)ORSWq8>_O6^Byl
zFOqIt&bPjsa3Jp($ZdL<pvTYnD^itEPz>CB>_@X-Z7Cm{&SiJRizReIAcCB+ClvqI
zd~WC9WIKi1Vknk=a8Wx%cuOl~4uRI2CiC3;6s9#_B4e4Q*)mqZ2UP2+?UPLIc*b*i
z&k!}w|74ztDBosVfnkPIWek9hr8O#ve_7eI^Zt#=H+-dUB_F#65_3_Xm-iBLu+vU2
zi<C3|y8z@oD73fE&{c;UP=J&pe51mkktyKOjGr={B1U4XV-xHG*vg{SJ+Nlkrnsoq
zWjRaf+I%brO@;<CG);o9qRpxbl~AUWUSk4o3MvczAg2jiBVPN>%rNx$0OZ~Uu~%WS
z?S!9X^cJORj=CWIo7A|E;|t08uIEvvd#Fp~Q}B(eGH}*g_~S>GQiN(c3KyR2Sz0`I
z1PZPST<Dv2#@=?K37d9Nh5V7oK7Q|vT9K6kt1-^v|6CQ~FgB!XXO#|<nKWr`D6?pa
z*}s8+I#uC-Rz+>ss?O9|{}qby&w8LVO%`fvq<N-BkQyk%u=ts^f$ebGkD+3}=G|sf
zm*TEYWvNKV^jiK$dJ#RZ<T_ORo1aTkUY5x##?1Smqlh=MonH%6yKDrDdok`aaH+^i
zk83%jlDHKtQ^puWTD8m=W}UM>6fTmJrii)L(nu58Bo6@W=WvJDk9=LXZMPhkw%O;F
z-;Rz^XcZ=muTFUicF9^QsGrZa<1h#$KhMQO&Oa<RC|y=p`HC3H1z0_}C8btzH<Bfk
zdSMcLl+D=}odwT-xb?Kju+Ug2$yRAbQ?S9832P<ZWQW&KQZ?|&9!AX9B(=xdtLO`;
zFYxCDsy4`71WQjs^chpj?^0(~=d55R@d4F{)E4InGjPboX39iM>d&a@*3PnG;nh&C
zgD0=?!ijN-9qNVyI8B|m5%pElN*J;wsS`LTLiCjFLxt#AQ-G30`6!xmf+b!7`{phB
zMvYC%K2S;(cyoXJ(e6M3n!4oAllpupvZOQMzbYhAUy&5_#mUv8cnF7}rm*dOCgS@D
zhRN;fewpx9{*YLd^~t2@QBHQ_0U<4*Y9(-y^tHUk<obnK2*}Q4TR#7%upKz=f0dm*
z%1Yh<vJy_e6`4m_$++I79=V@xIpt#wg=+R}EgVQCMvFGnYVJ%0lXqbgmAkJufF5Q>
z>(7fF)2p7*n-Ny?fO;B4)xU^J6dFtydTUWu`Bi@lfA>FGfRs8hqn0ftg*%m)oD2p6
z;Q6GKO$ktf_(^KQ5T~E5^g4w{S$`Tl&G^)OJ&Lk*WO!L52QFE4=()Z>>6#{}8(cxQ
zU-XkapxS-SU4)w&NviN{&~>%wXdf7#m=4TZ<$}z_Me?1?rTfX<**npAN7d@RI{l~?
zww}}7xm&a7v6x(v^$HLm)}gZgIlezQgkoNm0OguyU69XvC>O9n^(g$65h$XU@|~v)
zLc>0-%DnAJ|E>g)m}yZ6E7vQ?){sT9qTuW`jpD4IkpwD!_=#(PZJ?{_;xOxfcoC)B
z{2MK*tlG>0!^F<~E_qm|&^1>NLUV|-tvL}|&@)?F8b7DX(m6+&fkeVbE)pw78R`9Q
zCYw@`ltRjuh=>x+TMomDyGuyOi(+~sd2bBYAkRW`G1=p}>rP)!5Hb5Cu9tdKJ^{9#
zMrcbk`l2nWZTk|%zey2%jZ{eUhYCs$g`i87y$aEoY2HrXT^aIrASHp%&ZE~}|01!I
z*^%C-p6h7)GNy}K(fw<ESR^s(J@&@#IfWNqc2gx6>X#H0!s~^DrLf@MX&afhk>#hc
zf3#~Qzo_n+p$YKfhN-k~SqA;>26g4!K|pPEGa<QvpvAT|funjza}YnGc}_P9FT*-J
z)VXq8Jwb~*+BhMciRL-m$&Z&DVXAaQD2|B3VTKAHFcoFY=PJEh%WOG-4k1K1#`!2?
z8G-7PIV=6$C2suQWe-i##T?@M*dfl7(t+w%3e*5A@tD^ir@QPWPk9bGT}W4xc|lq4
z6Zo4|c<&PZP%)Heg#00Fli*dSiLwL%+dzMFpvzkAf*zj*Z{fV4Hz3xjqSSMpRz%L5
zvN)g>&4Ry*(j&~m3a3@m`pz}5lN6Gt9E%&qJ{%Wj2L4B(^qKziZ(n7@$EoxO^L6x8
z&Oe_iKg2C;k<8R2NWBj!L``<aP8v^;kHHD&)WEIAp(WF<`eaR(*0JgCz}_mMYUPmi
z-7dXzwXTl^S*(%|{N8bbStx@GZZBtFdUsmIK20hJW36bR)C1*F>Rsn{hXQgI>FGzA
zRaGuES@SHE`CIS%s_JFmr=|I!r^%h~Pkqkk22%hJe=L}z1#my=V}UaMb#kSymWo@N
z58Y+|%Itl{{osA*Narv;JVplCx2EwN`v0eW|KHH10`T%*6R`f@KhRIa|Mmn^W7Yru
zEXx+){0(kAR&$@-p3j;JUeZ2Xo{dV4J60kR{Y^`H6X){5clQ8A<PP!stwKjly_iK)
z&yceFu`*9@|J<r+iyLG_P>$~FHm^bw$Oq4h_|JqN62Ep-@;%=4<{U2Ae3IV^%rb1>
zpvC7&eWH%=eW2t1Q#-<nikb}irHtsIXlAi7iUQ^$#KGoYWhO@-c?4QS7+#Sl1@@OX
zsdh{omV%zDH<`27!&jMfX_&S1ODH6tH7poz3VIMnI%mrus#Y+UlK_*-<Siep%3#Bc
zQI?B0I`@$Dlk9n4*9PuR>Qj!39TTjq1`6$cU3Qm%rye%TI9+OWlPu`e`Y6hpWTHP(
zbXP2r?i!{UDM%z+GaxpD@;(F>i0rOpKbYTHEa#i8huS$v0%d9^5or94CJ0>)5y7hq
zuD`^@Xku#uN5m?-xz&}Lv^XhloT||+$8Or1wB$y8Af{1kng1PLj~1RD$mV7VhGyPG
z_J5SY2%-#At>1^&VG3*m4QO9Q$B+Dte{O9rWmEbALK5;+1S_EWD*5U8;BA1s?7!l;
z@*eHkxAE$>$e%<K`eI1~H6&kJRB%E^aYm>K$mq~iS=E*pR*@~y5;yNQ17B!M)wj=S
zLa$I^uB_C!+=H$KH*Y}Yl(SYw%nsE~EiIfWF#&uomLC(439MLJaJX5Kp)eu=jF1q@
z79p$?SX2e5E4C?6EqTm*4`HwqZHyLPP4o1VNmMN(B-A)XHN`{_>u=N?cLgxi>VI&j
zgxAGD{~}ZIdFb$ZL7vA&@s?WikeTskjm7qi!7)^Hqe8ez%i68jX=vY<GtwE#pr@a!
zOM!)CDQI$tvJ6sQr**8TMv<(2E|}{wTbv%NBkQ9;3=s;8KH%y~St<l$%dQwnAAM%{
zR13)%-jg-8moX)QS5s%v=JjB(R_Hkx;JQECnRX$NRwD<RUnl<<mHXQ7=vB@PS=1!d
zLsfETm0-$Gv@#|*>C4x#a>a`H-C#D|nUd%hk#2Apbh@^}_~*|j3YPy@geyGtbP-Ji
zlg#D=zAazIt)CBjA*Jjk#sl%c#OeV+Bzn}c7#}C9=LDLZ6KYj~om0*Wcw1~rPp0;J
zG#!%C#2(cwtmysAA>9(ShCc`!czQG;l2e#og6*um7~#T87)_CQ=3TFNcF;p4h3=D?
zpmN0ag{2?)(coBr%~rC%ipr1qVe>)lLk@M^acv%hv^#o(+=*-r+gR>3{3U`wQST5q
zOLc$KbQ?bdQYR-XkhprUKGN)_FMnVrzD{bVI#eC`cZExd9sUy-msPzj=7)1AaxOUM
zKM7o*k#w(l4N}D}-AS1IPzh0$K9hWPH%LIuiIG3NSC*%c5FLsXN;JlmUEwN}i-*vq
z?C>|~V?KY;#L0FrxM>#?`;TV#;6nV`;jqN++2IFN<ArWrQ=L<?2dBh991icK$M}p^
zy2ax^BCwy(HSL1)gZ79czST<D+Tv8iv;QcGVX8`h6tR#u!icqidj=db!L8jZ8vj1O
z5KNDK6#lX1NHx0*3(huHu7y0_H9!pe4xrjsG>-V<vF1N&1lc{VOn*17*0-EWchUMA
zRRjbY`*JzMhR!o8?!8M3_C_|33L6-2P+4#3E+p#QuX0!321ov#neO9@XoJaS4^}0f
zF>))m+^XrZ-{h~h-|fcGPUh@f{X*S|>j~vi$=dQgh;R<4{lJ_rhIto(Ve|AisulL2
zv?Et?grMJWjWk;FDCxe$ziVDHHvr8`c>MsKKA!;63ODS}UCN%f>FeI7OqHWPwA+8R
z{w^A%F4ah3nAm@(<ShB8+@;Mtv3g2hPeSPUA1V{iTh~smlzz)=kfOd9pe9&b$gyks
z?O>t`>!}_JJq!6J)0Q1p#7vn8Lyl(NFL(9iK*&$4N~K5aZ5+S&hp50fbK_^qY91{f
zd2cHQJE2R<&hzq^8+k8z)x&wlX04k;(>su(?e2n>L<_<>NtwUu;_q$@Kvu{KMy7BO
zNa^1y?MvFSz4+*{#t}oi>X?EhWlUT<TS?snqlf-k`I%&Z^q}5hB;tM$#*Pk}=q8n`
za&0i9YxY3{8I`0A{Zn6JgpdSQ)F^XdQ*;E^(RhDzpn1Vm6R%s(vSQZg@3CL6QUeC1
zwy#ZTHBE<B<OkzB&?jN^aN1kUEX>YVRkyq<gPYDc<Gom7+ZhRBElmg2fuo58hSDw`
zYaJo^0<8Zcd-)XZhVVPETOpqwKF<3)vpEH51wY}i;#)H~tu<!f^wFS_%j@8H<%JVl
z#3#{HfHRZC(_<IR*_V`yw>&(}eHYIb<`RC2g3Pi{jk3I-=}#@PSg5jISWc}?M`<@4
z)bs{Y`R?(?CM+20MY=#lLJIj*?x=_;(G6&X0KHE|5T`SPrun1#=EBmMnxpYLcj~L0
z$oJ7{{&sW^$B*1-=f99t1S$L4cNQhBy59?2Yradz|K;|*crE1Lrsqx+p?mRd^|{YA
z#e`{TqvT1@lpRlfJIBspK4Ph@Jm5n?!Lx!H&YK1)j3lX$*&{(nsovI$h%o%??wJDu
z+8=idasw|;s+e$=wFa_ypgObg0D{UMq#6_bpU>#sP?HHi5oZOIx$@4Mi7Q4>s`sC>
zdjM_ff6?8<w8}^A9Vhzv4yTrx&LkJeJ|hn|CR$cKFytqg;t4s-zn~nt2WRWmiWAgx
zC;vzo{HN|^#%?Ld%n@_=(8!yJPqR~+g1$w4*QgOux3#<M?91PuiOlVIaJYXr-;6Aq
zM3DuZ0Hbf~a$}1=?i6lsTA)SBt#NSw^oFnKQTx(LRnvmuvh)*Q^_Sl{{LNo3jpG^n
z=Ct+9rkpq>!sn@$+zo;bv^Hi3)AREWM-Q2TMi{G_<8rcx!0jlw$UC@1hp<EJmHO4`
z)w`z?pU*#Ppkjgy19OhHX~nZZL}9+#bX|fU6)fXQ?2)V{>b_dzUH?3sYAyEK33Jh;
z;sRhrvhERPDjoj`E6UrWhej^G8|wsT=u)&kZFW~83|C6Lvs8~bWJv$N<IsP(W^Qnq
zceng!<>CG!>pnmCWY*N*43SlIq)87iECxz9k1?EOP%;<l8qg8x<Ljj)#Gu3r_$!&z
zPwgyuUHJ9Ey(=>*kMnRUm#O9NOu{t?8l0Xk77L9Pti`SME&4G2>>a}LbNq8v8tk-O
z0Jzj|fsy&{QpZkYpm2UEC^DC?(#J}oVM<c9i|12ms(4MF^!FJ!GxcrbIF*Xst6M<6
zbfniFZ-!pk+YIskVEOYrB%)F9EMKB!u+^mqx5^!>V%v?=y`K6`C$Cy6M4z%$g|$Wf
zavfPewd>ff(-64VfqI7tW%p;OCb0@euMQq?(hil7!dYsI$TBA?*q#cP$<q6a;JEow
z%@`wj(;Mof#a7f&P(9zy5&@9_%Tp?J?<d!-c@}gS^Z1wxWfE*W*-}Qh701E#wx;!l
z^}Vb4l<-E-s<l7RxC%Zd18#Gmy-LNM1gU0ljZ!-optiZ%W=6GHE`3D}yU-L-?9zWl
zEQMXDh%5EZ%$aoM<&#18l)2<x<F9k}%zU2O6#WoNtNaKx<W3itodV9Aidf<vfd9w&
zq$U_QI#J6wTsW;41_c9M+ja^(ko|o=(1q|J`-%R@E77N;t85|-RQZ33JIkmj*LIHs
zgLDZ914xQ=Gn6uPw}6DS42`68w=_zJbVx|eMoM5{kVY6n5lI0Vl#*`FgL|*{-S1iF
zT_?VrwdUKzn&-Z+=bkJ6zyF|e@eHsJ2wu&yN*Hd#Nnw;j`URBsI;Vu6N^I^egsn+2
zXcP{W(vGL>YV@01+NLgS20-S5obR6G?5ob%;8vkX^=1J530`<$Q`;_~6e+TPrTP&7
zsvLNJh)W@m8+6-}Q>=$rzB7_L_QX}<U7ysg@RshfgsSCNUwY5vIHxS6JoauLU^NBh
z!15(`&bPg-Q}|2;1xyAJHYPq9L378KKUxr7sZW<mbGpCT0gwvcjw;9ehNVL#j{&w?
zgr=HO6~-+*9%8DNH74VnX7uEsc?Fg94XE@DFh$77dk;!xX?_*>YMNtSN_P8;lI@S6
z#UKIuHUh*QTRuBKXP1VNh0kxk`pT3WHb4K8o09Qe;3DU*tzj&cJLKFNma`U79jwo}
z0O0pIUO`7)m(Jr;N^|3HU9`2|g5!+Zog!IRgIa>ZznbC082nXMkGigYcA=jfU0&B-
z`{0VqIE|MiUTTRUO&lz?+Z+8Y36$0Xbt%4RcpD;j34cf3O)KcH7LU1XS<SE1U^LBw
z!ZUB{qabi6#bMIF^B(#yN;j?UE2woBobG~UhjGgZeM&taRI|t>1$o%(N)*3Hx=qU_
zk`Ty9iz(b?GS^)b;v})?uFd+ZQ0cS+L3FSa*hSjR8JsdYk<XI*Ejq^yJ7O^Zfv9GM
z${vu3zx<P8s5hkIeo4!f>6NGkyCeUbk_d)3<}&Zh{4^3I+VU#C&MF!lGv!GdlF5t`
zI_m`m>}ZE^hL1fcKpe0vT?i=JYY3$l>$?^HVg<vZ?Lk^7vFAYUh2y&TTh?Z?fvfGP
z6M1liMZM-y-Yqv|F%v)Eb#=(U&G9xC511KckwEp7L9w1RhcX&kERvD;Q*b|R?@5QB
zYG|dXPFcmZ<gVI7N(SkPlwxYb10c=s0>IHb1b=?IL5581hO&AU*asGwhl#>dtDbpk
zyMtxcM%+P07kd2~i}1eew@(xJ35u0O0VyQ!y*u$*lKq+Z1b%kNYY(@($B&lk<)%Uv
zAK9Aksq%YZr_Gcap8p0^{;@Vc(^e@PS_p9*C5f=1WsYJGBNu!#)FlGBdU2Lc6@1aJ
zxeup|)57?2QhZaa^S-qwoN=NZ{KQ-YX#`>hzQeR{`wW&6xr={6ju8FC#VpIXF@FNJ
zb~b4P^S!wT1>+c4I2=%BvKEt9HP16KpAEQp4=m({S*l#^Lt)6!DZK;-E)WO>ju3U+
z)XW=xQ-Ia@oISCwH}Dms9%ktQKnJ}%zZWKx3bubx#b_OF%qRq)M}1-qz+`fUTb+as
z_T%N@%O}wZq50-YUhrTX9@~M3v&X8$@&T{W7Q~t`C9`MAW9*S=3ewFE(*81<>7d&F
z$%@z719&puN%bQ8ScN&&L`bleik{m|!#-1<MFS-X@^?v6ffyp^&_3^u(70^0#H6)R
zPdEBNGD?Di8&R}Jms^pUw?QJ-O0B4dtDPQ|_pr$SXfKf)+D`5-o0s+_?}BaZApU?w
zq|DDj6$i9dKVFSpUyvTNs!4<U8OE19L*lA#wpsgM6ZmLD9Zsi{Q()|1bwXM7PVL`V
zc>Nc*QS|b9cU|b1SXaz4HzIf7e89wbE7={I2?z^01vF)CL~2jy*tQ2wi8X^US9Tos
z(j{|?UxoQ&gdBSsv1BriuZoFXk+Cym8Aj~hr~{J6_<Z)h(&r9b;i%9A>LiR0>|-1j
z_{rh~yPkcT%SjtyJq<6Xt8l;}NrkVxf)nl_Hb#C_6e4|CyQGC<WBz!fdX!?3o#(o@
zt@9!C4J~PpT^((+p#Grx+3k!bpX<)|I2r5|W!f!(b=c*v{j%U=?-wNZ$3~RhnEjZf
zUxeKO#&wsn3Ip6fGT4JU$6Sbx&Cw3uQ3-j=p-V^<FEy1g>`(&+|2*Wfgv_jOpF>GA
zjVrkEZAbR<Bu(VX7Ecig?Zzy3272m#o=%nD#WqcJ+NXcnzPf!xU$5z>C6&azr5?bI
zz4Gyu$y0f>l-b^gZDgRp)RnI^0b`frT(pj6CI3fdZ{>`pe(A!B)>W!(o%x4P1&AOy
z?)~3a8g6<h43WpcudggauMPFQhZxvbO-4PR{AUtr7^wB@+Wu6BF*VgS;bnuTBR$Lb
zhh3?9>E5={l1V_N{tIc8Gw`4kpJ*_yUbgQomTf51j9R%MOptDnH?M=1I4uF-Rv`0t
zG&AH!d<z{`lfqeXyE&(FpMeOutRpPpb|*Pq!<&Mj_Jen;iK<P4l1iMR0Sc=FvodUN
zkJ4+z7RVzqAg%rI8IweAC3He)kOeJT)BeXNzJ5p7)o^D$YxLDLYcM0Ptoa^k%Y=uW
zMZjkId}sAwl#Ro2cNR0AQdTJScrGk6&pvbJfbC28=Njl0GjkE@8QXOF&!*=75<BOV
z4LPc<qFHUu36rOQ-GuiyURf3xQ=^r*NWC|&2*y3i^*h#IMVdM80VSh~D6=t+Uh2X9
zow+Y}7=>U!#(|!QMUGbHMlRIKpDEc=KW2d`{c6xTLT!Kt!)r~$<@4fW$u<>}L;FM?
zaCXSJB9sbt`Y_Jos378|cqQnb!ddOg+P-PT$*7gswv=X+CQpO1Oi7_O&V)h>kuPnM
z5}kY7Oy&{3e|tl!!Ae}VSeX&6XJk@_hW^%(eimPweK`CLgcZ9r2{2)S7ZGjlZ^sWQ
z3>>j+hE)o_tBER?^9e_k;?YN=Pf5;aU%u`^5YZ85;6<mU2dCyEp*@ywo=VCPy`=UB
z<1Ly#9Nkp;bcZft(+o!guKoNCQ9#^5`786!J@hsQh1o)~Rmw7h3BRaFL!%!J3D#FO
zL%Qpymn8kfv4?L|l#Tu4j5YTyo?GE>N7{1TE|zVvMPr?IB)pg7&)FPJYQLl3_bh}G
zVVpLvhz$Krd<foK5mqBA?q+hb^G=wYnkKb0o)Q~W!WfkOP7)M09>h{Q44s~_X@gBF
ze)dx6s3uxv7y~nX#cqRSWPO?9?PX{6JpeO-=~$nPr{ffB77p)X6llZ=>4DB_QH9D_
zXOE;zDI4Wk&_}bz2RaSRU~Gty`8oG8K_<R=pDJ~Z;~e4<v*2+#;U-y@Euk@|_$S5g
z#v(#vdP|K-RSNBv2i%)MqX6Ef<WM6s@&ya%Tp6zVQ|OYD7of1Cd%Hxf{&ZJCKM^W#
z=2J-~J5#%F!lb?<M+10p$cD5ZRWNVJC);?xfX*~i!F`t&jt7kaX&A9jylQpOEq23x
z#YOd;q3E!X+#BM}`X1)@IGz^8!O}Arr8>e^^+R&EZ`Ci}1fA?hGOHZ7$Jw_ARFj;V
z<L_HL#F>_pY%~Ex&_{N?Uboe4Y-hQ#JGQ@=lx~s0C`r!ABg1mOKqN<;u`~hrERK1D
zY#q!hiYCNfy)WSAEK*z8Ed-*lgV3646rhWQqDWAdep_{s+;r>;*1>76VY2U|S{jFK
z$7X)IKXQ>BTb47x1tV|9m<J;WvCj*a6uL0y1RcY<m%lQWwN`O>nH_4r3p^pd+rILi
zXr%aoLJRln@R>sWuahc<2JBk;iLPP4=_n{6D+i6KXe=MkZ2_4v2760akJmi>NO+~F
z&jI3%qcrsKuTW<UOQNBivg%>_OF9fJ0qW`j|3uR=TA9ADjTy<-BiUzUpIfxmRM6EZ
zH$}YioOXC9PNBK6FvYh{r#cGA5pAEB0x>(Qf7k*PykA2h7%=TyTmf<4#@~=V+JzO&
zUt%GLjW(Rz@rUS@c^xdMqBbc-w-l`@+Mub9s?G%Ga-n=gY3@;B9taGZ40s)Vz10Id
zAAEbng4j!N%i^z;Y0M0^<p=BW%n-BJCc9@%{avc+ugs*f$nJ9a!0|SKP@fp(Yv@cc
z2%u<LAtxj95=1@*{Pw=dwYe{{xlQEL5I3%#Tb=?ZZJ2S!re0Isn^l+c5!wJI!+k;y
zI5A4WJLBpF5Bi;JvV0ZF+|@GU`Jpm#+Z?J3Q+)1P+ST^pw6L20M`Qla7_K%s(!C(C
zX91e5+*@g&G@-cF?$zU5#{KV}$v6^ng@(eH<HM#jgj%l`I2?|aHo~RIj=ZcQFy$;>
zE|hBH);_w+L6hI$YXBm$V>$|55bwZM20%P+b%eO#<Y-%>KQPF47}Pq9p>Zw8gJAUY
zHQ1c$R2g)cI^@*X%$J+7>8v<~SnW6gyHI;y-Dn_5MtACSnUHIWi$kZ!)_jO|3yE-v
z=Ia*kRSkmjVyCk>HLs|0Tj(?!GwUn^L&^A(=x_7CXWmmjt^tSxM{gD2o{3%_UXov2
zT&|0F%;|baQn!8ic}MxFVB;JSQoDQ2h@gyaA!^!jS?iZS_b}r_p|$T$-xd?j3-XWx
z?-{C10VT>mrI!Cp=x=iSfA1-()xCWD>fCVYf=z1G={)#zZHO4-9}=Y|4?Zn&ywE%5
zKU|B!y2Qmq%xqU(hg;cM$cfa#9%ak9CN+LO6tX6@?sO0(LK>C~0qsXhqp0)Kw6=uJ
zh9ZXS9~$({!zC>1qi-jR4Fd@}Y-d2>SMC$+J$>e+H~`mySrjwxuDgPL;g$^jNNk-=
z34gerYK!N819q_JWd6q734`ipD^UY!UTtqaQlSA}q_H#9J*hU!OsnE2KBZ;>B%g+^
z>_8RzXo|l#Bqoec*wc%Yi-I(#rX$83efk!CYOo88wOqsf_io~?X`+XBYBY}{#T=WU
znH_sHSidyQ0_S}x^+A?mb_omCYRax9-gBFYhr&I}sHhIY!A(?X{`FxUV8`YqRXLdA
zQ^E-N)mfb|O{LzP^+!1YzEZ}W4vqy8akgnO6^bOF7c{ik4e^{T{OhS|?z$3rS{_o&
zmKz>-Z^h!C9<HaNfe!ETPn~~|LO+y0SS3d18G$Xo#}>awAo9E=d~59tg2EfV9jhKD
zER}NIPu(_qeG-Em3Wb9~!Q-o75J)A`KBLJASo7WKLYd!8_nq<whV9cft9R+r_GXMO
zJ@sdD_brPIFYey)ml>DV61vUg>%568&vq-4!CM(_GchCFlq1DS%bsZbeHMAbgtK$Q
zWHUzowMarn5Z=*nS!ruTBfy)<Njkd}b-Zb1(9UH3m^AlHw*?Bu>bul|>94--j9d$B
zR5xa~l-x+qa~n7cCNTDD0>+_Ih$hn;Rn$LYF%vL9VJ>Lvq!_m2`Av*igmMM`z0du(
z^7FroR@cwhSUSobi}AzSFAGDUJD=*3qP1B~R<xUdcak*dP?kNs-Q{{6L6kALOj#DA
z*U7Um_I5b{k#quDSnEdtmr9sv&G{Q_Nfkj|kAyL%qhAYezy%t7_9`($D45POyIDg3
znb4n@2{1I1uDj-z!%n+G-Zy|=r)|J@PXv)MtHKm96t=oSz~}L|-c<*jc*6HSk5$}N
zzxd)}1Dlq3V>z_u^I<=BwVg9_(t#Wh01)#G16T+48W0>I^FBHgxgoufwY`89DwwiA
zP~3v4c&32o6{HI;s2PS%aWw;d<qBPj^Y%9)d@tstJv`WW7d3zZzEPn9(6ymJ0osZa
zs}3r)WR49Sq{->`t`KrP;^0S5fe=fnqWnKC?!WB93H~Y2Zm39ljep}kT7h7Hycdsh
zwAkp1=bAo@X}fyCege`B8Ed~b?{B!Ges$69;GC6K4$$D)^xext^PtAA`*C(iJem_v
zD_bU2Uq*G&MjzF9Ka-KUaqY0ExhFlxxoOHh72oci<VsIG1~m3h%=5IfpZ5!}CSNKu
zshB=qu|DBZB`*sZ5T?@fxU((EfaDfz23DwhEvT*YQL|%)rc+ttzrrz6FTLqIJ-o}P
z1J*qV-gi&eAK_pUW7)=7U6{5|+33Cu^24=7zD+RM%ifaN@XmrpI*(V7T|b11vT3R?
zuIs&D>jnhbJc+lsLWW8ShjUNL!~;W)SywT||LEHHC8~?8kplW<<Ba83g*>je%!Ye{
zrp~gv&8+;c?7w~D6A^6RxBpRKj+6)L7W)Gl;fo~-Vl12(t3Y~k&n7Vv3+wc-a&?>>
zmlXLH3r#-zXarPCpnlJsUfR$IqUz!AllLg^<+8KdLC&E7TDNuFS{>{U>L(XglYccl
zP+_Ng7jK@3l*`%ytVR3B#>TXXNWL4;NTnm9E2@KnHgrpfnb?;&sGr-!Js5lkrwe&s
zq%Rs!*jQ(FqlSCf<m6p%?0+7O1Hq24+{rH%-xyMm3QSeY22SnWn$-`xVFu<4aaTs?
zbE`ozM~{+>%~gu1$^5BP&%$~8in?4|KFqX&Us&?{-^vrXWj435h3a|B$q*&TzV)zg
ztYelA7LneU@UXfQcA6~xie|+AX{+y~(fw>ytjQ=DXP+LzGee`i-Vm{`C>}DRp?Nx?
zaP=8$cxFS4t$#Z$Lt#kdj1PLkvnkn)KW&B81vJXa+<_OGa^Lja5CZbV8bK?3k-AkO
z;EcVk1<PNN#%Zh=@J&0%qBiBn0Xyx;(92=TGvS!Ii!r1TJxXnGS=?pgYb60HPARLQ
z%SvdV!BIco3HrF7PXVdmH{Nv6DyeXtB|)Ix6HgwYxWZ%9V+EGJ-8W{2StG<V%9cVE
zfbtxho$pO~0t~dyTWy&w$7CX(t1`sO-z6VkQpP0Pbp<=3JDO0?cj6lhr2#M2*YIz!
z6#QB&V*m88TH2$7Q>1E<wCKk*cu@Rymv&WiLZZ@c0=ZT4R?4br0N}&?W&9ap#+OB9
zk$y%m^4GMxJGaWHX^Cy00~oT^6yL5^{uA@fM$fK+%J-X&l%!SR$o}mw>pY5YBN&E}
z$K4*2i*6!C(jkyvdWppU1Hxv<wev5+1}r@X-*_%~5q#wDoS?Xkg)WU*Rv03LzT>G6
zNZn@6CuZml6W_4q8S?tTb1*~Z&);XC(K>R<+jgx%z(%k+j|@HNB+sLx1I22ViO&~9
zI-Uzwx!R9mY&IN5%@yTx+EJhszLU(?;3B5@xPS{7aRa2;ODo~^`epC;Mdi&S9_}Fb
z*jBTDj`1-q`biwRV)(l8Z6;C$_6nlMAph^kjSo7Q%$_znSs8G}iQeiQ&+T=r%U0VS
zK;|;J-pJce3f1!y94!VZ47Mu7hH&HA_Z}4Qo)R7iNxCixVV`~+u5569Q75}iEB-kI
za2ca38drZ40G_@SadYTw@Ig!X;188UhV{o5iXa7@>*3{gCF=zG<k~q}r7<Rc>Xu+P
zWh4(lAp^7R0pEVKO+`X!03jE1Z5}<PThuG_^ci;KBP`8*QZPnFye9ukl+Ri?PGR*)
zW@%=t+94%xxcqjCjoc>^sAajEuJEEex3GGMXlTk5KPOhS{`vMS{7uUbJ=oT-0zBcA
z*v49^N={mH`7#XvUjTl@{`8F9_0zYdTfAroyh0h3u0!viA|R4^v*iB^n38j#S(4d8
z6@AS&RTq4;6ZCyCe%sdZLYGs%Uh=}**|4XpAh`9LkM`xq2CcR=i?1PBbD;swDPO9g
z7W%+|eoDVA6_~Xok&WeEo#T^`r+0hQB`kH<=lV&l0ZwfowvO5A5!ZW6>tr4u+0)NA
zCL+Sh@Y}C}TmvrGdShP_3PK8lI1Yk)TSKI529{5;pKPzEO3w{<!}GLBMq*g~Q9M^`
zcG3lS3A=dhzhT|b--%E6+8e(IAdd`R{TCe)pqjTv3^_$8{Nu~Oy`|+^A>bsprs*+*
z18gYZRM7980UETGu}*0Wx$qZ{&in(=Vg+J5nE|0Llde%TV%)>rpg$Ij!&E&tDp`O)
zMlYNIsZy~<HEzu6?#k7t{YqNmOGHsB@U1;9i@1SY65zQfX;xyx-F^mE^-(l`tOyJ&
z`YhjL4mb+^jh%V8?>O$acFG!%0&JMwH(f!%0uQt4>)uujT@u+UX}&hz?Bv%mcI>fS
zAeFY7sZPCQ9Ov!6+ed}=n5aX(F7W|!gSR@`H>vd!UghJaYc)Y-#Y*$wuDON!T=(O^
zy{y4g*2)1h{3{A+Xs8RcBhPSeI<^q$0+N`4Nyv6#<!f6A)Zd^rHC~GUi%uqRo&Q-r
z`ZpOFd_07AHQDNzQPhhr#OnYMVy#oF7Y3hNO)isG+5ZiF`9uz&FCp11zn))Tji^MB
zh|>D(!FhB4Gx-AeEuYltqh11Gq~2;Hri0G3NY;&ddu3on@SM@U<D($_hIMfh-}v~A
z-IrB=g}_#V-Tnt-H^M`oXOx~8(FAB^G-M@3MTAAuX4!=~fYdA)te=0A@-O&HS;az|
z#Ic6*a3_9qEd{|+C>YD;u`iiD7bDIj3PV~$R`}mAEwulv9ct2F&8l_tPES@~$8oA*
zSJx{O(gw70s~oubQdSbFyS~WQ!wr`;POOl>h1s$HK)}p6a}@C1ik0Yl;JyX9o%Lb^
z!@5V^b)fX2|27R!G5Lyp$^(YdEbN$AqrnKgC?n8-dog)f0RLH?WPuC4I-xJJ<*S`}
z(Z+KL>BhV0^~ip0QZHE$+f&`wmUo-cUN53)-~<WQ-s?s;Uy?z`4~UVCfz}C9@G_B1
z?09?4_j9YsXC&1}xgXixSWLf|eq=8%p%M5bZ5C-Y(|Ga)6^b}0Y?!>&hA{?aXV1dy
z;P4UwDirH_2+;VY=Sh5$Fir{{JpDs|*-7eC$kjWdMdF&PI_ZK8)$`Lx02A3fEyDE2
zj{e#X@qq{kU?<`;#L(9B6*?4SgGMmU6+CdQw*fC@@WN=50Z>`!S-#D@%SAb-3#I3k
zC}2`^^Bro&l`n)<1B$-+O#{ukZEp8lT2(dNHkSCkpVDg;Pc_$5;TJpCSNz8cZvfY-
z{epukOl_XA3O75du?iT_w_m<z<QeyOG$W89{R?mc?m>4;CVF0zLV-KZBDKomf1FnX
jum9`8ebO&|CA|l4uEW`XD+K(t2!^VnmO`zZW%z#pL^-c`

literal 0
HcmV?d00001

diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 69b7933f18..7e6bf874fa 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -67,8 +67,6 @@ In light of these restrictions, you can use the following methods to manage per-
 
 You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
 
-device-security/security-policy-settings/administer-security-policy-settings
-
 For example: 
 
 ```
@@ -113,8 +111,8 @@ If a per-user service can't be disabled using a the security template, you can d
 
 ### Managing Template Services with reg.exe
 
-If you cannot use GPP to manage the per-user services you can edit the registry with reg.exe. 
-To disable the Template Services change the Startup Type for each service to 4 (disabled). 
+If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe. 
+To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
 For example:
 
 ```code
@@ -173,4 +171,10 @@ For example, you might see the following per-user services listed in the Service
 - ContactData_443f50
 - Sync Host_443f50
 - User Data Access_443f50
-- User Data Storage_443f50
\ No newline at end of file
+- User Data Storage_443f50
+
+## View per-user services from the command line
+
+You can query the service configuration from the command line. The **Type** value indicates whether the service is a user-service template or user-service instance.
+
+![Use sc.exe to view service type](media/cmd-type.png)

From ed9db75ed43549f012bdd0c10af2167e2156e03b Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Tue, 13 Mar 2018 13:05:23 -0700
Subject: [PATCH 116/119] fixing links

---
 ...el-windows-diagnostic-events-and-fields.md | 38 +++++++++----------
 .../configuration/windows-diagnostic-data.md  |  6 +--
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index 963fb2a1f9..dad1cbe857 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -30,9 +30,9 @@ Use this article to learn about diagnostic events, grouped by event area, and th
 You can learn more about Windows functional and diagnostic data through these articles:
 
 
-- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+- [Windows 10, version 1703 basic diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
+- [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
 
 
 
@@ -2379,7 +2379,7 @@ The following fields are available:
 - **enumerator**  The bus that enumerated the device
 - **HWID**  A JSON array that provides the value and order of the HWID tree for the device.
 - **Inf**  The INF file name.
-- **installState**  The device installation state.  One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
+- **installState**  The device installation state.  One of these values: https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx
 - **InventoryVersion**  The version of the inventory file generating the events.
 - **lowerClassFilters**  Lower filter class drivers IDs installed for the device.
 - **lowerFilters**  Lower filter drivers IDs installed for the device
@@ -2531,21 +2531,21 @@ There are no fields in this event.
 
 This event provides data on the installed Office-related Internet Explorer features.
 
-- **OIeFeatureAddon** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeMachineLockdown** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeMimeHandling** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeMimeSniffing** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeNoAxInstall** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeNoDownload** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeObjectCaching** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIePasswordDisable** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeSafeBind** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeSecurityBand** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeUncSaveCheck** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeValidateUrl** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeWebOcPopup** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeWinRestrict** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
-- **OIeZoneElevate** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/en-us/library/ee330720.aspx).
+- **OIeFeatureAddon** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeMachineLockdown** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeMimeHandling** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeMimeSniffing** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeNoAxInstall** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeNoDownload** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeObjectCaching** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIePasswordDisable** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeSafeBind** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeSecurityBand** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeUncSaveCheck** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeValidateUrl** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeWebOcPopup** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeWinRestrict** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
+- **OIeZoneElevate** For more information, see the Office-related [Internet Feature Control Keys](https://msdn.microsoft.com/library/ee330720.aspx).
 
 ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync
 
diff --git a/windows/configuration/windows-diagnostic-data.md b/windows/configuration/windows-diagnostic-data.md
index e3c5fb9fa4..20b60ae7b9 100644
--- a/windows/configuration/windows-diagnostic-data.md
+++ b/windows/configuration/windows-diagnostic-data.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic
-ms.date: 01/30/2018
+ms.date: 03/13/2018
 ---
 
 # Windows 10, version 1709 diagnostic data for the Full level
@@ -16,7 +16,7 @@ ms.date: 01/30/2018
 Applies to:
 - Windows 10, version 1709
 
-Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md).
+Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
 
 In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
 
@@ -129,7 +129,7 @@ This type of data includes details about the health of the device, operating sys
 **For Diagnostics:**<br>
 [Pseudonymized](#pseudo) Product and Service Performance data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
 
-- Data about the reliability of content that appears in the [Windows Spotlight](https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
+- Data about the reliability of content that appears in the [Windows Spotlight](https://docs.microsoft.com/windows/configuration/windows-spotlight) (rotating lock screen images) is used for Windows Spotlight reliability investigations.
 
 - Timing data about how quickly Cortana responds to voice commands is used to improve Cortana listening peformance.
 

From f5532c9aedb6faf92aa2ffe465d1ea0422ab27a2 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 13 Mar 2018 22:12:10 +0000
Subject: [PATCH 117/119] Merged PR 6340: DeviceStatus CSP - added new node for
 RS4

---
 .../client-management/mdm/devicestatus-csp.md |  11 +++++++-
 .../client-management/mdm/devicestatus-ddf.md |  25 ++++++++++++++++--
 .../images/provisioning-csp-devicestatus.png  | Bin 53563 -> 56103 bytes
 ...ew-in-windows-mdm-enrollment-management.md |   7 +++++
 4 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index df99bcf53d..25e45dfb80 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus CSP
@@ -132,6 +132,15 @@ Added in Windows, version 1607. String that specifies the OS edition.
 
 Supported operation is Get.
 
+<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**  
+Added in Windows, version 1803. Read only node that specifies the device mode.
+
+Valid values:  
+-  0 - the device is in standard configuration
+-  1 - the device is in S mode configuration
+
+Supported operation is Get.
+
 <a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**  
 Added in Windows, version 1607. Node for the antivirus query.
 
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 08187de0a3..7e4a7a5933 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus DDF
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DeviceS
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -469,6 +469,27 @@ The XML below is for Windows 10, version 1709.
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>Mode</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DefaultValue>Not available</DefaultValue>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
           <NodeName>Antivirus</NodeName>
diff --git a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png b/windows/client-management/mdm/images/provisioning-csp-devicestatus.png
index 76c746d95f8a51464e9c6afba650054f0fc19cf7..520d58a825c4bf18f01d1841fabb280260a47466 100644
GIT binary patch
literal 56103
zcmd?R2UL^Y)-D>mh=L!8sI*T-A}XS^NFt!1VnhN0igausARslg5E~*YAVj($(nY#-
z2p}rG_YTq_p@+~ylCuJ~{ok|4*=OH>|6|;7$M`-SiErL_y=%=m*E8pQp5>*EQr@-W
zzzzrmvI}|nf(8V#X%_^tb<g&V;G4s@?UcY@8|*Zc6(PyB{Nv!mX4CVk=OK_ZU-s2o
zTfk?whnIEiAP|nPtp7KZS%0_-fpij)7tU)r8BWj*9`d(gzSC(EL50mRC+*@@0#fWv
zwU6*7+I}3s=#v$y3{`GVeCu}7-Wx?#Xbn9MZ~x{mb8AmW#?jMRm-V7AztnHsctOMM
ztMQDC(?K?k-CM5wy_qf2Ym3<%it&a4**MzOy7BO-VyQSzlRRvn8vRQ6`1rV)acWne
zJ?CTbq)iaW-yHbO5Xf#{6nLQ*LG8%Jsh+T~FuwglT9S`yB(y{mte3ofO#_31Y7iSB
z5V&wGuK6!rfsb_oYDG4rQE`6km6`=5qkA%@?k*Du5+B2Sx;A|iMk#8Oii*mJ0r*MS
z$xdWjvReFMDa+<vlvRWt?Mm56Bm7N0JxOa$2&DZ26{TxnAh2Jko6?(H-Vi!Iv09a1
z7obdQ$-mPJg+NkuNO&pu>3LtM`)=9Gl0B#DiqfygaG3^x-`<VI$>+#ZOUJP<`NKn|
zLa@$@xmDWGRTw)2@_?fUSyfeKx^3mqwvnB&-Av;GtkK<DSxqA<555SRz@R4!9cT-d
zOiM5cVdu~q_iTqu%Zhkqk7X;+tdbRSI-;1aqvzDRl@|Ox-z_LY+jn8^$e9GW#F|iT
zU70kF>VzY`uY+n7Df7njj#<=RHu3qme!Yg3v&`Doh=vX8_x-NYVop_DelYarUCI3G
zl)8n5WzoT&?Q&Yaud`y4P#-66$=M$YYoy6yO<P~`Sywd6OlKWCnC?!QuwdN(IDTAU
z5C)7W)vQoTL4i3E(&IO1LyM~W7EDa-`VzJ?#W6EY)Pj@#R<_<X?v}zdf4gbY2>$9z
zDMGj^Ia<4yUO^4vtkK&Bf$-BBhnkn_)K*W~p0#qFzaIBq*8b?twy-Zf#zur4FO|jl
z#mS%N0zI3e-G?o*(3Mls?W)dD?@ET|#H7?je~n=NyHyW!j~PYlpaYR{&TP_Hsg~9G
zcJ%XO_b9Dkk;@9DB;<qX)&b3;ckm-@_~#Ar*Yd|k0#uU@CLWr7RhD=3hByyR)cx|Z
z_@2(U?k{z$QtqfaajI6f({%C$yr9!N13Qh!s+(dR8ts%Bw#Fa&hz=0Q=QQ#7!DRT#
zC7&`&l+ym2Q0s}~_afXi2Jy58G<Ai_c}m*(%FLSrpYZpk6DJbX?s8h7$+UP%x!%D}
zWbc^A4fpXl*V!Spp<#&$Vd+hq+}`p*9;wd7L|j>pD=Xxd-IonJZN}C7{N?kNkbMGj
z5nn!BykrZ#=rVQ?A)1#OE@6V83cQ#Umg}vh8L3dXDpPUca&y$j=WC%GAgRbgDVy9m
zUuc#x7@ew=4)OHpW3Bf$O`k@N;-1*J$;aQ~OnN)pTBKuiFb$W8QwwWFu9|~@Ak!3N
zVydvb*dz{qD5}h>w43`FJIVAlY4G~RvA*^&51U<n-AKc-;K{J2YYZh9=TuR=$cV>n
zc)Shg<lBbqB-IXlwDmUEgvH7|Vf6V@GhisoqqsWEO#k&CYhgd#TVOZb1dOFJ4K6yn
z$B%cvpV993Wv*6}k$Pe-q4pYYlzS^z9FIm+JCdYZ>yb9D`>yOi{;2svEi~k1qo$E*
z6MVdf@%7cKS0k(#;WOS>CMN}-0nU5abI3DnC_$@7qNm6cNty6V3EC<?*Y<D&q+Kcx
zH`QC<nrAOztL6TIjj)YWI?j;0`tA-dhg;!H2s3K~nEdw$WUiaTfKe~zq^+?@o~hv(
zMsxYnd!`Ba$C_JkGfPX$4;qy#yqiyTR0B)+B;|I?!J!444vb;s6h2xjp=Itqlet3o
zJ+#d%Hl6ZiHcm@89$iLMgFuYan-NGIJ-x6TeOa5?q-v}ZjIx_GLZP#Z34XKZYlSyJ
z>i>#B&Gi&wT#c6^KgM9?m-TNjIjnG_+dLVo<1p;})2Dies_afH$gk7{sWHaz6zjmP
z;_fTss+4317(H(jva+)?^kWRCJP|Ghf1_Nq+IP5bb$Ga^%r<v%xW6&LBFL&IuOtPm
z^ZWDxgy=Mf_lXZE4W{%WaFWI-9Qb~q0SW$`9TNsObh77yK+c_ovw=7)_(vR81_lQC
z_79gwdu9-ctFutprP6IJ!3xz|7gw!wR%#Qbi=07_eE1x7Wpb(~UnyX&<8fhIFWI?&
zNz?ogc7|XBW5Dz=qb-X@1?;4PQ`2B4<ETf9CMG2rEE~_+j}NK&VxYFGCNkLO{P(@=
zRG$xvB}63%<nBw9c?*d|QjeK8pT_#~Cxz7dxF|Q%B6|fW@*5y;1mN*UEG#Sza}N^)
zn1(}t*Vupkuz0Zm@$ULY$Xy?lc||5!)3vvYNA|2_k0hz*+O(f@HUv_>9iNewkDd-c
ziGR%>9AXs)_KMZRXCUXY#-hD<d2_IWXZbbRgbuVFy*N*fPCL+QW(k6;4)$Ss+^ywH
zO=#o71=8T~b7hJoNls(>t#ci?=|+6U<Kf|9a4$b4+vib;ikE!iVJ5CL((#P5oNY+C
zK{A=5*+uL!XQy6yHF2{sBd2p@XWUx|q$3h1GXv(-(6#Q?HYvyFhPI>Ud^5lGkKvHB
zI)P;<@Bo*hYQ#3kxvsJ3U9Vqr!s)91r}2N8^G=_*w&brb6<tYZDD|uAs7bNkkr^ha
znQs?xtr1bP)>jpeHzFoX-kfx_R5j&UN+0Y?xat#(=72oP;z`H#9%#j9P?mNDT(PW8
zfL;nm%uSZhp84v95Q^$5N!TTR!Q6M@YE9^u`kKFXh%&!~WX9KXx6IAjeu-^v-Vy6a
zt+{%~VatZQ3e9&jU7$w@nU#+2Zu4Qo{r<}bf#F$}Ohg;unOY7SHz;j1te~u*>6!l8
znYdPD15v$-o==te)E003F-?UFcJERUE;;7=S<MNbkTl7J7}Q*0<Ymv?;8CB|;m_(t
zziv0oL{AE#de59%(is}6SE^>h<?}i~oQrLMnYVp3AJo3Aer&cvgL98-*lgI#MDFIR
z_GO3kF1I1g?T<Ov?b@av`*m3utn$ka<o?dpI_UTjcaP1*cje4W&%S*qn>g#GDsx?k
zEOq^E8S(NC!=v<NVT*Z1?fB?kQL1~$+N?Do`Ig2?JzZD$86s1cq2u|~*YzEL#eXnv
z4yC|oqk}1LJ;FZ(D$5i0ygnIjd@ILzzSaEno+;t!>Nh>eV)F>hjN0GQ_8KZB3vZ(S
z;jTAzbxFqsUh(@%@(b)8dGZ!^!_H}ts*2fi9AV%3tg*~|k94s^vhl6e*hGQtqp#X7
zx#TX|8)y}qYtsFm?YNO{n2ja4m%H*{wJkIi`rlGNpsy4djo>$db+B(NeaDcu5=rP^
zwAloaP=;DgEKGI*;K3t%OtMGjPXliDPg6N8&R`T>;HbX3_}T^C?0UCX3<8l*gl68g
zv`jkNS=W+1#ZN8#fL1P09_iT#`TMZFM#9IIkMMnVH{!c46&xmEbPNonr@4VyN8mI7
zzT(T5vK<)Es}oqR0=TMU_1g3k7x8Aqmk?pdBk*JMZ0kP3eWdB*0<Ob71meThcvD|D
zIos7K#&U77m|D?tUo-Y_RX(;Et%s>=K^tP2E%~3fWp99>8jzf3W@h6n)t-k3pKf|e
z-{hQ5YafGQoptDK-F1G&?o>JLK4*6|E{HLAJ(5e{fQ~vonqe`u3G(QSz5fMP&`Wxc
z6OIJo@ctIO@LwSEojX1z?8S<Sy62(D3n2W}?|>r@fx!6a2Dk$&WM(`;`M&@t^*zu3
z<`&m(;4|{_bOoibPP;s8hC7c?wr&E^)&GKygGQ!qfx0~3GLCUIdDLT2&HFWHC~O}q
zx`F`&M@QfwpD(c<c^at%-SEhp^^n{C&%uNESR?x;ybFv@hBX#1<N+|A2jHd#ok+~K
zk+wD=CrLvqCwt9UQ}foo4U#a|L&r0u4Q94jodK`d4qhnl6V9cyt!*?e%Q-un+B@FI
z>tc_)gl@!dk{d}bP~nuMS#`$nFt<E!L%!RqZGi<7klKLca<~H>w-ZY*!0f7mp}*jp
zt?<vn!)LZMA|drPth+9_Y3T2GKrZ0c-=3}}p;J|pKJULmO|->YVlsz2dOu-njvozJ
zs(B8t$iHf0@VCV+HB!~22SZTC{joP$>ZCT`0~=}Vt^6PFJNEhe=trERU{QodJYH5}
zb(}_@R_4gyRLFZUf2}XCc{t`=($2&eY+`-rrj-2!ry_8Nj`(HhOlOI5T9ZZtBU5g6
z88^;#_H-(_+%EiF%6%~+<&cw<W2P~3Na`ly=R<^0?uqbtddEWPkSlNP1&$0$RFW34
z^Mzr;T<y;I{MoitMUTJ6g~=J}b0&OGqI%`1Nz0mDCXKe!R!ZGtY?#Mv<jvd@YWA5!
z;t@4J7Ogo3grM1zPUE<fy}OwFS5MhE45)oXz3h50=(XRvCP&+C3DwB$_Bf4v!BHH5
zFb5(V#+wuIV{x<w)^}#1!1O*s^eYe^ZQ_svK??KB(JK!$pj(WL6(L*n?k~G(nEZH&
z59|o!w)6EH;PR{6>*f9mIuJ4Z@!)D|>TSivE4QIXtYkWoE>B02v(J-xV7h_@VKZAU
z5xAy=tp|If8e05|p2>Kwo7FXRxLTv=cLRk_jO(EX#J5-5N*7n~6+I)yk1D37VhJ2R
z(I^e>A{_%ss)wIcnqgYZu!zgNtu^Oh(dQYsc_Jow5>JA4J-8{hjA#Pz4Pp$8nN*9q
zop<Yp1vMbAHvahj-!*a_hei^~-1#A7i`_r?6L8*=HHZ1X_0j*cn_DVE0XCyO<xKH;
z&B?Jdu$r(-DQF)_d%EgJ3YxzKa`_w-Ih26|C`<ZOI~IgDrrTUDua5$?x?jw%=yILC
zBiK!YNEqi#^eBKr0O|u+#0tk!AmZ3IBNGx5K+u|ghoy8JHuB{U3z>RH5Tw<PH&$4*
z#Z~KVhinIPY1_a`9b@|0L4JG8Rv6^Y3&d;-``h;|Eo+EDkVgmL$jEAh*}Z$i1N9wX
zue>(|sUEt=nEl47bu1*C8=|fRMZUF!CM6~9x_(7LZUJ8&5meDO;cU&z`yKK(2xLdQ
zP@!S@&fn?SSN!${b%kMMPOAl}UR3CfRx^i6I%g|w@#5aSw`)1(XMMk~1*o^TShow<
zDsDn8wlt6=XPSjdht(s!)G9vV06;=^ripOohGNgAVFqkVh?yW&N5<|%jJGD~fp?X(
z&B1&a-_M!tSNV21-m<u-d?*|DC2UuTI?hwZ@+8MQBORU7(<dP>l)<=fK@D;p$A@tW
zFZnHmZrdN~maT6}J!>`*eR<~r3tb(k#M(0zDZ3FN%S6l+)x+b#$?}coHh?&NuN}Eb
ziLSFM3ByR35&3oYy+)gq==(}Oz76$o&`Z(j^Wl-|-|W@#KASVWV0aV7rT>Ao(UK^J
zVLKfWe;F!mRnxa?dS?jpZDFZ&O{qmn<4{Dj_Ut9BcjmB}qNJG?_2Yu{k73#y&!k&3
z<{E1UVOqyBWtj^_$_z@EC9~Ah;NbbI7fQ)bbx+P;tyz&ahCOrW;@rdZLgM%6mg!EJ
zs>+=|q=vjH=D0}o$V|CxU3P4rMS4Si1!qa&70Ps%Qf-|NHbp}Aw!1nDnj<3#i|%tZ
zMuxTKS(8k0zdM#BGh3ps{1BeXMwsxLzra3<BWYUuJh#)O#$8w_E}Yt1<m#0lA@T{z
zW^{SU>I<y6Z&ZXZ;PQe6$${yOY}>N7`OMWq4Qhwn8pYM_+Q`R8Tq8wsM>rb9%b3?Z
zBi>KK9qQ^%#eIorsz<iQ68DSek42Yi&uTa2Pl}}}k@`I;>rStMiGm}+rfaQqiJ<mU
zL=h7ir%^3DbdeoDB(0o^Y8}O`+F;~Gt>zQ%zPZBk6p*->_ZqP3J^n|(qAE#!`OC|<
zwV#~ahtY<47IYJ$iK$jJsBS3QKfCrhen{@_N$X{r&UAQtPuB-r_3_rJPJ|FseHC_4
zDk(#Y{c90=6KkKm_8f0dTbShL?PJ-DBk@2z&w#2N`<JSMkryKuG4~XFi7obUDSLk-
zV-taCp%lw*<axo1FtY04lr%YdC6?%2R&-@h$)<0!brscPp;lr3Z6zIe>PXKPR;J`7
zF%kU$D+FumU;(Lfo7Wx~4U)=^H1=(Wl=Vf>lx%BeN6DP5`+nHk#`|ef_})Zg`Kuyp
zTK1+>0{A{Wy#xxg4o2^Re2>5hR}yhIw6#?Z^M+$hEr#l=fbS0XjOGk%g?O``HZ2^Z
zoAgm@AW=hbv`?)_%Fzr!u%C{9h!-E7n4J9a>tsIN6ANIs-{I3ucnU!H2yJ-`#-x+z
z0eN%^00w3Jke<H&3C<u?5UOx)N{yB3t|eO!Y6n+qii?~`Fy<ggJkNeQyEgt17tLm(
zvq|=`=*pq;0@p=W-f@3D+PR@YMlVn4FJJnu9&`2$R>9TvDyD3K?%v*Amtu=75H%ke
z9TgRZwC~0XH;CA46cb$>QJAt?Lp>>wcuK4xC^G<}{^n+3nzwraq>%tPqXGFJ`7(DZ
zIv^mx!^5K@e)e&MJH@lTUKM1mDRpj6i&F-a=NooEWudGqRR*k(R^#SIANZb|U01-M
za4Wb?l^b1Rd{JoH#memsofn~TDp1d3_srRLd#wNH8nh=LopQF3xe||c8JP(ze;hJi
zyF8vY{XsWRUedBx5poeku?x_c;YeIyU|?-PA8oe5`jXGLtBZ9-1a~uF79fRp7T>Uk
zcWp9mjNrABZiw$JtTT&Vtt~2~Ee55ag0s2L*{sjdy)GokbBF!hYlVj~?&t+xLO1bN
zuNGv>#kHpdSVDW2?vB7r8M3zZ_iSNU+5*Ag1VN7#P>(-46v;xFji7SWeCxV^e#=1_
z+xnUY5SQe0?A}9j3JL|gGfniS@eb7b)n*y2mrlAofPE3F!#3^>i%sKXq2TPj=l=RJ
zkai>iv(PbJ%aE|mscD<Y&t-f!QKK*5JC>;oOuqvWqEXdWR%PNvPc**GJ91xZI<S)N
z_MY!3%NXIJNjnko60&o^PG9j`*-5WlxHfsh4@>);)1u_E!ch%slYs@yg=O|h(=FWj
zr%WkU%>I%RR%9PjWC3ms-TjV@pN&OFnbk>U9}hX`1*l7*t92r6nNL@oMQA$3-%eI{
zOpNzPBM=rKz<7Wi5Uc^UF3z+CJuzB9_+YJzuzR>f!P5E;E1a1h1%WiYR6%=)aO7iv
z`q-R~Wklip-V@DrpXA>SiD$zCx_;HPo^E{q5O`(thA`BX;bpW*Gx|ira<4V>m~CQB
zLpy=UVWr3ZRP#av?&?DN6EB0{eCOpM-(>y#yC8t?;aFSaR%rG#b711#ichA3tC|l$
zpUVem&DZFTlhtnwxpu{lt^cs!jZ2+{?@9Mnp$?UwjhX4ng@UrJBc>DS7Zxm2UdASp
z??+gerxDtG41$ZC2b=3gM@Fji+1JK57R?cwqrY6n-F3LEbM-YQ@Ny4FK>a3i_7S$_
z-PxgqjcGA4M<`PpkMgsYBmU{$y?cA*7hQ&KhJ`gyH7%ml**dhl=by>DMz>|if14cj
zD~Ru|mGsQs32=}e`}-GQ3cw>kseDohP8e0OzKU7Gbf4>Avkkm73{Ck=WA2q5kjUlZ
z$&V?1wJKrto|S@(Mb~O5xB7X_v6m5E@}ooCYAP5?M%@F<zcy@H^Am@642v8kQvyIu
zeoErFAXa4(^AJ->#6w=bV!0e?>pB*CcfGP_b+QW!YS?WlZl}z8FGD=mfS`j{OG}I2
zY%#jFsKP6TSPja|Gq;z!C%Vf<#5SwjuUU_Ft^>LCvpUvjy#4qzV+iD7a;#EMTFChK
zvvy9eTr}MsS6zz`v?})Dbe!hk@#Dt<X8Rk$TD@iu;Ks>yZf7Lq&q%=^os_t#VSNQu
z>(lGx6K;SlV&mUiS(j~YW2G?erO9q9%63AKIWN}OpIF#)J-WS?Ykog~-~4_bYes}~
zE<raO-O5@9wqy_$Uq1ftxis)PR7_kvtSEi!8A$~NYxnPuwzA%xOTX$PD-x|-DLaJy
zO1LHQPOc!|#MHEglfVAa&nM%8B5?Km>+dlpEF!K1jgb90z^jJOQHpl!w~E3A6L;dD
zjr@F%)6V<hY&B~}@X#A&dwRWfp;=U5Sj2a=t~t@r9rQ3#Q>Q-@bq8vkI!<K3j<}5p
zORcSZu{6A*<ePn?3$w5uzE&hdn<Sy;0<T(9tgOiecUt3cPyQSgFZX10*fy8x&AWzF
zbB%Z!3q=!f^A*t@y@j1SG9&)WwE(!ttsDz;@KP1i>eyrWp$;l7@)v&3@3AlRabTm}
zOBqv><YU2|AwARX4+mBeew)JD0o1G?kL;Yhe0Cgnwbv6jA*p7samt=6bS-87-f2W%
z30>K5fem-I8yKT0AKoUD#@&QmIjk)5$X?Ld_Y$Ilub_VAEcZV=Z51I&GMyM2N;*zp
zq~SxB#wciU+n$=M`q1ULS6cKj<2k0R-UI0PETcb6==wiA4<%0+G9Exw&^9+NsTKv!
zD|zAX;@u+u%M0V`k-e7Wubqz2@vifn<C1D4U$6don*;cv+y3whj=!b-D9G5z`R2C&
zGG+hnqTimA_%$~N@ZW~+{aW8lkN{MF&Id`%%Uk?4j3(wKXaw83Ro!brwwPy1oR*M~
zFF!Rk0?JY&+c;Qg;{voeGZEA|;A_7BpZ6c#=Xg-qCT`BT>)!mMI>ho9E#ZJlIwt1M
z&cXY&0jRpVx-g+L?>DUb$0w376-!Py+`(!*?o&>WL$^&#BrZSRbYKnW06+NWQz8xb
zs;H_*-uL-e9B+T^dSZ4VD6!2X%5x&lQ?R9}sLmz1`VY5=-U;mnCFV@X4naJjvvnxq
zKGZ|oDOJ9!%XF%e{}1P^d>9#F2fWc~3)WxorF;)bI9>SGQ^h}hTY~?%)%^abS=+IO
zPGR|GA}(uDAUFtf#p{><)2uxeG!*V&7Z)6Ou1;2~`M519_!_?8Z;w`$vkH|`om1ko
z*GOOBI{nKeez;4OIb#LQJZSrXTiV{g>G${n0=`6ljekdU7;aL?lKd)ka&@6PAGl#g
z+Q4(NRR`y<V3UQbgWiMj;de{m=G7^2<RflAVJJn3pHXT*>ZsNHI6<8Z&`oGQ8>jTR
zFh+Z!LRk9ONDkoN_Fot<p+#60pr07+$(>bdK<yB`ewcREU*V67{<Pr#tL6IVaWe20
z6u;kT5$rmrUq^LdSNed9tkoG=wjQsWbVKA40I2&*d%6oTU8|or>{<`6AfRtJXZka^
zZdBj-GX_KUZ2B3hAtmchBMoOeclxLO{X3UdrLx**`I~bxva(FvJO9`_{);cv)P(#`
z_(F6is4%9>8~U86Zrk%+<-W|XB?|qF>SXn2TuuS3%9yKpv6C4CN}L{n-4kq6SulI9
z3+sV8v>x>_23gnqKrBEe1t*xeIGr9;k4)P2%c4YpfeVrL8!dL-PKS?=Y@jL@iync;
zQ-53MSoA|s>hCApFvgTEf=Ex&&#Q)W<-1SDRMCsS%+x+piYp8)!WFZ}dlWB3iHDkC
zn?u(M3k?DJ_P@hmkt;24Wxpo#dU12@>QK2Sb8u2)=yNOnPMlYvWnQs38;;#&nN^b&
z?Nt&D=h8JY>P)cwxX?)DF;|(7V$4OOcJ#?4luVdfVu>m*Tir`1d<#1G|Jcg3iwa}i
zOFxAcF?z5s_`C8R66@JSK0J%Q#MajuMfn2Xa$Qd_u@!ABZ|_oyu;k8o+jrdMUO_4q
zwIk3ooU1c?rs=8aktwzN={>(4p;OIwoNNV!S{p3S`%YHRc(QNnV`5mt=0@R+L4u1Y
znO{oK5l<o{SXtkImP`RpRRp<hB<_1BYMh|9L!=A!sjja%?x2myXwvc9`_cYE$}3g_
zjC$nJJwKf`6FDWE0(}xU7N<v0dg=PoP;imUFKFRLdKSN7v1`LTKBIpWml%OlKl;=3
z&2f9=7)vb!s!MiFY-;h+Z}z93U1?<Sq}A7M7H=+6Qy?j%f%jt2Ll4mSH75Re8ry`h
zNZh}NYyNpW|NqDqXAfvKM?S}7W=d0<wz4XbV3l-l;G+-4YfXU$%$<G8cFFcGR#vtD
z5Pag9dPV{jSwbtvzMcvFZv>6^5bH3JTc`Z)Z|tBO2S+Y`bFsAL-rMCe{U9~_2Go*h
z%Z@9)q}WHI0+ctl;}5Wz#Eoy36tp_*@Hc_bxwm_Az@``3+C(=?$3^y$!sB(Ws|*es
zZ-F+=T)!*%D{^#>p#9}v^s)+y#C=UBhwkd_OY0-4E-_4L*Ejz*4NDj3xFmnYs3fro
zI<n&$Q$D>O`x0&b?F8qI^pr!HIl7H1)eC`~)t)!9S`!7RNgH4EppO1kJt>b(H%XK<
z^%HAHYZ4=ix>vqDr7sp8EH=*+U2JQ;rltiuKp0aP64z>)LyImaTuv|k_B+(DfGElI
zDqVYvCW3-HEX455R`J`US3P$BGW?K>r$#<!^@bLOH(l8^{YEL83et_0<`F^lyb;y5
zv|PpobZnt$fx5y0;mek{(z{$pk0V9g*&E`TgM=}5%}$&xS&2e(MMqQWo&<eRql;~q
zYseQKwU(UM<#P|xT{`CPSZMRK<~I_cB^ViLD%{bjF=9?BT=21MFl$7@4^Jq?%D-?a
z`~LlTc>U=!^KbXwcvYC^@)8T1*Oz0Xb*MvJ68*O)?KadYy3kmb`b131s_z7Hb>stE
z$(5y7yRg?7&kz;55m_~@MJoNs)nmG@rm)}mWHPR7-XR-@%Le&VnWM?lSC6ODOnF=5
zS7Ad+cPx~fems%V7~x1QyE>@yESxKR#pG~U=Lg*UWGCEYAZvH0rFFIcH*25JXDIX4
z$kq6i`e<CD0Hst<%<5^98;=))km||ydzB|A%13j)iW<jeMwyL`N5o~MhRS~^dw1le
ztT8mvOom)?K9x~Aiks(nmK~VtQE%mXCs5eku36YYqq?<PF+IB<y4A=wZ(4)h=;A;v
z>_O`IZ&(-Bhh!AD$or566ABZ2LyK+64+Y_&&wYv`Ha$F^FfNg5lqci8ZK6KZ+=3Bh
zk{%&H<Cw1l9p{PE?&ivRPtfRktFUlMQ7<_qupQ~$XHNg-vdP)#&SbJXZzEVQI%~ad
zJyrGmh04h1K;qzApBXRYU$E(;0(Fz+*nM5{)@dse=;OGXrJr4RWI6d7^Lo+B^?JVo
zybIAHG?7Hl8_9B~b~-jU3wrlGF_LLDZ{2#QNY>mRf%K&&E<v{*Zy$Z5OFx;pbX|DD
zt$J(N?+vFlg4OH!^0<ZidpaACPr!g8enJqgv-Vs&)=Fk94F9jDmjHy+?j+Jc>1|(W
z!-N9e8o2JSXqEBllZ1>cd@W<RG@SDraEm3NHa@CdD|P)3WZAc%Jq504wugW#RI{4#
z2Ud%}d@O(l*o9!|?~dcc!@?vL9-iCuE8ih8TeX!xO?nnqp7JqKn@;ZN(4lPF_9Gbo
zW8(C0!%prNq?~3tXKUNj5D*o04w5@sT}|o5HQ~>P#jf@}UhZ`F3E~svk^L1BLvv7h
zcJIrI$Q~~SwOqzfr2Q$=VV#$m^480RVPcj^B`vl9Q2oe!L%UI=k?{Imu&yp%0~E9Y
zd4H`Z4i;Er^4fH_Z*KFw+CE|Nwo%v8s+FS5VL*E*j4ycR-mI(8eXjLLR%cXiXhdro
zI;z5|EP13TuZW?Y9YiA=y(l!$>sYC^AN}n?b%J@xzmszU|MJW<C&%jddV;c#rGd0}
zTaP*Q`|w3EdHe2Q|Lr`_Tdup$E|G&*K!<|-EjpMWF5>%zJQf$G@?gO%TDQ1edux)w
z4AgxwH08#0^t1FE2A~Q1Go8=+5$hJQi$aIXvXVn*MsqAiwVK=GZqAQ6#(Q40Osw9K
zw43BV6Kl?S<n7B)^~7h|3Dc=Mxd$I9a!(j0;O|0p1%C(6u5kl2Le`mF8Hasf`dmT(
zjN8H@2;|w`JaD)G3F-joZ$ptcNAP#cu1v5AT5ntBxeXV!TGX8qmR@No7#;ckjq4Xe
z1^d+w0Xycc;rYJ&5SPm&VOIfV(C>+fj4MQ8=IsU%qPG?s?fnZ<yEK32Xt*w9MEK0@
znAW{6xkb81FAyC-N5P@1^9Xj{{khEj9kGRX7{U{V_L=p9D>|Tk>!NATHMd4Qcw*s?
z5Ow1!;oNSW=rFHYJ=f72|K98qIl5kD3{0)sPD5BZulVcvFP&8-(}rKoTeaI*h^rv4
zcNaDyd}Ydk{Cfo>;qmNc>;mKo)R~BVuD`&rG(0|?TegI!Mx+$b8GcocNb_SVwyjk0
zL!vf+T>3BP%AoOQy0sSrI$R)OUm!4Ga5mNTNCaYou8z+BFn+-By}J(`W!wD^5a<8L
z`PD$pkLtqSy~e-hJoBBSMqTs7Q!3SXBrfaXjdB;z+%-EcZ=b&zF>&U0BFY?{op1j8
za{e_k38SZQ6Qx!&9{+ue)#N4Zi*r?ho)=jUeLNAkJlYjpFU&$4b}Mf=zoGWGkzAY*
zo)&(YTi#NXl7;$Wi}_?qoWReWu6o)6=yOj-w~9vyWwvrA4H7y&7Cd8qD8g9a>od|-
z%p*G7hYr&6(;CpR<3V>)tYsQ=JZkuU+0$f)Qd>)1dtU*@0HCRKS`Q~<aT$GRn+&?i
zsVAxRQ19dJ<Y(%;m&onZ@6abjJ{4QA(gmoiFP9^XT@Dd_-1BnZ$D%9rpgGsNe58^2
zodYL57QWFw2eJiqCSS5DbKe%~Cfm@%C+-<|LBoOjx9ii2ADdAnTN!65Bi|YpeJ^o5
zm@2K>D6qSMn{Sv=Z;&GS<jnR`c&X=&RQAK4L=h)Qd>L(QN3L0Bis0YoB#2FEIH@I?
zcBrw*^@Mh!-<OC(9lcyio{87g{G72bA|KprM_G}@PDFl%m|b+Zt%r!?FZS~Owlu>@
zIj_4#&Fu6Q-7#Tn%?1jxf6`OLMq95tW*)zXB5;{u8=2oWV{e@(@KF9|_<O@Ez+AK%
zd4%61v;g<1g*u0s?|e}&Gl}eMxq%iXLa7q$axv}*2I9@?@J&9crkuNWzhK8)q=kIh
zWXVedHimh`m6_HGBCgpIWXXdC_Ly`=EjgbpKQtDn;U+K2K-3G<h?9C<UT*Scls|5e
zjvo^E{!~-IaP!igq``n^MQ&N>WA{TR;G*+fE~JEz*mzYr>Dy@Oi_j8=rZi1-VKQg>
zT)H?k!`0+)zqoM5C(2I%{fyW?gd%-Os~a2hl2IPvM)7a>g-x8#LocFiE~bmpB5;p(
zuURGd%5p_o6wbDNEoFVfYtJ?4^3$vjijN7GQh(05qG3JqHTm~*)baKv-+KV%qXg{Z
z%yDcKt{!xR|H3~b-ux$l=HF$N{ZqzDB%s%W7UvOr0xP5A*Z>Iy;K#NHNxHmR?5VwN
zD@~l^9V@NNv)o!4Gxu=3v`n(ayoG4G&VQSN1LnxR0o#iLUd-hoyE?(;6;>rP&yGdn
zOj(#Bs=G74`pSQw=Yj}>*#V>#przp5R!1N7n)FkWXv$pcc3VtS-zw8&(>6oWK($KW
zzOiPx12maTIjp_-y+Wo4qkSDNw`S<W!}lnL8zCTMfWCG#i+X$D%q-}Z>#R{$SX>!E
zb78gG1-3w(z(t=XS#S1AX>>_SqxTnIj%U4Xo`s7|!OpxYBwXUia}EP#yw<WRKaUE{
zDQs$Qk@%-mQR}?jP*$?2lsx*aB-^U5(6Uz>0vb7*&+*Y}A^~+V1p^~-pI4i+>ixsy
zihEQEOQ<W|2`3Q9B76FE(1>hf7hQcrb7tU^fQV!yX$zztDFL<@3WZ`F-XS2{ZFMG7
zQ-s=lKL)3t)g0@n;gsILZ-=FGIs#eK@mOBIeivi|AZ_eKnB8@o0R_K{KAC(zygRmO
zZQdOBb~9STsX1_(f6VJd_c!Osf^c7j+*`lt5C`^=u&n+w>nChm5@f!Nf5$5~K;J#F
zLoINnn}Bvoz#h551rOp%ARlZv<!qOp{HYY)72e!LRHJrbb*!T6u-IajWEX;GJi1+b
zHai|&eKui1F%xiEo@zJ1xCD2|+|)a`Y|&ukYMD7-L7l4*0#us{Vm^!gE!;rnRk)6y
ze@bsc`1akmbDR)jhCRjpCEE(#7!WPK`))mti8z3G{-t3z<EUCLmJxe^a({54MiIyB
zo_|3}8ST%591$HEUx+=Vrq+4O+S!tm8p~DqroLxpIr^DEs?iamWP~qFu6ib=ca2gs
zuh9qnhyztC_{`JtG{>*;LJVpJCq_R-+)Hr0fO6!#`DVEY<+!JPQXlz<k}&s^W5aNl
zM9THvvFI7pfi18nv*8jkhbs)jbF>!%xzRaUd<<K%sGqp7JuDu_WprdNb1a`qF(3cI
zdh^5fOtz%MQb2wwGdh$zr?kppm9Vqg%>Uu;#I_WE=Rx#2Ve#g%reiK%oi9+kGoKi0
zS{EPpe~TX~2<$o3di;_M&t&vU^2(s)SqkbUCZIIsqWJ8M?HDn!T7~d-d7Io{jGdhd
z1TDdn^rbNvXvOY=>TV^cQ;ILfjCtW!F3c(VA|u0Xio}{@trnUGMD-<IWX6OuFDSIR
zP#?zLbiHRSYvU<74c5<WRo6Vq=rjY-ahJtIXfu_U`c09-*bjb{!{i@g-JgF)rk$*b
z7rL$Th4FlP;`5nO3%@Y9@4NvIH+rRv>@a}WiMOnDak&i*X}SI6l0u1oU1NoY5!Bg}
z+||qtOl9Ak_ABhs@#_HmolXj^0lX4kUf!B~c9vFv#i;`B4_YC9cP5{6AKN7D?%W*Y
zr21a(n-HzqJNuhUGJ5OL?OT{$=ZingYE%$huu^2<^uMf!>)p4eBxj{qccpOUe_fDK
z!tYsD)Flf`r=@T)bmtSA+t{$)e06<=bki7HCW{h*-mu1Z+KE8!KOo=)9MJFZNn9Dr
zO*j=+J`;hc0dUG5Ak3VdmnY5{4ZWxuvSR6B8oyseiL5ba0jo_Tx$Y{HHXd}S%s|Ab
zNgJM(k#V>88sw2D;2Tj;8l@+_S?aEf90gYmM<(r3u(mh_?TwIYpt^W+P5d!nJB&8P
z&h9Qkd4bL_dPp4Pb1#G;F96wMC=%yJdgy91)6F7juy__1eafz8*MKHHBTSNc_LQ4n
zl_liOGn9Y10aO%pkhSAdcD_{sbn8seAxbDf7@c8g^^TTVGwE4a>}XLDg>bma4yJ%$
z$WdcI$Rg@tfKWJy+b^H93&H}gvXjxDC%dvuO--%c&PoD#)1q^KdCrQ@q^q?QpzLUd
z@L#ij`H4t;090z{KpP~oW<2_kGnK_Mz!#K?f7}YuVYLyWGXN*^&0075$}7PC4Eb;V
z(xQpg!8jQ~3(ns5=q#&DtD&2WFtf3lt;|#b<ZRwbQ!t0YR$-4HKaOa4oST~)5WqtT
z-|%Lw>&+tJu+nJ|EP>!hoUqyern8V<uMK#SU<X+#jVBnLAcQS1t*|VF3E3mS+G^hh
zMxj>R`qMQxK>@2tYv@h2{p1=o0B~{+e0&SIRW<qB-`B6dDcG6-^@>0L;W+{HVddMg
zv{4|w(mYV8o^+$emF<1b`c+_a61Nh2H=(dcc11!q6g*p3aB_4bzdDP>4PL3kv9YqU
zvZUCqj=z^nc3xsRlu4xtsp=;O!+6e}U+dAB0jdt^`wB~v#gTWB5I#$#&f4CM2#p?I
z4hGr~z+xD|Y*D|ke!u;W{_w<)Pc4QX=Cd_PO4E!n^kUEgXz&DhTSuF-M$M94Tul<t
zya!>1d<9<sPqC`XP6D)2&F{L^1AgVp7pxBAmE&JgD@!=Ol!7*Hur+;|$d8AcIJyI+
zp;PV@w1Aj|gPRXh&|01sVTJ@->}nLUiXzFot(Kw^@Mz;&mxRR)dVXo!8WHU#*?k@v
zwH&{x;gvpP{GF{U)M2&N%*CWUAuTvv6<K8`WleC!+<MH6+q`G*+B)2Lj+atD=`eua
zF#nqTV%8$w9ivLPo7cfD8-FLc-np&8#afq4ZXpgwNS-T}i6Tf{=|rvC2I!zUCMZH5
zgK)hjsh_e>-MkIcnfRjmv&8(1(30We&P-eJxhJ8pME%yszxt{?t#!HiO8K*EP7xeI
zor>bOuUamhztgCkqMxwaq06vu&()(}{Ii<ub2F{Y=h;5~O{^|WqEGKn8P)=~4`V5+
zfK37d<hlN}<j{;>H6G?j&XDZuv>T@t(H)0wl3naQoHqQ`JyTcg#B+Pm+i+h7YPW{p
z)=whsFT&MRp2_b^o?5Ydo6+rRb=2ld%KcEJ_|6oQ)(1CpoB>IDotW%U|M~N|p>z3c
zn&QEoaW4{2rs<Z+o848u{>9XH{!;apl+GoxXSU{aQuMGPd2>Nb8T(<^s!U~SFX_la
zNZgV~m=p_y&Cb3C5pkVB)O;RjyL^4!C2bQO&MxHcXHkKs()d0Io*dDMJ*!w{ai@0n
zri!ARmQhjfU1U`fw~EPaqtn6dRw^%K+bBS{NuiJs8{P-6nL5YH_pb>oE+&}G*>;|R
z7PZw9X=avAlY;i$8|k>qJ*~5MuWOw;A1`bf*Rk;R`W|jM63--k-n#5$ce5<u7*6-f
z{mCQZ<?WkP;FoR9!#_NC)6{1ECgG;Wonu#OoMi2N%IXeS6IFFe?s%g=RaV6t)0g7~
zGi$zQXim({$OkvD*Bt*iYgkp4xnh8=Y4-?|W(nWs9#;IaZ&D%$ea8_Inyh30=TUY-
z$Rf`VHX7ambTpb`aI7sN|5{pte;Y9#vg0MoCrCM*$!Y~QD+JaapiBY0Y~HPXDS)XX
zuti;c&G}&a@cUMbikR1i#;S&HYY9^We0o;C@{Sa2R@Yy@0H{}hjBmN8!|20PtD#fX
z_7s-d^yJRMBG!KLi+JR#X4RW>#%YQdqYx9AhXqbV_IhQ#>w2ZW)uy4fx@8^+8kO@@
z&aGQnTd1oGn&%FqtRI%e94Rm&c5&;3H?baKc$6S;Kp+Q0%X035l&>{(9pYkQVmcz1
zW+N;BZ)9TWbuPgU(C_w-zFCjp!Z}$$z(tjG1a0$B8sv={Yv5e^K(qHB=nemIS3reb
zUUsImDXH&S{cGRQ_VqsWCsH&Ru3b!%U(uDSAs3DU<_eG^R`cz&m-|uwY)69k@8ZM+
zh*lHb=9KNZY{5pkPLRS$f%?<$Qt`j~NdxnfsQwYDYd9Z)dn3L+2UQNx$)DuJwH|SV
zbU|x;3co^F7t+NOpl>t%eVrBIv+d%hnjm*CTrU(QspGZsdnBd#%-E@8OEuoMrhsoS
zUUO;VW$gy1+`<dkgJ_e{apCt{)*o{GF7)ElD8Ostz=J$Qk%tSf3X~R5(1&gbx?p&D
zdf|a}2TdHm`N5CZ<bop!0keWTteTaxFHdUpybTbYt!go$KTJ#U7+?KpFr9u(Sy|08
z7mG={<<)CSZq!>+sYg3pT+Re)B)%VgRY_~i2lvuWf@$x&GmcaDht82*{Nc#HWaul0
z1EQV$h6BN-;~5|2j+^CTx`bR+nGzvwa^5!FVTcHih%AcWoZ-<0uQ1SY`#Ia#bmk@m
zTF^xcDj?T2j+#?zxu7AkokI?8K?=${#Kxt+a79-TxnH{B#kJ#0Xlf`RAD&iezDeWG
z8#57$!#x7ULqOtvnDoA_hct+Z?Lr+TYiJ);P0UADfzl*#c4ddlJ!_=8thWj&?tL?(
z?f8{~+o?Evu6iI~V3FT=3UIfpVgm*IHnX`LHFKsU9r1Q|aT0L#>Uh#=ixHq_21kAp
zN#2O(z&~?ap90-tM11&};`X3k`^B3<*;+o$uHc6sa9;rZoKPCLLu__o6gBx&)w^kF
zz6KN+mlfA3MYqu!6N=MU^u@xjZgoBqZ4EQ(ZAY3DwIq(ak`p}g>PYNV%>zNrS>KKJ
zCmPwm+KJzs@qFDrbEkw$L2IX+cYVm~%9j7Pp8%*Hy%M)LKXrSDq-QS{k5cqmpGsD_
z(!c<JvH!!WwDqZaDl1|O=lstSK|bPITU$o}v(za6+%>I)>p;t90QmYWXVr1w!fwlU
z`r21~@rT=peMJHJVwd|^!qr<NK(rBwdvo|_C}OGGemW%}4*tuZNIw&Lb=AhXNWd%j
zx%dEA_SI0g!CXn%pu;ga$(}TxiNXvob#$W|5pICnH2B3B3XVqDW_0aqXc(aE{WNqB
zQgr8Jcznm@WAVym)>dy3VQ%tBP&Kq;(GCaiO=s~UM;tx>2nKKPdv<V0=gDe~0TxPA
z##xzM91;JH(0Rk?c7gg*)p+%9i$IPEV_Yg+kLFw>tYjv2^ok~U4g@9C)Gh?lJ)dZv
zhZj}1oJPdi&o>9sv}+Coj$yJ+e$X*e%%K25!mj};toC@4Oi$pJ$=H<jHb*838V_2V
zE}w43`PtLkgYt;q(i)=|5~GI~EU^>P1ss%o=!&9^N+f%d%v_*v-@9FT$Lu@J(tp3i
z<ThH|WUHAeqp8=cNOp<W?@m&a+5ITv#J3GKf0@U+*j?y6k~0yIL7bIRyQ^C81go90
z-zTi}h<PGC?IftLWZr1y>`3_pbcqLz*6r{{J=uynE8k=Zed`ckh2o}JHO?)ec32Y&
zpBQ%NaS5Xa{Z~YfW-|L9r5k<dcYpyZ;1K)z4)L-VnRZXJ>TP+)`}dyyfv`T^#<4ih
zwzQyNu@7Qh<T2h)DES8D=h7b!nn8VpqE0Quz>X{1rzCdCz0Ek=eLSKLTB3GG#Us#(
zW*4_m9NRf29+&kEab)lEF_}AmJgNto#;(+HOQQVvK}`PgTssABcq}BKfZC$iV@mZ{
z5%pFv*PBV%scY)Hng;87d|Bi78wQe5x8MB^H=r#C1eibV@8A6dIEMCsUZFO9GWL|+
z7`<&=_>X-PaF=!V)XvR)a(?<ad7T&gKTCiF($%ai85mFybZ&VWshb4UsbelbcG8cy
zB}7gMAA{rMPfyzKr~x?Cta{-NNsz9AvM2v~Wd3(22e9&<iY_YLobKb*8FT-=igUfl
zpDdAm`wMDaEM;_a`9LX0_XkNd60K3^l;hpJ0;Kg%^1~F8o*4kj)vxUt&|sBWTm8-6
zVxZPk{$W-hP>pie@(W`rmkC!7h<mnXv&0YIUG&uty7W7BAlPF}v$DlA+;N@<WOxjd
z(T#>;?UT<&7X*S~?53`9W5ULF)+dJ6KP|7Na3`eNi0L}a($D~4E=NT*-nx~o((S+E
z<e<TRqTny?L++WurXFg_N96W&Y5^kJgl%S_(F3Z06*bpA1X%ml^<ibvKWFs7C#$iY
zh*{V+<{{S2Za9vGZ^tZrKteC3+}&atZvVbn?Yzeg6{n*s$ILZ*d!A`?I%vGA8_wga
z-}qxQB~y@$_@M8JYU&ERa5m6oab2MTUBzxGdkywF)%Lfbg#9xZA0HXbakx3A^%AS4
znsK&sLYVeW-I6O1CP&Z;E4PKS-T%RK1#<cGrek~&JoBcH<_)H+H7#>{Ur>wR+vA7C
zd^<d6Y^hufyQH?4$#=Ya<?MDfFuA}K{RscZQPA;+Y(@nVWG6AMvs%7f;sL8{o+_0n
z3C<Ry$ii+HukQ}3i<?!r!ub+o1IN1Txl%#ll!Xe03vm0;zg_aunl$=n2>N$Fu_&0w
z@x4v?uSBc)U6>AVHrXH0AaSkmV`XKvw`8rFV*H-GPPzP_r4?L<&Z1RzcopeA`QcE2
zpY^S;Sgdyj{m}0xvQ5PS7C(!Sr5VgpnE-G30l)!g-|V;V{M(<RC)er^pqzdR%`tzW
z?JZ!>{`7o%f4QFydDQXGXMyG}`0r<+2OkdMqo;MX`@m5}1^Ix=RlTr4eI0h(o|L6?
z(2XqxYc%O4EAShdG2M)H>96les1=-EShxO~whML809w+{#$8ehnMr$<OmcmoxC^~=
zolO?kh818zzl~#o6G~l<z8d=ouVo#TVl|C8W!-rhoF=r5JjSiEVukTA&c(p6zpfv;
zcuj$@=iS~<wSXTS{XH^lzeVQiuK@psw}j50O*rq!=YbGC<Gn|Y@D_B8emKos<Y#8D
zs(3Th^GV%3GOBZig50w2=UW^Uf4S<qVLmQ*a+t9ky^C287V5^tfiCnq{sjNrfSlzn
zc)z!B>PGjUx5PKkh_8aIf^W^_%3lpQ`X?WvBy31L0#LH$T6h?`=$Dd@{54^qITbzd
z$B^wcW`Aw@<?Jp0dt6!mDl;<^l-_jqRQ<Wr{0Ah|C}>h*;t4Ua8bFy>xc+D=H8u5p
zZxE|Z1x{`82X6_~d3Ex%2lws24}4w*4I^0HgwHC^RdATjLT+0NO+x)7D5{+}c`|fy
zCuBD$+k#@Mn3!0ArwU7*1IluFtm2?mI8YkXLB%kj!p}U@yjKBoZXaIQ4^#z*M!dmI
zg@ouPLr$!;ePU@5r0ppi+la3q5P(JeUZL_FF(gpr{Y!SMWNt9%S6zGTO6D{QUgTQW
zO*=y|Kb4(EBFa%3<NC`$4LKF^Q@fdk``AMAn4_&#fI%U-aAX;s6{t*GMn7B=!dGVD
zL{4f0G4?|F`Rq68(<3WS!{q!tE{1NJW_ERVt5OO#LdJwcKq3w9ia$>9;kSa>+2<#=
zmD+r}iO)z{L~RHg2jXy{eG@QiF$j?8i2f?_#p|y(*n`(p)YWk__~_Ua``1|7)}LLc
z4;l=hMZDmX877&hJH^@nr>qiD$0jDmyQmG`oPSjHL2VYa{(t~1Uo=Wh#5?FP`_tLl
z#bB}xomQ>L6z$bHntt}CWma~bdvYFM;tg#1RP<PG%!&*>fT~E&oR|z#uF(v&jNU{6
zvdMSvG+cK<SOr%GwOX|W8B(2Xl)p;vb4S=F_PicPoD%Z(H71UvJ}rIgX(YB_sj1tq
zsp<YH*n9D6&DMUdHl#b}vf6{!&~(3G&?Vjv8tY@)-QASC3#?;7z}ZQZryJLr5j;d(
zCB0u$0`5h8%Vsr}76n~>tG?1+_ldye;$oTjjm`R7ulr!Qa?l6ut4odDoa<+2L_RS>
zcMYK$1ESPaLpoA%pbeh71+>B2oBQ+l*7UkyF*vY3`Tehb!XF?i;2l8EV>qz+xT(E-
zJdV=oDkp@s{raO#2DHXf2wDY@a>{~ti=I{cdNV#+@?u|$+@2i=nof$s<6G*W9`Fj+
zo?VEFzQRm=`6v#K04h=-p=Bu(e@LH6^V1>oVX-pQ<{AGIA?}kVw_f4*(9~LP!z-R?
zS=Pie_QH|gnXV>JS#9pQkzGZmT#!Rxe!)p%F%PlX!tc)bKQGeT2>A;Dk{`9{x!jF(
z0sRR4JUA!I^U}8JupN*YkX3@JbR}>0UetmR(BIi1xDewZU-f`b7=ijX;>RVu$jWU(
z1{m5Zc?_&%$x0&444^nUiA&0A0ylRzw{!MhzvZJSSV!W0x{zp}ctFe}JzAk`_q
z1{EbeL}-Z?*)eL?PGkb!*TRz49g7BKx*w7{`X<OTRtO*q_a*6NAHyAvv1KXpK*I^7
z!j-hu`AH)t(_MO@aTe=+qOOMsPWU6KUXwg^Q^Vt%nJ|Q<nkjdHE`$1hP+;I*US3nm
z^e9wby)W(XCZP~ot~3l5*Sn{Lh=e?f1ydyxhkH5Hl5R&rI4*QX=5j)Qv>g5uU64QS
z32I?$!B&<6y8wZ)PA=r+f0VTr-_6!#PepF0=d#WAi+q)xXOOj%4I~sELOR!^j4=V=
z^n;^>9*|B0B9o!~@?khzIS^H^iKf?tDSzv+5U7UkI;Zl{gZ2A@sss?}ZTz&Z3BCwj
zljW7K*XY5YcNco}!3kE-Pp6DPl^UEnwI&L_2&Doc@J*xaSgg@kc$hrcsx$Ni^9-Jd
zSF$3}+v0Ha-7(>x56m5pMr?CA5NJIj_0HEUUB;#Kt7UYSf<mTPPS`Ry>w{&StY%a6
z-na-{=YfLE8v4smJxm`^O1ZnH<+^gb4j*0j>UB^7x1<Z8_b76Dq?pD7qEFSf5eth;
zS7H{pNM59da+##0`1qDf^E<tDiVH=8Gdx`?oMdl`Nu=pf2wV@Yh;iO{<<{>_ODUU*
z_Fgz^mQD5zje9UNYzhdcZ^T##QZ$L_{@@a(tdn4AeKkDqp@^+<mH8op+DD$}SSJ}}
zn*>+l@C|M!GEEsnK596Xz2lrhN&W;+XY69$h^V9KlBOOPCin8gZxgo&m6?~_Hsdm+
zU74!IOMRXzCQsw6GnkoOF2jGfCGv1NBAm)QYn@~>gd^^!10m#(8E<9GjWTWOc=DYD
zt=^$EsvBVT!Haoi7EhLTG+16U((!fATfVGL7wxyyt^0)dDwHnlWFWb~9@D90&6T~k
zlUZN;EWELi0dp5KPqeoEVwGUlO&Q~&zGO4f?fSKT@EAM5f<!<4>MSL_%I5G~q1c3*
z`(T9Rs`C;!fo8v?mma&^k@Wv(&?~q7wWe|Q*PtbYBrjENY(xQmMkY!1UMKRjo+K_O
zv!3A@F6eSag=TH#>cyS-u3=f&^N&Zrf>-ES!5(L$9zdN--m5)+20uJYk?Y5N2=MH+
zJ$jy$AkFEslHNSlW}cO~2j5H@#VLX|`qXp4Ln_!MW&{7ZRPmbc(EiCG#;ac)abI)M
z&5LFHUzG6Igy<(|r>3nXo$?%Fzlrl%+)Fr{7{s2bg_D!=4K<CApH`Y^RiyP1akm#0
zVsVOn?SQBF4*}CQ@b_R#%%HOG#_mNuJTzoISI7i3_aA=Za0P`x64cFXw;lxual?Hc
zmY+3?E>8#>@bnk$RfIZB*CWBna4fq<RgfKEA_~9n>Vdkg54M+e(<beKd)dhSekm;|
zHAsAFyazCZM(SxPO~`Z4*Y3g*N+1xn=xfMYxpzV`)+m?%<Upx^O8o%|(*NO1s?K+)
zJaAqE2(Z;g8s}g-`uh5;!vMHnTA7%bv?UwFXjF7>djmAfeod@eBYmtCy6J1cqRL@w
zd@|9^{_S{{tb4L;gp|}7cwy>i*^&WGoz)2-c4jOM8ZqXAvLAHJ4ZIRZsj7yQL0Hvo
z0MGznDk&*$z{<%l&@njDkzlKEA%@9qrfa}l`4S6oGS%-N3+51#Ct_#|3iKug%zT3~
z!F|QdVUa<njog9&(x(@{Lt_i4H9uT)d8$`sp*VPau7g3Y(4<Ehb+0^i<~{hey1M#!
z3h~pusz7n<a#i0_DQsc7&sq?&8-z~KoIhzmpK0N~v#=q!qRP#pE@p7_7(v|aR<Fus
zTP6d;gFF_Xb;`0QFTnTo2G*t-f^IB>jV@5VyF3j=jG{E+7jF-<j_MKcIQ#0=D*(+f
z-CxI#{0*uN;3OTOt0qhdWpd_S6&%fX6{iL%gA!>qZAbi-m_}IPthcfdM(Z9<XY+P2
z6mYpWO20RafJ0skmV=gAxk*^`YM0AMN~SxIZ<w=zz7XiS0<B$_>#c9{K;0kfdoo$!
zrgd<Mhd>dL=vr!cQ_iLSY}E-uNM=@)sdCJLv#>dJpOLN<gDG)Nn=5P^iUI|(t2XWd
zkZ&N8gL?sS`sy5lhjufptbxjn5_0uwJ0}ugPS42b(p?TKdMBW3M9@ndDZn-JD`*3I
z06dcKq5)TY<rdnL4f3lo=Rk7;FqY!aN)*!Da+%kWHHeD3_Ys=Ka~@Hz$aVqaol!wW
z&gMv-MymkL<>_dqbB--NiVvKQVm{SZ#017+)$z%rFMBgcLA_Q{F4Tz{mdd$C*1;wR
zQgll69<+uedG!WYyvMPyL+p0&x*};Ao8{2u^BcYZn^;{M^tCJfD-u8zIyofFFDh!r
ztQWcBIH?$><Nom0$)$RYNypRh@emmFd6`HJ=Z^aK8u4dmzi~%%v3hJS^np0ii>05m
zrRG~L@|7d@KrZd}0x@qE-5I(f`JE91!z=gNjSFwLnH#D|!Ax3=aI75+u-{!iUh2%J
zN$)RMa7xW`{E-xb{i)@kA&{;iIDHHX;g-Dye;0GBowXUM-fy?<sMI>O%jv-<NZeb&
zSllY7*#F|~y91iax2+u;gNlrzq99-aBOst6AT=rqh7zjuqBI4hN$*xr6i^}{B_IMK
z(xil51{D;M-n;bPdw}rmlK^_}oBQs)@7?#!Uo%5a@;m4J%HC_QwRYJ8A&P}V0<}__
z{O!x~4mMa4_YcGT0=o)Ss(|~8RrK(jJiez*C#i!=0yV31urn#}y0{H_?C|a&m&mIA
z;QG3(TSN=x7}!2ka6e@eK5f*yr25BWN7H)-8=rhhn^>{Dd}~aO{fvoEXaXV?%}oO0
z2lX9FkOz#D{?f<}H!i12!zn)Wa@pq}1DTFW_aGGd3Sv{3mh3>}K~?xRQvo+-x-Bn|
zdzXsxRIvTNTV9kQ2ig1GSt%Y7?k_$c_wvgkDZhj_`Wv!*dG2{vVxEI*%GWC>c4RpU
zwI1jekoy)C_DP@Kvly1m&Gst*y^(JU_<~+St-F0?nbE3_q=aOP(UO%8SI!AAk%`v!
z<QNZ>NOZAu1y|Kv_Y0<!vGpY4Twu}B1t!tFEQJvs(AROhsb$y^;_Cl(Dzto%RHf)R
z&^%*{J>ChGd-6bRQQHE%z{fQwB459NWvRBcLQu@>A%7M5ueX4ca#}}JI3{2JX40fU
z^>5yk8zjd~U{-d7YAvMN+DI7yScP0c{l-sumSkHRaN;As#{c~#DinZKaJF!wk@Zt%
z2oK2;G`@o3sEfNP(F$1t9L7T<I^DMwgm!ITBzSc3{Af$yNh7yPVR;CtGN^>;f!cif
z$3ZxDDD01?6s7rE*uzE9mam;yK>I-y{p-;l*sy_d!+I$86x(cRR}qg^Q&kdmI!*i|
zHR$IjzgeM}v|iOLzPUM|{3((aT_Z`~!1Dcja1Qa>{YyL0GtX=4C2Z2TxJPbjHCE*{
zhXSW|Eeh>T#~FFnH}rGVw42#J(`{yQO2bpre~OK!8ZInmIeX$GQ;p7xft4qrP1PM<
z>C!K-XE&a{e*<<0zRybVy);94M-={4`TSOWsy6}=ew<SqXK<R1qpp25Y3in`*owZe
zwb|I}Z2((57G8;Ezw3emOds8qc6Pey=S&Cc?^ryzSU<pMv@#%`EceWr+POr6(YP@#
zLg|d|Q@3n?bFSO6W>HQvFWrMu(wVeX34D18>MfW&=@8Hgu02hE|2nD;N7rv+`$T7M
zJL^x?J}UfrDMLxPS`($Zyd_uAZTy{b!l&GM`2^IA_zAvCrPnxj;dcZ|F1RS3J8?;F
zhWCwC*~In`bJpxngrqCzeIpVBTEU3{%}+hjja<Fmn$(Ku?D-SZRcQ&*P?A+_dx9#M
ziAKr2622kJ?B#E_Qr58I{Aw-O7cE#_C~;K{cfV=WKgl@y9UYeG*4OpiRk<Z}Qt#yX
zfZ;7!vlynhqi+m<;Pn*jL-s$g2MQ#A_QXv?DTfDhZ3Aqnw`OV!0xE-vN0mJ1rlOM0
zq&5ABm?+A*p2U17kY9hRtsnP;w`M<bac^~rQeI`}5)(3r{(&R*adSe0>G9DkUd^v{
zIfxqVyBR~$7(>XV(V>@ElFp_!Dv|<N0LO;z@OC>ncD+LpRitvM=bDzSqUgukw?kRD
z8NOm0KlOnG{pxQcb)UwnPdp37DoPHc!f!KB$yOgVyY@LLJjG~c$nJn+Ue$-sEjkT$
zegzd$1B99C=7t*`++?4WSS2Ci67K#qXXlnISGS^kGr86&`TBPZw<cZu0@(}Wazw)S
z<z{PiG<(9W<>O2uGvdRqpcaKXFhZ=g5zWhTxhDpnr*l*%vhW<1YR^kLcgpeW=dVVz
z0@oQ%PHDVoGw+WZkRm5mF}Lra26rSY70=ugdrpPAnk#*$@LsF)S1<qOhXHXa@=Skx
zV<1d6VohB1ipE&+^buIEj>j3nggvH&K7}_dc+L12wGSWi`)7@tF@)^*qjlore$#uZ
zF+{Zyrq~CJ9{J---=ul?n9KE9-lHp<iMA@I7lhx?zl!;sNBx#Jw}nKvyy~<wmyIB)
z*_`4QmHy#T(${u32i^FFojQ`qIvk&y1-b5Ibh@>Z6F+<k*c8ni6>;f(XLn@YXC|U|
zR?<{Xf$nhkgIQS?HKv*<oL<;~e^5b`Q<|P=m2lm@0$1nbG*vaMQp*iqF2yH1O>24f
z46)`Bh$bZQdL7Xo?kwg*_?{SXOWyNg&aT&)CukQ6Cxr%&I%nl2p9p!M>h-5)!JI*!
z2>;n3xp#Rl3DmZ{4vIT9vCZPnS*sUDv7>whIytvq3}3y;P<q}ay83eVh=v-CRw;8h
zrK&La>Z)P$!iTgyGRYE`QG;8oEU%~ge0#Aa&Go#T(@7^8Rayu8klWw%xa#HJCB68N
zKYL;HkzT+pMhih>+Ju`<BTKXW?=;&5IaXi%V4L|?FG2TE_Yzug#_NS>DVb>!tAtSZ
zuMV(||9QBNCE)mz>m9OACyg}Qx5)AvCLf@R?Zl|*p7DLR8XNsE>yVq5Ezgb8&RM!Z
z&+&%zXp-uxuhaL|xTH4?^Q<x09=70oJ;YWJhJ6WjCQ<SNitn(;?2UHecT@r{b6yzQ
zD*;r&zYMm^V&Ngdu6wUxHy3L3#!U35`LbfH$RPTf=t0smWxShCtG&dN+{*@X$Ly!c
z1@)nqV*{*jzbY+bz3lGpJsgyvpQH13tLX{Ro;Kt7heq(Y=dL6v>mD~knSQU2_hbxA
zOY4mitu1|kQsZ3AO%OHKwya@MN=av_<n#zrzd0KE#o2LbKb@{<ASG#uz#VK*f^?8M
zQgn6;!M?P{GK_UHg19BDc?#ZTvfYVXi4h$JlHI7wMBu}E3*%DKblO+uA^&F{GSmfX
z3t_V&(WEzgonQQ~4^Jk&3#`U`JuXCf!jBgY3rt-!R3vc%v-AmeXkQ&>OYc<4bR@tQ
zSlz>6#Jku_{jvo!{>PN};#onfeGyU;?af-C#X5sF+c?=aSMFXvb2l|#Tssk|F9@%n
z3%}i>!fzEsZiaQ!s62kAQQtRq)#w&LX-2~r1jvQQO=;qWWlwqX9Zo3m^78)rzis_E
z7_F(w9113~Cj~Uor^e@X1a6nFCN$?0$4{jMdbqFJshx2veIbl2{JnSWDluH3KfPZ-
zv$tLABWI&KFYDyE=Rm(7hLKF=+LZPH+wAhzc4qbAn|C+vq4r*&7Tve1g#cP$;?%5A
zi}eb#kF|ejUtRqBw@aeS{(;y9-`cRZ;fmc{J2S41*v))I$!)E8Mjf0z(Z?{(m=NDL
zD*fGh52Orf)QEj>_J<Frg@v8Xh(rh!YS?%oM0QdFW4*Y#_l|LQXLdM?VfrsWXD`IO
zl9%5qy+RO=z9D+x!w$AIrtuOIlSNiu)d2sg`o44H`@>yQm~}}?;z?0OBkJFefy$iq
zPBUUD8c7$pMCCD8pz63dFpwzj4@9Et*#=?mrZRc#1;mxctm=tBEqf6+9<wdgC&z3B
zIGOK<RK1pu?dtG8_jE6v;H>|fII8*CowY2tTHkX`y>oj%>qS&>t<bz}!Aj)2J#+RQ
zuu35U1j{;Au}rsYcbhLHD}w9W(*C8T6TYDdyL@Hum{S|?Uzo;Rl&>xQ_|)h3q|<sz
z;yg32PQ@ne(-zH4(tS<3Fru>Mg=C&<>R1Ca)`jahQG^xw+A7SDnkEDDxS)s;3nDQ=
zXix(3>KYnnEm$k>A9MF<nR!vi4NQ39DC4RDs@c>bPPX)?vl>!03B~50o3olfy>Rt$
zqkeHS;t<5~V4!MiJKH61xRit%-Etb7$L34}m$-ePhd@Iv{!a-n=z?(Bfn|~U&Sg~z
zt?bJoY*7Ix>ZOQA6I(g2H4m~n3(xs@%n1@%mjoN33a8MAKPSS!_&tPf4l!FrqTQVj
zK+3Xz+Gn%u{v2HHv&XfM1DR||`pIRA^cj8x2~lN@p{R*;{~wEU`Au@qT)Eg@$|DYn
z3h8(o>#>@Kj@~<(WBp$Wm{@Yo8MZ6Gj=gWc_d2{v$Qo2sRLW_0xtmt7EddSQ#wR=u
zshDIOxGF(jLy*i3cFP&9_No<$)gRC&M|!kxon~Io4irAhY8DrdiSJ!R9^XOckaHGX
z&!16ZT}WAe3@p&PD}9hVQMNmFdvFj<zz9S+tku5d*WTu}KqMGw*Pz1rCz4)2-6BqL
z$lOZ_Q%{nGmRa%)DYR+Z4!WK&wz?r%eaZDKyNgq-nsv{q0++pvl*s!<2PP>j&yno+
z;~#`x9=G0>Gw@c9zDP?}n4p|PJRsVl{9&<f{0q!|NcW!KrHl?Oc1QG%jmrRgGZ+_E
zFc;bQxiVk`a3o8`(IL%<zTU{l)YMcU_ku$&5?Q}-7qeAj+T;Gg-H9ACAy!4JtJ=wK
z83vsA9`Dr%h)N$3UHpI~24>($MxdYq7@<mBztpEW1^(5Vo@`C=y^adkKBP)5b;O-I
zWiauZ`#wg>c0|E=6&>GQ4{V>2OlK5x+qcwdKHibDKLLjgW9hZXyRn|)y~n*wmR3TO
zMl&JFTXDGgWJGz&EzmD(;4M$aHrhILtM+qb;$2(#+t&wcP_q2M_`HnM>N~Di6G5yz
zA<OL0YhrP+Dj5<%@MZk@t}*Ps&n#ALlf}xo?&K5ts~7Ke?kDZz2Brl0L4afe+|qj%
z6_B}Nr6YP~uJiksKG|&`8YAC!IzGz9#oAm~H(4y2^)_q<Z_WxDwqv1?Pf1d9aW5x1
zS)NM?;_*~pq(5~ps|%$0P~Hi*5N2_qPiy?q9<jKWkqB^8Aj-#YH#mf__37^&SWDKR
zH~`x}m+!N2_oS(1P5moNxD!ReF#i_dEpzYoDR-aCa-6;!K*`<!P+A0c!V}!Oj3)y-
zc)UYJ&>D9alPs`q{RHVR71xfHPM^=Cm)O32JKzER{ry?>9)L}fv#AFBzD)Qf#iPq*
zA*x{f7%68FvgBxo*nZA!qJ2skG;~6Fl)UmM)sS$yrDq4%)?1YO1fNWBgkO8XWZ485
zv#;f7Ttd`fjJ}qQ0oH%}KXwUJo(6r*VOu==EGNrNzkWIGm&_0_nRDln2Ud|QSa_OS
zV#Ovl{LFMsA0%?*Loq51<Z=LVzfU;x?5P4;8<Ll!l$^4FILkN7w1l1~C1rJN2Xt}+
za%JaQ{oP<J&6CV?TF(bd(VK&WM<HAQgPiq@amx2XAJ%ywYC(`NbKTY0-ry(>=sD}<
z0MeeXt;W9K#H0|5ln_oNdP18dR~xI9!tb|jwu#Cz>j6b>Jr!L({yeLOIRc-S`62R#
z<E_0y#`DjZB%nRPU;G*-bL_wvt5NsQv~p4Mh;@vpjiT#r?(adIR&|m7PN=%(ufopz
zv=XLG*!yPu)Q{dem1j9nJMvsz2e30;ZXllh9OwX9FKgbK&69?cAq*T6>gCDcd9$bv
z(x-vZiMC3<^LefLw^d7z=ec}RQZEVy9nBYJ=Xk}~SHc$}$ftX(jJsQf*lvPgzm#~W
zTs4$S)ltsz!{%JJiZeoZZmy(1m!~m=Uh2T<9U@?gontrZG}m;qjOq0NISx}MRphM>
zv)luN$SRW7!GmvcGnaRGV87kcvad!EO@IZhss12)F-lS1#2%+M?`cd3A6D2He2wMM
zD`{C<D7^6KUY2{`@pF|JLX{z}YEXSf8C5o&P>ECG?DP2-Z(r37u%hti`1oc4R4Z8M
zdfF#Oai@G4;J)>&ee>}&oC!<U+}i`(v+m>RX__5AgHc4GcE3t-H;zRm3w9y)C2TXn
zv_aojRE5Kzf($}Ig)(I%ucOX{2tu(DFk2QtaBl)19sbp5&yihZIEC^P;;1uNR2){w
zWnluoWzO5eMc>G%_|)dhl&aI(tO8DLS`!8^AD;Y$u1H_8Y{Sw6ZsL1ilcR0pwKu-E
z+lDzChrq^Q-YLoKXaLV5RDAPha-ya|o`JOZ&*$-Jc$>cOK{4TO8ogBkT$*!ZZKeIs
z@BU6+2|s5$mJ<(Mtdjf&7y&vCELiSEg*kNjtLi97f7jpik^G|4C=(S~E*QMcDrx1D
zC#?l2)RJL7^t_Nv2iJG^RZ>yWmFd%WxBfB;ImcT)Z99(xa&?xx4j&wksL)+1I5s6m
z>XA#Q0OnJJw~y?nEKWF`A;^%v3(dLemeU*oL#;@9yp@@O{1ib_vvt$gJ(R%%*l$32
zZm>07APef*VK4d@|0e=r47Ctu37mamn^*-Wdjj)kdZ?{Y@g?HP)rkd*+3vKdWHw!N
zisj8Kt~u!}3xBp!9SQg=DBx|GXu^NN0(RR|@To`G%|Dd>^_;$(Y&7~(Djh$w_>umT
zK5kdHIqde@(2@;pc_<4WF-(h0_f<D*-4jfEhvdyjC>@;5Rn7gz4Zifd*~Z&d83IHM
z^bArx8Bf#fb4>VZo-uumLbR7+Yr$r_*gDN8S0S-2_*&(k+qXz(F*>nxunJK6<;gD@
z=4~bcUQxb9?JtBfZwxHuC*{s4c6W-*L1L7UpnG%MgM#Bu_Z+3PPQEIiFkh0JSRLk?
z2&iQ?GcF~*X#RL0|CsYqr)#nfj{{SYQ|uq6{b^s@JeCfTUy~we;O&?XD=``%j#}qJ
zF{o{i(xB$CxQK8_zKyY>neK-aPPPtjnZE1(C#_EdhPJ76)SItK8GmhSJCT4I?oEE7
z;C^W|I$ri&NFh$6@lG{!bLk3|iM>fuEZ$*?Q|^7Tic-et{@@RGSn9m6`Ysh_vi<DK
z9bmm_+B_b0_2}ZxXt25ZgNn*%_}yW_3oV}0QJ!zU*v#Iw&nS6&s$Os9A(4T4Sd+F^
z=cLgSBeNqnN-@s2L~HarlF*WEQ{@VazFT=BRMYu`k1X#cmPDvN8&MCS>|+2a>egUU
zMF;%k98iu_eWzDH9L8(~7O?o4mMP|2DeO-P=daSpeI$B0US5&oV*6e;p%m{-t+_iX
zJX6G_Af0QrfaqSU->2icKQA98XnTyOYG!{brDzQq_F}N-aMX!MJ-9Xujpq&5SM$4v
z3TeXg^s2>Q^xiuWlA`u>mTt(DH9l#9QS3%STju2^2N?Q6*TD(b)MPq2qTDrF5A^YC
zG2!&{c!gs;dzx@x+hiykcqK+#C?<e8o@dnOltHz9wa25LmIC+H<GvzOm-pZWt&3e=
zVBRpj-YRJ{+?WW6QZR<r(Vl@bqUr5WylWL_UBlz15{6X1;m%?<E;GO)W~Y8o*Gq|6
zn96C;x6XWd89z!j;}vnUUR}6<Qm5Um=(DN?#ol`d{$<@rn7aFieA0Cz{uCF<==Xs<
z+#|p9bX*^ZdT5-7(>N7%cj!r1Q?~7J$LdN)NYd$xGY3awS>EMohIvf0KB28+nWzmA
zXj1kj@OJX)%~wxknD##?U`=zA)|?BExiTl8WN^+vYN6=ke0)FqEPVnsI&rI}ultp}
zm)J`o15wHYQSrq#is#J9(CmRY8%32GDO5C9)Mlj@X*W<u(aI+bH83`QU>3^(e~T10
zHtHPcB5E0C=WF$rcYPd#J7_vL&bovBK9<98FfiZGimeKBwh9wliBb1%z@&o9uK#6|
zh;MJdezYLn(dd0?KgI4s8vOAwR9#I}BN;4eTwma7G5Zuxt^0GtF5qYKI<)ep23cCd
zrIo6MOHA=YRS()fHji4O9IKR;4&v+y<#H^}S@|0D86qj{Pih+Bdb)Mf3dO|*+WFB3
z@*&gpL1zZ>J%--ygR%nN4FVCFPjuvKFz0OEGhZ`u{GefwrPGnmX?_fUj+b}(>v3O~
zZpMz+&-K8#i0r>AHJp`!Ch`<4St1!iMN=ndmoWR)!%Q+lcQr<$zD~)bw$ZnJUkLFR
z^zO%<531d|=F1bcyK5TEc6nTlhT3q0i>!lmON*@Bd2H(*5w#a>6j$b)sy)4I4nC?s
zM?2Wt*YPdL`l=iDky!X=R#zX*hyaH5K@1%cDrv2|`Ctfj?;}2{Seng!q<2>Owsg+y
z=#Mm9pj4sKrI^UivN-INf;1E;D2_QytXa5MWkJ9&lH^+SYQ(hj<eD#+)zg+P<u$x0
zYbs!Car?Te-6Ce1m3Mwx*Rlu5aZuX6h?rbxjIins6Cgw|BpudBewXA5CE>oOrylPT
zW*>;~IQX9H!z%XbM>B%kAChw%ixe%|ANbFiVaoU()93&=T$cz*u4T&#X?hB}`HRQ)
z7`>5L^=-p+E)|O6<y1Cb8LPi6P)`=FMD2b90Mzs!aG{R$dmJ2}CSym0-(LAHnsYq2
zhF?Pdz))vWuFXgHsJU}1FBvS<Gq31nMAC~n9&<2~sjPh@aFhR5SZCWD%d^A-c}ePV
z{p4m%l-q#7zy$-^sH`{E$G+}s+tZH!Z$S~0<rve#=}Spb>dq><qS+B+6z_5JjqwYY
zG^k12`0>67n=scX72&wHoa0^g_h3iDq(Xsnm`lkL%k-;^?>byWK8Km~;9O;T^2RR&
zU7NJzPT+e|O^xA!+V~wO!yB|OPA75eJuQApTV?<PxPhTU*Okq)RC*Z<k41(?H5anl
zhfn0Is7*HviIKwzD(#SbH)7WW1xVZetrx)$wghg2imzkO3y5%<PhCovVNoB|3vkE~
z4_1-jQXk^HqDniKQH8;@JR7mD4y;@zWYbb!H{|CKWFWfZ7%rvv2w|#>$w0Q~lWLet
zwG_SfAuGYEw6iA0dI?b$+vO_lWwO(%FrC`dV~dP5qVn#38d~Gg6S!$|T)O%0Sl6t~
z`6Ibe@1|KyPcp1N;j`jYH+|^LmMe8DE+0^g=4o--T7lpRjm|oKotQWZD)!%Z&H7)E
z9R7p7yQ=zZs;8!=T3cIZDT$ai9{>pu+o}^Z_$>BsIs#<)7sJ?W!Fgk2%O0E60nRU+
ztJ9XfP>+6<7#!&9Gd9d5tjfTAm`N8(>lTcg5TEE5Iam!H9p;0Hxumhibb%9f(x<h>
zkeckIwSU!<QUp2S+PX;%j#Z#N&}Wb)bliKFmQF^6mier7LrFDr7Zte|2#D9|-7{UM
zJ~n3PK4pFor1k85OKPu`A~l5!I8Nq}vR``~rByMfD;MDLr2%*eK>T}+Gk_)|-;Q?=
zoit^!2@)x<@bv*#{bEqbQd|@U$pC}O$R{)UGNeE^OlxEmS*jU482Pj;Jg0MqV2H(N
zmW|tW2SY=ooeyFV0=N`#LP(!FWEwqN#)8^-hsAk0`~&O+MD_`rxW+kuw)G1R?1<G0
zUu;~z!UGSceZVC#V7ZlZ3(~j2OVxb5Ht##DGO6wTJ|h+8d!1fCjUSM9K^FM2>Zj(y
z9M{lJ_Ziz4n$8KQ<tOr#B&hnr={+Cd(4D|yfXh#YOfubY{7#sdq@k^U^Yz&Q_G?BY
z{!dmanjP7i&PSb7+s<&fWX){fBnFXm0ZvEMd77LCa%&NL{DCE+kZxMcvENmXy;{7_
zob~Q8a8<LnZF-n~S~X~Q0(1#A<9{5{gWWMIBY>2j5f_`(&6`qSRxiSVE;8$+N|F|^
zt|}|ggiep!pv*GDr4~U4{lkWIaH>_N^>%L=`+F9vkd_M@*KJs<xVa28y9-ysp)x~A
z|Ir+P?#r$EWb2o4(PC$z_r#6_dq0NN9$c`wNb+UWewk>+CW2{T)|Mk|2>AdVo(7ca
z)jaNH7sV)z5!?mZCJce=VHoKH-hgL3TN&!aee~A!-+{2RG*crNBD|^kZwV*g?7(yX
z$!_{_lLiTV?M%0nHLrAiZ|({FKG&1^xa{#%sSdZ%JF)R|^jD_8aVFhvO6f&7I$~t8
zC+HTXj4cgX7~5v|L|^S#=+=Islw3U{;|t&C^=cmc@@Bq8u*nL=21x209W1NYDeAat
z_EBzdc|_#A-QrN1qp89vPg)kYt|usDH*(#?g$yno>7qP69oe=h*Z!*3y5}|-flj#6
z`BEzS3yZspkw*b`OB#r~!QcZ52wA7q$P}T@fRgT!MzolaRa0)#$#=1_v5?W-SKh2~
znZkCM4tFKBD1|D1n@8}<dFe=yjPqJ>cu7ZBcl)Btx1A@q@<T`ugF~LHHU_O?V_@qb
zev?8Q!tMj6RA;IbxicUv!{+AZiG|+4j-&ol0^k>bxl&CSUS8BxFAo)*h6B;t{WmJ4
ztpN~`TvTIj0tnbf8ctlMX_IMPUdZU~-!5?;$68Z@LoFKqb^&RoFeZcn<eJ0xS%GbK
z%JdKN`t}dv4gxrbRPo8bedlrgz_$wtetx6SZ)UhYp>H?Yk{c^rg8WyhYK(Mm1XyYS
zZwu1SKBsm;VPb-4pxeZ7$=4~7@<)DdN>UGwH=whv5b(?6;s>x2Ap-)tk>)^eWCvJV
zAR`I5GX@Y@+<0S0u47$mMJjUK6mJS!njc34!G_EfLlEcY9xTV*N5Y(dm;r9qCnkRi
zN-e%<(!%m`ZWirpayb~xMJ{zhB;EG}6?WQwQ!OQv2hi*~oQE(O<FmH>NomS*1$FT;
zyw*@!4q#j$d`-w`FUiQt0v$<zS%OTtBJ(jW?oQ1A`H4HN5U)>uVM$Wv08oS69PuSI
z5>fz6RJm)2aSb_u-}BI|rdgn*^8>6`p%ca`RE;J>P-Jxx(uM|Le_NNSZxl901%3W$
zw56HDWDz~|qck7eq)0xwjA5oj>ueX}0odjdFH$jnCz!vB_e?*nEX@P@p@3z-c%G8Z
z-xeO!GFCJ5h8_py5A=g<{64a?QNSGFXWTgls5)|q^GI@REW0(!bI>#ZrDN?+es>lo
zI=M8{UkR^!rvR}xvLqe1@N(}%ia`f3HxA1JMmrHGbL0>OXnBnl$~>KsPx><?LW%Sd
zwrphg7LT*-{5+CX2`MN5=g1J<L<QE+gS|DFRPkY;av6`Oe~XN6>ywznr#YW!F)JQ(
zj7##HEw^z1kI3FZh%kEnRlhSKj4<TIu!Cn-iLx*AZMCuMXR)}4qA|D>#aLx#=aDnk
zREX6L+=+DUVpOr-?}iU;9ZMMturq=&5lZbf!#h_dv64Z(_0$}xpF2`kXPT9;Ty^!z
zjPcB(y#;z7%8F@-rV?|xlh+sm<6^!f2BZN*-u&(9PT}Q8+WdekJHj3TYfFD@linIA
zL{1uVkfb4Wcv@O}Wid*Fsy6Y)V6sq2cJ6+mN8Jq`S#b>lG<$aJ&dK-~W9gUunKtQ&
zN38>ovU8V@6oHwOaU=^pxm4pqAd+r(EvDNQE1))3*BVY%AJSVf(k(BX3Jk3ICC_6!
zbIfeq)$S=)Joey!Uvyb<;9+rjaJ_JBzLsp7axNWKC6jf`v32WGjR~qLsIjQ~9S$}&
z7RR1FVr4W49S(qGKpt0hJBXHFB8JJ%T61AbnQ;}UZQa_s(;<I;du-H?1G-v^kNaCm
zx$SrZv$BxN9Ryp3Igy!LD}#d|188R(&uVklD*+f?cd5An8zy2rw$@dP>18-HkJLPx
zj=TT$!)CUlr*cnH2MC`J-zS{xJSO{*6a{sv8-Z{Aa<E<1j9V$8>bnqOjJ^2tohnqd
zyqCD*A7LFd23eDmN3bdUhW=jRdelJGmCrPuIoD$C>`6C=%GT&2snsYZ+Zwgn?hR}|
zLgu5_UetCI!_42aPy8yTu6N~uDyz{pQ9|EUk>B(abRq3KTPl4ZPvqrslK{J6PcSL)
z4wN!7v~aa>90?Q1mHJ3J7k{7tO&p%0A2M!CHa}#KkFp%3sV2W^xTj(BGu>A_Y>kSB
zj=ps+Hbz<f{M!;XB~k85>XShqt7eRnl9D?y#@%FW)8@5Hhp|%GeML5P=SNw4OM$Q2
z)%7N83&l04_M+f8>j|pvY#cyxu<mXEp-%{z=dlkE(m>`|6uqvC6<~~O<Ukumsw!~)
zvueXE%W6F)s|9V5gn_vMAGKT(zD!+kh58cZXAx^+dG2r#G<f^=%@lPa6&jZF0zlK8
zRE#wkTW?fU4{_$+A8?ceFB)5S!$x`Dy6+hbkBt0nea*C9RX|G36!sapEKR99{9Cnh
zN<|9-?7#X_MXH3v#NE5RcWvT!b+HD|_pJ5Od+Y-WACXAng+>*QmLpSj#?xE+x3AY5
z$O#>Q_7t>>ob(_hXfhiO5?Klfnp}dQJX0tEtTCUFOz`K0S8WiEnWnD$kFv^G56Pfs
zK*~M~$M$8E?eiblV1%$5C*zzE<IBxGIu|ew_{nKr(}V+PuEgSZP#D-n-lLgVGjP!V
z2atoRUK_=}U%q`|G0JjShDG~aVCPINOG+T1KDx3z@w&Ofgr0;$t%(V_nIAsso`m&z
zM4Xa$Jt4U$CR{gB?U*?idUD4$`H5T8bwl`<mi1C_kgeat-Zo4-)I;+$Oa`YhPKM*5
z@^Scm#C<O-e+~&aEl39+UEVWzgO$|tqR8^KzbEHgNhiHtoI#$9g-!2gdp~;2#ZA%Z
za073hlV|*Y8OtcEw#dZ+wQZ4GzLL^x-{Eq3#V?|o;vRh~LEnSnD5B%Q6J+fbT%B5E
z)#mqB{d_;}Ho@z?>)jH~gcO6RcQ^QkiOtpKEAJXG*?%rSavDN~BCUkiUsYnxnM4p%
zuRU|}tX@}|Q1a`a!$H=-uQ&KFUkF0LT`#GqHU%cS+kE<ElKmro$A3F#|91-kni5t+
zxC5pZP%^B0`Axjf7aLK7q(@ALa?Z^*-3*7pzOvtW^$BI&LEQ!Zv9wuUss0M-9+clA
z`hfQx8>pXsBYo9LG4D8>Rtx#<$vdMXo|HB~8*In^jq;@e(pFGAo7f3iJfwUNU2hv@
z+d)}%r1j6QC;>E|#ZmA-A+vU~2BJ&|8qE0RnB(1ZH(m{r7VE>Lm*l+T{^SEj!{#+=
zZ#%-Ki0(XtJ>F}t<L0S+X~#xkwwPPH&G9)eW-)9frZ{Vp=K)HQ65`}+K%HNt?kAUg
zDK+66q&<hByEVBayi2&GpbO#Z&+W0t_0?8`-!Bz!YE>^+*-TZDr<?hWn++}cI3=Y0
z-_J5L;_0@KRURtSESf5IE>h9h*#47va%6qR$H!Q&AS7M1x_%4c_2yhyA9^DOni-CZ
zoHt@I6)>jce_8AK-(EU2rLI0#$hU7lWru-k=)F!UN$%{?chD1y+T5Z0X3a<?F*~0%
z0}6W|@>?~#yffTRhAc}vkWO)rR1U}WOJqcbzhRlp7|ctv7s%}7YN!Z~lUW*e(44Dq
zXj=Lsbc+(Fs&ANL8GWwQh)IY*&hBf8vbqA}-0QRgH`J(zn|RwT>vjkGnU<t0zJ#$a
z<44ES#gg|8Ml8fX36*=_L1R`JUTJ5ueX-<CBx*+Et>*|=s77#zg1*kXIga|>o^zk&
zl3#n~HYA7&gzAQzL*_<fG&_hESt)b6s=^ul<S<i9i0o=AYu}p?_l6;VOCPoVJ2R|y
ziaooYhfUb!?$6DsH|3iND$pwOw!c*B-uBh*yV`I2Za0P8N{*Er%?UXJv+#@vzp<M<
z)Sk$dd7;w_K|;rj?uZS#=PAL|DT8+NTYcRP-}9dkW=_P_4(Lqs_u69=QFU~vJ1LSK
zb(%_YwMp;z6B{y|u^r~EoyFLc`pM#E@3L1+OJ5{W+#xLc0PP^xmX$l+9e+cF;;~2d
zkFV(h{EJ{GoG!0~rkSq9D>GUfa^>PHjhR>Ljvw96S~c>V<${SYZz{pz>~H(xE%;RQ
zQD$@0QD4`yKKpxXBL?b9F}Li>LPp3^Nam;6Ztuhc<0+7b8sLBP8fR7Fa1uTfE;l8C
zRtO(_(nPi5yyO094K0Qpb|-2v+1^NyboINAS=aK=ygvA`g8pEgd-4gZp{CZj+WwYA
zifYV{jh0EpPU&Ak`OMD{?Pg5ehy#;hV-{a_GKh9si;#$uOMm2M>uSuZ&a?1o#+_ob
zfqeT(;boKWi=mt}s$h6Cwwap3KtsA7CnoBgqP6b|&lSX5T3mU%GtozoLF}{l`cnIZ
zRWvVmB@%P+3)gVFW7JXV;oKa}p<^uCIy(I0oa@}0COf}*RC{s8YBrsFS6SV;LDm)d
zg}~qU8IT6QE=0$%1Pkn6r{Tj#6%$k{Xq0!@&&pOVPYBTUR$=^e!M|*svC#*NjY-cI
z4u3CO70fqy$~p|p{S_T=Y$@~NP8CLqpmEK!1q3<8NJm5fpgM%K59QeS^J1<(qHJ+K
zLKp?l7GHChJNY8nN%ptDkjhr_q-07XFU>7x6e}N{rS)#lwk^$dyiiJc76?fnGzI{S
zH4S|3z4vBeanFkI8@KuP4`59eJyrR+*Yy4K^WG1Caxs)elEUyx9m%N;2g+P8{NJ$a
zAqD(*Is8yzovHGc`>w0L<?tZ}b!}}vv?Z`pe{$`S0%CvR83Lb&)j41TAywL+ArfS(
zPfDsbf&zqQFS!wV0E6V!;f-UKlH{$Q`+tAoR@-VIW5LGTz6(D^k7d!;f*^-cBVi}X
zsN&J?^`lx!S_W0NJ0Yn8Az*R%2H1r#HrZE?1>Md#l+&M(FI6vG)46dv8)Km9nG_Jc
zu7A2ig|iA~9TCKXL&Q2+<T75)<dlcJ1Q=)KP7YrVw`LIP70t`9WEr=4scw#ceO7vz
zYe_Ciw6|8#OqNhMRHa1X+}?7#^>u-fK?S33v{jaq(})RXsk>t>f@(ArM;$_iEmsGI
ziQE`_$me)crFm9BcYgeaIVFo;8Tm{DG!(~i)KEx$-!mQJ>p1Yn9lqPlcS=+Rr5>1Z
zDaLZS`Lz8k@$Jz|g*WC^7WQEk0~b2?e}2v|{>VhGRUx)s-|&IxJj%@-dN*{0%ZhZ=
zmtP%Z)!r`K@~0yTVVLd<G1k(wnC0Y=4RO{OwXHT&mtNXWxLBY(L&#;~=QkGMrvW@x
zNF#2wLK#|BODb{3(UQ8ESAVx*KM&mg!y>%xbwCIkqvezzI#g9DL3nj_2fngVy#`n&
zfpJd)yzD=g><IiU>Kk(1T?5))(d9TiwDA+tKrb59oWJF_+c@r++saG6NY#wgufyIR
zZ0&Q|>9}QAl}ky{f%W;jm+UBQ*^Kk-dudlKr;0T{RpG>G&-6~lwRK>ea)(Xb=+q8X
zjkqYfpd4E!D`o~tUgP2u9O<A{4)#-+CvyT?R2vmrmD3}d;VgFwn6UqHN!$hy!(+B-
zDy!kKu#@}B{)@TdLu~aIz45C|t*2*PJ5+U?Vka$`m*iLO)z>Gb-Y@LfllP|x8}~k$
zn+_Q(sD;(p0}j$AzUgU(E6{pqr|yfqm5F?{B>G$*y*%Z|1Z#~R^G_?eWF$lAf1Y>(
z*&=**Vc8FdvDtf$f1-a-eHo7O9O<1a4!-@qoMW@aN;7VDs`2YPbi|xu{fXML9~iFN
zP^ASojx7XXLPIT9WYHg0rxq96GPgrkO*rPEj-06#C!{?{#vvaVE?4dP1J9Wv7ob-4
zWB(KNi*gBqd*%LA8&>sIiT^(3cZG+x_i=D^8!;jZtJodwr{1L5p~;-nPm|>L0ZkKE
zH112vh8UZ{E?)EP0zQiNbK$)vAr8sim2;gUgAoH~v_*fknIYA2HFQM2#7AQN76QGO
z`Wtn|t4Mucqhh9Uez-y*BiCA)bi7b{z(2wJ#P0<U-R=zRKkgjhOvzAs`?EE_JG{7o
zS5J0&JQ&6fv*kZjfZs_5tA<{;+WXnMas<oD*vnK2$9A5Mr=4!UD4N-ssw(4jGDW1)
zK<R*KvfCwB?}xMd-9Mq?35<a!$;A9f9;SQ?e!DKrYV1(q#LcLondz>4Ua20oW6pcC
zLfqHJpN;cNbUdTYw{1M?7S+kZ7fnLx!-i5HjH<=k@x@ZN(qn~8b!Vhz`Sk2kif@-W
zWm;jR5m`Z=h{Jt?UqwqZu6~=q${9A(rQh=O27+ws%N=tAGjz{P)>)IyjfY-`+V90Z
zV7EhE@vRCY-fPb3H9jxrw;;dro1B>=PPR@>m`>-o9S@Crj-A+o^rhj9G{aR#4FlR)
zDGBkn4|PwuR5*nxx>p5HbW44hT~Mu+2Ai(+qN&%apn1=OZ&AytYixE(y8xR9P!Csp
zDD?&hINRT4!>@-~+752g;-K9P5kxS60e{J9|95hpSi|;T%Dglo)9!KUNhIN?Bhj55
z1xzZ>I_~t4+f5@mzhWtb(myO7JQN6=*fH0!3$wg*l$d2uy&Zw1fJ^@x#~*IYw1SQ}
zX`=Sy$yWJGv_)w88_1i2L~9=b_oiQah^Z5wcIJMHJgs|gG#%+UA!ab9)}izx*WMha
zyonOJLSFs*Z@F``ikBof;~bavPXDCBH%?=OQ1@l1u^%7aKc+U6#Kb`}oP77%$%s)0
zxw&x%V7y3V+(_n+aZFn1!ObpAg)=y@aT!(U9XPsv14VgbMnxb(Vc3UMV_z64=pBp6
zSG1Y^k?(eoxW!wOaD}-}j-aD}en0N`bkzHDfrq!wc3a9!18;P?Y1Pb4k{%KZOXjp(
zzk4~UJ5=rI+%Iw4WZ)4qj_oIj{c)Sgk*RkX7WFI5pPnQcUJmy(pnL~NKl7%4ydvWu
zf~pLOU>{3W?)`64%-4~nN{pG}o=(>u)Ym;wbRFDl7VumnSdDWqq>wIN**FF_GTJE2
z(A+<O8|kOGXHkGBuu+KSJ*IeE$F6qKw}@X_yH%>5VOHKa7Wc75<$iz5k`emM9O0$>
zCEyw(o)BcTY9kh4x(t$)f0*LG5e9-rE0MUx!UM}E^34FO2r1Oj*autft0CnA0!VX?
zC=fc0GcsJ}zY`w>shbiOjIH=2Ho}{sBUwmGg=@ad&$wf7XIXv%2p_=#Me`<c;7!)9
zm>AOYJQrj8WfP|xD_w1|Y!+od?96&W>rA=?&Vm~-#!NrXWSdeB@oh}!WrdS>?@NZP
zwQ73v3p6x<oidV)9;#E6h8>&Jx&NWYXjEm)>xUcB5@1jm-+9`O<=`h!iwiFr#591*
z=S~-=hhb`OHgKcMD91=nR6Z{E>W<APR~A`KXD&U7{RL8iHq2erm%eZuWV$dHlOT@o
z!5`WoRHDPBj3rS=L9v6V&i3<O{lFzQ#W?ra0WHJ0Ys#ZrWZF&q*>I9Haq0~XfPG5l
zVXL?G@zg4zJ6V6ho2=Tr$%X;{0#=4F3;stS+dw2^I6!><RGx?-I&CN;B|Cu9`Ts4v
z_)nmk2E1~D3edJ8-wc#2F4OJ1+yF9!&`cMz8#fAP!=<j=qktGd0|!v%o&E%fQj*-z
z>H4b+P~v`1ua|9tbl!#}1#~P~=T9TCJfg-Ap-NlRG581#PCw!Sfkd4C2UlePUl0JK
zfSF~Og#k&*{sw=EtKs!5SFVj{5ZlY!hHhzpB~phb7O|Lz2<!zHJaXg=*6_X-<)g!l
z8NT^4J`#0i<3-<~CRf%%y{`2JPAvQbaL=4oU`g9A(vP>BW!DfH$WS#kVE}D&+rt~M
zp-?=BlFcY%n;_`SeYLYq+ErgeH<~*DCqv~)pkK^&rEP5GM>-Z~Yijcrpv=}<of2tO
ztYBNk&FreZ8=nN{hVk*?b{xja_!5e(93(xaH4SB&J3%i)ku)F=yTadNbc<PrtUwgT
zN65H^5f@#!2Xfq!wHz1P#-BPh;+~`jMS3&6n$H^Nh0_3SF}Z=&^^ao~9Z33tw>%p-
z6kz8p*MzXWwHj}vzYZgasRqrN>yr9nqnl06$SLC@v5Ju&ReO`b$8s&(2O|Jk+smzv
z%N|nEc73z+N%OgFbp^X$Kf><dlkIu0CF;BTeZc!iwXxAzhxm-}&Gj>Mp4df3>O6Bx
zVY{2zW==fMCU$QAaFlYlX0B!&i2eg=zlo$GKOx!g)Xbu8U)1v62(v$C6t$xb+P|D5
z^kCWgDo2<HHnw-x`f3E1gMPUCH&ql~1f31e-9Mp|E*Hfb?2hPb@~T3vGpWi42QMiy
zR+Y{Y2{j5Y`ukFG=ffYWP*TFHY(7HA-meBP(Z>A|E@$E<R>FY0oGR|N39q5Z7+ZvU
z5_Mf^Q8fH>Kdy4e+H0x92(HYVmkF^iFGfu`1U4GkFc0Q%JUbBRasR1#1hzV)OdmBl
z-d1^R<MUFx-Q5+TKSg)6;>r$<6{U9KDFs(ocfvqqyRxrJz*Hk<nZ%j~4!jg+0mZ;o
zG4m636HA#@>)!#NaLxF*%e{jpVeQpJzZ>vjgF822u?lJ}v!B<=J`Ej;)X!LORPLk9
zZ0O?K+Z|%PM9e1AZ#^yBr|HZ+s}nylys1)XZD?Q&RW}#}HSwXxrYv_sbA?#y46&?q
z(Poq}Qm3s+bD&(e=+gOgddsJZf}$_k(`PtLR%aK~R{scZlQ3DsBx*5;6*_<fkWnL2
zGvK+jxNASJuwO+NJmxMLhn`svO`2B5uW|3*1t&NTv5f2cjcZLZl!KkR7FP!}S|HE#
zzL>nXEbJN)pRe7~Az(b#-#XD4WzzKM(WAP$YttUTv9IkPwy6EzKjQb#jyAjf*ka8B
z##?KOeh!<xf2>zL*!K%jKVFZ*fJD3X@&*zBtY$DZLc9~89DND(+n)Eh{Fj7+)ujRf
zO{#2aaw!(Mz*3C7Zpn<u3tQK-ZDl~v@Bi~(lmd!OcD4rd;j`|yXe_&7%Z9?y&5fV+
zyMcoHwvN6*1|!xyDcpX5=zh(^0HOWff}f%&#o^9ykq`n<1o^<wl=0cHyMbFcBM89r
znn}^$U#Q4$ZF$4ob>*Ibcnkxx;n`n5`LgKyIs`%1fH{}igL%NKAcD%%@B^y)NQs1E
zlLKVaT@v9k@0mppLW4*{Xfw8^rr$5b{<Nwe_c4Lj)uu|zqejX7t4@BJup3|A2e-+w
zTE7e<%bfJ7u8+IjBfutlef(OwnMwKDa$_Ni9m)LtZBHDt5Emzz(V>tq54tN6(DL3a
zUn38<w_M}N+HhY8U5{H`rR4ck+tI1M;-h5rYn;XF)IL676(t2|fapu7Nf=dYf_fyj
zjSWm=*B{<$fBWi6-C~yON_gzJT8Oo|$;Gk7sO!1z3w;eTGAQ-cQ&_odSftuNYL3r9
zmqxOB<|@;Nx>fi0B-1hd)QKfrZk0b>2S$f=+ix#PE`EGY5ucSI@Swa8{IPVL&E(by
z{r%5&A6cq_E~-=IySCvCk`8d7R=0u+F=i!x?OUOZ!M>7yoK4d?ojp4fQ|dV0&;547
zg7D3+B+{cUe%KV~p^-YM!Ohe3L$TqOen|L6_P&Z$${Z`sWL|&Ewd|BcW$g}QD4opK
zhl7ZkAws0MhS|b|_*XAXA<tNbO<Kf-zR<;c)*fr~{GXis(4zjYmA&ih?=P#B|Kv*>
zkoDsPlo+VPZ1>>o<H1IR?DFx^4av{X%)Hfp8fa7G<q7R{Laf69$_2g+BB_F{BUb0}
zVESUG#R)s6_u!19a8#PB^XP_T4Jlvw_!Izt524<@3K~1SKjnP@xC~iB<Ja7$7j{w>
zDG+|Z<BeyRirYd6_0s9@J$iuXIyl<gK`J4Ee@d(!vX10n=4$iYcGadSA>lb+T3^}V
z3_4Jbl4A_eae-;v)Bx*EzbP@E0$w*;C*bN`P@-&}z>uO~%=&YC0!s$}3%Cpvljdd(
zcgG&6Q8jtCxRi|rA@!WHK$mHxw&U@LP&FJUxq?wc(NA}GK)exr_HR_5A3uI1&2!8p
zLw`gmR4f~X)~C5MFNkSJ#tRMW#IsDTWo>_fjmv7~&n;^%<`1M(JVPEK3NY6JWmi5v
zr!olf>-};ophyPnpYMND6pAi<k-N&9K_hGo(R>Guc`fW2UN4o}Z}t}^1G5QCD%T4q
z_X;a!_Dn9&_)D3UkLgEtG~>EyQL#<$aPc))iJui`2QH>+%$OfF`a+t7li?TjXZXC^
zUO}OB-qi}8H_}slj5eUS>_bO|#F8c>kJ(l8T3{!hzFZG23?0M<15rDG(4cF&lf)H*
zo~32oKatJ&^GuJ;SCG6st7~0Avu)8uaUivE4io9IcSpFm$?f>uinXw7W7yykX|p&q
zQ~p43l?^B4I;2{YOLvv9x4M9zeJW=Y15e%~#n{f&cEJ!h?hYI{yHI!`c_U1u6z&#D
zD;THc)-y`9k&QK1bgni{MwQ08UE}VL2_#Z^EIh~rp)e&l9f{h!48g!bHx>aPzO7aF
z$j7nx%_(;&%rZiLgOeGcduTu8xAr^GDT@QA1V&6ZfF0UemY+WfAud>)uGb*I9cyT4
zs3;<Nw4i(*?Sd1@X=i54v8h9Z(Hk?Gz0TxX^xm8PQ|FVy4#vq~q3jtnzju8~gJUG@
z6YqCtfMhejz?V*X5vekPp3~+0bh6{ld-WSDZ4oFlR34n5=_K`ceuGy7HIGMvpOhcE
z*UST_tv2LMpK1Y%(xY=iR*N8<>cel*SW{-k;9<(ok5P!byM26UdpauGp})9w$GB(N
z$}&e_UC0|FH@C1$AH^ww1Qdc53v-?9u&!Uqbu`b-|JJl|)c&6t0R7_<1%&!g+69hw
z$OJtkhijn*ct8SG7om~h`Xvt)S3$WNd3jXjG?bkT{E6T~a$)t|>U(am46=^yG$EL{
z{b*g^NP!tg2@5F50OA&jgas7dgfX~9B4Gig_z%WMl(68Z%_I^}tY7$7VZr(*|AnxC
z!u|kP$iEK@C^}WHe=jUp8~+L<<WN;u7jAq<hb}u@zb!TP&mn~9loa9*^jMZ2i)VAt
zgPX;@c76i?C@5Ha0xYYYZXLa7t;HGN(Tc`i+K2Xj%;PNii+tb_TaSKPgM&h=1O39x
z@1nrgU57IscZBzNCx$Lyr;f4z{u;22_^O?3Z;`WojVhCjk9vywohk0R&8DXC^xd|8
z_C_bcIh!CaxQKcV-BE^a{z3@Bh=oU$zMb?^v-D3;Q6SKsc8t3gAj8ZTZ=|iO*_^;K
zD}<qcRUj|7@(_mvPn4&`^x0MbX=1ugUin)B&i@!xxN2Js`!JNE3xVn6V*D7w2MRN)
zvNdL!BIPSaCB^@TAkVeH`k#A)P$quW344U*5m3pbwJNyt_q7-wB7~HbDd2d3Eg$nl
zt}cV1qua|tk3p7$isM&fMb23*HiKCr0wFkWk6OD1_-H;kENu%tE{-<3<4CeHbnO*)
zs6~O@A^;EVLfV5Y4A%$-?IN!YH}ac06T&$WQqq?%wKp2YIC!;%0ZmXQoU<F`Km|O9
zL;;a(ukrcKU#F}z;DGW`QUul8#La=e+!1TVTcGU&oy3b3VS7MG@dSwp{5MiXq{EyB
z6nkZ$Icm7iGu>=r#NSxFwS_Lt%-Vk$fwovRf^Fz*q&=W2&_>tK3g|ZRw6~MHpesF6
z(e*>VPIyq$*B#H$Yt({vjbA<r`4k*aBl>3aK4VdEnD>pX!GbzR&*t2G!&R3V^$s+S
zT3{pm>%n)<&Uolc!RTBEZXX!5MoQj6t^7r~o`c5cwsT|)x{zro>cLLy;bHNZ`;tKS
z+8)>wVCM-f)@n1OCe=xAL9`YpDK|KZmKWIVWNSF9&f1V|4GPN~7u)8aAqCUHWtk1D
z2ea~ucIG7@(#+jU--#kFMmfa~v{DDNpEphe7gHWT6Z-^WmFi6V?d;_;C26<Q+bT@l
z@{$<;VF)4MIKVo5*~f=D$H;^(KK&wUkXP~I%DYMI@xh#ITs-eJlX!kFu{dc@-#d}}
zDU)F;DJRcquFqd?wXyH8h-mdnfzDZ{!qWVizBZpw6O#yBe2hc4Swb>yh=-}o(;UyT
zYUeUi{SpijHwX<CD4JcW`2{?x;c_5+^J9{s1&6{{udwgAc4_|@?rXArcgKvF?f5IR
zf?F5g?)ag_y~H32XEU>4FOH9T@U|Uer+Ovup;)+qEO@n6)b)qzCC=D(0^F1G;dvqL
zcCR&`I|w1Wy1FK<9T!$G^?YY@?!|k)m*kYTLk~XkZfO3FbZ=mDTHX#Ujq#e+WbHcJ
zX*ii7RiC7?N?rqK;81F3v1c46Nn7AUKM&hz3qa5i5(=$52^%(rjhJshME4CHol}xx
z3LS`v%(h)~tU##e`5TxNm=)>=CXR_Tju!amh~s>9L!yjUV<+Xz-AvjQHjuJ*45=;y
zoJKzab6*g&Cx;4bX2qxNHbcKGGWrEP3FWxDsev9eQ)j$lIf8GDqOY(X1v7mFY0Da5
zH8eAmWipoo%Z|^AI(@LT%W0ljX3@YAiO>PS)p{`?AYi*B61L>t$(;gsm!ek%E3-Z6
z0^BPN9=(F(R|gx!qiTfz08D{g>kYm{8qNh22O%LLjLadYikCkrtO$&_S#xBI#PGrz
z0f9z$czP!o3?RRBi%ux^`nqEwSMbu^|D40b0PDZ)V*#}z*eKZkj7EI#!})*05w_PS
ztY?{=Z;tGQNVwr`Qh5G(m#O8G5P~Q=ew}3*rvzExR;}XEfkg85poP}dCu^aRec~4k
z`rlzn{Pz@#Z$>~YOGrXb7$JUzG7=j_1^9`SS4|PKvsvHL?45}NUDf6mi<Hc$-ej_-
z%j6jX8f*kJg#$QDT_jax>0s3Njk*a$M}}vJE{d79;L;jgYUwltg6%-NFG+9d>v`Jo
z8dLSV%o|j6v>H2kUT)M-*b^GKUEb$IyE~b25x2;)!6ccIm4D7JO;he@{1Rc;_an$E
z3*S@bBUKj{9RNqa>RdTBp&1h)caa(<?%IF@R+*e<M_S2SjEvUe1&4o5JO%ATfj;1f
z{~h^M!$xr_@?VZj;L|4}|Lw@+--<u~<-k=X9iO(;H~`th>1UCGx(tB2#FNR{2=OAF
z=#yvHsRWbOI=mb*Z!lX4%5<@XME+N1PXZ8?z%&Ld<H-sW@|pSn%?Re#Wx6I(p|(VP
zBKl&=z*-#HuPA~4-z~daAkh1pn*eu-sk%Y1>Zz><;mTUpzNNnyG*3F<>A|$#7Z+Jo
zz=cN~e0zD^)qxsAwS#O)O`$C%3dbsQh=S?!1{<E7MF1NfvFrf#;D)^knF94+S@pno
zVlN8S0M=%jaLQ>R#75K;d*#5{rf0)g;#6QkF2FNmo34<BxY2bl)}3UGJ}pd0qP{)|
zYVzm};iCbWN->e+yN?;v_49+ki}>q~AS|cFy-yh>#;9u?{@~2<z4f=PWQVruAvF}@
zORCm>Ug+|WWa}x~KRdZH_#=Q&{yyUcGvQ*Af>0HvP+<DUeW&BvZxvq%KcPikglHS_
zj0eZcfEpvzV9XbHYNk=vz>Z||gE9Ee7Ox(jBUe{7+UhVumrVkn1B`!QI1sn2U$Fl-
zqD^@v`*@TOvp-L}@h;aKu-M9Lx}H^_VSxEiSX`GoSzhU|GftB8B5E;7M-z3<4Yf_!
zXk2DQ`W+vHHH%4I30m$~-0yRJ9=}lomXcD!9Ri~DbF({=b&WZPS>1!minUSDNd-Oi
z^?2XzBU>oypAL-s?64`NN&B+72|yn|p4S`9M6?M>1pla{Djz63d&iEo8Z(!SZuHTK
zX{RAsH5V{7YdDnZ(AAD<^xojf&^cqSYT7LtJ@<~li*eR-KiZd=WqH8KKT32L(9&55
zs!v>{JUTL>lG6Nb{qn!lz%cTrzH$DI5e?teB-7IQ+CHS*_0_MDnyGnMpGnwMpC#gx
z{p`17s;LvJ9A$28l}c|sO$b)w<_3-*dW}5i<ZrN!J|mzacvy1{O_eat0~X&(nJnTP
zyxfsr{G4Rdjr^iF{36&i>k2zgMQvE$*n(x)d(f)oxoQJn7aNeYGM~}B?BXZp<^09j
z`VShWuj2NaV(r7?cb@M_?iXRGpOml=Nr@%4RmORuvT$AVtSRiS0)3aItC>CWgNV_?
z9gPby1`DpHkvQ^CD!}aF7K3NKoVE8VMXMG~ghm43+jC<q<7jDx)$o@0Vs;+8dm^@2
zntpK}zs?dLV5!5pD9@zM9KQJl=H!FVqE7~+USo$!ar(z*%F=Y%NbHB)I+{nLUh!B*
zTGe9UKyAymjmz5dm{L}#i^eMp7Y`p#B)qlV<o38b&;EA0@BA#+@Fz#towHSP$yn!i
z51ek5&MD2%M~|n&OAULN|3{wNvi%8T+Q^RYS0m4fust0QA*{SY-qqd$cvlLjNuIVN
zbmYmR@<j+EAbFagA48}-tR;(o)tzX&$$Zp-#ffX2C4QS{|3rZ7wO4#~54{RcRb>oo
z`iMn49%3ECWa1d|1?$BpoevJOj_-d^bJbhUcz!8B7R9%8HpKfWwyQz<(kaTq@d0q*
zoQ`O%K3g^SqaaVxS#6u@8ki{{9tBk!D`oN6D5}c#^vI{7yw1|D7#g)>fWPZ2Mm!n*
z!$W5M6M?eJMTC!K;%-5JK7lcL7)Y?e7inEx2vRzzvr^P|RnUVLDms7rr_N8FU{0?$
zwrPs8S0XUSiBDL>vIm@q_`&gDY|Gl8peIU>ueTV*aCtg9B3@{)h+Y>gwR7OjkaZ|X
zCl18co}v<bQmTpwt7)|u7Yx=-iXhy*pksNKTK?~~hE``0k9V@2*pV{WD0N*XufTmg
zThsmBKj|;k3qr<zddn?4$S(;1B0**5*sF+CXiEx(If;aY1&W)2+e&HS{`(m)bpj!y
zRT0ha>$mqu7kmwmzf|9D&~%?5>nQhH7SY_I+`tu7#6&rWQ$N#zsqiKf$`@@!c8H?6
zramPoC<u1Y+g4UptyJ=qDbJUocC90Mm00iD=f((Jd9<t50+`1E7Zw~ozkTxp4P+s_
zg>Z*1YO#Q=pDFf48kwnYkbuYK`dCKiUmQOT_aVgwpYVp(-w?ZgvcB_-V6Za&GfU34
z;9rD}!}v6KUl!oh0fN`_Yf}S)0OMpZ))UD>Y@(uBD=7v-WROc^FpBqPxeM$S$Nlco
ztUo+_xRNw&eW0D>fwNYrP($PJN3_8mo7W5pq~fmP)5saHx$M))Gi$zOpQg$f;&8`w
zKWZ5Yr5S0~4D#?k1uOc?dm(!V|BRO^RYHiX;iswMCQ*HQ@qpj<wBIoW7qK7G=QB??
z=x}5$ofYPj6&ma*!EIb~0RM8-pb29(9+Sh9ssuhL$PSQVxbwx<C^Bvm&GrUo^SGAV
zh>M$stDfif;-MR}pOHknl6^(jVjFU<9Q><uWxpeGt|Zv_wZjRN+A78A?)c$TA+~r#
zhRDNvqhDAc8J}j_kO)tGs?h8Rr7sFs5-#z!tC<P7otTyTbjYp*f|Os9Aj`~jsPA>+
z7v)FXepkCL%cWi3{HA{EiQ~(o1GYok=-wZ2Htpnc#w+BQ@;%RMbt?jo7Orc~{*{~(
zLhO%2Ca@BA#rZAY0)x_~@u9_7CnBgw$t(8)1LgH)jFAfFtlpI^$~p5~3Ao+Idbre<
z>atjGjmQzbEnoA64jfvt6_<N*BDguzULZx}PFq>r0gI79(|U|m>1^7p;fc}Qtd^iB
zHr12{5U{{OrUS}Tr{BX{^U+q*W8@$>^px(BaUekWH}9!3_g(E!xv<cUABh!^)kCQd
zJ46aFH@&oNAnwhr5uD|TIga0#F-<aI3O*6uz5O}4PY$R97Y=9mY{E;KZF|U&bo73m
zh8VdWqG@Ra&(RqUCUki1{*By1=p+?v+;hWcKh(?6|6y`zTV(j&p(tWNp7kY_*jfp6
zk=BkG{{0=8PNv5r266bA30<S=a{D_Qz$%sP6;xf~ACBEj<Foe)@+&{zi>0gijeW}{
z-&u`zwA#))a5^e68p-kzxVFZ{vJunOnPo*+-V|b((7wmyjO#IG?m^VT9a%r&zS>Ew
z-VXFn8W$pI{12diivJ+0X8H^3u1(G49ppdXRSvdVa4`X#9Kpe3Xg2XPA#R=csNL5$
zOo!WZ&MOAx>bd>cbiD>P0dk|I|JU1f1~t`nYnmWM6c7PvN()7bR0RSeMMDc60VyI?
znluT7q9|QN2ptIup$jNgx=2xa?}XkVbb_>S56Js|?>BSj&i&@j+#eYdlC$?d&t7}2
z^{jpNTDzymvO|Gm*#Id3GAsfQVd4$BoysINA`U1D>UK8oXH}K(lFyP*os~_xXMLtb
zP75mWmL?=HxRNjG{e2Ocs$vh2t`0bJdXPC<<|GTaCkAA0Kss5rX24UmI<Bh#t5h-$
zG<%&D^@vY!c*Jtu@8>*k?<Y=1aPEdYh<3cMukSSL9gs5sbDACws2<|PB;!3Kjps%J
zG_#a!(HNu;0*L4e-;p0C8STV0=oz#PniY<#m`yQTRF13INzZ5cWJ8pG=}IX#!3vv@
z2EAAp-luS#D-?J1?7uxB;Eq|MH`fe$LED&Nsr-1kKK7~JCwoKl90C)2=KHsvgn$>?
z5=7STiWG@d!m&^9biQVtP8M0Pvr?>vTJgA0FnmX#%BCQ^FfBN2XR#ZI3Y}W><aO_b
zouytNaS4{_yG|Wq<RbEFsT(VjieEcqcu3w-XDyN%iSh@PyiZO}c3tQI@AhfCy1D{|
z@<4C`v+I)(2O{X!bwTN>6tI?Xr|*x5+0sEu$^pHdlMGD0(Z;Qu=iiKUQfRkfPaRTX
zkc^8??$P12>p4_FPi@Ik9_lGF$<ij%QZ-Kufu?5Z)@3zl7lXo*I%|ELqK{^b{JdUl
z#(sWQl#&`G8sd;e*97V*s>mz}RZy5+LDeoHz+uXw+@2Wz=o)qJ#_Mlo2iBhwhcdKS
z<rm#vPwjBST1`zE98W^JFfTfR-e!MAB0$i!)zu-rmylPWl1RFVeYPwmOvrnRxIRQf
z5mNye{%NND3S~1}I0y6elDd$1l3tlz9PdcZyZG{^rm9R!-e<vkOm<DLL9b?x_P1MN
zfg|}bcZa!NZoUSZn{_RV18Uebzpi~7#hBtTanQL^nA7e{Hd~+2u!uxu_FQ(i58OuW
zkiIX|*lZI6LnuU>u|nH*h<jU$-DyBz7AWNiWFZ_S60+JriT~IG1@MQwc)JK`dic0(
zDg`vG4c|jASf+~%?x489_sIM~a!6oSXh7;rvc4Z8rpyTbOb4Y%c-P2O$FlaWyFz0T
zgGhfDGFn>8C5b1wyrXHgmuGamcoL$~^d~tEe7)K_0>6n6*{3wJ2AMAcCFxl9(36uw
z`?pcEkO=0Qvc9G8NytF>W0mGMF^O2iIJMHnRT8Mbj9Vr8>Cbn-GiF0iU*3KR+`c%R
z+E#CaBg?|q7gxT3EF!`CdL~c`iPX}h%O9mlb^UJxs8dOYh;qWH`-uMi<HFF_r`|>q
z3M9~H>@aFuWuT$Xj*gB<_6NUxo?oGp&IU$-;;BQJ-G~NlCQaTDfN3#?EJF1426Z^u
zEmZfL8!3@QyLE^glBZwHK_XaXYupz^bek?RnAUi2SRay5ek7A7O+B5cM@S+(A?-=X
z73Q;M@t$*^Uss2~o74bsbp!DC2jPGJL<IF;JVTY>r93H;sQc`Oi131dJ34KNN}3dp
z61bW3QR6WI!w#kdu-xFlyA%E2bdV4a!mO|FnPFi^zrXqf;Zf3^Up#~5&<#2H=IOD!
zJi@9s7+dfeVbHo9q%T`FP`<ZM2ZzJ4V8T0B&zpSPiNNmdNjOeu#{3SLaI5jal^O=L
zS@~`p<fYUM?;i&ZN}RYw{8V{v^ZgGX3<%J!S2dshpx@C7V<8K|phKi!3^(i~p;v&O
ztfOY4JRf({6vR~K_x4uIZmpNt=LQR`$VpS)gx}CG8eOu^dGG08_^v@r{f>A2swO<=
zX=QBep4FU;<n0YgPIzyJ`#iu;JcsJxW9Z1l#7X@FZwalL?KIQzs#53HnryuGb67d@
zK|U`$Rx(u>3#X%O43@xm7n3ht{~0SG=uva9%y(ErAbRC|%7T%_wY7e8^>&D(2F&U}
z9fC07lbE?{HhjavPHNDE4=0X|6?nruZBd961%{kE=rmMz?c=L+ycBj&z)DFuIaFZf
zvX!H9dFpL>M~z_wQ92mS=+26C=BHyBXGOHD4j^>KkIj;u76a$crGUB{k?$~e&@JfH
za$jnV2x(!2DtUXC#@KNhxg%JM@y0cl`gq_c6918nhYC=`<HdtL(@IWq%s0dy$M&6{
zfMSG(tp0p5AauV7GFP9XOi>(uL7Ve3Vn8oyaDVaU@Nkz)3)h&Dp=R92>+QOWt&oFN
zes?Ymq|<ch_wQb{!!-iYOXnz<R-N3_ZD18}lsUmxQ@L6>_sHrNen$v<+-8eHf_sOH
zyih)kG}(vAYP*K2bC+~5c6^-Lp6am?EV|Q>ah|Wm`&T>H^<17&PnlNBrJYZvXFE(w
zzPA%`Kje1Avz<?|5e?xMDfT&4$I)tYJo?kOxv-wPtkA8fkhoEA7v4u@-hsC-K>d|o
zpDmMEm%XVq&}E#kmw<7N_*6=r@g$^!e<w`maSsRCbd|!z(0JYgc1!I9tg4-A!v`NQ
zPkd1q!v7}C9*Xtkps5KXg@uyd>pc@w>bDI+gOai^pO(|)7t{;Se{gh+3~6(+`p%KW
zs$0s?si^Tm_@Tm4v+C`u+o+Vst7FH#;D6y$_izk-aFkvqDVN7=M*!^!N_a#cLW&em
z*95OS?as<h(rJ4V>cTgUAtrA(AL{b@Dp|_L@a=H8=5!(2KK%~XXcLO8IzCh{8!cHE
z_<KwW1%pO4g)Ds|Uz>s>gEwetW+V(qZZaGUzs;2SVXH%(cl&GjoOVFw{qC>FC5skm
z#p=V_^Q?um@TlH2e}<-HYm@S7FL%u5%ug)(g3a}__3p1(?seRB#7J|z82*+=_7Ky=
z#abbUunhzmOYY`5C0AHn_CEN)Yte;6SYtgNT|g406;@Uru949ApcI-S*OP0H>-txu
zRsEGjXppG(j|Gfx(Fk!<Y02-R`{P~%X@V`RsMvgwp|(W10vn<ottmsR`q-OguRwA{
zIJ=eYIKj=_=Sj(Pd@I!^oi%BA?H1RhA-XHtnFlR$tnT!EyrGAeZA2<6``Bg}%dd${
zw0UV2S_hQHI;s`O*RWiaCY|mocV7tblaEPEY@BeHIoYc55yZdVx&wxUz2WW0$~Nw3
z2Fc}_ci|d;r&_#wH*XlINul_GS<j4_`w`y|_KQ9+5+)W|-zw)rAR&JF?J3qw1*JA%
z*_3!&GDH09>-xZuL38bFG<lee`kjO6uzeR37_XFOfnVU2KnwPYI!Yeu3o8us?!q_r
zO?%A@dx}b|2CRFUuIqCw?Cr4)xUO(FXt9{PCQb@@Jf@K*HBW89#N@7=cstJ|=sS|^
z#<v*)Iupy+%E<b8)0vTpB?AKqk^B~yk7Shn0*dlqUv?kn85RJoi0B3i5%kJ3e;y_0
zWM_OYz?q>Ti2it8Bo3od3Ig@Kc2jFl*M0!a4t88FS?wbEdN-g9nK6IsCNRrZetsv2
z&NW}y?s8I`lpufJ$xeGmgs*4OQi9*ifN4tY@#T~2z=o6cHK!~I#X0ol0sVq}^r3l@
z(^z1ALo^sdXRaTws7py!d~3ln^G9O7dVIZ%HmO1p%llpKB|&u*Ic>2`0}<!xSl){M
znz4WDWr@_}v>v0bD2gv8@*@Qg8QmT-Fy7#xr!)20?Z;xV)t$B9N}Y3;_A|o{HiztL
zE18QW1Xd(u^_)V@Jv;_$pm;&SOI}etZ88u8%BylLvB|vgtsfReV(y7b^$SJs=nsi3
z%VsMN#o?|v>j)Q3)E1*<)fco*`cE_$Ry79{_avfo)xRiA(5}1&;p=Q~%^kKN1WqDZ
zbuJ0@s`evXEFZ;rYWJbTh=#we>U6E0HN1jv5D|q7wU|~(^{7$Q1iKDX)~5r7poY`6
zn>E~fPFS)j!1;?E-2R;Y$wWaVfQ8NhUf1hH!8|*70l96dr7PkAD+VuGm}dDuP3SO~
z3sz_kq?sXjUWhwOPH5T97cwuukhtfjEL4<C&H8Q0Nt=3G%I$%ZMc~kfx?6(!w~VV<
zVbu4;fERmwDkwl~<UQ@P?Uwg&buBMmsV5Id4^?B>#Ao)n$I>|y^q1v(rgsa(T!qzX
zRy8~dXGI%L+hnO{t`4X2;5-A8s$q)gP!PTX5tP7&NE;{PXhW=wcxFV6B+?*}CjCeS
z_+8EOVGl^YZ~&huPrLl1`2KYNpS-66+xq#{l5{!N?9VeE?p|R$vk(C2xe+)c&mJSj
zlcy06COfQ?)@%G6_FE)xV%{EXpZsjE#ID>FKhr@3S@RNuth`XI6FcCSGf;_?+Ap81
z*ip%vez<=9SI1t#mykM)+k^$%vcq1F+B&PR^>WHWM?uHgid!GX<Tg7ykdl9ZyZO~0
z)J{wVZr)ehck>ckk=gPH3?3}JTUZ}{5xDb9NQH-=Cm}%;e0L6H)1M)dul_(e2i0xV
z6sgezFkF`odH<*m5%|3#7)(~p-WU=9JiFhh(wyKH&l06&#uc!=*rXjd_OSdl6V8pr
z$`LNG8p}e0=}57{`^VLCc5k+cK~!4zP=<@+F(WtI8j^les8gy|eh~d2e<OqZeHfh2
zwg)k<Anwy>PICcDkd;w_bbGNf**x%~3-+t12kz1(#V8sD14eTHS0J2cghE*$s=lh|
zD(t}k&+6K{U4r3|qt8)2MdPGt@`Xv?h|#y_7Bx?LG5}vkqumV*X;t2vO7Kn-k8e+3
zqu1qH=1o&~$tc>JoxIT+pD($ABEP(z$(NrO?6@hiaolXQ`q6}OtmiPf{bT(df6%1|
zub3H@E(%d<E#6X>e-q1*{9|qHk>LAe?hpN%E(5EY#c}y_y?%MkfLE#`GPeM!a9QU!
zejh$+S8Bh<m;YL?-CJpg!;kQ`G|#r84@r~OAQ&2zn{^zqdl%v1w_N41FY~%)W}IJ4
z=?=c`4@6+YLF99~QF9acP6>sNRz!<r02;jsa1^6zeqy*l`5T<d+1w=Zz_rFnmwm)V
zZTj1+8yJ)(UcOz2M1nfm*7Nj&zH5M@CH3RhMHaycUHrSRL6^b{gVHk9N!`0+HD_sj
z#MpIdx*@f0ggdWv<08S3wwP&5IjqHBvlmz&Sym%R3$jNLFik;>I)*>bB8A5CEAtLb
z*lImHw6v|BVpLW{NW!x;^f!~TqO_fJc=Pk&s3a6D*x|8Jw~5UN_(8Mm(G}J=wCx#!
zLJq}*<a9A~C1ri2DWDK=Wpo?+C?;z*w1;vS9Oo2U-L`}K)$AVTNVi^7c^P*cEkZ;v
z3onIDw1Ts@ly*Co2e(F6h@sb6_^-TrM34FPuw!nAogrSU53=*?YI-ba-<59+1`Qz!
zuxqxpdKh)}RO~x(^Nt%H$ItKXFN644mn5l*^&bp!fG$<6miO>IGfJg1SZe9-E=<If
zv}&%oJLXux3e%UT%H_2KEhWCvbTSgieo-9ZkkT#2Uw_BBd5t#o#%Mi!(LzPKGgl;H
zJa9OwOkx6Y6i{_IQ+=(>P!Sq$ue1ko3{VwTHo+;c<6@QT+K?ay5*N6@GW#ew)>LE$
zivkW(ETr}<xvj2t0Yu~_8MfBbWqB9+x^^X~!${weat4wr8ETlz-hy0!;<7m`#YV$E
zCp!j?>3H#fqBI~20yP7=7u|7)>Ec^%wm-(Ej6ShZ&v|{9VkFEl4B2Zd*Y0WGlK;!t
z<(g;Zkr8Oz=d1E__;IX#@JN-XLfq#S45&JvV@WsSdD=3{8R@n;ttcf`3{a(yiP?T@
z8Pm7q`tKXy6m2O~obunr8U+iy$~Uo!cs52+r*ojetunX4G5q9_Il80OgL~~I*zQ_M
za+t)&OfmlawlEnkFW8ra!Y!x36)96!mZU;HvWZ)?o|XPa3;D+5Z$3i1QsK*k&j`H~
z-IWD1B~l!;+A{WRO(S4wIl_)m$+ncrI??Zd=}5Q$74BE*KioMP%fzILQm#NU1S+sU
zlvmZ#NkYMW^hgdV3YAqGq)rWfl12SN(yJ;X>!(ikUi542itGHlsO#H9(Z=0o$Y|`I
zRqO7i(T;DQ;iz3RT0_OjVI_$@5VqHXZc3zk<dwz?5Qw6)E=i%v%We|Uc$(M4q_dr@
zjTRoia>Fcf56aSWv)brV&@o=rFDtMt!<Xh^)UCm1G@9I<b=0JCR<z<R%d)2R5((jq
zZl5X1#c&#t6^y9on_BB9QbyLl&h6qicPee12%Io?oR1w~_sJ5-8#O|dm2Jc>cMwiw
zz506qm!QJB{Lilzh|Vh)@LLtmbEc2z-0{)7_{u@zWRfp0*>TIBHjf+vrRjYnE<N<p
zv=Ob2x)R^BCUA2d;utKEV?&6O>Af3{Z-H5wbxgrIXm-O(GiTXjqdaF7X&+~QklwSp
zu=lgpU9y?hvX^+T=p$!2Kd!_&&PpnHl)mC4x|E*NDf(os?=q68o#1rkD@lhGOO9xw
za@C|@)Ww8<)VL~mswgEJh%CH#3Fx@jph(*Xepjw}&q~e#0UUszzI?X9ao-$Z9#*f;
zzNez*gHel;|H}q^G?;|o^*8LI8a?uBi;LACN~PhBW*}WRPOtUdYu0Z;m>ky=!lenS
zO`I4%qO%GJ{$V&>_altwAcCefP7(NKTxZni+$;D`%<})yq&qov;?{^?mZsK_tq#iD
zpOJDR4K)Sm^xkAtY|zAO@-qOr@<Cv~C-Ut||8|T2D|jX$ZyLzX=Ybe1S?PYtpKYXP
z|03Vbzv>WwfNTo}*%~a#NF$v3h>ObmnA2Jmj4k^hKvWIM#ALzHt4o4(oBHH+h@c(R
zQz-k*aD-EJbfWrO=wkk9qeQWM`DwD3u6HAjE;VeR+URzfzfBBBGfy{cbCidUoIFYq
z@!ZR7g6mh6B|04}`iT=?`b$=<WIS5$%2js;Dis8<cU&o>KSYX_DhsaX`I^ztFTc_9
zap#2RdKxvk@3jDo^v{Y*UWfMR<|$A$*rjX3RrrRjZyVT?95=8XzHCD9Zwu99J1N@K
zka=t}E1FcDB9EU6KQ5i+;$bmo9MmhOOMKBuC=C@Jy}~N~AKDgQFV-zMImxw>+<x-P
z7);TII3>V65&`z65x$9n`q!=nwR-sBHYaMGMQoUEjMozy-!O*IY(*|A>XrHkYVza;
zm{c;&nJi=|2ZD@pSddbp>4q<8q&BN=ZV>8!sZKO5e&zp@e?0X^g#{dTIhiwf!P9-d
zdsN713(K|U>3DM;2P<gI)9a=gX}`MK&YCsj@I4tb!9QwU=fEU<zE~2IOnsS;jAfN^
z^ChEltv5(>p6Zz@)@>g(%f_HSTfrkE99mj)OjKg6<9<v*3hSTSmTmh=MT_Jv4j*7-
z%j&<(=2FfJ*$7tfd#PuNi7kBPsbuqLHkie1IVHpPTytUYR`m9bHJ15`-BIf)MzGBW
zht0K9gP9`zI}CStjDcfeL`p|vYKnSy49XPh$W@#$hVeS4#}+@hK$8Ek1dD8r3xqJO
z!Ys_=DtvIBtuqVzLHy!Woz;)(^xO5j$pv>K)UHBX^1)T4kg;(WLiDhGnH4PGC`D?0
zLTU8Q^S}BPnS*4EWZzE@jn&UT>ke&bvz%oY7c<m8`46oh^8@3}4dtD9saE*pxc#1D
z%=q}wj?h?A*tpR$L~Q<R$P5JVxJz#>jc*aEII271d_7D=uNlLt0qu0_RKr-cBBBh3
zE^*$wTEzxk9vvRIUl5&$b&FnMrHH;<%o`YX=}qqFV4+d%Gv<pL;yK=g;sa(o|I+j(
z-MgK)KH0Mr7&{0KYr*<=!OgW~Xszn9vF}ky+R}b?GK#AXJB)UKf;>}zB2SSP%1_sl
z6#cj6V@!;Is(4AU_p~qU8fdyXRPK|Q+Fo!+Sm!QAeb^Db9d23w`ciOSOY$#&K*#+<
zrMLW>N=LB)ev@F%r1IQsxdh)gSzKN(B%eE})WWI!RpYw4FYbrWwTY%De=l({C|lmU
z7jaXp3##CMsp2;Eou@Z9FXlP_rAQ_r7FMaUOXM;x4nTPLk1)WfPf5d{<ywch7(#o#
zPR_Z)A4I3UdZwiYO$`k}XQX74!{*AVAW?y{2Ui>jiy3!y&1zZ9&*D%3{%l^<cyBMC
z(;$F<iW2-ky{G9$yzubAtUKb_@SVnK|3R>(PS*IKi6{NmfXx2}e?!ep?M>c4(@`NS
zr|~_FBC4K_EZGwPJs_&`hYB&IfWTfm4?TN2I^KbagYo}jP(aKVDKbR(^5LnKJ5}Q?
z@zSTI4zn|ng(P^Jr>@2+k}=LOt<2uLFIFD`VXU8j{Xcc~EM^*0olZWL?QEI8H~Y~;
z+~&i*j1os0YBU1KBoN6#f5wCJwooF;)gW|`wF`!jQ<n{q=YWPyO&yN}>Iiv%oAqu?
z^7L-v8tkWY)PHQWSy>|N47Ppp1RvrL%;%}uz7&NKn<KjK7@at_Za?7Lpd~E5BJ{9I
zvAu1pr?~FzLN>HC-$WFBGOsl#km;Tmc+$T*@VQ}&V@?UA{vkdk#cyXZ(t&`U@N}kO
zTE~k$CU+iZ%ZJ;l1YM?^f<#)cv6eYDYl})Z`+_N2fnBVzu@48Pa0(&uKOTbi@7{>q
z)#3JZ$B}8-qGrDe)JioY@~ZEqZ8U_9rm<e_aJ)xZxWV?p6!B~uT!nePTz&tiiC50*
z=P$Wit!<c0Z{rE~**9A{Uo@VSZTVcQk`qY;xVD|$%J0n?V1$zk9Ca3_SVN?F^l)q8
zNph{K>E97#ETOOqQt(yHt=|d{Xt(SQ9WG;gx$mOfzI_c>)z*2dgo?U}y*1jHCBxXu
zvmFuD`gthAPh5<Cf9c7ZoaW~J<4ViJ&)+JBTe^^_hDG2>g9q=J3`|T))$nFWPCcf*
z6BfU{eyKXsJ^2ME(^}f%Hl0u;h%}E!SsaxC@<c0O)>j}2tXXfsx+Jdj#Zrha!N+hQ
zbo(Qp?5IBCn~3gVbNk1iWS%Xg@9D}kjG;MRudR6HVLia{2q4+FFlu|DbCm0JQw(1<
zI>UD@wp{TU;RuD+s0I(sMLONSB3nh{J&H7YSU&g>TEXKYQ6qCAuC8rb86Z&ema%z!
zPcxMBE50K_ujODMyk06+pSwyD+U_BXtE!HGboG4lKpwxz!;&Ywfb7zwe?>+s4O$)M
z-OV>^y_pVG?)z?UsNd&~dLB(7xPxN5d2vJp(G^JbSic0s;K5VTmU9dvo=Mf`!J?u9
zh&MTg@AT&A{6v(NmYTq(E~G#B8Npf$+e~%15Kj!F{;ptK1>(Fv=@}KtBGC}-ZGhf=
zv#inYH29!~QcJpu&I>XPM#^(^Cs9FjqJz@8BAG(n=VHj%Axr}6kS$?Xq)uUeH5L^i
zL|^@(ijb2$0NsM+Ny~he19GoK11Pady-;Q70iN=1b;1Q1;6VxEx!X55j9>O<<$Nah
z9*Bwtss|ix3lw}{3~`o^s#vSk{G$Adu)N3%Hm>4=CSX-I+_AHzuDf#AI+dAsJS(d8
z)(Et@V#I!oLf!Q7LSJeqU5h*4xOF$9Xi+mfYU>lQ=gKVWdo((M!vb06C*bQ~VBeJ(
z5J0Y$Rd^4P`G<RpVFKGdR==LS+eSH-Ny*B}N=TgUboORKw+n{M#DQQL7a0<j3g+=H
zeFG}t>^KDusKdB6R*vwt#cSg_#jFmYsw^YS&L6zZ@lpwJzg4dS9=h}&oo<#2Y`o2#
zD{~-n!p48@$H#N$+`m=hdYqo_et(2vcYzh^PkbgoCIw}ex*Sh+;vnJoHb52Q;o)8V
fpZ+*M-#EF`^<ppr`N|*oEgnQsT_OLzng4$Qe;WT6

literal 53563
zcmc$`2Ut^Iwl*Fsf`y-;q9R}cqo5!lAPGgOMj>cuB2B4MgH)+eQ4tXs2uKZx^e!OM
zi73*0uR){}Aan?X@a=$z_q%iNotZoT@BchA&XXZIXP<pmdDmL+yFKq9<qtBPWPm^*
z2N5@AP!PzjgAmA`!F@Zy|3i1&svP{!4jYub6eO+g)EM}%+xUj!4G1K|cR%If9`Kpo
z>ZXPb1ajyb?Y}$9(Fq0+NJ9fc=7!1>oryI~E7p;a(Y3VdyzuJ08be;!vC!lm!=zd5
z1ny++#7S}9^qO0GikZ-^$^iXTbETi2+@aqq-wg0Y&)iB`eqZ|T6jA23pI(#y<y&X>
zMSQ`^Xns=YJT3cDt(5VDtbWGLhfCcgud?ogR}abHPoJz`S6AYikc)2Qyf=ywdN6|z
z0PDN6AGaI)%lgN^n(oLh0)cmVcJy^%;89Y1QE{<l1o-MlXFa%yg@wiNeO@dZdrkPv
z@bs4(al7VL3OouU7r)n#{Tlm;95oi^=D{PoAP`$EZ{%!UZC<Bmj)&43rKgw_NvSGk
z)-{4jDn(Mq=SDEs0*Z32=E~aI-Z@%AAlK<+;bYAO$<mz;)X52lv+)*2Im06ElC=t2
z{a=|N5FE>ROl%;9+|R6p>tYsF6)b?)&r1$}C%V%y*35y2fPH8}5Q#(<xw;uSO@}&P
zB<8Z9+e?uj5XdNJGorh@JESog+}U(+zQ(qm0u~fvCc5Ub1M>9H72GGV4)k8kNl||2
zmCk;T*#2{Vf%M4LRR`A>o^^T2XhMO5lB6L7@<pf>p{c3)t&@kB@ED${;*{GGPhFyB
z6yF!=G_x15P)AxFANN9eOOJ=uCoe3{FtTgTv@Hwbgm`Lu-8EpsR+5EsO0D%#vE;E3
z%<*c&1wlFpL`xZGyEN6C!;5DZ<%06NHpf!FyiYr^?$w|eSkXcL)QuQAm+}H>fF8f5
zJ~fhBJkwr7TEG+FR(<BW(ADvtPwsgzYeyR!Wl2Y{!i%klthr|VwI%loa_-t)bv*^0
z4vT&z6v;k2hl9A!t~SBzdgDMLX5w{r2!{V+lZz>=4FUDg(a_dzRbq!gtZvyg-Q!(t
z7F_>Jlp{ynd2;wp>Vu-8BS^YzLozP$v{OsfSPH`>Oi|$Zz?`DlU2}fOq&%MW4|mo2
zs*&MI=d{MNsuAh)!u!(a855J7$4l?v!tAf$*{@j<2V~a<cR(QVDp2pY2iHgE+s}>+
z*vq%RRlO2beT7@73Y||jRIb~XeA9O39{Nouv34>4gOth9iCewjdyaIbi1nYlDx}Y0
zOeWqGBeP@_vb{<ZvrEB7NUnbab~grPgg~whC1I0(e#w8LkJmUh4n<SUBu(#H=#nAI
zRzVeui)j<-t-FPcj5Q3;%HPvTITc@Z4&(j^N{&{$PmZ0MD#x;~_K$KxAgHRwRZF2J
z&V+;Mtla8)DoZaIqEDUR#~tyE!a1O94P%XJ+_>rPWMNyD>C*8*F#Z5@=u9yy1j05j
zY}3<dFjKC@FuU`6{^=t{5l7w*5D}{Kk6Pd2*HDJ;9mq^x39xFa)!28q!_?@;s$*d$
zc6JMc4Lp8xkG-PboOw;3et=v3E%$)B>?l4%gvZQKMgdAbtZ#3bCc7su+LFOOcDz*V
zjyEz%LaM;1rM)d}0*TV4lTY@kk_mHNs%XhGp|jy~PP}(%{MYp_dSZ;5#$!5e%eWcH
zP@h4BsIJxM{J;We8uq!^Y>tX99d6J&@|F{~kXkDu+vkdkpc=%HIWNM1`<9|%Se-4?
zdL7soTnwxd`=jr&CnhLKGj7%Qisf<v7jSj|F-|*#$%Hi%hEBwVErB(D)%W8frMr_f
zXat>~191@c#nwOm&V>U;b-BwtXoc0e=w{sln7t?d-cHDMs4A>-uCggrP~FGxR<E!Q
zXHk&rYKc4Dup@}FY=_4=>m$`kg(3n!e$)qFfrsmcuih}CF!=3;Tpy8zR}SF(%dI<s
z^H8(0`h3E(LVRkMl-$1a#CV0w0Y?DdI-CcLj!h*R`>DWzgjDb~%KYXYB8bVI|Jnb{
zeJnIGg0hCeI8Fo^uM1`tua@(ukc=h#YoEOQL<@Yts2Uz;;9@}FJIe49ys^RNVU`g~
zvBjU+&F45mhUTXkT318Dpddg_MC`={=-`V#P1rTXGPczSfS~3@GpDCr|Mb5xpT(X`
zKd`fFrIZ}DEv>3zz$_kuG@P()LYiAxT<$647Z7$aF_@;AjHE&JHC%h2xGlepo559^
zHTOKdj7Je5VxD@By}t<dwZE|%e}Xaw0-{BqC!b(}00^LS6f%cSW${wKyvXOAoLZY*
zkn0~tV~#x;8R#S@N@}fmJNWyAe-6<Op+)W6q<QZl0oqO?c0x{z+M@QKH!h>v{3!QR
z7Rn;dflzTpz%fu|Cxp`nY1-x;HkYnL(e)F&+RQaKXVW*w-6p0AfpES+npSmnb#;G>
zKRaR+mpt6zyzcDiSSj`p{OuX|TgPBU7FztUD8Hb#5Lls&o$VtVn`SX%2;`GD(sY7Q
z<UEpAd_t55DkT5z7US*3100E6ae19^EBw4wV!Eko^a-)gD7X1B^VZbF&>+It>M~Yy
z*kl*vy@f4Gzg;renMz?i7e5#yXXk%Z#7%gJZZ8k(RdF~mrg#ixV(6B>o}J@yD^~W<
zCCkvB6v4R(O{KSrKEd$^Ax}RyBD}rd8uhG6Lt1fBZ9S50#;K35jq9N%FWuIMI@;I`
z3ZRR2K>VekLLZBY#Qke!kY)5p@49{2UYNiOly_QJV=}+3#7(EAz(WIt>|@iRsxN(t
z3~>eO=(si&LLm>wJu-3j9WRg76`Qy_7lMJ$K3$wQhprJrWYe)sA?u4xJ(6te=^#3w
zl!;DnO<C~5l)o<ab%{iZyo?GxcLcTKEoi151$QFGXYm)z#%Wy{a_Fm3QCI)#`l6zp
zaI!6mqMBSfl3JbKSLEDI0k+W)5iuDP-6^@g)=%{N+1WYaYG>pCyBNwsa4NcIa?Uxd
zDlMsi(_Y<3MKtj~Lz-Z#*cCy0Bar>54oAkW$lFYfhk=wOhzEK1Q@k<!;>7}TaoEZS
zijJzI?aSS<D7XgqGd)t)V%pj6-9pUbA1m1J6FJc;+~lQ$bXrX|z*Jpbd&NM$`s9H$
zH8(Kt=#4B)o#M=vQ@{C_LR+d)jUqqVL$xoXE{$7XJMPV?U=Bpdu535)%9Ghm54jC9
zzfpEDL$0GnW6CUDmZ|A=>ldsgkfvvGF~@jLL}i{s-7R^dnRe-5dW&29C0lv4>);%s
zB;hB$+N=F?lc}eq`;oKh2Rd;_%#XqLy6#9!!iI8xW~-~Ob92^nY7w*8G`W<GfF*;h
zM0hjopL-P`sb;f0u%u|XiwCaK_M)lW^a%R-Qr`2xYzITO>(_KC!YJZeLGlL%;V=##
zPL+=#3%TFqTNJ6$qtcg^hMp@oeT(GX0pavQn%=Us|JhgP2DMf*$~TRWSZl2rZJnI7
zm<!(lX%L1bUSwn!dxAFju?odAiHZpJ3dZxTPu1bNhv|1gPSe|>vSzC}A`2<E27793
zD=AJtbkqBSg_Mp0uo;ED{{!c_ZZ#$Xye|vn+osZq3#8l~5GHwO_AoY96U4px;su#O
zmD-6aG1rx3w6<F>QT;4E<i}22OQuxR6=6|p>(Ri-$Zi%<3qiK9$Oy8Bq?QxEpi>|o
zwG(3Hf$WNEZEX!P%kwigx?*$QJByU<iN?c@YJ|M2H1Gg{7(_^`6X1GBa4pA3V%j&M
zYw^Sysjg{0%UuwdJCf;^gTDrdmDvplsYV0@a#aROFAD|F{TGh&2mqnirEUH1*a8DR
z*!WL;Ay5S>4#K6LQ@~g(`Nwdfqy3KSVlYHP4D4cLJx9?p9%H}Qtx#W6QSo}~PrKn`
z(_czlp~W@xH4O;JU+=LmK461$qp*<E*J(@Qe=H5%as4Th=?zlv=PTsSrx4l#OG^)e
zMeYEX=ADcw(dUV6lE%bkspi-ltPIbsKx!^6$O=C)%m2Y@ehoat?orOD{7mdh-0j#v
zauK!NnQn@agTA*b>MqW9{a&QTC&t7f(aa;2DP4UJT8*;fD{H$rVDylkU<-OX5aai6
zyFK`5>S_$_L0GgR=8O6JPJ^3kdm)*U%+jH)x1JU4T5=cpI^m_z=48W{9XIQyW}jPF
zlruuPu7)2u8gOf}_Z6%X6ISEop5l3qpExO0(yxkf7ZNeEMz@A>3I1B4EmRx7rV)k>
zTfb0Q4^7Ox3w0x=^5XYaSv-_gc(mrnr7dV`r~sAKJ8PLkZ9gwTNz~GOBcXRe&om|7
zZcjp)$nnlg^OrkBRME#S$)!EZ7X5wQY{~j1rSqK#YQXL9>E5Hxs?@+U=!`|@dr=jy
zZT;;uF1Y2W*4`b9s3Ob<ES<<HHiD9wSN0Bw%#}$5HyF*7_fdbnnWjLS9}}s<BMV+O
zo(}#e*AMd9HGW^0(siegQ^Sp#Bw|e`Kd*GX#T%x|_c%fm>5EIoYtNP+>qfK*Q(qL9
z2>*J20aKh=4SS8(-Tb*Dtf8&>D3tS>4+zF_(zqio?%6vpTx*F-hjMK_K>kOp3iEEZ
z_dlf_o{oFo&pv#gBqXC6nxNx38Pm}#2S-dcTv~yDV$Wz?X=o>uy14h(O5p}cd5Z)+
zU;NrHOKQcnV^tWI(PuQ)RYOJGn1dGxyIIh-^kn6WuO19dA8tMM7&oXm*_#xam~!AH
za`bSR21(xczKME3XVc2wZ($mAf8z+|NSnBlpOedRyWp2mCc)vJW3T>EW4!?L^kn^I
zShh^eBEMeHDCc=g08I7)SLA9%R99C^hj@Vi0sQ3VJLFCXa8~ZbjZ*M^jyWjmj9DP1
z(byNalCYqndibxn>3`|ycJHym!ou%@g3!Ef*Z9S&Z0l>Zs)y#t0IykEScJqgK>h-&
zsWO2&j{NY;=#QHCuFgmK`7#GH3oxHizOkE|WgozDAexC|*&=X}yvMv~nO`Le`@*^f
zK|nZM3R<Wuk%X;f(;VKGO!?Wvm}bydkeB-)LK1TQIF2*G3(0+iL0ztI6%=N#!{3Hj
zM$nKCiI-|^YN_Y!+%4t@c`5+>z7%fa>bmx`A~FJ&4YfXLgyOGX8;gV*$s@QRuR##G
z^%?u-`_I4(he#0DD>{P^jaw1A{sQESJd{4r99pYYO)H2i9NQO8X>f~cjVDuKmZ6<-
zot1|qFCFCYOi@@5FIX8aa$c&zGC<yAOK*L|wzahp*d>mN4op2!sST)77BPc0ATk^f
znb^fcJ-+adFcHxZ<31-nbL&#EbO5*!DZAkp^SltQ&Hci&0)~ce=#R%k=Iv2Wa-xnW
z*(e)>=uLwf@yE7aDu984o&DgUZw=ZOxZm}(TEC~;x{{lLJuCbu#l$GAqLjc@iDalf
zbV#7nv41kMM~l)RRscE8j^k88;Z!ah*(+##cBG5VJ3sg;&O7Bm89q~w;4An{5BhQ;
zyDKx3gXhs#dQ_1#2{OB@Q=i9F5d^n!UiX#r>urt&SkqIQ<SP^&gB4!tp>M2VxFC+$
zI>pwdgX}jkzC#PCFN|s(<JL1Ko|OH%Wx!MnF-OwO=2bc$o9j|`MV>u0nw#^rXT`GX
zow}FB<ifNa1!q8fdOr#;vqL=!n|12Fs)kYNjiqE48BXd85+@0n3}syww*1t%V7jCw
zo9;?6JJb4#3n0So1?DgnBQuQ0iyaefpE4K^Cq;{pS={yx%${wzKGTlnR<=B(D(ScX
zeqe!&&zTO3nv7P_1L(8zOmp5ZSoAq=vf1O59#1}ylUu$Z0yz#m1@`z*cv0&xrMi+;
z5|b=x{h_z9rQ(Pn_u(oMPhfesz<It<VoZeut3B$P?N^+^WH|>0$_q;z-sKqW)1#~J
z(NgEJnSnMU*emCyDO|yd(V$F0mM5o_;fEkpP3fR4Gj32s{-ffDcI@-VuHuPp3GyZ)
zfo`@dX6N+34R`K=%z$j<KhC+p_t=<Ewk{ifN>X>?)}1}k$5d@Phzq4d;58LDpzv6V
z#YuaAOtPc%ZI1X(i%EU69>hwsY{>`L>1^~H=hJ4PCW&$Y*RL9-4b^1rhx`PI8ibFC
zi6_G$)bg|O-8diJT}e`uM1vboiuz797ABad%vJO$#7e6|$94*KFR#zsA3!q9UdZnb
zEmy;1xeI0;bXM;sp_9nhP3r>#{Ra9<!cRFFg4#zcd(*t0<7|o8@9l&&)j`|pn8(GK
zSswK)>9DY{;l$0yVw&JwP*U{K8S?$H_~l6vQ8nFBX9p-t@6p@)kJKkS)M<$x6CD#6
zJGsE8fIQ&bY8IgaidjyzOxz%V3zU9`LvqL>h5N&a%FeGcNwi=W&kXrN3wDKAF~N3g
ze8F;c1%2=smE1U%UL+!5wZs=03T1-ak%Q6?eZY!|u&@B@cXJx%IBTpI2Oj~*ZMF&S
z8ZyHJpxhOuGmtM*;EM@Zv6oU0F9o?eFSmg9SI2FRDe4plmFir+B%>DR5aCMnq=mIx
zi$#o*`5D>Sh7n?$v8e#r1l&Ijb45e|CMF;t5Kwe2SQI<%NSw_pXRH^W8-8TqdeWFP
zY$hTgqtb6^Xoyw-UV&V{3`{Q#UimpA<L=G88AkOYj&>y^=Fz+6x9cAcLP9|>YOO?$
z?`TJ3hSzd|g&Mxw0TI{$W|u)~xqcpoxByG!0@<Qs1EpoZ09hdfSkY+AJCK-9Gt&@J
z3lm5z1|MkX>An<n$5RDbVnE#ndF5}OH1K3f4?Id>1I+z-QMS>T+S*zG7D1p_1SNTS
zYvcoIk>g>fW+MDL$z!dpsw7c?`eP9O&D&j@jM2*&#l1@R(V~8fWx;@W55W2=&EPPE
z$j(&9#Z+ja@gU2Ho0awGQIcprwd7Rx?$=<~Wue)n+R&jO$zp%kdiX(kWW9nz9oYRR
zLhwOxvtjbC2IA%|az|q(CnwEF_2Gq-D$qgTvKBDPcPt#Kc5X|f;cL#P5#VjpE+-3h
z^qUVWiIl4=0X7rsup*HwijKGqDFVn0JTT%XE<l&MJUFC&HeTnvw#{%=hGaT{zy88g
zcG-;!aCRcQdU^^&*?vxb{#4%_k9V>&uW%Nwonv^<vbj-+&)Bpg$vF-*C~KM&+vjUX
zI0%w$EH2vId%W5v*m8AeE$@f)CASA(=D~6tKQPH{HwV_k+f(>3LLE}{dUF}iai6lY
zg~E&c7rhX)iaBV7Teq)1J>Zq^i=3HV6`H!Cb)iCwMb8uS1TGJV`-V(RFD`xt@Ob{z
z=6k2NZyFyTuZ;SH5kP2P;MV18(&Y&I>~ypCM@AsZ?KE+n^j^oLk0&^kr}-+HG4j5q
zreHnq(+KI!XDmVH&-Ab2VUbfJy^FZftfY$7E}p1IQ^CnHpurkQRM@<;;vDhWt{e%S
ztJ^=7acEld;SCSIXJMmLbY)I*eOYBtD=f3I{ms1U2W$G51PPvW6?D-ap4OriM(EhW
zVp@}EedK!o0^@KEAH&uH49sVWsh(T{eU6h06?wwi`j}bRa@YM6T4x!w4Khhb6>0-P
z>j$^CSUR6Tmfg`{1FT@4zWdU9`uc+|6yojMeqPe>VCj)~jLUerpN&O+S+T7OIp4+b
zW~%32<$0Zw7Ojvp^7lNBnmXsc3r`6f9y0k3G$O?@R1ffjq_W~$2AE0p#=-@O`=jF7
zp^@!rc>;!WU%Msq@|L51Z?s8HPoB*PW020<a5H70Mb)z;;vIVNPt<HqdXArq!@p{F
zkoKGo(fsX`CJkOp#DZs1j2@5gk&9x=?0c-tyfWd})wJ?gPTe_Y^|5docClKlqP5ny
zUZ@Gn7VJ0?gcx{IAH8HAI&$<n--hejH-auYulE7Dx?F|vVGzDRjQN<6v29LW+U@8X
zDyTKjjcA|Oo-6Re7t+AfU5NM_nzeOlgZ?_RU?&E?imONrLR5qP`Vwdo)il$;ci6D$
z0!uS9vr9q!NvM<M&TZ$7<jHe6Pj_zw3z2E$Cvf#*ahGwLLvKXT&YXzjV8jq1be8_F
z=d?SFvxDDv&b(E>jfbsA)9TU+&ycZKGZ8^71gfX{O?~XSmr^BSHjv#Lm0Z5J`fU*j
z7tEy~wi`>}OJQCdsGCo()9%L<4&%=lUwiJjZuV}+X&lY_Ij;d|I(l&PuOG0G`Moq3
zphtoV)oIs8VHyttTG2DwLY^zzGCd`1)QBY)Vf5G08}|eC?(X*@8?n>s4RU7#>wkAy
zkS;+pt@G}jd>aIsd5)Epb(rN)!bY$vNsNJkwyjR3&Kt^t+be_>$SceH%M$?n-MlsS
zT@>~X$JUz8UzUbONo*}v;r=V6l<U@01b;e!d$F>$4t|ppF#3g!R{<7i&A$~9g1Eg(
zKzwOkSuJ0A9_U`KRwzVOFs{Ajtp3&GkBez3cq6$Fa?o2ei)eGF_S9?Q2Gc|Oh?pXW
zAH|&!NQOUetflY?`_AWJ597&-$cc~YH|2*@kti1I>@N4AgH_VdJ%28lH!cag(o$gF
zrfE*N#TWLKr*$D_obv<r`Sw%#cvCx9_rR?d-v!;8tQni>CLP4Hh-P@=#*qx#yxbTz
zPpF+=<+_!>>yYQ43t5RAk!-{3ThtNMjr;OuEeA`_+nd_@uT=QapAM9#rZysH<x@XN
z)XV%{kt>tH{_9P-5rcZBcK*d$gRQ;{=hq^$S|>P#sF>xr=r?~}ewL|xb<Z5N{SxU&
zq*7+QJ(L`IJyfSDJI3<OBq#AFGw#Tr+n*O4jGV=PmPoO1@Lz$Ap0OLMbP4_s%l&}W
zQqY2S?if@Ybn;KUAQWgZ8uMV3vjt>nStzhHPegSCBEk3HYX^Ew0=7)!0O)+c{s1T*
zB#b~djvc3}d}tU*_u6}gO+y2)5z?W(Wmx}TyT>11N5iX2y>hjY{X0)NPXBmDez_}Y
z)5$<-%6-gBJu~Pm<_GQ}Q+P>Dh*Z=AxBjQxTg&|K?ElZ_23?&P!~b%lQO|7*5<!ER
zFF#HtLQbU9fw4EqX!*6BZpfczOpnY3ZJz2KM|$!F@HusgjYtOc^v3{><5#@|{&XXz
z@JFMdeau3*uGFL0SfGhBXe*t#Q}M@(MLpO5?wzl96?d@rendyuxI<Gh=rd*VU2OdQ
z^2_DcC)S=%!arMqrilHpZr{qNF%(+t;G#6xbKaEuv2wi0Pqb+RVxjAH>GqZJ$CqW+
zeYgbHpG-LW*@PuTVZ#q?#)tW_@=FjzGpS&0rD=AdJ2G3anInCz|ECr37>ktLe%GAA
z?PvHohoDDB@0T+AX_<s^$bMD-xEb+!%SJDj(1XQOm`!n@0@HY#mxzQW%676~3%9*_
zG-fxHNn{lXPz(n}+Rq#P#vWyrERvbdIrhhwIRDka_Fuo)M9}dYuV?_UG3?=~+JbZF
zX2e!hMcC2sbxlu8>HLLn*Ft-0UIY#NhlorMv1i!|x&OX2@Q0oMkzD}nDl3!QVPymw
z<dmcxn~hQ{S|_Hb=hTT>FhaZXHX8I=5nL@dHbTSijM3%rv--fmqe2zX$=F{0{~~f!
zWjXwCGl8*cgrto<Lq`#|jcF%*tO7Om@M18SRO|G4Rx~gc3E)LO871=FGe?hdzTQB}
zB^RS`DoAWG*+n!E){bDj{Y`#C$QEU@?Kt$L7*{B0kLF*7wIXhp7t%5C0z0o|{3CC@
zgd;A$>ho=mw!Dm2WzjmAWD^wH9mD~HpGrBvp>WNXJ8aDT0DFbzi3!P-_o=6Ra}3>1
zJDYRmKMwk3-5|LyRJ9%@v6%N|yxe7s&K6u>X_H^aOAb=UmNDMp-T77%SMTbESvGJz
zw7!vw$E4Kve8(rgEO_x*9X%Q7pz1bSwRcEpT&+kV4f|C$tk(3DG5HB4=Sb>6%44xb
zOXVxSBWO!~AN3C((`51CfR*eH{Hy&!e|l>|;YZ#Zf$el*2iZ00wIgQux_4iWb(XbA
zQ4{V%l&mypOO+ohcD73I7@(j0y!y-GR_67OJ&hS#>UDE9A+Jo<cZH1kwj=QlLe_f3
zI{J9Tl}dYmoSx~tQJZw~s*|om64sO*>|Vqsmbf?*sl;%;6PcObrxM5gc$TLPu1D|S
zA1QCjzxZU7bN<K{a2WC=apIxR3la)6Bc+q<Sh9=Tq-EH<`f9ptp6pt`p-GB)1#%q7
z@k*eh22#ZloJvIQXk&Ep_sHpyIQ=P<<!M19*ZHUgxL%YyJ^Q2O*ZE*}Lq;-CSB20M
zW;ca=!Snq3ZNL|#9t!q*&;I-9%k+=J9nc|5^Et3KF_Ckktg#S2D~x*q+k`$~Hei89
z*Xu+^1hX3+mlqU*=jG*@Y$pm@Kl8yRM*W|W+uwKDe*zE&KA=r1-a~Q?+*+UB-(I1m
zrH_FiXubmf73h43qPP3MvfLtWS>W5XlYD_7QEj^Y|H7~Rap!KwdfayP3sg9}?TnLZ
z(8P!ffl#4`8Nlt`qqAX&Gi8bjJK^+e3Af45N=Eno0U=FAV2Nm0j~v0%h1Oc^_&!jG
zO(`InWMMx@j)UN@e!IEz!7ixsf;K0ZGi)J@5jX-TL*gJN-|u5>Hag3xd0Yt7!nRC?
zu4?bzUWi>Gw&keLGVug;h<WZ%<MiPyRNr^}RlPR4uujrhp*)Qq=|Q^8ay2PdP0e@p
zD{4DhdXz34u4#97$}vjeG4>Ph@VYGaK?m(RP%=a0xcO1TG4tDyMIqctSEcW6UyQnw
z@<_Z&QAkl-zh65gqx`>(6G|M_Yt1w3Cq;8)<z=ONPBcn}b-6yMOI(q$#8@ELO~a~U
z{fvb7i@$JUu1d)vB}1LA1ZpP+j<=n@QN=@aO^su^KxiRI&+`TfJ(fI$ri4{FtBH)E
zt4LWt&TuO`GDtbh_xU%k9uQZfC?ziD{6)^6@>5^$ARhc30v9N7$2Iu73YQUY%-itp
z56baa6}gUh1v{n%rEeuHrcxt68ni<@F0G6bwCD9ki%s=>1hpVWDgOH`{vzBHm+2}0
z_*`6t)R*G9*8hZgJaAfsl^Qqy0$$nmzOa56bE~a%?XPim$09bhUt#y}!U0^KEtj=k
zvd~O?SqHP}DDTY3kMqKF%~6!Se+wD+*w@P?7T7Ci-<p7JX&<tvY3Y(4{kX<&Hr^_y
z09C~(J8`qNjBygbP-aAuyB;!2zQ~tnw|T+8{mLinMsmMhd~km8#YtFLS)_YdhXStM
zOp7b&@mHVDrinI^`-9c8c5KUz7fZ*oJQ^OZ>bJEdd*>pPGDNbPPFXDbl;rdbDkbJ|
zNcEmeU&&}^`(5iK&EaC|(-+B_IK9>nFtfeH)Mm#~^OKlEmPUfAdl#jH;#Xd<bv1Q|
z6}L_Z2kfIhY$tMN-<W612^LQ%2ylokCm<fx2iEGr6IbL@r|y}YUU$C4mt-6j8;M%u
zkQ$mEKjrwu!+X2@>3WGoMb|eBC5HR2*(5~-XPM-&Qog@~SB6bXhb;&xb+naq#Dmfk
z&pn??en#%Ub5=%J%~yxuD>9^MM!FH?ogI?>Efko_PdLKcF1^d)fbhrkGeQf>Z&uH!
zxUxK!XYYLoW=mTopnW1X*fQAaf!*46a<=vV5ru6~-m3iQ*<tkJFaO!P0R+@nS?Y|8
zrwl;M49L3)jXJcMEkN-KYJD&*a{LmTntFL|KOJq%vROauh7@e{!2S(2^8XZR0h|Mz
zsaA>|{g-EerZ|_px8-*M?TL4<&Sj?_;@yfnpn=TgY(gWyyp29l6AreIZVS%+JAh_D
z0uu23BrgR%*9hrj?L6JMO-iv5d}1E!65iaIq$#@{Xt>g_Qyj!*FSpmZ3bFPelIB~R
z6Wm_;E)#t(31xpfFLJwg`*m8w6T_UPgtXiqT*;3>e%M}n%xo%kh+|GID9?=<ucJ*0
zsY_bFoX#kmJnx;2u}jW&&3%@V(@~YPqWS86xx`zThqjI2+NjeiAF29~dhy`}J4byY
zv>CVUg+<qFHP?Nz0V!mtlSJ(&og4X_7COGvTea|GL{?Nnr7zfj-_cjC;`vYJh2z}j
zjZDL4rDb3jD*#=jLDPKEFvhy1gLL3NyhV9+dK|4b789JTrVZZ=|4qiHvml(4l6~3?
zQt`Epl<6LazGb<=o;Fox>L~|u=o^tmu46(;+T0KCvh!p~vA)PJ?F!76h*K$~|9<O9
zR@Dx5(#Nvh9_{APPS1B>@=0@m0Et~8drq66`W%$U?&Kwa$aoh0hKqo(PiZOqGQjba
z@Lmqu3M-6*SF$dQQeBm;9(w+6Y51>_Iq_E%#7ph`i@c+Wh(Od`<<2;P@#1Xw#o_7u
zW1P;0Iq^)tqcB$vR!Y3T{8rxO7N;VO3o;Z7CK4yfjQF?tgn<K-4M!A)zRZ`N(y`5I
z@Eg69JkFWT1EU}Ng@P+_M~Yv6*!7jejMa`MOG5Gr$5lmZ+!3dJLQaBqeLo(%yUcvM
znR-c5Yw}xiSIx@QE8hgoHF<T9DD|YoQ#v_+m`xHk--^<Zkv8>$`Ax=lP4)q6?{GFK
z_d{ptz3rFTh$s*rzbr~z<2!rN{=Y15{~LhC)q(idne0J#NB}rZl~&Ae!vjTmeO1*h
zb}J)CM@KLkrF`C@`U}ZCfbRIhyU|hnry64ale7Q*J{xxl@+axtmy1+O`YlIC;Y#~T
z47C_BbS%GmUEoXk{zacir9l7~g5nAI)&IJewlKIkw)IL;Sl#y1vB{WXGUXfUVlW_k
z_#I@z0eVLFWyV(Ck{xiL<H=a2YqPxDJvi>(4GxITDY4H#g#)`%yo<-ISRL60u1<_{
z?%QZ4mn5=}#Z0-yBiO?164-(*sU{NuwEyY{C9+R)uAhD5h&5Zj=@=HgFs@f`+lC+1
z2N($u+iG3UsXt1Y<mpbBNjDGVkm^fXLR&D0;yC;<x>@TLii=9;tOr$nRY$rrKBFmF
zb`rlKS_`JQAO=(36<(BHS8OxXTj5zdrh+G_Ssq@Ou~dI9iX)zG=<Zl}&wK-|Z+!zD
z_xYlvjH*R&#K)XQ2N85aqV#MIeesp<4rYf0MK;vnO$wuVh*gG<@G@+w+jrIeL-}x@
z$R`2+q_nL9htmKQI7O?}t^s@z`(T|<IWcBGj>IW>`U8t_=C>$Wyx?<*ePyt658;pd
zzY$b9FLA>^aqtGn4AqX?q9&q*?QS-n%a}6k<FZ|vz1QbflcPNMF`B1H{w=xf)UO8I
zJfh+fq}Nov&tZ<wdN+%(-hg!Eu=^*5sV0?xtANp#21ce|R~Z#Iu6Ef0HHnrS?)GF4
zlk^i`)@OU#y_IcWsEoc^C)9?29QgT-P}aD>iBWIeakwj9{IN$@&ly?Y7?e>|L2$Z0
zek~YX-lb`1nl{n0Wgb%8w#_5CYxgpEZlI4b?7@VU!Yfz1U@=w8jM|;45>K*^+a#m{
zYFDJvo3+J(Vm8c38<Jun#RC`HdNqGzC?FuH^b)x({SHsr%~<iA^DC4uE)7>J?NFm<
zT2zDu6_q1ynYM_v90QYMOp;L_*D`FlJAH2QUb&j+k7*G-SJKw5+cKe|=5Q@9^>rKX
zG9xe0F(bou0P|?mWp3_)Rfbh?r9BenlC)*Ivr%oFIXcRTfl(qrms@3{G67%md@R1b
zHe03vr!C{8eYtF5`^lf+u7(#mJ^67O^j4y3WMRLGo10#MNhbEAW_ETK44%jqzdC#W
zE>74M*+hj7W@2W>v+Tvp+#IbSQUk_B^ML0IsJ&1KjU;v<o<?4<&SC}wu*xX)dEHP-
zXD3>)_X?OPMY+lG8rAu}J%m|qJjiEU+q@S-Ytw^CZXtH6CcEdsa19=}R!37c<U7)c
ze1LY!%3eenX@!HyBIE^Vx95$<czb)-lm@P^DoMT#_XWg~c;uw0%}@uO$VhG0KFCL~
zpCD)HaB81$CDG;|@ej`*wOPiwXU!=O=k10BfQxW-(*_11o;)(BBrqy+18nKbb8mM-
zTtKh0(!ObRfBX8}B!_%m0T|viRs5hSB7PG`3I&rL+`PjdD_;Zjv!J*vzrYzRo7=sU
z5=<H)4YW9R$q~#D-x3CGX|fBj55taoAPopT5dODx1SfL(M~~bC(B^(t3(F;Y7gGn+
z#9gjV#CQ~suK>U|sGI#^J@wyf9H}N;TXZ6t-eRH^JgR57B`cEbkKhst9penT+zMKw
zB;ixiQQ{8y*h7r$l+iYiZFWM;!omXJZG-Wd;DE<he!iX0Z{K<jzbHnC09B(`%0!FU
zY8x{c^=$p(7k5q2#dVBEg$6&<mnuo}wt_9U-)-3w|05JzRA$~O5}D)w0o~<xE<JN(
zTzkxWZi9dl>xQic?d7_lPSw!_$^zAGQ_DcU;1oIjrKYHgQH9VnA@=0Rf^3bVBIewR
zGatHB&srR?CeKBG8_wCiL7ZvA1yoQ5NNI9)*|iGfc~a!6+1_Vl*b!;KJnP^Xsyvi_
z$x+`jm4MeUVUW(bebrV4s^Moar8i|s;<jGO-L=>r<a=k5dzh8}@~d=cARt)0PC|3e
z&&1(sD)zNwAz#3BsmXJb{icf~EC&t1-TG=JiOF6Z<ApjJ%;L?fK?=`X_Bly;C(-p@
z)qyRmTiWs`EO0xe5LKxONz;5M_vr2(=rh!j^)HfGOqdWaXSX6>nRg=c`k^^L-OIx2
zaeP=|y=%tZ-g<wFe3*}|kz$=96s@)mwV#7_8I^JGvWex?;*70=%Tq^>ydHchGG6uO
z{=lRR*Xx{TU8u<tKL2CzO3Wp=e2V<r3GOaLpmgg1Nvso@ME<L_@3qDlnt4ShG=u|3
z?W#CVD%kN91Ql9e#@zgXA>YQ<eL8T99QeaEb~GDXB{M7KjrdS((tC`M_HLzW=1AHJ
zp@XnW&FCpJai^if=j07ZqKi+llQE%;ceAin(d-$EN&=Q{fZ_=}e9JOuAf=*Xnx+D>
z&bPSMf9Ha3HNP1}mgn5_yGxlTzjEMZ->I-C%BDl77?sq=OYxZ~LZIDJ2T~xcb>B%l
zmN~a~N$;wJXXvy#<3n#kRm<;u)bI}b$^O9-`n^qcqL4Zj1;kNdyC4^U4}zYpe2#>e
z*pn-?dqoLM%LU0BdPnX_lAZ5Rx1<QQxvueCzriyK-@9jELuIjcHyvApq<Bl0pAgH>
z!7OC2T@YgIAQ&fL&-UE}L>^b|xid)sqF)HC{o1GRPNr6-Yt<gIu(S-_B5Zxc7B(k2
zST7(m{II;(d~)p%B^FD<m3kfs;H>hLAZL4ui)>v+b7+4}a~yApNRHN0*!lD?Kw&e0
zR|*P=%=AQ3MXkpTn*{nK$$^{WlL#c_DVQ*E&(LUp?2%O)17GNaxYZHBj48Z%|9)lI
z$R_J0@CnqhP$l0@e-R9*C4o=)3Gz2*(`Z3yK8GH2(L+oD3bbxSboCZE2u7>xVwM^}
zq(lw|gpZTs2iAo$&$kX_PXONbqboK>!}opaId@#A@eUktgPjC|j)q2ME%NQ#w^}vf
zOUN>l$Q<5CXHYT-qJ8Ar;%(D>wAfFu6$5^OmfX&#v=L{xy}t$Mm%~rQ_bz)R6MTu#
zc*(2P7t8l>LLM;zf?7E&QA7*B7P2$|19L=;y^xBH0q(z((eig`GPZFv;@&Ko0<zBe
zIQfvN6QmPh8od*<pYg9vdW>f?5{M#JrlVQUMTY>T92@(!WuVQVf==evw@YeHkVNlO
zmgAOOLW~bR1-vF2!=}fsDc(WdqnsB%kL**9Uz~u?7{-N_JNxM5P2&qkh*P=}LiHR^
zbv9-**`;@(y;@q=Bwc=vHS2oQ(hxg|e6nI5lUeG~3OP)J?=kOkM>+ZYfiOwL&*lpD
zov7$ML*nk6n;XSBgIt-P8VBk-KV?2_8YrUszx7_P-<TZU_cw<E)6`*O^<T2r?6Xaz
z@&D$}Te{}>E*&tEOSeR$!+tXjXkP~Ul^Gg;2AR(myaAcV`q%Vb8^ZvTk<U>iwT5&s
z9qqK&H?@V3C1e^#`SPHd*nEY?!3y)*53*AO5Y^C@%h|D^>YJF}VC$4kemSKvi#m@-
zfz+mxzJf^YBg?X(>v@)n_IXW-UhVAfVl7Qo`nEyydsGIvWlo1_O@J1EFc{hrm-N~j
zw8%yWlJy%!^5%!a%~@IOY)7x=Um9$`=e-~KnAj}fa*KY{V)G3!O~kNr6t5@GNxlg;
zgA2GeC+XW>Rwd{vvxK}`Im=>K1GlAWn(VsWwrDDdaWx!x;2|VobR;LTi&)f@kC}K~
zoQOi2=9H9Cs~#x+&9K!BCIX7B;W@{-iJhaOo42rquK8j`iuk&Kt|@VYmEUf!SH)%U
z^+F-)<!#4U4*v7kY#V}C?y?3+m#%j8=~z6N<+}gi@oHiL0Va%Y5lVVrR6|W2AcZY*
z<U4uiIm-`|=OhcMCE;6~7qE{tyotzLro|5PtrdBncSUoTqF?{m?|Pyv{V(|Ama1D*
z0n$k@cMARD`|~Of{MHg=d*vPjp@RoEl=3<*q@`-S_Ny5Twr;-&&+DY0^V<1-1R$C*
z=Fb|}nImA-en#IuF{?$ju(@ygS@q$R$Aenk&k|)6$nG*~LHF|Xb+2YdC$*LPwy@W*
z>I~64aTP}1LVr(PvVq>@6>>Y?3Fqre@=;5r7twg4I0BScZdc$Waf$!Tw@F>iNUvR1
zy^6N;?Y$mo#lIvl1Nhp$d0+HXGjizBx+a;q3vDmC1Y3O{DcR+;a_1eY*^gcy9R5i|
z9~<nS(U@NUddzHrSG{~)_EdS=UwAiDd|n)0SaZBu)=046O<{VFk17-Q@dA~fi^}Nr
ze(t13ae`lW`IxJA(fN*C={b+ve1trk@;|sbfYtmeljYpV{Sju%eMD}blSJm*gy1)`
zMlja=vgoX`$o_L`Q}+gR6S;LCGJMtzA<ZpnU|g4v*CYfEA1<2VsH@Me`jDfs5L#E)
z>Q_x;JpNv+_EllgSs+r9LFOo&9Emrk0%oC5J<n5}O(xQZ-qrZ?AumRL!NK3$vI4W=
z`%~*w<q^r+T29gRnMGf~G}Hf&M4nF1e&ZDmuW+Z3PjA<KG|QaXYXuqJ%WsfJ3exUf
zGAc`_fcSKdmKgw<NA7$&jio)pbe*(O`sY7$_<#$pWOpWEB<)O<1{G>-M`&Ub!rYL!
znGDnE-5YMl1qjDMK|!zN`PTcJyb9(V`oe2zEg=I%CmMh9r#KvlQY+u;EJW}TEO!lV
zvU&icsSO8r0Mt`C7Z$-0IzeNU`1(xwZ318L65ekik(HEpM+qT3AP!GXPCmkP`ryW`
zYTMe|_g`FEu_A0THsaqcX$2ead3uxPWdA?Wfxy@aY=CjPl9Gb2fVd#Gd4M8xJZ9f!
zThf0V&>f%H8H^em<7?+@C^J=I$;n!eWWZ1#sAjCTdm14TAz1132E@(7o6XrqghCJa
z#PW}P0y0S2NcJqxLQ7s^JgCR>e_g#5XS+dpNT0Q%4R{|sx{bHvW^E7laqx%z05qW_
zbvedNbpEizpxY=XsMbLc-5u|ggsswDsvSA^u)h~pq$1(~!-yj$g;A2+o^e@=C)b_x
zB6Xv%PvtfnMXgxek%K;f*uZT|qpz#oG=%jbs5jDTNU14_Zl~=A$<I>O@u2$rHFoE;
z_0Q)V=sV)_P)_wG*)^YR72Q%?*`1npY}NZppzhGpYKnNm=*9GQQo3sD-E#Ayg=5rX
zH7Adv^52bezUSTCjxi)H`7g=BZJa2Ju{F+q%&A0ABIkk~mqtqU&8Q#Kt7Sd1cB+HC
z*_Ln2k9DH(^1}{FcAYKexQ41b-GS%@j^tt2UN9xG-E4Tb@a>go{F7iLLv%{&x^SGw
z@Ojsr=*+Uh)}x+`tK#V$VWx3!wXYENI^DH6;iQyWb`qU3;8{F&43mI63EG69qKs9N
zGTL#oE2B};8UMgjOUVhHtC<Gv9KghNBQLCKUrD|_@f}<S(Dz3I54Mz1Lr*_WYFFXC
z;aJX*bb)lkJ!cR+CjF*4ZxfSLf?Opo28S9Bh{$tFObEXzy6A>32_3)dz=+mQ=Xai7
zJk=%V3O}Eel6ds_6c}OrGJvFVcx4)gV9BZms3Jr@7yd>6`E3Ev$bF4eN)m6qeDwYR
zNB!C?U6?6yfgJ|;LruSi3q`#MA@vnfDY;kwWJUeyg=|%oY;@8TCz_%nz`EM)%%d8q
zs+Lrsl75kN121^osrfSaal`J-mlK<hJsvL&J)^y8Ae#cLfA1$+#bIe_lyz>DpQc?@
zy3(+)c{A{b9bcyYU$rg&pa;@cWMN@gUdypZy8Z%SZP4${2YL#cKW&BpF6WE0bR!`u
z^`JAMrk>aEx@C)PNK>M18RDic?H~JOa2`(ic-4h76QzU;a{@h^EeA&R{$>dWJ+EXu
z@aprtW_;#j@3AM)#9hUhlys+9*S`UN;B$16seb$Rn`%|YsZjIL5*!FFQrlQ;eqJ+~
zh%n9Ziy(&a2F7I#$x8Zjd$EDil4j?C$(9%~5p%z!|79KF+3HMZBN;i%XbnclhKkG2
zzV<cpf}Y(k_X>D{L<I#=!k+Whs1RDK7;8NA6BZQ-mUFu_Kr8>^&7mMivl@c?n}}Jb
zwRak=C+%w53QQJIXpwD89`6{9EYkf5SRamwEp?QKwnLKZ!D|H1bsp<9JJ@4fOmP~g
zm)!|Ot5PnyMq4F7W(q}&t1$ArymqL$m)YqwCaGOU{nfV$you9Aju_R^DrNaUE{=&<
zzei(KIr~y=2DON`o4&7N^<rnmZh20viKRk4bW(m9b0^B;JxlAm{>((30dG68evw{^
zxMp{<<|N%X;Ad?FYu6Qiz&v!Cb@CUd8s|^G$n4vbm0zm!wkXjE`qDwC^SZ@EI{iwV
zlj0ClfCDA!&Fqr7xLT`p!S=RZ<a=DGdxeClokiMpj$ofBY6!c<$?)#!v^e6dOd&iM
zYK@*^CzR>vFaDSm&E#0PrzYBnxV~#MWQ@-sGl}I2(`rFS&vL8XYJ2xsM78|Z=o}(D
zK0j8<j53g?OMQS98i#YI&!@kUEj~Q*$NTTbsn{6CiYn|PpNJ{`EETh;D8x6uoM<4t
zn6spoB$1q=;*hALOmKHIzA_&dcEY(H=fep&LVwuZ+vX_j-*`8dvMIv+_kN<~+RvXe
zqk-eoIKm~@+kZ12{~t~){}^Hbs%2@P0}=6`!q8E#?>wEi{Uoo|$2cJm6=mjEy_Aaq
zdL&vz*p%ySZQDQbDdvcR{qjST<(mevtJ@oW%NfeHAwKg;dHc4DMs8$v7-&FTXa1F;
ziMSRKHp_G9RWQvc(Hn^m`RH{BxBKcZ4m61M<83r7&_?>%fOvZDmmMV{QQ~*qFp5Kd
zG!@uE3v?~;@{-lZH(n+LHfyYN2ZYk_#41cgb&|VKhb^W^!>WUSiB0UYp4u?o@EGTN
z{>^N_##%J6_MGjSbM@_5`(egt9z0BNrHFZ59r&3OH!kMuSIeOLX50hq2+@x%NQKv<
zru<6`x;}3TE`CY|e6!jG!eV|0H(d{qwTEn*`O5b%&=rSEe&llfKCf^yZQnq)B&bxR
zcv3T>(IN9Wj}rGC?x6QlVc@h8*CS|ks$NaB2Q0C2b+(vwBTa33DN|v@Jkh4Jw=g0`
zPS=S(ZDsd@vJjwExiwTJ)av~Ngyv8XP13ZsfkHsgwGDu3<QSh%wCUl#q{7`=+#2@C
z@lz*aQ7CG*G$q|xJW<SVVLKfz7(w^oqKfxfyqDM&b8L-AX=uR|+D7LNRP-2EZ~cAg
zOYBm8?M^A9!fgrP1W9Mc(a(@OPyQOjlWhGNf~E`9jac!r&%?Oy{*3pJu*&_^ff$af
zl2&QcWIQaEHWu+fvBuTCwoqu?3`YNGL+Jcm*@VPd21d{S7=Zjop(f}gtINNl_2+=J
zlq0<m0X-x8JMn`2R}1>9TOb%5;PW4n;QveBF<2*{;_sRNi~5Lu3)28<=<x7x#Umh>
zd^Hx5Cm>);B8boJ-lhGEh>fsAW!x*=958Nz@szaLSC>$~XN)wp?bgLMwYUGmr>0_N
zTJxU$UD7Z(YiRTxjf(dRti3^IjsPlVKT6jiwqx77KVT=KX#d#`q!XUD{`Wr-T!~@z
zt6t!0BXoOL<7(lygmxqMY0W3!<f|MM#<pKQ+lk`24zG5+gKhtpPR+?0eDOk~5}{_3
z4AmZI24-fN-_-Ud?gc_5O`kJaI^VH~vlv(M)KEgxlH$<zg^H%9{HbiW4T|T=Btffp
zEHr7U_qp)OEREJ2=M4@MGXLnE{}G(qz`C0_`F;Kus%eVn$bww6BA2b(tSuT_)XkTh
zK?!U=;g6I>S^=q%cfUrv2N(cOgM?z1we_P9*uOCpt%_RWZrHQFgkQ{k3y$9jSoysP
zs3?zhXOV1__9+I5pj235{|MFzFzh!YDj4n!VOXxahIZ?ur$dD(q~1cr5@uFz3z5c1
zp>0u<p2bne-1<@-epgF3U$RfdB&~mqMDEPrXeWW|^deEJ22>M>88|DzmUSbbB{o!(
z3J`#mv<ZU1ge-;t6xo0OQz0@RCNNJ^Hai(npA0F&=r3+Sr!z<YuZoc-9QlnH|HY#d
zw#H;2!~Dl9fHR6f(qtGtPm?g#AB4Q8m6+|gPx<*UxFk5^#9-qT9fhTuSicfKKR+P<
z1ichW$Ylskqfn&{O-)S&YHd)R(!|y@$>u83C1mU?O~wlpJC%19e}b`<h=@onmJYHH
z<YOSz=I9B>I4=h{9P$Yd3`xVSyR4S0m%jqVd#&>CIT@HMVFmR)`b3Y59u(}|I7;lL
zpN+%%Y@#DLUBeLMAy0><1=cJ)`*J&wY$B>%)(6!KRemNhL1bu?wr)fYnvacR#bU6f
zI>wAPvrE>Oc2T2;n1i2!K0atLOm`TPF0qP|7JrZVCqn*He|-hatvu))=JXLs+P8)t
zpW;`8PO|0pnbpp(VRiFDhy0l!v`Hz5DV;MlQ)_gV8$xWD5sfVwygY9Yb^P5f`lWIO
z@{5cN{(z$6qV4wPD%n6Lpq@?Wy@zWFn?oDpv0=C?^}G-o)gDw0psP;mX%#s)(uLgC
zTNCsNzN`{@YU2gV>QOZ-53&F`+f^6M-;rXC?L{=2-41je_invK%s9Ksht^F@3x$u(
zQ@|-)a%Hb-e+hZT7k`GgBk1Y~rZ&`}L2qLv3cq#QWWxbKS^n-J?q<_*L%&K|-D@rT
zV(N74McgH$5!X5LX)Pd^nL6WIKK?`ip0UUwF1%hG6*ztv?u@I6@bf!7r@3=OB|Jt%
zc-CO$<<3I84k_Z0RfjzIDib(oZ8(>uyxGM23&4>o#X+t?4ZYR+T*xQT5~>-yy>0B$
zYyQ4afLk`s<%ne-p|POD`-!*9`Pe+eAHjv9M(Gtj;0RTp{Hum>Zctg@+Q<raO2(o0
zHgheB;^(4I{JuR>V86vZU0r;zC<kqeO?4XYV$Go%EY3g`6nU+rj9y!*E1RYyEjynV
zu^|JeNn(nMaFvHJz=(jf`H*+<0sUD2sw3G6P8W_`jnlqA8e=3Gd1Rb({V~zOpOBZ$
zj0tO~(hmRTPA8eaKoj}>I)|iE(B|?In2yjc;$s;)tAhHbbWHrbR!!A;IBi<57L8T7
z8JH8!VF}JF_%*Ocb>>D328$|RI8vkhOK07I0N$8;Rp7X2Z=B0l&vQmJ&2gEv#$4e}
zaLQc<&_UN*>Y{GBys-CgFVI;Cg&qaRYk7hr2WVv`=-O?Zxz^j_Q;J;a{jN*U(z>#J
zDuE+7b!J+}etKg-;2NS*gDG5#P86kT(L-ctGiU-L0!(Ltw@AWQCo4pQ$A)QRC2&?$
zEtrJUq@!my{f`$`nU$9($}hgMIGwm5)FTIveWs1DC?nmH#W2`BZF)`F0r?6*z$rU_
z5M_klRRhJ_3Q+a}!XX8SDrxP-W(lC(TxRT}I2st99BJQ0R|p*fHZPwUvc!_+Y+@E6
z47q+3#H4s!41mqFley-|KsxL>)~Hh7nam7^Kpy2r=ZMYMfV^}*A^?cyLq_N!e}U+f
zv<ugAJFSmev-+6rTJ@?j<n%@p>tB>I|J}jQ-_=L^KY)TW#Ke98$Z!>J0qNS*6LXdz
zPo7|vu<j4q;97Z!&JcLOaaDqUe4`V&0)*$2V8Zk2F+boXoWbqp+*J9}Z;F>rYtR5V
zO?FM=Gw!I|=w$#s_J->3<}q3U0iJF{LUuiqhP`MCZmHp4z`-yd9FXGwOPqWZ;QmO=
zJ#Gy_ml)HqI$D`dZ{T4X^drog7UZ~Wrg5O^{B=$L7TYE;x=|&<Mf-{TlkswWwz=Mg
zYw2KwbBq~$?fPb~mkFR~dIwZN^kQ2l=|bl~Um$1&8f^5FFC%QAiNv#@IQaUORve7R
zO|NPYjL6R>GLB-ZkCN2PJld#5aHmzziRP{_5pX(0=R@>gh0uE=(;L{~ky5R;V>F3r
zqPE~-hrq12ItTvb>eJM8O>t|p)xCXgv)kJtko74Iqc>Uqk|zj0M~<<6INF>g>ZPgv
zh_ax@yxdL9awA`gVEYVM-K(?CI#I4GzGhQQhoX~OKC-8|1m%7Mb-)e2_KD?v=PlI<
z9pz{Sx%E?0&X!Zl)w;>v?pj&Gui>+!{osVF)VCMA41R5CY<;KE4sRE0(p<StA^RsJ
zT<}S!A++_{>MP`&+sd-yodPKpO%>rql3CY<Pp(fQ+lnUY_FdlVYj!^Oc1^z{b2}oV
z;Ef9#I1r~O6h^IB`cS@dCTG^&J8hmlqb=thXdrC7(0NfHU3Rx0bIqC6vx51yy^6SF
z{DgTzuyD@D7S&o3?Afb2NF0Q1he^iz%`kbo^7pGKh}DE8F1Ch_Uu`ry`|z;NC;Pxh
zP}wD;^Y-d~>ED3xEje*OM0eGb**v^qfz#vn#@gS`vGvCjEO%nU#*wo&H?-G3Hkabj
z<kEEZ9GB#-4%l8EcuRydJqj;8zwFJ_Q_Z??@Afy^Ib|=Ari*ikD4>k=+AFU!N5^`9
z%yyJ>)0mqqA9o|TA3aYD|Ew=nDoG^r$4{Tc4fb(a`?Rkfn6lKq*l4IskWk@X{H9tJ
zSJyu_v;SOfv|YGrfdJ9HsFf5GTCN+7m6GhBe4$t|zcgmk8R}-loNGi2W^6z4cWr21
z=t<Ivm&|8ev5N!g0IdJ*5)HAL<iw<5TUrAegjms|F;f7!ZCd;%&89X4_r)Zt%0666
z(H~o|LU7PW32pzp0YU3({4(-_mq<OJw%ZL3|DuVdFY7?r@}{f5?V>wT_C5Rw=_t7R
z#`#yDG^ctCg6OoIXi`UuUEnY<nhY88^wmbW1c98~@M{R<(T4NyguFlVuY6%#0h*eg
zK4%QeuLU&Ds5>1!Jy(^OoO(ahUxGXWAU2?xCar8I=vEk%?@dz(FAi`n#`up#kS8PK
z>U1Lt{ZCXQ75Zp{F5^*c9ZvC;(P$lxFhfWx=uH9?2N2qRj^2|eL#|o5jEC{nkI6sG
zw^>|sTderfQt>1W96B??D9(+obQ!y?yF!_(uN8P22SUM^V64W?is4}+d+SAY<2ZIn
zg)^~6#m)wcl%Y!Bpm()dui5R!K}L684Bi7#1c0$=<Yw02cJukC`3$*DcPUuyG(ugK
z-y1KPOU`iQZHzv|F19@1tQ58fQVYuBCS&=mhR@)Dhl#;UegWg6GnP~J$&sPPN5sd8
zy6Y>A(ekxBpPmOXaZEW{<5Bll`5ZSpBkpSh0w&?$h>e5Z3P-$T=VCsvxKha@m?a0y
z(o_K{)DYsm^$TAIqlLP3m-C5q!yzJZ@x#Nlb8pzQGc#u^&iPJ9;&&*5H`g>Go7E6u
zM&dhlEuzT_v471h)+07aL$i1NXSTH0VwK+dV;jCKH-7Y_d@WUrKNme1ccj)i#M9gR
z;9ScG`I!*Q_l_XUuf#k$)`hL~S@<Hk<NY`^Tw?Jg{+R-I;A)~(Mb~l$%bb2})9iiz
zN!&b#u{8(AUqtD$Q#-Sg*vxD-AJ`4rF);Ip#!H_by1KglsFJaIr$}lcapG?1vpio&
z25TDXks`O5`D$Ny^3t}VIx)bZiBTu)1TI{-p4X{;BoagY&gbTbiD#u5;jPFcwVPC-
z;qO|sD}g41qutBOTW8U+L5hBXCgJE}v7kz)J{~9C^H|6EM%p&hPQ>xc(udEjlePI=
zo)@@56Vt2FpF$SO)q~s_F9+hM{ttQY9oN*htqognyOphOLBR%C&?pF~G^tTkAe10o
zq$$z_1*P{Wij5{jqy|KKm)=1XLArG5BE9zx$vaj8i2L66-gC?M{_~yRIe#2Uveuew
z&N0V)#`8SmF?Lc{Tf1=i?YqX6?|O8b5NiK^KJGNm+*VBQmDXUH6JF^GL10{x8zne7
zCJARWVbbyxhy8%0uT;_5tq4aitm=hs@Gh-(%a~N6NWmCtztkcdU%Ta%!ETdGF-Ggc
zvt%Y;n9M8WQ^LjSrn#ixuxsj)gW-(*%)-TN-}3C20&Pe6k~bZ7S$$4h=H={7v)_m6
z8^cPq_JAcS`=d+CW%x@B>o27jr<Zg=V2GI%mtKm#+_aTYn9q5pmYO4Hyc;j$w`~(0
zELVFuF6xoavA5IZ<Cc=lw%s0LCYb>$WGk7lDreo``^yZij0cFj;~y-WN?ejge!C7{
zcp4Z>@|cfAHR?Gcd>?B={lVI79Jq>H{ps$zsUCT$QPpReZv)klQ}`N7*h5CNpyl+Z
z>FvB|o~o0fH&s*?KGElmFZ2b$N(E<}MXI}WG(W>?zSpH{5`2FqOPuku&kqv9=?vn-
zT6$HU-djGr8QHzx2#fhSb>A~K=CCsxn*2IHW!y8H$A1_cve*Mw#3J1D@DL2>cW#?n
zzAVUoX7gU;ex>fxd8TD%TANOEmG>9I44(2vx&I|4)PeRLv>r7ZJ<L(DGG)l=F>^N{
z`3m0{<{;xi|A5T2EHFdld^cQz3bN~TqA%ZqSW7`H+6h|peH80e`O%u`_j6q~y@lI#
z`6}S3mV?qUG%ORuTsnX&q51$(#5^2tQv@1jYjixI{=PczB1W2$`|6_PbvM6uMS?Hl
zM<bgNN`-jyk+Y!J&m<)tQ8KZoSVyk0yrog^yy=t4oBmw?$4i>aKk57W7Hn~^-PV5N
zF-(q3`=wdmZI@V(AdL9rQ2p!(pb~@;AZKD<r)LsyE1;6p-Mq^6flK?&bMdZGj~s8<
z`5peWngxBpL+IBdKKk=V5klWIR;5`FV3!yv7uaDTr)&1J5m$bV$iw!TnOkf-Dn2*=
zmP3o@hm4GQCl0%UvzsO%AXQ`7z(5AxQVfpx7k>W8MPWDqSTovBS4*9`L$~QRGFK#{
zRW6+{1NQ&JY782Ahy!qq6;A`YZ+{{grJ7mI^71l${`@r<2XJ%=)0C?~;6<Ml7ia9G
zT_?5X4K+0`>PJwQy}o#|{w#n4kX&9I42=kKSo~4&1V;NQteX5#zinLLiW+dmIqdmK
z<5w%iA-v}aN5lwkO0?mAWRo|EBTJS1<Cupi22FLPh4;F{BK2_sK~BWfn$KTyR21B4
z_Q}nMGhkH(WUJHCvhr<u;u#h7ieypN#9m{fu8z)^vzxS#IP9&E{76);1+$PScb6~y
z2X2JWMg3ePJ&m(dE91J=jhz;GpMCzcl(N0{-VJ4<Be`<Anf+QdVY-l3CTDrF4Bire
zc9dK8YyfMC-iLe|-U{mZcg;OB+G$-FUJ##3#CsR3gZoc+7?@ZVBGgQdD9G;mv5QP7
zV;jvBK0<z=!hR-*>>7d#y!G=}J#Zz3t=i9>QrkOjzvdpKPPU&8_p^+h`Fqw+RA7f@
z#-Z%%ONV7G(`({h=2|bEnbrJeEWem7cUQ4JHiy*^&26dGP|TpXy+|E3vB&fZV#q{(
zM_+@TB@3)0D-PxeHdj}nykuq@zU;Sm<n0?<$<zuJbPT-C>nr?c+}zFE!y*}ipBnM+
z&+p9&seCcW_E{h{8~;Gv*Z68&dcs|&_^>F0GiZH%<A%A&vhd}Q7n%E%g`+dBOoorj
zW-<X8uTyh7*)@gyl0C|J8v>WxmO5~E5K!=b<(HT{3?t0A<pVpxJq*JTbL{=YADUVd
zbcWZiWFA=ll7TgtE(-EG)5*~6T%BI-xOF$=Ulnz6;k!rtf98oT_1$WC-jO*~d_-~h
zn6*49GQhnS`}2gv-^j*-OdYdt@hjPzqW4U{%y&Rp^X)%mE+2=thk9c&&2jgi(Rh}<
zy(7_bf)6|Hq~OaB;hsn+`-Z#{Vm7wP#LvH=p+dG?<oz(D7!njR^Js)US{jvy6Goy^
zh2L;%?BcQ(Dye$&qgq`<W+!7?OFRFwjIl&fl$Y2@Q|mP=)WqJChz^51Ir$^;giw}3
z>_O8cWz^)4!m<35^Z{R2{9|vNk<rg>+^MnsX;M*(bp<v$?@r|?vlo3ZHaeFU$7zV_
zsW?RUviX*EoTpYnX{m?usXTma3Ja5B>oM!v@yJ%UTI}Tb-jm{MON>AAGpHQT2rl+|
z2zxB)Eq+@pjqAy_q7CSJG9t}%g8?K?2CdZ`oVnrOgOW%4H4UP3aki+qeJ>qiqumeI
zFEiF(c{-=mbn1pNgJK1|#bSY%?x!ywTAMeQv*+?u&vnxB)v9)7;eSOiunVM2tjoaT
zH&e5u!S(N|SzA)O-$P{{J`UlQxR^j{KD%kl`kw|Jv066PYL=eQ(J!cF*8<D-YDj(u
zE}>T1I#${irur(jkWIG8L1*o6LMzj?+xIYXQC~_xayjyQdc)vvwNzTTP=^1jON(8D
zAt=8y4e!P%v<QK;?d+ypa`0_tLqPhEVHFk9Q!Txs?B2*0T28qF*eJlst}lpGuesu-
zvdM;lTsgZ{JU?{uH5rlL^5Kpd4TVdzY4`wviVxWZ;7g*Y%M^LzN4ILsfAOP$CQL)f
z1KTw_VKkrVeLI7<h%XT}Fg>lR+^hp1HBf#M>?_&WIx1bTYDWU?I`54FA_5y|kd6Jb
zwT~CsT3l#KR1NA*2TShSKe$}6jz=KCy77bMWE*R!a(iI&(qOE^pW%jmkXJJZqqzln
zQ~({C+RpWy@=;{#rI{?L8F?JTxATm8myl*3hm1o`%DupAKo225`C8iCZf7|-@!7Nh
zFw*Lr*~+>KRqH9WEs)S6k1r9#P$AN?)9KR!NDi|4+`UbMh&_SUqK~usnZE*gJ50t^
zH&_TV{m)G=jq{|K!)$Z(#s~Ym5yL5s$5yLXiV%f-H>{^6AxCI`fRU~4Znn3KZynFf
zGNl^{<z=bm-5qvJ74DgGCPp3R<y#0o&%eV2nORfsRrF;}3Cy~Bi$t_c%Q%!9zWZYL
zK^GUVf6^n%9Et3?-}03%Dzu*+nVRq98*A#;+zGzHt4{|x_8&7Pp=J1jmubAB>X@6V
zZA|HM>QXy3H3ozE1m1v<0({CK)|1DUoJ@bn$yxr?1o`X8OIdGcgB*X0;Oh=^Y&NM;
z-n|_%Jw^^@WrEq4{#v~~{7=Lqg|9D}>Bz-)RVM5t+7`U!hs(sHee0g%OULqNDg~#C
zrt4aB7T7k!#suT(*<V0vdKJLX;%l5+qe==><s@{w6Tj7bmK(DZF7c1h2s#+#$DMzA
z!!;f!r#A<z7^{&ws|S9ZZK0L#vrms^o(zfhj%TUH=>I{PyW~W^vsWygxT4^0FI+<U
zYEfV8Zs3s7LK<rWO4jZpL0PjzM{A462Uf=i1>^G!z_KF;`!jKZCHWHC5uPODGrqiS
zbuIS`q`mf7&V60(ZLLEsoCF>!*zZwZH<Bg;{ZRSBodT7#=S3v<X2%_xn8{>}jLbDp
z-Z7n1z;pyRNZ1pPg0%LH@EJd+Sr;sp^dr^x$JMe>OE~}W2%Ntks0>LRdDTr@!x5wp
zT>j~w+l~bJz2S@C=oxM6lIeWEaT>G?FS|ZL*^bNPy!6{z91+pm&RcaFNMV$pfP^>Y
zzOAhQr*Q7rTyg=%8`Eev_jR~FF$xhTyKFJ1EIjgLrUBcu`ovcGgsID6(-m-{$rR-8
z5qbg&8%S#?_k7vU=_$DDyUJALP0rTwYV0ID^NnX1^X0d5U=iTU&dj{KVHHJSl3z!{
z+*VHR%3rD7*Z4Ne8cv}ub4S!GvF(e@`MJ6G0|noKl`s-*YEY8NuT!8R;^pNv5!D3c
zlHl@r2y=IXIs)W_<Z#5efv<~PZgVbHRb~C%DRW029^4^tg%Xn@2->W4&Q8;|_BU3x
zwziY}dbqkw#r2seV*tH7ayttPqvyIN!HQ~Y(pvOF(%kQqmj{-GVBC0*awim*Mjpyk
zhC~r?b?E&<4uc3J_-HlckQ3OCYf%x&ZEuB;M~Pzi2$?n|NdA5qKr$Dn1|z!UlmF^6
zq7%;2acBXpH8QxXH0$Oi>gSbG!ZVA1ea`UF>j)@y!TNOY=&j!;I3w~uu#+GyA3QbD
zv^02@0&}jVk?UaQ8wU(Gwf<8q+3bgm*Zj&{SK*`8q_ku~?X=+8{kyLzU5ML5!C%&X
zEtPZ0^vm-wPwrHk$QsIF+<Bq@4}-zhLZ4OOhLTbChgyi5*EA0jqi2F&4uoEDwm1O&
z0KkwHK}^>Y<7Qtvfiqm4Sgk|<<}!%{GduI999re!Dn<UNR#9So$d5Mu{I>>b8W#>z
zxrQmZseg6%o%urSvdMk(+m$t{+9w>;prM2vxdvL7diWDMh|A(~LVCy5S{2%X(Ei5G
zFW+n*804;`sq?wlEk5&3vN7B^0v<Sin-drJr1BZ(34EDh<{s4YG*2wH>4=NMzRHt{
zkSOCg2Uf8;!o4Foj9?RhU|f{J?UpgcEsPp637Rg3Af`Ed-bD$u7=z<r-gc5}73Cri
z`eg`Ue>LJ;|JpFRW`7eD7!`TSGPlj7E?lydLaEH98cm{W6z*{Hzl3pHPpicBQC{f6
z5g9%;7E-Qi=j+8RQIulZMB`JVnyAo-8aXo>_*KwJP_n_-;2gsbE9%!9C#NeLpZ5tU
z521)nfkcrr4msV}IH=@oW)-)iWF1#g=dl~#CjX0HVBKmOTH$Wwx`|!7JG{c!AM8y2
zmlFse1pbF<N#t%bu!JfqEiIj|i{<sL-Z6#R|Dk1?(`01D3312<d4(Re{x-@o4zQ35
zzCK=A2qD>FDIyBCmI>XlnB>L1zUoXXE^ro{0i@=XK-zdUgd?`8^38ybQNo`N<(x00
zng5VD8EScIH?~}=v9jxVA0T0a1{ST7s#E*6NUsHWX-crvLFp}FWyR0<8|Ro+NVbHv
zSeDc7fFmC{ow9f2qQ-o0Z=XH>vP^t{Ks(k;%vp@G=HHk_9NQspI>vNSm?6N-x2^)N
z_D6g#Qt{>731;Jz8{_tKN<#{s(_v~4ige`ommJXk1Row57O3S=Ht`$)NRpvYcQ9xc
zn^-WA=G-gNc^h2Y&NHcZ)SaD9sLwb4ysL&6@{rUNyB5LJU;8YQY6M@uh_k+MvD%{k
z$j!5^Y&KB}7ZuFqD<;y?v&6Je4>3C`)*c$!)mlNZm>)D)%G>6az#bza$IWRGJlJrP
zc9c1o^UXmHa2{{kX0SG<C)T$?qvfjB*}hl&HjW(2)lF}hSiS00O~SND6QwpdS2S_<
zGEWpogVLP$+;Bc2B3{;ucYIc9IRA%^%7@Pn0=&{WaOw{GY=hJ}jWx>Kpoa(KBW$aC
zi(VluZOllOb6-T(WKc_*#5MIBuclwCxKLg1wvp43{UWWu2UeotR(18+Y+LAI#P7*Y
zps(zG>z&)ZRf`hH2T3#j{Y{CDML7fE^sG9xs^^G>7M{7=W6X!KJM&ZN=S~}xO?sFO
z2m*pr)mOo>6KNZUY#P%C&ztDz>rDaD*kNbQezDA=Byz6VF+F|SXGj!)Fx+z@qa#P`
zF26Bm<LNIb<E-gVG>v#@_OSYG*uYT&)lQ_-mlQJ;*td*)z?a(o*=8?B&`uaGQs7_2
z8X-2&8=mzlWR!d8j2H#0bs%E6vdeb<%<lx-nL!7&yVi-fatX>2_~E5NYH>wEU0jf&
z4F_i;Vq>cQj&3!3<AgU}1&XVt;L*WQ@s9q9j+awfVWVD*_3T7{En-{9lI-E<4Rr&d
zCX5SCp%z2vSM67<qeqjLlIQB1%KM*M8~m0^1p=hpIeeAg;p)q#g7LA3AqUrXe8{uX
z&<PGUKh=qOs)NPO>KxX&;~>yj&pct$dY%)uAMxeQn$Yyu_6tgX7A~B-L=TAzV6^14
z3-G{WJ0M|IE)LI{PUyTKU0!A^(~<K9?f*1<Em1#IAtLhX%X@DLncPanus6sOLQ?xD
z{!IQT8rUQ$D+JI!&t$Lz7Us5{Ca5VBPtt}LAzA9TuZ1-u0=;Lb{4TAoSvOd-s_N<$
zF4zEuQU*Z}+rb%M<D7l`=Q*>5VdZ5*-!5Yk7xx>;SpAXN?z`1*HB+(A<Dxc-jf=DY
z@W9m0fCtZT7?Tg1{H%jk1jp>BIZuL5AfS9nNg~H?uWtGEkFkU2fo(A9pamw>x^FiZ
ztfvAH6t}EJ+M7U9*}Rsr#J$HuFOJoeMG44#k0_65CKm%c!Rk}+M=6@oKu?d=+=GRG
z2Xr}DO<DF65bzHfU&xI9@0S4soKq2f<xDrXw$ArApnB6QcCFt6{Ov*rt*s`ZUS{)W
zX5sB_GU~Rtg5|W#%alP}u>l~BYPH_#h^&*LD3C*~R%dr0z(hiX?q&$4h)E^6mMf7T
z2w2(U)tu%iav=Zre<akbW}?1FZXg(ahkm-0f|A+kC$k3}5@Sb-XO|I3Zl(^5j4$w?
zK`XJa_0cUS<O;GJxuD71fq71cZ_}$dVLU7ADeR+;Z23@ldgCAj`IO@e;9F}0Mi<i{
z;PbSWx%cY;v)JlH)Rd{%;&-&qM$Y{F(+i($Y|EGuu%NF_q$b)|99kMB_MA4wn?Ej%
zt+s8jJ>AhG5}Xs3UZq9aw(_FDD8@1}-Q|e&OvqKGG@Ek;TGm~u^(zI7Mj(Cob@5MV
zQs<R1)GQb;qfRNc1a#h`#|cNZZtj`;P<Ml%otvwe`7}iSvzbeC2F>5Wy&r5@?RKEp
zrOj+reBU$0*cAir)suMWNG9)nMk%p`^i<fTU#}11*C(Xp86dMgnY!*j)job>&cYKN
zjgGw(rG54EKF7cpdz{C=tJK<|6dP=5+4hqh@%z~m#Wc9%m|S?3PFYMqKJn`vvfF={
zEh~^YuKdj6oUychb3NGYPjqP3O5f7CIy@8l9XmM}k}w^Kd54e9U7!VzE$Mm>WuxfU
z^d9V_D1#>yj&eU-MQvW60|YNm92(OjQi0vcA993t;&!Jc<^lf65QaOV*CQQwu2Xg>
zo6BqCdri(t!z=JpW!^Hsbn--wS5Ml9@Dl9g;W8|(p|Vm`|32pdW>R8o_<8xUuTRA8
z&fWS{tB^PXz9+vPLeG3^hS}>+V(RfFt(Wz?96Wq>)y+4_j%{&CwNFIr>AclsGq8^o
z&pC5Mj`xeXC$9sGuj|Ul$_%%=;N<BM1{Y$(v<<i7_6CG%u<=3W+6-Je4mN!8dO&kt
z9kd<4-hj%$DD%)tls?b-w)4OL`$%ZUT#irt#>vnh%VkM}H~>GQLh6Ez^2v`X5e(|L
ztARiS$=Ybhxg^X^e&^M!jSL>bS~6>>YhC{HM@_M0*~YcI$--qdUeG*ZSUb~D-6~#-
z2%EpJo<G5p=70Fn6lWe@Ug}4Z0F!LIgKT{>lf@BMT0mwlxHxB8nJ*Vfr|(^jq5OC0
zbwp7Jb|19m8OCn){JwDCbPcaSR(A4gmb*SH^$@`Ae>z@oTe19r%CHDc>mdldl*n)6
zeKHk4357)yqXLpmFfQ)FS52ILB4k*`_myn@T3sf9?(pkfNa~}aoH1~ssh%;D`}zCt
zEZE3pnA0sbmbW}GVBu{VqJC~*9Im9)o|AojJpHdccH^A1EX{;B$RT5W0jrpxgA~|(
zCbNwVqS^O3Z8@EhO4RkjzREN>Y4F?9=!TWOWO^<Ct>2=ZXY=>`Q+4-HPQu$x{uUUM
zpCUbk&~~-l@*((G(pjvuAv8ZE{SkC1m>%R}zal7%vpQd@K#6<k(MLD)1GQamo;m;f
zQq;D9RzgS3VjX2SYvY>v>o7#G;CJ}p3Xz^rj-!g^o^@3K)@)dKFLMJ!OT!l#5`U<t
znOyTif9y7X%jzQ--CS-1V=CS@Xz9svE>}*v#}Oa;+xz@!&r3eo{O`VUIzr(^gxavS
z2lSs!zz5o!4nmdjK+%^Y{G1rnW(=8BZcz;-@uCRbgGFu2)-&>eysjcp|5NnzKRf&Y
z|6vW2jlP2zR4ZQMMVz3mjUEx+Qw|72*qiF=gv{9jaUKD|3l_vl=2{`shgK$qoPpU3
z)p1Dq{OM*OCy-AQ*;r^)FjZL~)=?s~)LRGH()8BzZ9E-97na5%OyJZM-;seBg#H7(
z37Dg&tJ>X@WBTBMux^&!B34@cU<I%!{3HI>-?Ey`^3_27)z;S5Zn1gFSb96^)+x5B
z3UA~<BfL^3v=LlAS|LKy+fEwC5l(s5@VhewW}g!*5zDD&UQJSy5e`Br0iFNwHp|5U
z;2?k-({6WZ<fMn%4-`<!>B;~K$rF{aWC*rgEKMGr-yf9q5RYd%w03ghK+Y>_%kvBA
zCIy*krl!H;AE0Hek9)ka0jxj^yN*Btup87F5B8yPS2iN3fgTfW3wv4tuq~p?RbV+1
zofXw<)uMX)Dyly4#8!FB(bn@aZ0ngULP&sa0TUX!$KeEEL^&5_uAhs-XNS@JLVWn|
z+Z(?@j`j;s1o?}A{ayNYvz8#%!Tue2<6?U94zUVy#wA{mhOiE;a1-ZSo+n}Qog(z^
zo98#TXB(TL2id`jSB4basI+H+q^c1$niQb=?eKi|E_TbN;=g03(>P`|$Nf00-uU^O
z8$loi>H-jFf8DDUxsw=psaVZc_yV#TRV~zwi(@}~%_h>K;c7fek?xA^H`-?R!DEE8
z(Y7M)VV+;}mYhCKzUS?gjTKATeKAEN;zmYTsbwPr-4R?dg{Oe@DM6l#Oj3|pPU|9t
z`CHdYbG)?;TQ={xpYg3HU>^HQjY<w^iTRK7^@Ws9y0ft6CQT&h4s3TF4!xkXX`AgV
z>gK)nxLK{|!0umr8G40lZH`uq-hoB;0=?C=fPBySro?2(CuUyd$4D&J4Tehm{7!FM
z*Jz;Jo?G|X+E(fCb1f`~64L{7lu8SDSc#%~4|AxOY3DxKGPrg$g|jRVl+~d$|0MaI
z*r`^!_NN>p3Px~rExpsOLOq5u^A$te%>2>5wWru@#Y#Y>+`H?{_jgIT^*8DXDb)0@
zhZjaYnmi@~{s}I_iAc&~c;YjI-4L4^niy#?(Xn7qhv{Lxq??$9mx_v9shhX+L=U<R
zO1RtqMeJga7L;>t$2RP|Q~i1;o#Ns8QDz*P+b#OZ6f8(ybe2w_`q7PWx1NC!(U+Hh
z&b!TER+>*|(A?8)zt=@#8|#v+|G>0tSBLso@t#B6orZ!oOXKI~xBo4eQh8P&wEPcU
z<4h4L6p#fEOX;H+eBjBcogDvpo@=ujs+f6d%X&e5eAFkTX>O@$xG-fyO#|WZr0v#}
zGeOVrmn@peChVfee_LC(Nadmh^dddgQMn1DpENlha+>pF+V&B}sBE-}Q|`56xUVSu
zw|%S29H>U(pOD5IyJZ}vdfZ5=5>hm#Kjx?BfljvvTqY>kF)){2zXs;5<cUnCoQ4Hl
zpnubXpo7(DPdb8!ceJ<j$S_0Io^ql_Vo=15vu;>yP~KIxuv<AI0H_WEZv!dsEdK&~
z<o%pN0aK}p2?HeB<8c&7?t>_SzeX5N@}t>ex+hp`FXmq)Oa<;s&=E^&0^ZU+#D8X&
z{vpb>z;i|EEZtaZCcdgqFW&x~Ft`68pXoLG(ZT1%@z)w69vay%znlxTVlxaxy)&mg
z%-|)|j3><KDF?Ofm6JhFHt(eT7MY3hKLeltI~cd;Na&UyH3;7#!EYVcy9qR1fLP{C
zbf=elFwY)xooE^k??M|(QNk`TJwPS^opGuyO&0sA&avyB=F~V#SHTf*c=d%LM?0va
zNxj;b6Cvb@eIN)yc)OId9<X!IY)pF*KwIv&v<IPL=x<C&_FhJ?<V*#d{;KcWa!nu)
zLolx9Sn7x(59*B@xjyuZ?kSc4E|()I)mzNzO0RRbz`!@Hq@`Hv?h0Xvn(fJD8`CmZ
zaioKD_;*~6LGBaGMQJU!0IUf!1Ho)mmDH1OHx!`qXN;-5bevI#bsO$!6dCx2r2Eib
zbD^lL10n}+=jQgfE29P-Yrk(J<>|WGTarxPWR_%I(rM@y8WMUlW)gh8y{1Jkk>u!5
zcq_eLpiWiPEoV{oIIF6V&#lCq34qsc+4H)-!OH1ePu~?_S@Vg5l;+f?U>rBQn4Yh8
zPEumw;mwxhnnBAH`N4<p_jEJGRlmH`e{SuZ{MEk;w;L;Rzmk={H+yjk)3f_@{`0V+
zLFS>6xYCnH2#3P&)D?L>`jh*4n`)=z#fNv_x0IFcTe;CAFj}>r)xG}5*W9~PxA<*x
z;|P0eFzq{*R6C*%Z#S<Au8)q)wRh$Y;Ym;aD&rQ-O(bR|<EJ;<itGt(c$>dtX($jW
zha%_WL)PY2Cok?u<+G2_&C0?r%dXtsCUNqFNbuj&SM6>*Ew1$I6^Ke|_t%e_rw@pI
z@KR_p`tHiDoWu)>&SF<lQLo1<8+u6wG5FnaO4njq8tHbQ#0?n7Gz@>Z;K}#NMr!Ld
z#?vO{BX-nn&~b-6gUqfQ5Y;!4R=C@!ltc?PWT5W|4!tPh?nlL6((I28-c{P7z+l}I
zUTUujBK*2z3zlQ;)RHv(7=qgh-hA9C_-$(bN)Ja&RX?|JbnCa)+5JkK{aa;O%he51
z9WlE|hW6W6@`*cf(hCiffkUH8Z8tPJ3N5wA&~|4VENKMapqBMTKZMb##NHg;yaqZv
zk*mcxu-6TTzT+%Czn6*5!JCSgFC$RF)PT`?X*(@rYM!J#<`Qba=FhypD*GImd=5|V
zKws1;ZqrUkw^Y(o-mkQ8zQubiwt@GB%j6Z6?D4$6Min&F_0k`T=_fSuzM(I5j|y07
z=x``IY{)rgX#3=1&xu-*J>gu*&QLp{z$y%N6@<{5V_&z$Y-Ksv8Fx0_iCfyjv*U(^
z-;L}fiE9xzpqIM44!5hXjTob#MD}*t!0=c1EyL%)oZR_|X|g#?{*Vz)8)(o`n`QYV
z|AwA2ondO$6&+`vk+{QP3wOs=PUCQXOU8+mbXkLr;-%7jsW9UmjMwhp8%cRPPOKNY
zvWK28Rs(2W<axm#S(bo`x;mb)zlmNl)@a<h@ZP(kDmNSYTd^a~D}1cU%LcMTSFZh(
z?tGnfCLW(NAzyND*mx`<!5WAScgJo`r-wJjMDc$x@(mngCbb?3uPXPr`hmX7C_0gY
z^o&0{=|;?xy74df#?Gf(k(A?iOzF(C_k_*2JxfnGE86hfyDWQ(sJRkk>8}!f?|s_b
zmpZIA$($)3X;wr&Tkn>rf@b$cV}A|(l(_iPhuv3WEHs)kk-uUIHS>eIqW#=x_}9ft
z1a+0z`oY~^Y+7k^{R~0LY4I9eXU2{?z>7Ix-#?zz)RAdCkZr^J41Gc|cvN`^Mcahy
zK6l(%2n55cvvp9Q#0JOWCoN?u<!&jLvQ@C4q=`R0#ys#=S%&|z)1X9Tdd$wD8+D>y
zYz9ZPeVhEvO=tW{cMlHpjQ&}_c#GBWL`6qudMs~iUGbaP=YK}-x-!QlQv73rsm0;q
zP*Jp)%*nNAa5-v}0xS5nkB0W&ZC2(}Uea8Mj>i|aD`XZZYiQ~z>ogQRO^>vG^Q=9A
zu*XJPe`#{};HXlE%*!Le&6Sa*Z^oZEdB-kU$BM~);<a&9FBT5SdW;p3SRFBIh}}Nz
zq$9jF1!bYr%3v|}7QxW^k5XJQvkH*#Mb84ID@g>`gMwIL#zwHM|7Zf9XlA{<Ktwi}
z&nH6Qv`g;Ba5vow^+E7Q&8jJ;lj-N7P+%FZT$FuEpG9uC2UvxgnH;+}r|tHv9jp8n
ztBzd=bK*aMEJDK<NI%TGHPeiqkYqHKN3f)r=9@hoXOkMAkyb`Nw9hNMwUQ5d2rZ^A
z1$u|hPaW-S`y%ML!h1!F<nSVk!?%vy0vW+dLMu7rLWmsut|_wGd2D($5ZpX>4VtKe
zhVWLgO)CC<qdE&ir)J7|$E0y1VvA;AZTg$B@KL$m1nPA0ij_#O4u1O9WYKR5Pc4;m
z?{Ovj;?8o9IwP?hIqc0012{!{Ih>0Aw#enZvGuCYB|c}d-P$jqk0ugk9P``T@0u~u
z8Ct#~z35m}I+-`Ee#Jes?qbrR7^q6D-ou<dFDn!tLN0fPz0z>ua*hz~R^WMM#CSGl
zdt~eNTxHd6C3EGWz4dVhC7Sogm=}e(Yz|P2O|y021ZQpCwEP&1#i0!$oOGr3;Dpco
z`AR}%zItyby=X<<byoXRk}QX>@$PwBzg58~GPChgw-V`lY|msxqPx!3vFBD04$W$e
zI>&xoh<~2{q=l|lOex!ko7i~F+*!0Oa#XSDbeei>@nl__VFlsFcI7-ilk#fgV<sGR
z<nDPRbP0I3JbW!02Xdb)z7P4M7&NZVGcD{exvD4{XZDguQk+jZ*0s*NfFV}lE)+ag
zzHdLo-`h_ZULvbB$;dHM8?}Mjb(G7Cx)(tV`xn#vD&%AhPZ&B&M1t#Wr@gJ?QcJOJ
zM`G_CYmpsJh{S-5QX>`9p^exBQZWU;k6%b115`}GNp=I?0~J${yZ_2<%wG5Z2UrpV
zbH;xGOA<HwzhOxX%*+1`Ea~$5e+^4|a@F!*z>=WgOzsV47%qxZA*lrTHSm`lChZdD
z7U4L%5&3~pB}SG;wP75Xw{5OloMASslXw}m5eQ~r23U83D)`QRmz_tKY8yZmlknFz
zg0?Xo3yR#LKGZ=8is!#THu1?BW<{R*u@~FMlDt@>mp7lnC94&5%hu~QEEzgo8HC=d
z3Xcc83|Qy`m^UV#W`B=m|7Y*--^MFSVEYBhQKr`hunZ}^gX!-tuxq<DVLGC$3tE69
z2I7nd!|;zn$w4X`INPjyGE$O~v^Ee#{=dOs|C3*ZHl$#*H8-k0MIZ5v8yZkkJAFc=
zjK4^GK=(!c07{-%k?9rR30{ug<G7N5rWtD>@PRNz3S^{44#3V6ynl(60s(+IF!1Ka
zzjt>|$pfks!{j(niP+t98cXd_^YtO*lRLYjf1?Jy27ybJW?<_Qi_@EMJ}Z;K!S8iN
zMbE719)l$1HJOih0wAMy%^QLjE;0nz`|hi-bT8lS+AV&PYpn(j6~5-#zIqv%9Di!W
z2)IZxEar}U&gSQ*Hn5;<0g>i#cR@Q?v6FG7RZbNcUu@)56$@nAM122YR;ExD`~@Ll
zuUxaN{L)zhd`+LeU-**-7xn$qbj~m=Kd!boh17&<yOzFzf|T2=#7+KzRT+#t^?Ds2
z&?uhR*x2P+8F}F5QAa5GeZ!>o0SD1{_yCFOB#4_R^?u}YQk7~gxRjU<v!Q2P7)g}1
z>7pDM(%M38ox-SFRh~c<PMx^tRJ|0fp$;HN!}%YwV%xn~XPFugLy}#tYVLG}Lj%wy
zVKvn@<I&N!uoM7`vTcS%E*r~Fx!L&dGp~WeFVNwjyZH-B@$S8<CE7iJ!BP-lxg{uV
zakTmMhhDF}+U~{aWY$U@WpYjZ^jQv@J3JpO!bUGz6m*<g&M0W)-V+|v3ye-XVPgkb
zP`DsRcV;LP<}FON;+F24=_tEO(3(CLa~(YpqpX11_AsOfdp!AZdgLK-%`20oz=TYf
zi%^Vo9Zux9T#f06A_;{zhOqTKCe*x1XVU%d)<oh(?uHFXn7d~=(~CyG&Jl{VjdG1M
zl=WB&|A6cmP`BmYh;;!jcaEEvRDO71>4;?r^npS(4dpVIx(_U7ULT*m?iO+DNol;C
zjnDv0W$2#w51{3?x%o`Lfcgr(<jv90@jm?Vp<+5k#4`64U^TP;M!{IQY-x3reOH*_
zXHdqh<Ddw$FL;Thj~N13JxIdK@>{up;UJBy&YfJ>nQ&F>t+-b!nIePy10N@%09Ak<
z<m-?oOsSE~ho%$sE9xsU(ibXR=(De!p#7p%Etmj8Y6?9R5ooz*g}xyy7fA+_y>IJ%
zqnzB0d{O%&omb1<h+;<R^u9_>-@#tX4xh!Tx*^Ux@{RM_G=5iC(NhbkbKl6a?_1W1
zX9+U_)LYleP8SiAcq76H%IJf@?6pYnIWEtkN%UON_b&4hSk#$K*2i}MagH)sfd|vQ
z&-qKq!5QOm!KGd@5fD+Wp)0%Nb&HMdKjr7SzFk{^XDdW%AUKq#?zzx(p2NrHj)R3s
zFD!uK_7VV0%${B7I?<KsjxI6XNdMb6?ij_p+&%rg-Q95cvtn|9$#OACpOylg@YiC5
zx`2xhYG)9}mtQ#gzsKhL?*J-biRzy|Ng)7|LGPAcsBf>*3&F3|xB4Y80&E6n4nk%F
zR6q@K*_>~!_!V`s#G(e;b<R`;-KGhG;IsyQtV>Kba=YL)A??A)8p~Cx-Y@wxMVSF8
z4D>|(jj2cD(-l(|R&xbc#IDd*%KRId4K$sz-K((4j0ovw=j(jpH?4tAt@h^FS+2~3
zUC2HP8cs4T3|LO70)tv|i6kpCA;O#a-)~K>B_tl@q^cK;tH{|E5pIId&3h0zt81Xs
zQ;|)*4OjMKXtKyKW@$zO1F03F*QVU?a(CRdv0`(F*?6Sc>8BvxZU^BgwR1g|9d!!o
zr+03<{=jghf`zcpv|a*w3;g1_sqZ0HHISAb^efa==I{!hO2IET1+gxs*46dl!7q?I
zSXbc8^qJGazg=v4WuOa%n<L6pwemkmYXf&1_Dp=;JgL(^-uDnedqwY|0r(9WFZ0gV
z{YkD`uiqyF^PGKp>A#!MZ1_y_zmm|bvnct+A@TpOBs6O;f}GI&Clo$NXvmeWHG(7g
zqy}B+{%2gmLxiun_BubwFyVRn1UKA=2er#->(lveIz$El7=aZJ72Ie4uj<b0IS<fl
zn!kU)p`nonWw41Tm2g{K10&&}s*YUS^sTtIExFKA7!ep?kyc9FocvJ0`RSCLi9>q<
z>E~d$Eh1$N8Vj<U(lWBrzSrBlU88aX{tMO(mNg6qs~GH2>2vieD}PJzRwWx_t@*OY
zs}X;Pbz&hx6@*HIC1>UsWAJM^9`N$=@+bTQxZZ&j&p?qnKG=;guOIoQlqVZky2xmv
zyw>4$q%5Wic1v8IOTA^L1=ik}w&jG{TGKI{exNM4eE!-WTA=n13D<T#wNqhhsRL%)
z&$T#AUm;>k?u)RiGW9N5oaVf+XvmliDzWIB1Mbb=voSJpyJ{}1G7W*WwU%WeOhZl(
zd625jG^Gr}@j2XgoHbbX?^a=DvOSNc1HZIn(9eGG$y!w!{Ig1ixQVz4Ib3WDk}_z;
zfZ$c}7~6D$R}uSDUR4k(+<QypvpPOk@Jafg<a_9Tt@pfUCETBPm%v?Id?fu7j%8VT
z{P4ZO$Nx?p=F3{uD0gyJ0d%<oT!4gL@XY$4FpSoiF;6Jx)yR5VVzaOv4xC6aG4g9u
zB4MFOGK$o<>5!Qxl&(5L{Yvb%MA1XzGKz&u;Tj3@1mi{9n2H5&Jn!znfF0PxGlWG#
zXuBab(UeE1mlGp2pXU!U`t@uMD3CnUAJIF1xJJMKR-72;ELwkFTU|7IcWg=(gnG^p
z+J7c>z|_C4D|oRi++1N%foSVM+9J2Gi+iT()HNd8qpzyQ!3sNZ-vsQZ$`9Adn@;`X
z+qR-bwm*$K27jKH-x1=c?6UlNr@dCx<Xg2;4i03dA|lh9ztxla8c++L`{YSMIp^Dv
zx(XCadV9k+)P=~hZ8Fb~3P+W`y=X{1!KPyB7e5v9)wC7snOfShaAIxir#`5iaCXU)
z-B;EV8>rP{tZ=s{7Sd~0l-rrBVEku|PNgH<MC|&^h50T16=rTi)dV6^fYIUjOU7Z*
z+qU=RZz_duyNvk>kPo1(*k(wRp|6qSMM9;NIzt)smi#E_gfPu0RaU(2F<B>(+dw!O
zzCQYK;*4->TWT_BB{%{qK+}HK&J3ninV|J0)3q<W)h&3Onwkn}nRe2h6DLkUK^!Fi
zQZoTI9CP!XnM}Fo532+fmAGi<qD~5&&&|nEgVG1>A1RKMND?nll9re#E1o&AM>&_N
zQ3i|Ce_QK9dcSLgQj%6c2}Et*XvD9*M!`YMSN<=ug8xn;($D;_s24Dfgp|BIVNXTe
z?OhLa?tPl+;0Y(^brih<L`6t|`BtX%4$uR)*K&p4ZGbYcWW4`>rJ@5Q!Rn2t<`ZUe
z7fjb`JWkQ7zEA&AMe_7nz7Yk-nDKm#eofXRlZ{L_&kCuPtNPamp5ncevk|!wg=Wj5
z>QXGTOz!a!cpAjEWsT_p#U=@@x|z@iLqL!AP4BEzFiL8q-(BA>6&IUhZ5jN-_@JG7
zyA@R3HO|~!%fb-ukw@Ye$GNV>_G%|!9pA6)pON{GGn940$_b8~^dkXJn*$)N`<G}s
z9`#H9(6qWc-P>4<efP*M_NrEzc8tL?X<WJyy3r>QlP_||0XvO&*v{ao#too_uG7VK
z|Ll;N6jQ{GU?)$U`SV>v0!k%BNkZ!6h5_h5nn(zJh5C~r=9a>yrl7Rl=AJm6)BVi0
z$=CS?5c)9lOtQpA4$@^$K=G5J9K_CAdB>^A_Ut*g;NP?JlzTK!ayz^SxpatvJEam7
z<THOT|2ASztU6qgR!RRQ?Bss~gu5Pm{lI3mQa3j+fAZD5$V*w{z@`1)qqwc78vog^
zz8OM1MSwTr8<6=H$on|6oo&Z}Aspnla;vi!s;%Y8+frUog2*WUT~pJkMOS}77JzKB
z<c=L%T8VWy8!m~k7!W@46O;+a#d37BZ0F*wdlCB(3P^IHLc|0p)ZS%HC3*7l1uDJ+
zy$g^j0B0UVU0KAb$@POZBHwxqM-}5;(r|wL=Ib*+w1yv!xs$1ts2?Z}Fe)XPpbdo*
zJxVgYBjck^Xi6o7<Xpr{ZsRHPzN)4sQ-&Y(CsBLQt|P}QlPk<A%x(COj6~JKvC44n
z6QZ=79N9k=x{>1@EY$8>FOdI7U-M|dO6Jeca#0tY7ry@C!V8snql*HGh?eZvo`oE*
z_3R905i1DO`<8Blp}?orJ&*3~Q8y}RKYHOgT?m_EZaAv1!kLd4wux))zze<;_rdA~
z>|3ZSlhg$|u?9zkv;@`;;p_MZ*`VV74OLYEfj8t222-G1SM@)Q)cZB5+dWy2>|`6{
ziPn&}=g5tLVDue#d4v=^_vK-Je5|l@_f2|anEtu1%Sgqh@#SaR4WTQ;e*|rP0mm8|
zRu)S~-JR@*xU&Mg#pJB3qnT#h0==XgArbplu&*_SxMZI#3^2^$65R^p9e=M<Aj#Gt
z^PT;EKzSa^ZsL{?yp{Y1Av9im+f0`$?jVLO8k-caV0|Z5c3MN7ANDZl)wGK3oVFKr
zQ9IIH5ISJvx$?|=rNN(M-Yq9jOVDon!h|!fCn#9=!xZUxAoQE&gC}%y3e!$S(B58K
znSj~`tie*&E5_sIBZ%7Yt5xMjaVRiAJ|iB2;{4z>nR{T6c|VsIHYuAW>(ulDv!Q_n
zbl@|uh$<4WZ{t~>Gx|-(iQ*<Xc+N2Twq0tF{z6nM7)7NfE#~qh7s;H=6?HXw*G%Zf
z`DN=Wo40`_59nb6H{>XYtTT`-H)z|JGn3{|yCke`xr@ZeyFOD9w61F`yFREtA|%Va
zJ>y)eNncg(?@4hBC~vmM_kwi@eZa$mhH~Ror>r5(;_Rw@xgzl{eQlY6<bcL%j;(&G
z?L@M2u?YwidIzWm*Wfz=NcZh>QtXJ6tC{?05S;ll`FRwPRN*&qP|2BnI}rgTKj#<Q
z2T?v_jJ`qwZ^|kvO;7#?uw1p)YXyKuo#CLsB6hTiHzLr+zSp0lR!W@<ZFRrMRu0s!
zMn6gmzgj^biV8u~OSNn1jIVCN=7hIO%F3$*l@d4C(AF=kD(VNoKSUH2k&Eg9@hqY@
z`W1fS1)_>$+dHNm)Rx@Z&Xqm-f1#ZG7gHQSP{6=?IhgyS>u~>f<XGvnMhphUCV(%{
zQ7>eydm7*qwest_IXBMwt;c-|N8$gMIm_NQ3~8iih-_>5$0=cG{R*9G-*ni^%bN$E
z-gl`WZiY9;Os-s!Rd!>U%hhh#yXp!4x<62|>V~ugN`h80-)l-r+Y4jv4{OpIq~S$^
z9BB{?VV$Q;HC8-BXcW$HSW4#6BZlZ?BH{qjXI^zqZXk<Q{j5uAz_iaBk4NpbfmXD?
zYB_#CRx;-8<V-?XA}mk~9{Z@S4>jUrWm!*#BLc{E#t;~3uXK%}&r#q1y9E<%<@hae
zr|7oVD|d&kqZX8(IbxG|slD)dj}+=La_E?iwIylsLDZ=Q8&4MhLCZo%%cj!(io{L$
ze3kfHlaU6TLo2DDj+w`FV4^=xOK^KpV?8&foPMwCWL)OjelGzcKPdW-Dj@lT|0o1<
z9g7M&@Q>QJzK9(9{6EV{PeUEFkb))uHw<n@88?IY6m5GKvBv*D#XLhh#Xm5ejfdU!
z^EtO(6W#K=sEVp8+=R2{s)qzfo4x8}?%la_N6WwnOc-t-0b|NJ#7co9U~2@H(44I2
zzUB#0$Ks&%Xcp|jm;|l9tvX92JH*Vt+}s=}WQ!&6>(G%qXMIu0S6nXKG~x^nK+DTH
zt6$e!QJSFLDhOvM+)5+vKHa9xP&~ajl>RE{z>gB`3+}>;kt&<0K==JKwgb6PpA)@?
z)no~(V#`sagueQ9aO5g1<H*1F+t)ie-d;lNIw}|Aexm-ca_Tk*ry1?_pZW-2SO&uy
zpKX`^pnOVV9F>-rr?DxZ>HGI{`34wUxQ?b(=eFdv7H5M@IMU_g=tS_pRIhXi%oi*<
z=XMIu&;q7!`43*&toctN*MJdB9sBNj)j<oo=Kw)^AP5aQ?cj1N#IN!}iAtBI&r_sl
z4n<x>b`Pq<tdA@J1RG>cE+N?FbmI=wDk1Ri0(R^M2~<}ke%>2@6xa+D;n5a~;}CEf
zC{`Xvf!470m%8CK0k<eXsc~Eu$C5lTx?oS_ZolR+gy^O&Th<J&SddJIdJ%AB{)0kN
z_-(s>*&UM)&TFPZDp(J~r?|0CM{Yz2oSFQrR>^jiN8HTMdgl>gX?FgXxV@V|2uWeX
zoEpZ0b@6DzO-&(|t1No0h1idsZ9GE3*iv`JW^vbanS5D`5WFK(??k;$dQ_bup)iQ`
zvG)3)3=D)8hOc1dY$I3Lh7C}BOE1k!nA<T>IkQ_Fh=2+3*V?m*(3^Yi^q5o?H*`u&
zEp5Rpwi;i1loh~fQIH=QQdCAyy6|i<>pQNs{r(5xBww^w=!<(wdD%FpB2AUys%?Z&
zrraE9eKXXy?Yc}-70<`h&VqT6`%hyv>#ITqj0Q}%?NDEYS}PrlbnUH4gAG2$$x-)z
z=2zI@tx#Z-rfD<RX1VchK3QtW<I=l}SDcY3spnv4(22`AAA%#!h!L9OOhb3<Hvj1o
zc=m*{*l~h_FwUPdvE98nyk^&;LR@})t5A|^EmaS<lJ)nYII&ps$exKYxx9LQpJp){
zqG<Vh>#noYr-3Il%8V9X7JJ!}7Z>C|W8RwH)Xnp-L-z@oRVgVcA!bfR6ay<V$>x;Z
zRQ()Tu{HO+@3^4>w!co};83dy<I-OY8VZLS1w9%U5^5ZaU5C>K6-Gu{HC<x&%&Lvm
zF|xR1JbC$4QfKK~V4V6FhTwLuAORu>ZY`G59E{o<d$Q}6cn%xW&fVwn(-s)`wKVsv
zy%|S`j{EbUNo1#CUvL`E7ea@@K%fBalhu1jvNOiM_js2`=P%q5BX9D0Z?C7Qc6#;w
zWmy6D;pn6THq+yE?pueBL8_O3qf11xb?-9=pTXdY#>AHN8Pnv^8V%GJdw<tcP1v9L
zW=|fh&z!b-J|lCiVqc~Bw;RqCgs~O8{Rfrt43D;=z~~c0aYABq*L{61zTorpBkZfg
z=-AsyJ$3LY2q`q`XsD`K%ChsO;*TmyZ_)=3V4^h!{QSwRE3V+f0#SB;%6e*sl0!Lp
zPo{ElMzeEt&~i9LdG`82bNZpA=azDNMw;@R7sCe&F9WqKZ*QvoNRU+PUQwKnMM$B&
zm;f<T#WJe)lJq^=rTaWSR00FPEZTtiL|LkzM$J48+-@z`M)12UDfvysMA4e^r&kWa
zlU#A{A#FEYoIcVXhjzH(!<M^a{}Yvvy!c^08~Ws!?-wKOnLV)4i=8)k>xDmw12-=+
zfw>;qR|cud5fsK+VtK)YAMqV*glG%?7dn@i*LYq}D=legc^!llw2s%%32_P#dGLeG
z!UemaPxe~82_5zQ`XyLjX1a8EzC|h;KTpN`V~r>X`pc}l(BrMaH2JeJrw8^YZ7bpg
zN6wT$4}1Qu?^XVnG7q*MT6;)xq-q`u1se|zFhR3(JUqU}qJu)c)J<6Vzk*)V`b|J$
zRy&3z+g@DsEAvgX;D70iSZyG7boK5_Xo*lf*r%Kd?<EUts>{`EaY$SBPpNLdJ_dd;
zG|(Tz|Ka%^FDRk<8tU>E_ETiXJ+k(7S`hvpVg%S93bNRKYiRcwO*WSU#q771-o8F2
z>+Ze3eIX6ZGz0j}OV4gPO>T$+I@{pq)|5Tx7MTr({EIT;d5JjS!G9_)Y@%2tgQ7Nf
z5L}OB&?_k_oBpO)<w;o9#AVx+?iX^xQIl=p;rYBqLjjBCEW3Yt6FY)VE=O}eb~oNi
zX*C@Oomr5wJ|CwIsCJ+|w8uRQ)8r`L7n%+WJ*YsdPvFu>ZZ2h@2u|EtSvJ#z0OA6t
zi}S%!7kV({q^381_;A8Qj8O$leabe0c45N~B!wqThk++#n`H+#HN_zgkrGl~lrOBl
zhg;!rwDD~}BfKf=L44_mhk4%}Twj^UMi<qA(O?t;H_xf5DcysY)PMc4X0*!b(`UKP
z>)I#fxn~3he%Xm4z0N4YUz;dAX#e*}o;37xabK0})-PgR>oFe2xB1flZcd788Zk~D
ziK@leo!z0oe{H^rB&-^b)SK#8vp*}`ay+Lc994rUNPhqjVXlJ7^!?F>LUS72Fx~gf
zYm0)4|4acU1K%u+73=6VlCHr1Om6uI`p?z<?L|NH{^LEo$xy>L^x{o36TKni0d53E
z?2)7y-toyV`G1Avv4cgE<>6TOd%ZGY*yH|QW22g^lge~UrWIzM%|Ja*ZkJ%q6~6f6
z$5F#0GD97@<ppCk3YIlLf4-;3u(Gnk0Ko}t_1THVCI0O)<x83zKFz*NK{u@yzsC|6
z#u_5Oo<o^)hqEYnT%|$T1fQh&yXVxogTZqlX;J&6B5yioi&+@*hvXC)9JS3|dC`fT
zRE=If9W3TzCigdQ=Mxu3_tfv@=?5*xvw1wQh>dKncxjIbTp4IMt5*)>TakUh2u}9I
zaW!q}=crz_c>bf4XMz?t%Q9Rth_x&}PAh1nov!$@m%Mwp=Zy6#JELbm*AIo>9I8*5
zxnIPPqtfd1lI(>@wlRA|x0WXKb_=WIlhge9#Tr&)nQaj%>b~=aj4ag4ljrmn)3%7X
z;}RokxDpB4_q*Jit+kaK-p{bjdz-R!RK}ah#XV{CA1NxdcRT!X_u8A;Em7Q;p-2^}
zV8D7bXX5bj@3CN*e;y+L^E{_-A;XI^p=}!x-2QiFW^xOy38f#KlTsgzpHetC$nJ&R
z$?ym#{guUQGBVpIeanh^Juo*mU)`P5gl%4+jMm2U%H_5iOpoP@<%z1f!9q=yyFWkH
zy&QN%w^hV-<^~b>A>5QXM-{i+d`{IyzWvIFuyj%T`we39GD7+fWX1YqyV+;>qehH5
zdw*E|4tQq4DYN}|y6Zpl{eOWz_Mbzb-R3nx?C$6eG^Dh;R@!f%&`)lZF+w*+^>(}3
zO%089P{-sy*wjp>Rc_t{#uErZ^!G*=z?wxsGH?U<uYLdnE6-_bJffpnPTPE`7$(Qb
zdQAJ>;X<dxuR)#KKB2wf)(Lvva^u6B%#J`GVn;$Zp?tdiz?!|$EqY`^;a{uhgI6q4
zpeDDWt3e$D6EhexI9xtzL&O%)9x!+p;>`zg%WS0X9rP4hbW>!&LiZpBE-y^!Zthn?
z!V<GKT{CQ6P!J!yovAiDMuh(kCJ+s(0)@bc_ETx;tIW;)r`A6CIt$C6a>M3EQpAHu
z1OHGY$p%e{W~wmP;>Wk9)WO`YqxDl)P%}AIXwowHsLBX0bayOQbO?g$GZk$XG}wG2
zyu;UtCo~BkJ3l@Y3KEi}$4~A;^BJQMJX9mD!hwk2XLh*Bbh=+QneMyd`h{n)7YxDi
zMAgtjXL+mY%qy0R(5ooxE2t7Puz3dO)FF*?h)JNcv$HPS2Y6O+E&d9`qV4<xiNN6S
zl9V8(2KB3&Aa0+-j*A_Wi?@=$rbhZ%?qO7DGZ;acX(m@Vi99GC4^A_^mFmv2{|X8N
z<`X94KMIh&TZ6O5gfE${AKbp7_!&u9AQ2r-C58J(G+aBRez=|9LFSFIqN-o?w_{qk
zxb(U7C^hGrgQ5Amg|06cwy}oa`ZTx8xT~YO`ATb`Ki`LMys2pA;b+cz6+nZn0yk;c
zYdv6hy)M}=2p2%C-}#P>SOwbYu){TqU%A{WC1|Uc?TAaT3qF<dykDK=4n1apJ-GE{
zYkHDusz$0p+!e(;BbhI^QmeB~6=h5I^DB8nL#dBZ@)2fi6PJy_8EJLkr|XuCMl3y>
zy|N<j=;{#^^0w@=dDm=f1n)y&QJ(KvJOqus8f^A(P$t{zUibk_ZOS{FuItNa8D`EG
zcdW2*5GrX^P}|+k;oN45C%g%#7WW9oUx&)U2$JkgSBovY;N?fMO7hIJ8S2<}y=iZ2
zw2^_ZSk8`mm;4w8OV7N}eMh8*VLZ;6nwQ4Pw0y(7z=P2%4266I)>r4_F4&^%X`l;-
zxDIMzOvv|4gp~F2&X?_VYN!ELq25sdJ%e4b7w+$iec5D+->wwT&gr#%gb4Rh42~^u
zFb7Lq{kNO9ug!&H=5TT}>}TehhLb#Lz8K8|P4w3O2v!<kx&Bnwig1;s0O?&rzVbV=
zk3cYHX?6tsd;7|_yhgf?|Mn-yG#5^|3tm8@jo&_gibUrP>$9S4?R-yzIM;4imt06H
zLajOPsIuwTpEOW}jB~wVG;oa8B%K#S1!K%;)F6F>yoc=B@<;$_0hfOt5{k8d-}FxM
z8|DGI&Dxf4clwz#$acY-k;(<~&G-0C(+Bu>u)}>p;IaXB6+JvLgasksmr%pvf{?*@
z1y!&O9t-*}xCi5ZY#|4|cg6qaXX|~jH=!R2Aju0;wEeqb=Z0Fbsc9|vDJQ%mfA8N~
z!8<SO$m?46rQ`hgan_R(x@QH>+xJxxMn>*WrEESUM!B#UggLW>jtssx2hso51Rl7t
z&CPz+#7A5ql#2+18u2NJ3w4Vkmax*>^t8g4^uV)9@3{#R2b;g%UU4?c0}q%&HO7%1
z1DG=~GY$tl0v@bK!N49PhkJpNM+ua%3afGh6K(KZXew!9%Hg36umoSJYU<jcvu!+8
zr(cUuhOq|mrc67`OOLCrYPmlUh{&K11ll3Oa=FJTltFtV49-)tR(eWf%Yy`+C!Fl~
z?`vQLzrS9)PoSSaZx!onp4DF@(*&S!4z7@y&VV;a?vb1wzIXzJ))IT@rxb_${l;(a
zTXGlU71!l&!L+M&d(y}OUlDm{YnJXvDJrvJAo5b;&!RCef=;QMz!`LJYBi#cs{p`3
zjJp>4u)A|296|pGI&o+mfJ}q|JW_R7TwMI<^%4}#kD=3-${l6ru7Uo~<~jH^>qYgW
zimM|;Ha(|6Jlph|c1xL~7Q9UzA)qQApR({d<D%d6rt3rw>yVqSj;s2BGX{)i8liop
zTqgHTzIuUavN07yetP&aTcoj=vHWnAc@{!+RXa6g?|f;IGR+1P=@Z1TuLS~ecBvsj
zKjNz~UKSHqLhXi#YSrBygI?Fg!I&l|Ax_<Cv_Fn1`|sqK>v%=?EM+N_lMxF#g+!-e
zF6mnwmzPS*dEtVVgXALx%1fz}FGjl{^jsN+k^X!(l?43zy<M7dvd%2RW`~<v6f6|g
z(GRnCp7b6)fGeMg<|pj)GqLh=7tA;_nK5De0GKIqz<Q!KqiHsQrN_%*QL$t+=xmbl
zMod}!!R1I3ov-bR=5B=}rJ77E{@;X$EabF<xCPFbc)MBBjAb9oB@baR8`6g7qToTk
zMt;H|R?g5YoT@;(&7i1NVX7kGrlm`p7b)*XX38`OEr9UPYd$g)x@z)S#r~RwJYl}Y
zgG$<;!*cY5ga=m6+3UmjiBl%2QG)Gn%bd3@p?{=X?9U2G7oJ=Q{WkyQPK4Zup+c{E
zrXO^`P)Novb2q3yZGi5(`Fy-H7>5$DG>ayWyGS<p7c^NK%n=Eg80F=OrSPQ3`wtE_
zOP#il4WAIzb4BawEXTj+ZHl8Ej(8yMgzeE_i71yQ;=U?n;~fQ~6QA!cUu!wAB}xQY
z&O1h$p=v02p|XQ*;4zTX4J?SyKoCt?Bu}Y;L^7nTH!qMe5C|S{BPJF#F&a?byi1Nj
zJ4y}&`PoBZ^=p(j*vxWs%?z~V`$W)+A0y9P@uG$XC0)B$3KCri^Tw50p4WInukE!F
zd4ygc;P8SIF==X80Yy5?Ufa72ZlaH4GG*Qx{R#@=-^J2}GXn^A#JJXWWr4*pGtRh5
zVn{7g^TlElz@Y)PN1T&#wRVtZSA21Y(j<k}B6#84j2%fkx-YXf(>RA~t}3D8D(IFg
z!RG;`W2HSz>S$jmY<L*3T~Lh4zD`z*!Mx#RF{3%x-}|ob={d>vLvmM)_a-M<hB)V)
z`|e($x*MA!Yd~ur=Dg$h-?#P$vqdMdaqI4kR@6TD^ypg;)}+U57Q~Tq-sEKCzTEVs
zjIz0<&MVUv7QOyx_wKneVTn9jlCxe_VCLLkx0ZikzHPUnnf_Yl&9P_q?mXh+Q1OXA
zqBm(}g~@(Gk2L;K-Q9O(#eOE-ZfPWaRC>!rHp(|H3E1Y7o=k@F;wtmmsLrX4Gxu*5
z-0_Y<aL29rwNF^ld>k*pzuPm;{Kx|S*ZBl>ndt{+(+K?U^L80W;g9%D%?0>P&-MgT
z**`*UPI-db{1=npj>SzfTlBZfY&jqdH?}#D>f7!>s&jV#-US$JYO1TN+m<w;?G2~n
zjmqnqq`~Zu_Gq)6tG`$qi~>HD{Riv0xVcf<LX&5Ui^?6_Mwf!+SAULRBs8!n*1~f5
z@>#ve1f1XwQ7ZBUul}vREs&~f3;9ltzlh%=<M{9~`4;zHRZbiZG&7yC?NH4fVAnd;
zT6*C==?mxbemcrCzy}_d3Ss;UuJZP`;Vt4de2z=!rdQf@4!UL6C`?Itt8k9E^<I+k
zs??zy_OU-`MRQ3&atPCC;jTF%j6Eb{eeXyPzi`G|E}FJ41GCJEamvc5(gG@Tp9Yr6
zm57vsZR!Rd6RtO%OL%X{BpE7QH63U$V49psK}I$p7IjypsUus>xbBbS<h+iMQZxRt
z91OcLQ!c;o?&{ijTA8fGxlq4{hF8pngu{h{vc6z@QcJ9bo7yq_)B7Tt@G0VvawEjA
zoR=BGQ(xU(>U(*uL`^+1wLJ1bTkMBzeV0nqN|O4%!`OVQ+<}&<@mkVfd3Mh(r>Ar_
z^e4Y!eR)wp;69Fb)G|BsB4yrr*DzXp23(8FZ|sxmwA<N{VUr%!KG84ex|?0p3!8`<
zxOtBy71#N#@h!D-!vAUPy2F}Uw!J8*U_rV_Q(BNimm*#1p@kAUks?U%Ewo^vgm#bw
zMOu&|J#df`ih)BBML;?T5|9>pZ;|>o9=Z3vcmH|&`*!C0CYkKDX4b6rTfe>c%uq+*
zu5pe2kmBv|CLtB6nmf|^o*0`)-^q5vbY3_Wt{SI+@&=`fcb~JhA8wep>K;O4;MGsp
zT){#v!?VAX-=1@q0P!8TIu;eB#7p1nY&^$Y4)RNv3zxHSqmIrJ;-tbEuSpK32+Yg5
zcm>I~kG=?7SgPH)5YWOHVpW#r-tM2`s#Nq;<a~eQt&;B*D4L5<!)W@&cN|a&h{pFy
zr4e@zDAQniYFaUqu@TaJv1(c5nX}hxM+F_5*H=%6aR`lAub7Y{Ev89NHzM|SwlQ|j
zrpjQtvRArnSdZ}TXr-F#`_ZbTbv~5fmPpGE^+h5&%B*!xkH58oal$dG<Fz^J@WyaW
zRTjRdQvFY0y<Ytlo<?{@QxV~s>pZihUu8pv0)*COxA&!bb-lj7x>1xTakI<&yZBrM
zNG#TeZmmHviX<0$kw7b}w>&a<i#Nz%=^>kCf7$G~*7QISN~pC#B(^A>-qGx9n)^Em
z7(pbN&VW*-g8fF2_%@SNQM8y~YEhN6TR)XOhYlhx$e!JBL>9qFFynT+jZvch^NF^x
zB*m$wia$wCn-vIR&1U!Bll5FuQ>0LE!*<N(lO4{aQgb%9q7nUi)>*4zgON#p@JfqI
za^BSrcUzuBDQ?7%m`cikVw>IhR#z1?mDbCZ1?Hd;+U_mQ&G}bvj8r>f<?muN1QeE=
z)$Thp$YjCdR-Ys&MY8eX8ok!-OjJ$Ztk4CbXx=(!@UV22G>Qc6<PJXyc6;Z-t`IWM
z`v!TpQ?yzD6mwfR&E4KRh2@ueCfAge!y@W)jtij8__!#jNte^~@uZkjLRqozBIGEl
zZmv{`i7?SqBGXP!=a5bXII@gOR-rkFh7-U@0u(~T9S-|fgdH}x_1RRhgLj;rXCNDb
zEIJahRAvgHk>>pJ$$C*YMkXbj?PaR0e&#Z$`4OHJW39Feu_6+n!6r-ImD<O>PIyLo
zqE~MvSL5uBu6)7qP*E*xnk%L9z*HBPjI4(#r0On<ZHEsl6ui9%cKDh;vYgt|qAb<K
z?QCzF9B4RjbR~BAo9`b^d)gX2H@boz%=h+K+0aeU<Cg?u_#gU=<}u_Mei{~<=rWRp
z65_(t`QLt;)m2N>PAuWBO}_}}ba`j%$nFGo&f{DW<Cjfg&Bx|J6|<5ack0OZQOuYr
z(p4~j=-s4uel_u)DX&c%H;D{t*X^3Mi)5ub-TPD3tca>obV2a<Z}K)hBA3v@ozvM)
z>I-S_vKK0iNcaxrf&jE&T|NTK_|^f6E2{90r7zs(Y^m)E)N|`C24#Gkb1%Ha7h=y?
z1;gD9>CUqtX1i0O4Jca8ee-*`Dn3&s>x`A+!pZ6SB(Zw9gGbrukKC3F95oA8hO~xo
z-%pNqx6LD)wS^sA)A1C)wFy5t;)da&__E{f&_N;1=@N|HVzx)O@f6=HcD^A!kukLz
zZLMWiOeNud@a1~zqmBo?y|tc~EMR#qTfo9Tfd&uRnRH}RzoLtd^{az$1*&E0T|4j&
zc4TVMUb#YMk+QGxu8144`I;m<R4ZK*qUln3hu(SXi(as9AN-Fo5$Fn?ff4d!tNi<7
z-)|obI9#;`8Z|{kv26KZ<AMWe=Tuq<qgAvQl_;94p=^C*>)xU<Ai2*#_nwv_;)f8?
z+8^@XFGz9coc=8zjCgrPvCn(8(Ou`HwalwY)RpFuu@t!#^~3MK(_?1TB)Zv~8Q>XX
z5PqfQ&vsjA&0>+*^4C2{AZL?~iek-x71YwOP5$7G?}n@zAtohVRjnOJi%y$WXZgNl
zXP1LZ7E|zha|>;{p?ZcN7eX-PIS-xs#9xPl$mnguTI*w_-?X5$ZM0Z<_&uunmSR#$
z0;{2ERQYREcRW{!!XZYp{UGWJN7!HTI&a$YCfm<X@voY2X8fJx-xyH``gz9|ir9r`
z80kJfmxb3{9cJc;rNTc6&{D8<`phNuYNQZ&1E*r<XX_lXc~zsbbuPuJ97MM!uh8we
zX+Um7&k8+UO}d032YvoJc%|Qr7DKLwJfc|xI*1*@`C6tjN5ceofDCOd4M2vNzZ9nk
zA6b8ZTU`?sj-@yLt6Dot@v@eJxBTRPeS-onaT?S4nvanIOg>LRG+OL%+PEvH)^xx%
z4(lYts0al90E-9#aD{U@0UjWF31GA8L+6HZ?h`!7*{eG{37{tAsTA{H(Dawib#w(x
zgw8cE%TPd4FK&4}8V2^~G!s49uF`Ng0k6DS<Pbvb%}{NggzQEG=!U*G3q<w+z(D;y
zS)jm1C*6DppH;4tiaS$PuB+cBiR6H2fOt3W!~3FtkgK2c7D!I!-QbOH)Q*I7R$HG6
z1)R@(V&vOvk@cGRoaWewy3ol*o#6aic~MZiPVO{ysnYRnu30MQ)&)*&_W<D)V;E><
zJoDl?pi2R0BjTyMwZ)C48E5&RqCuAEoE407juJuhB`~`RYu9V15^o@VDZMuxd3F5y
z$1X2e@LKQz?w$rfa(_z?X4X@VtP88AJ#3G_m&j_h$tvYn);A8(g|qCGpxWwtujMGe
zPy6;_)zoWJ=|dIzU)tm!?4iZ{?Q*%A?rRL0eTcj)Sf0_hdTb84;cizEbZa$LB4)R(
z)|R)s%Jg3<ehEwX{xi{&Y1sCWx_0H&P{RbO(>6f}NFTPB7A+y=YO@Kwa`CLg^2g9|
z@|LDBhQ(|_t~ok7i5vsEUU1{~h3yE#<XU;~Oc8P@9g@QAhXRm-DsWzy8wf_xAXNn7
z{K=Q`sfcgS7;1I1)%B7%Au&FG9FjDm$wzAKQpv!mQ+xR}DESlUAKa%yU$Z@ZDFfaI
zKxRe!-cQh;0@p9gC~LSfwx^u`8~xIF93OV*$~k#>ti9-}_rM2a-hO>=U|8{l&GIJD
zpATpN@Vb*wy^;?nFAvXZINsp?ry5QRP}XNgDHnZPhEk5Q4ZvH#=&1n98UHq5+jjYd
z(bbJ&!YA<b-GulTCZ8@1qtt9y0h6~p)zB2OKXGy}1nd4Hhsm|K4_oub>$7xz-A5$w
z_b&)+@z#C_-CiW!SAo>)$}O~wqn+EZ*LtxBZ;nG4an;v<qg{F%d8f6#Fwfx%vEeOl
zSZ%_P$LF?B7Nz34{H0rp*HZh@Qxv|F;3lRWO1Y8oM7Fx<&*&Ke=Oes=1J#`2Zrkjz
zF)6S6q)OE7Y)W061pEC$XvgOF9U|Rhy_UgvqoBa*{bxG11+mC%tV9WR-E?0DPdroP
zD&UojT=d8{%ohfF_ti)Oyx~i4Gfl&(9XUtDsP9>xSX(OuzEKSs%2AT*UXS;$aRuJ(
zqxOooU>Uul6Fftf2uiVs2Db~3yZ+@IaDgQ#QU^d{`Q7N&)KKx6#1;1>g8ty0^xBY$
zG0Co<%h8=vW3Ba88Oot<-bTIWi_~QO@D}}?NA`ne0*^<}WCA*ugge>#QS3pCPT)9P
zUGpHI?H|`6+1cmMFBGS~q%LO4YX0~rJG+ooZN)n&45not^_{1Rx(t?TAXu-;V+mKD
zy3}ADl}Zo^CVFX!7yczQg280r$T#H5xDy^ln;BKgc@e9kTc=utT*GsWv*_wR+6}#q
zi+_@g<MpMB?PQ;hdj@K%IkiPnf99e3<}`vxnr=Lhb4uYwE#6!#=7T3He#E(oCo9uz
zmdAJNX}z06&5o%1pGJ1w6%z%g2(b#P3~V)`H@~{Ma;Eq?QOv2EEmn7_Do-RKHjnM6
zV3ebR+s5kfljxz>%q-bIu_>O*Rgcpp*12yoof@wqX~bh7fy7a|*04316F3#MwsttH
zIG$|(cywJ=*XX_(PNhjp%cFXX*pXG*u-_gYYc8Q<u%MMCfNgOL?-)=${F1-UEnB!c
zCQ`5Catr?n>CU^oZYR1hS_I(Yb|wHPMS~*n`BBy_WmtvkNzW;F^q=zbZ9NLGf7#OJ
z0a(Vj$uL5b0b5`h{XF^gxOuG`UsPVw{_e72)V~oxr;#n%CI~X>o-Q8_`|H^Lt>wFb
z{|x~MaDzd`uZ-E|7Gl-g*c9L8JIkU&QjZvaPeUYGAPO6CP<RRXJb5cOIs+yhS5)X!
zX4G%@HstM~n5Dq&3<CZ&ftO*q_1RbfaYXt4i{AF5T+Y@%wIvk`F}-`#{}HBP^WZAj
zeA{l-$Hxu`m)7zq&rhZ<!axZ6HOX6F%C#r8jS9zdGYIkHOBbW2U`7uOFYmzgePQ)K
zuUNfL-T&f-o=3R`r;5buw4f=F@4meH{G31pBak;=Wy(Ktc-3E^?O297@N4^&tyDHb
zK*jXDRCnjEFiiQd`=os<y1Ofakm%T6Cdh6<8WIn+5oetiI5Vc3NkBwoGq-vYmhLlk
zR{1v?`79hEM$i5sUifVI;k2T0J(=4)9JPP`@$b6-kK;NI;Y8}5`Iik~<2UR+jbbB6
zKJ55#H^XY8E;RX<n>?v-=>AV<x)wqzpo18EfNxBlvyS$fpoIM<6I6ZY!RLNa7ywi7
zPlWrO+Fu5!h#zOp_%wk1rXqfY(6iR3k>EEK5d%!8ivZPdN=48Ex&Bqwf2fGx5&0Jt
zp%=cB3nT{9rDWFDXMYU~{I5uGGWGGw-cirpfA|YM6%$M)4!74tB;dyDAvZdhfvrG8
znQGRebk9VR+0I?!a4UwAm#6>VP;eC32i%i*r<FWL@j(5b;03&XvONQ?udko$&YYN-
z2pB%c2FMG@OrrwojRLW;vzL~Xi~;+m!Y=p%hzIBu@i5Ep@(90@DaRwVpyK3j_u+ma
zo`O!6+UY+AUL<^#2ZQ@Q#xi*j>SjyH04Q^w&o)qQVRN^)_z2%owOg2Nz)4r1;5QwQ
z2iZp^G0R%a*zstNXO_1Y?z9o&ELgm7@8SR=WuZSGp!PLrxBs~)lr;gDM0dGS-+9w6
zIDeT&tL0mdO{#{2c>C;7Wz+W707x4P!dCxP(Xf`+UuXRGX#}B-0f>qKc~<K)N2<9N
zbSlYt2>(^sXhq8_naX!=tg;rZm;tZN_Q`yAcuXXyb}h<GT2Ahin=&yrCVh09X92Jr
z(teK{Mk-Dy9wTJz92N1*BM~76C%)j}V8t;;#D-H6B@f-ta^3-K&dxR2Ru^@5vO6oi
z`_<dIl<h|I&`Ec0Q=RW6Sdd~BM#`TpMQ>b__lv*FBM0KOTaKM;V4OQaCU|%G)gLBf
z5)U#@N91s@aT#%<o_VrThB@5q#|KX3<2a7G8jphwq%SfsL%zt-M^pL3mwVSqDpCA1
zcd*r$_MDP9#B55c;@{rok5hx9^s#1=ZOXhnCcQHp*S@=&K|*k1H-D1Zt~}I7WVaKV
zWi0%qO5S`zSL1LepVzk+42Q{k?wvZ~u;cOM_Jo7}TeWjwB^Pg+NNv7vedug=qm@kP
z^3M6^90eM(#n*Sq5*)AAJ+?Zq7<#N-!y`dbXPvSe9Wv~A`-v*Bh*FOpk!=8R4t{Zw
zp&}3^mK)0?j8P23SdBzdoT65*IYsKyv5@UpNZ*`te;dR@aev9`&y_&b^)<#<*BtK^
zxGJlnACUA^<#QSQ<Zr5NecQ*{`O{g{muG00i5{V6Z1cM?(3&olIFuF(?<;~|8`_(W
zAs9u4=e}n=KYIJIIRs#SD<ij$57z2=pHe&rkqIP~A0trIurxv$k@Q?JN?hTt{sm=o
zs{ucfTo=UbJqAkmJXf^uvfIt}hEe(U8ZGxUx25R3-7JUpV1pKwemKgNwUVD9sBdy|
z5|}=KJpoVtiE!V42ms6ou^`BMr5k~$M0Um2q!2TLpORnUB5sY#s>AV?#UAaFe4=te
z525ujKaY(Pmuu`BlU3-==n>sE^o-=vQac2Oo!F+in3InN^@!+?Vx2O?e2ct-Pt6vX
zrC-yfbB^~WTcS!CeuM)ah4IUMIWW@?eyGt9g+k>wZ=t%B#&L#MK3t**BzCEsg{R{3
z+~@c%cyvrnz6eV|p%v&>;?+cHtbYOWqNM9R944}`YJ_z4kyXgtm+Vct!MfSu6kwcK
zbTE~8{1GwD1Gro1Z*Ol8Y$w&YPJMw4a^94$WiOW^-0QrJNL?pLNjZJ=B_`Kyet&0a
zccB+}x@01Bk3b;6g0EQL28{O#1;ijr{%&Y>I7m<n4guCI4nEo$o`6qZ16IJAqkaKQ
zK~p|BDtb))Nvn4_kT#w&u}>qO|2uWE&H_@gv&;(kEp7SC@6f?W^&ja}gtw>Xx(ARj
zZOwHP_AdPW17LoEV-t`8I0DzXfzPLMa9W^vz%EA#6t@9h7${x>R4`C{_6j*Xxe<Iz
T|GFRZuO?tsU6oQL>*xOi9C%q2

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 62bdf664f0..375d058557 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1411,6 +1411,13 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 </td></tr>
 <tr>
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>OS/Mode</li>
+</ul>
+</td></tr>
+<tr>
 <td style="vertical-align:top">[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)</td>
 <td style="vertical-align:top"><p>Added the following videos:</p>
 <ul>

From c0bb8f48d6d3aede76a7cc3a1d97ac78e2eeb89c Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Tue, 13 Mar 2018 23:19:03 +0000
Subject: [PATCH 118/119] Merged PR 6349: Added Browser/PreventTabPreloading
 policy in Policy CSP

---
 .../policy-configuration-service-provider.md  |  3 +
 .../mdm/policy-csp-browser.md                 | 57 ++++++++++++++++++-
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 6f733c2214..204daddb5b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -498,6 +498,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles" id="browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventtabpreloading" id="browser-preventtabpreloading">Browser/PreventTabPreloading</a>
+  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc" id="browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index ccafd7cbed..79d91ff2dc 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 03/13/2018
 ---
 
 # Policy CSP - Browser
@@ -117,6 +117,9 @@ ms.date: 03/12/2018
   <dd>
     <a href="#browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
   </dd>
+  <dd>
+    <a href="#browser-preventtabpreloading">Browser/PreventTabPreloading</a>
+  </dd>
   <dd>
     <a href="#browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
   </dd>
@@ -2150,6 +2153,58 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-preventtabpreloading"></a>**Browser/PreventTabPreloading**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. 
+
+<!--/Description-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Allow pre-launch and preload.
+-   1 – Prevent pre-launch and preload.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
 

From 4b4bf0403a347892651488e6832a96c4b3e12d4c Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Wed, 14 Mar 2018 15:21:49 +0000
Subject: [PATCH 119/119] Merged PR 6353: Remove system/allowfontproviders from
 Holographic

Correction to Policy CSP
---
 .../mdm/policy-configuration-service-provider.md                 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 204daddb5b..c94b2fe9d3 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4546,7 +4546,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
 -   [Settings/AllowDateTime](#settings-allowdatetime)  
 -   [Settings/AllowVPN](#settings-allowvpn)  
--   [System/AllowFontProviders](#system-allowfontproviders)  
 -   [System/AllowLocation](#system-allowlocation)  
 -   [System/AllowTelemetry](#system-allowtelemetry)  
 -   [Update/AllowAutoUpdate](#update-allowautoupdate)  

[What's new in Windows 10 deployment](deploy-whats-new.md)	See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization.
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)	To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task.
[Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md)	Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)	This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
Topic	Description
[Overview of Windows AutoPilot](windows-autopilot/windows-10-autopilot.md)	Windows AutoPilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices.
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)	This topic provides information about support for upgrading directly to Windows 10 from a previous operating system.
[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)	This topic provides information about support for upgrading from one edition of Windows 10 to another.
[Windows 10 volume license media](windows-10-media.md)	This topic provides information about media available in the Microsoft Volume Licensing Service Center.
[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)	With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
[Windows 10 deployment test lab](windows-10-poc.md)	This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md).
[Plan for Windows 10 deployment](planning/index.md)	This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning.
[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)	This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT).
[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)	If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or.
[Windows 10 deployment tools](windows-10-deployment-tools-reference.md)	Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more.
Topic	Description
[Quick guide to Windows as a service](update/waas-quick-start.md)	Provides a brief summary of the key points for the new servicing model for Windows 10.
[Overview of Windows as a service](update/waas-overview.md)	Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools.
[Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)	Explains the decisions you need to make in your servicing strategy.
[Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)	Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.
[Assign devices to servicing branches for Windows 10 updates](update/waas-servicing-branches-windows-10-updates.md)	Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider.
[Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)	Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.
[Optimize update delivery for Windows 10 updates](update/waas-optimize-windows-10-updates.md)	Explains the benefits of using Delivery Optimization or BranchCache for update distribution.
[Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md)	Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile.
[Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md)	Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.
[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md)	Explains how to use WSUS to manage Windows 10 updates.
[Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)	Explains how to use Configuration Manager to manage Windows 10 updates.
[Manage device restarts after updates](update/waas-restart.md)	Explains how to manage update related device restarts.
[Manage additional Windows Update settings](update/waas-wu-settings.md)	Provides details about settings available to control and configure Windows Update.
[Windows Insider Program for Business](update/waas-windows-insider-for-business.md)	Explains how the Windows Insider Program for Business works and how to become an insider.
Policy path
Policy name	Value
Admin Templates > Control Panel > Personalization
Prevent enabling lock screen slide show	Enabled
Prevent changing lock screen and logon image	Enabled
Admin Templates > System > Power Management > Button Settings
Select the Power button action (plugged in)	Sleep
Select the Power button action (on battery)	Sleep
Select the Sleep button action (plugged in)	Sleep
Select the lid switch action (plugged in)	Sleep
Select the lid switch action (on battery)	Sleep
Admin Templates > System > Power Management > Sleep Settings
Require a password when a computer wakes (plugged in)	Enabled
Require a password when a computer wakes (on battery)	Enabled
Specify the system sleep timeout (plugged in)	5 minutes
Specify the system sleep timeout (on battery)	5 minutes
Turn off hybrid sleep (plugged in)	Enabled
Turn off hybrid sleep (on battery)	Enabled
Specify the unattended sleep timeout (plugged in)	5 minutes
Specify the unattended sleep timeout (on battery)	5 minutes
Allow standby states (S1-S3) when sleeping (plugged in)	Enabled
Allow standby states (S1-S3) when sleeping (on battery)	Enabled
Specify the system hibernate timeout (plugged in)	Enabled, 0
Specify the system hibernate timeout (on battery)	Enabled, 0
Admin Templates>System>Power Management>Video and Display Settings
Turn off the display (plugged in)	5 minutes
Turn off the display (on battery)	5 minutes
Admin Templates>System>Power Management>Energy Saver Settings
Energy Saver Battery Threshold (on battery)	70
Admin Templates>System>Logon
Show first sign-in animation	Disabled
Hide entry points for Fast User Switching	Enabled
Turn on convenience PIN sign-in	Disabled
Turn off picture password sign-in	Enabled
Turn off app notification on the lock screen	Enabled
Allow users to select when a password is required when resuming from connected standby	Disabled
Block user from showing account details on sign-in	Enabled
Admin Templates>System>User Profiles
Turn off the advertising ID	Enabled
Admin Templates>Windows Components>Biometrics
Allow the use of biometrics	Disabled
Allow users to log on using biometrics	Disabled
Allow domain users to log on using biometrics	Disabled
Admin Templates>Windows Components>Cloud Content
Do not show Windows Tips	Enabled
Turn off Microsoft consumer experiences	Enabled
Admin Templates>Windows Components>Data Collection and Preview Builds
Toggle user control over Insider builds	Disabled
Disable pre-release features or settings	Disabled
Do not show feedback notifications	Enabled
Allow Telemetry	Basic, 0
Admin Templates > Windows Components > File Explorer
Show lock in the user tile menu	Disabled
Admin Templates > Windows Components > Maintenance Scheduler
Automatic Maintenance Activation Boundary	MaintenanceStartTime
Automatic Maintenance Random Delay	Enabled, 2 hours
Automatic Maintenance WakeUp Policy	Enabled
Admin Templates > Windows Components > OneDrive
Prevent the usage of OneDrive for file storage	Enabled
Admin Templates > Windows Components > Windows Hello for Business
Use phone sign-in	Disabled
Use Windows Hello for Business	Disabled
Use biometrics	Disabled
Windows Settings > Security Settings > Local Policies > Security Options
Accounts: Block Microsoft accounts Note Microsoft accounts can still be used in apps.	Enabled
Interactive logon: Do not display last user name	Enabled
Interactive logon: Sign-in last interactive user automatically after a system-initiated restart	Disabled
Shutdown: Allow system to be shut down without having to log on	Enabled
User Account Control: Behavior of the elevation prompt for standard users	Auto deny