resolved merge conflict

browsers/edge/available-policies.md

@@ -10,7 +10,7 @@ ms.localizationpriority: high
 ms.date: 09/13/2017 #Previsou release date
 ---
 
-<!-- pashort 2/9/2018: as per Brian Atman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
+<!-- pashort 2/9/2018: as per Brian Altman, the documentation descrepancies must be addressed for RS5. Find out what those discrepancies are. Scenario 15403628 -->
 
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
 
@@ -24,7 +24,7 @@ By using Group Policy and Intune, you can set up a policy setting once, and then
 > For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
 
 ## Group Policy settings
-Microsoft Edge works with the following Group Policy settings to help you manager your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: 
+Microsoft Edge works with the following Group Policy settings to help you manage your company's web browser configurations. The Group Policy settings are found in the Group Policy Editor in the following location: 
 
 `Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`
 
@@ -38,9 +38,8 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
 This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
 | If you... | Then... |
 | --- | --- |
-| Enable this setting (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
+| Enable (default) | Employees can see the Address bar drop-down functionality in Microsoft Edge. | 
-| Disable this setting | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
+| Disable | Employees do not see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined setting, "Show search and site suggestions as I type."<p>Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure search suggestions in Address bar" setting. |
-|
  
 ### Allow Adobe Flash
 >*Supporteded version: Windows 10*
@@ -48,9 +47,8 @@ This policy setting lets you decide whether the Address bar drop-down functional
 This policy setting lets you decide whether employees can run Adobe Flash on Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting (default) | Employees can use Adobe Flash. | 
+| Enable or don’t configure (default) | Employees can use Adobe Flash. | 
-| Disable this setting | Employees cannot use Adobe Flash. |
+| Disable | Employees cannot use Adobe Flash. | 
-| 
 
 ### Allow clearing browsing data on exit
 >*Supporteded versions: Windows 10, version 1703*
@@ -58,9 +56,8 @@ This policy setting lets you decide whether employees can run Adobe Flash on Mic
 This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
+| Enable | Clear browsing history on exit is turned on. <!-- <span style="background: #ffff99;">[@Reviewer: can employees do anything to this setting at this point? Or is this controlled by the system administrator?]</span> --> |
-| Disable or don’t configure this setting (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
+| Disable or don’t configure (default) | Employees can turn on and configure the Clear browsing data option under Settings. |
-|
 
 ### Allow Developer Tools
 >*Supporteded versions: Windows 10, version 1511 or later*
@@ -68,19 +65,17 @@ This policy setting allows the automatic clearing of browsing data when Microsof
 This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.
 | If you… | Then… | 
 | --- | --- |
-| Enable this setting (default) | F12 Developer Tools are available. |
+| Enable (default) | F12 Developer Tools are available. |
-| Disable this setting | F12 Developer Tools are not available. |
+| Disable | F12 Developer Tools are not available. |
-|
 
 ### Allow Extensions
 >*Supporteded versions: Windows 10, version 1607 or later*
 
-This policy setting lets you decide whether employees can use Edge Extensions.
+This policy setting lets you decide whether employees can use Microsft Edge Extensions.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can use Edge Extensions. |
+| Enable | Employees can use Microsoft Edge Extensions. |
-| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Edge Extensions. |
+| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company Disable setting? Is this because of potential memory leaks?]</span> --> Employees cannot use Microsoft Edge Extensions. |
-|
 
 ### Allow InPrivate browsing
 >*Supporteded versions: Windows 10, version 1511 or later*
@@ -88,9 +83,8 @@ This policy setting lets you decide whether employees can use Edge Extensions.
 This policy setting lets you decide whether employees can browse using InPrivate website browsing.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Employees can use InPrivate website browsing. |
+| Enable (default) | Employees can use InPrivate website browsing. |
-| Disable this setting | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
+| Disable | <!-- <span style="background: #ffff99;">[@Reviewer: why would a company disable this setting? Is this to discourage users from browser inappropriate websites? What are the use cases for having this turned off?]</span> --> Employees cannot use InPrivate website browsing. |
-|
 
 ### Allow Microsoft Compatibility List
 >*Supporteded versions: Windows 10, version 1607 or later*
@@ -98,9 +92,8 @@ This policy setting lets you decide whether employees can browse using InPrivate
 This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites with known compatibility issues to display properly) in Microsoft Edge. By default, the Microsoft Compatibility List is enabled and can be viewed by visiting about:compat. <!-- <span style="background: #ffff99;">[@Reviewer: Is this supposed to be a link to another topic? Is the topic Use Enterprise Mode to improve compatibility emie-to-improve-compatibility.md?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
+| Enable (default) | Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates during browser navigation <!-- <span style="background: #ffff99;">[@Reviewer: are the updates really applied “during browser navigation?" shouldn't just be as simple as "...applying the updates automatically”?]</span> -->. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it’s in whatever version of IE is necessary for it to appear properly. |
-| Disable this setting | Browser navigation does not use the Microsoft Compatibility List. |
+| Disable | Browser navigation does not use the Microsoft Compatibility List. |
-|
 
 ### Allow search engine customization
 >*Supported versions: Windows 10, version 1703*
@@ -111,20 +104,18 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
+| Enable or don’t configure (default) | Employees can add new search engines and change the default used in the Address bar from within Microsoft Edge Settings. | 
-| Disable this setting | Employees cannot add search engines or change the default used in the Address bar. | 
+| Disable | Employees cannot add search engines or change the default used in the Address bar. |
-|
 
 ### Allow web content on New Tab page
 >*Supported versions: Windows 10*
 
-This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.
+This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees cannot change it.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Microsoft Edge opens a new tab with the New Tab page. |
+| Enable | Microsoft Edge opens a new tab with the New Tab page. |
-| Disable this setting | Microsoft Edge opens a new tab with a blank page. | 
+| Disable | Microsoft Edge opens a new tab with a blank page. | 
-| Do not configure this setting (default) | Employees can choose how new tabs appear. |
+| Do not configure (default) | Employees can choose how new tabs appear. |
-|
 
 ### Configure additional search engines
 >*Supported versions: Windows 10, version 1703*
@@ -132,9 +123,8 @@ This policy setting lets you configure what appears when Microsoft Edge opens a
 This policy setting lets you add up to 5 additional search engines, which cannot be removed by your employees but can make a personal default engine. This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable this setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
+| Enable | You can add up to 5 additional search engines. For each additional search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br> `<https://www.contoso.com/opensearch.xml>` <p>For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. <!-- <span style="background: #ffff99;">[@Reviewer: is this implying that Bing is the only search engine on the employee’s device?]</span> --> |
-| Do not configure this setting | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable this setting”, and “Disable this setting”?]</span> --> |
+| Do not configure | The search engine list is set to what is specified in App settings. <!-- <span style="background: #ffff99;">[@Reviewer: what’s the difference between “don’t configure this setting”, “Enable setting”, and “Disable this setting”?]</span> --> |
-|
 
 ### Configure Autofill
 >*Supported versions: Windows 10*
@@ -142,10 +132,9 @@ This policy setting lets you add up to 5 additional search engines, which cannot
 This policy setting lets you decide whether employees can use Autofill the form fields automatically while using Microsoft Edge. By default, employees can choose whether to use Autofill.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can use Autofill to populate form fields automatically. |
+| Enable  | Employees can use Autofill to populate form fields automatically. |
-| Disable this setting | Employees cannot use Autofill to populate form fields automatically. |
+| Disable  | Employees cannot use Autofill to populate form fields automatically. |
-| Do not configure this setting (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
+| Do not configure (default) | Employees can choose whether to use Autofill to populate the form fields automatically. |
-|
 
 ### Configure cookies
 >*Supported versions: Windows 10*
@@ -153,9 +142,8 @@ This policy setting lets you decide whether employees can use Autofill the form
 This setting lets you configure how to work with cookies.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
+| Enable (default) | You must also decide whether to:<ul><li>**Allow all cookies (default)** from all websites.</li><li>**Block all cookies** from all websites.</li><li>**Block only 3rd-party cookies** from 3rd-party websites.</li></ul> |
-| Disable or do not configure this setting | All cookies are allowed from all sites. | 
+| Disable or do not configure | All cookies are allowed from all sites. |
-|
 
 ### Configure Do Not Track
 >*Supported versions: Windows 10*
@@ -163,10 +151,9 @@ This setting lets you configure how to work with cookies.
 This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests are never sent, but employees can choose to turn on and send requests.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Do Not Track requests are always sent to websites asking for tracking information. |
+| Enable | Do Not Track requests are always sent to websites asking for tracking information. |
-| Disable this setting | Do Not Track requests are never sent to websites asking for tracking information. | 
+| Disable | Do Not Track requests are never sent to websites asking for tracking information. | 
-| Do not configure this setting (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
+| Do not configure (default) | Employees can choose whether to send Do Not Track requests to websites asking for tracking information. |
-|
 
 ### Configure Favorites
 >*Supported versions: Windows 10, version 1511 or later*
@@ -174,9 +161,8 @@ This policy setting lets you decide whether employees can send Do Not Track requ
 This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default setting, enabled or disabled? I’m guessing it’s Disabled is the default.]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
+| Enable | You must provide a list of Favorites in the Options section. The list imports automatically after you deploy this policy. |
-| Disable or do not configure this setting | Employees will see the Favorites that they set in the Favorites hub. |
+| Disable or do not configure | Employees will see the Favorites that they set in the Favorites hub. |
-|
 
 ### Configure Password Manager
 >*Supported versions: Windows 10*
@@ -184,10 +170,9 @@ This policy setting lets you configure the default list of Favorites that appear
 This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Employees can use Password Manager to save their passwords locally. |
+| Enable (default) | Employees can use Password Manager to save their passwords locally. |
-| Disable this setting | Employees can’t use Password Manager to save their passwords locally. | 
+| Disable | Employees cannot use Password Manager to save their passwords locally. | 
-| Do not configure this setting | Employees can choose whether to use Password Manager to save their passwords locally. |
+| Do not configure | Employees can choose whether to use Password Manager to save their passwords locally. |
-|
 
 ### Configure Pop-up Blocker
 >*Supported versions: Windows 10*
@@ -195,10 +180,9 @@ This policy setting lets you decide whether employees can save their passwords l
 This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
+| Enable (default) | Pop-up Blocker is turned on, stopping pop-up windows from appearing. |
-| Disable this setting | Pop-up Blocker is turned off, letting pop-up windows appear. |
+| Disable | Pop-up Blocker is turned off, letting pop-up windows appear. |
-| Do not configure this setting | Employees can choose whether to use Pop-up Blocker. |
+| Do not configure | Employees can choose whether to use Pop-up Blocker. |
-|
 
 ### Configure search suggestions in Address bar
 >*Supported versions: Windows 10*
@@ -206,10 +190,9 @@ This policy setting lets you decide whether to turn on Pop-up Blocker. By defaul
 This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can see search suggestions in the Address bar. |
+| Enable | Employees can see search suggestions in the Address bar. |
-| Disable this setting | Employees cannot see search suggestions in the Address bar. |
+| Disable | Employees cannot see search suggestions in the Address bar. |
-| Do not configure this setting (default) | Employees can choose whether search suggestions appear in the Address bar. |
+| Do not configure (default) | Employees can choose whether search suggestions appear in the Address bar. |
-|
 
 ### Configure Start pages
 >*Supported versions: Windows 10, version 1511 or later*
@@ -217,9 +200,8 @@ This policy setting lets you decide whether search suggestions appear in the Add
 This policy setting lets you configure one or more Start pages, for domain-joined devices. Your employees will not be able to change this after you set it.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
+| Enable | You must include URLs to the pages, separating multiple pages by using angle brackets in this format: <br><br>`<support.contoso.com><support.microsoft.com>` |  
-| Disable or do not configure this setting (default) | The default Start page is the webpage specified in App settings. |
+| Disable or do not configure (default) | The default Start page is the webpage specified in App settings. |
-|
 
 ### Configure the Adobe Flash Click-to-Run setting
 >*Supported versions: Windows 10, version 1703*
@@ -227,9 +209,8 @@ This policy setting lets you configure one or more Start pages, for domain-joine
 This policy setting lets you decide whether employees must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. <!-- <span style="background: #ffff99;">[@Reviewer: what is the default, enabled or disabled?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable or don’t configure this setting< | Employees must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
+| Enable or don’t configure | Employees must click the content, click the Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content. |
-| Disable this setting | Adobe Flash loads automatically and runs in Microsoft Edge. |
+| Disable | Adobe Flash loads automatically and runs in Microsoft Edge. |
-|
 
 ### Configure the Enterprise Mode Site List
 >*Supported versions: Windows 10*
@@ -237,9 +218,8 @@ This policy setting lets you decide whether employees must take action, such as
 This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
+| Enable | You must add the location to your site list in the **{URI}** box. When configured, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode. |
-Disable or do not configure this setting (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
+Disable or do not configure (default) | Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |
-|
 
 >[!Note] 
 >If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
@@ -251,10 +231,9 @@ Disable or do not configure this setting (default) | Microsoft Edge won’t use
 This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
+| Enable | Windows Defender SmartScreen is turned on, and employees cannot turn it off. | 
-| Disable this setting | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
+| Disable | Windows Defender SmartScreen is turned off, and employees cannot turn it on. |
-| Do not configure this setting | Employees can choose whether to use Windows Defender SmartScreen. |
+| Do not configure | Employees can choose whether to use Windows Defender SmartScreen. |
-|
 
 ### Disable lockdown of Start pages
 >*Supported versions: Windows 10, version 1703*
@@ -265,9 +244,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
+| Enable | You cannot lock down Start pages that are configured using the “Configure Start pages” setting. Employees can, therefore, modify the pages. |
-| Disable or do not configure this setting (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. | 
+| Disable or do not configure (default) | Employees cannot change Start pages configured using the “Configure Start pages” setting. |                                                                 
-|                                                                 
 
 ### Keep favorites in sync between Internet Explorer and Microsoft Edge
 >*Supported versions: Windows 10, version 1703*
@@ -278,9 +256,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 <span style="background: #ffff99;">[@Reviewer: what is the default: enable or disable?]</span> -->
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
+| Enable | Employees can sync their favorites between Internet Explorer and Microsoft Edge.<br><br>Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. <!-- <span style="background: #ffff99;">[@Reviewer: what does this mean? I want to know more about what this is saying. More details and maybe an example or scenario.]</span> --> |
-| Disable or do not configure this setting | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
+| Disable or do not configure | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. |
-|
 
 ### Prevent access to the about:flags page
 >*Supported versions: Windows 10, version 1607 or later*
@@ -288,9 +265,8 @@ This policy setting lets you decide whether people can sync their favorites betw
 This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot access the about:flags page. |
+| Enable | Employees cannot access the about:flags page. |
-| Disable or do not configure this setting (default) | Employees can access the about:flags page. |
+| Disable or do not configure (default) | Employees can access the about:flags page. |                                                                 
-|                                                                 
 
 ### Prevent bypassing Windows Defender SmartScreen prompts for files
 >*Supported versions: Windows 10, version 1511 or later*
@@ -298,18 +274,16 @@ This policy setting lets you decide whether employees can access the about:flags
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
+| Enable | Employees cannot ignore Windows Defender SmartScreen warnings when downloading files. |
-| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |
+| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings and can continue the download process. |                                                                                                                                                  
-|                                                                                                                                                  
 ### Prevent bypassing Windows Defender SmartScreen prompts for sites
 >*Supported versions: Windows 10, version 1511 or later*
 
 This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
+| Enable | Employees cannot ignore Windows Defender SmartScreen warnings and prevents them from continuing to the site. |
-| Disable or do not configure this setting (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
+| Disable or do not configure (default) | Employees can ignore Windows Defender SmartScreen warnings, allowing them to continue to the site. |
-|
 
 ### Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
 >*Supported versions: Windows 10, version 1703*
@@ -317,9 +291,8 @@ This policy setting lets you decide whether employees can override the Windows D
 This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
+| Enable | Microsoft Edge does not gather the Live Tile metadata, providing a minimal experience. | 
-| Disable or do not configure this setting (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
+| Disable or do not configure (default) | Microsoft Edge gathers the Live Tile metadata, providing a fuller and complete experience. |
-|
 
 
 ### Prevent the First Run webpage from opening on Microsoft Edge
@@ -328,9 +301,8 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata
 This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the first time.
 | If you… | Then… |
 | --- | --- |
-| Enable this settin | Employees do not see the First Run page. |
+| Enable | Employees do not see the First Run page. |
-| Disable or do not configure this setting (default) | Employees see the First Run page. |
+| Disable or do not configure (default) | Employees see the First Run page. |
-|
 
 ### Prevent using Localhost IP address for WebRTC
 >*Supported versions: Windows 10, version 1511 or later*
@@ -338,9 +310,8 @@ This policy setting lets you decide whether employees see Microsoft's First Run
 This policy setting lets you decide whether localhost IP addresses are visible or hidden while making calls to the WebRTC protocol.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Localhost IP addresses are hidden. |
+| Enable | Localhost IP addresses are hidden. |
-| Disable or do not configure this setting (default) | Localhost IP addresses are visible. |
+| Disable or do not configure (default) | Localhost IP addresses are visible. |
-|
 
 ### Send all intranet sites to Internet Explorer 11
 >*Supported versions: Windows 10*
@@ -348,9 +319,8 @@ This policy setting lets you decide whether localhost IP addresses are visible o
 This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | All intranet sites are opened in Internet Explorer 11 automatically. |
+| Enable | All intranet sites are opened in Internet Explorer 11 automatically. |
-| Disable or do not configure this setting (default) | All websites, including intranet sites, open in Microsoft Edge. | 
+| Disable or do not configure (default) | All websites, including intranet sites, open in Microsoft Edge. |
-|
 
 ### Set default search engine
 >*Supported versions: Windows 10, version 1703*
@@ -361,10 +331,10 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
+| Enable | To set a default search engine, you must add a link to your OpenSearch XML file, including at least the short name and https URL of the search engine, using this format:<br><br>`https://fabrikam.com/opensearch.xml` |
-| Disable this setting | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
+| Disable | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market <!-- <span style="background: #ffff99;">[@Reviewer: what does “market” mean in this context?]</span> -->. |
-| Do not configure this setting | The default search engine is set to the one specified in App settings. |
+| Do not configure | The default search engine is set to the one specified in App settings. |
-|
+
 >[!Important]
 >If you'd like your employees to use the default Microsoft Edge settings for each market <!-- <span style="background: #ffff99;">[@Reviewer: what does “each market” refer to in this context?]</span> -->, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
 
@@ -374,9 +344,8 @@ For more info, see the [Microsoft browser extension policy](http://aka.ms/browse
 This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
 | If you… | Then… |
 | --- | --- |
-| Enable this setting | Employees see an additional page. |
+| Enable | Employees see an additional page. |
-| Disable or do not configure this setting (default) | No additional pages display. |
+| Disable or do not configure (default) | No additional pages display. |
-|
 
 ## Using Microsoft Intune to manage your Mobile Device Management (MDM) settings for Microsoft Edge
 If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
@@ -419,7 +388,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Autofill to complete form fields.
+        - **0.** Employees cannot use Autofill to complete form fields.
         
         - **1 (default).** Employees can use Autofill to complete form fields.
 
@@ -436,7 +405,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Microsoft Edge.
+        - **0.** Employees cannot use Microsoft Edge.
 
         - **1 (default).** Employees can use Microsoft Edge. 
 
@@ -506,7 +475,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Edge Extensions.
+        - **0.** Employees cannot use Edge Extensions.
         
         - **1 (default).** Employees can use Edge Extensions.    
 
@@ -523,7 +492,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Not allowed. Employees can’t use Adobe Flash.
+        - **0.** Not allowed. Employees cannot use Adobe Flash.
         
         - **1 (default).** Allowed. Employees can use Adobe Flash.    
 
@@ -557,7 +526,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use InPrivate browsing.
+        - **0.** Employees cannot use InPrivate browsing.
         
         - **1 (default).** Employees can use InPrivate browsing.
 
@@ -574,7 +543,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:** 
 
-        - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
         
         - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
 
@@ -625,7 +594,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0.** Additional search engines are not allowed and the default can’t be changed in the Address bar.
+        - **0.** Additional search engines are not allowed and the default cannot be changed in the Address bar.
         
         - **1 (default).** Additional search engines are allowed and the default can be changed in the Address bar.
 
@@ -643,7 +612,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U
 
     - **Allowed values:**
 
-        - **0 (default).** Employees can’t see search suggestions in the Address bar of Microsoft Edge.
+        - **0 (default).** Employees cannot see search suggestions in the Address bar of Microsoft Edge.
         
         - **1.** Employees can see search suggestions in the Address bar of Microsoft Edge.
 
@@ -1018,7 +987,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 
     - **Allowed values:**
 
-        - **0.** Employees can’t use Cortana on their devices.
+        - **0.** Employees cannot use Cortana on their devices.
         
         - **1 (default).** Employees can use Cortana on their devices.
 
@@ -1033,7 +1002,7 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 
     - **Allowed values:**
 
-        - **0.** Employees can’t sync settings between PCs.
+        - **0.** Employees cannot sync settings between PCs.
         
         - **1 (default).** Employees can sync between PCs.
 

browsers/edge/docfx.json

@@ -21,6 +21,9 @@
 		"ms.topic": "article",
 		"ms.author": "lizross",
 		"ms.date": "04/05/2017",
+	    "feedback_system": "GitHub",
+        "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+        "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.microsoft-edge"

browsers/internet-explorer/docfx.json

@@ -22,6 +22,9 @@
 		"ms.technology": "internet-explorer",
 		"ms.topic": "article",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.internet-explorer"

devices/hololens/docfx.json

@@ -35,6 +35,9 @@
 		"ms.topic": "article",
 		"ms.author": "jdecker",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.itpro-hololens"

devices/hololens/hololens-provisioning.md

@@ -68,6 +68,9 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
 
 6. On the **Select security details for the provisioning package**, click **Next**.
 
+    >[WARNING!]
+    >If you encrypt the provisioning package, provisioning the HoloLens device will fail.  
+
 7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
 
     Optionally, you can click **Browse** to change the default output location.

devices/surface-hub/change-history-surface-hub.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 02/16/2018
+ms.date: 03/06/2018
 ms.localizationpriority: medium
 ---
 
@@ -16,11 +16,19 @@ ms.localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## March 2018
+
+New or changed topic | Description
+--- | ---
+[Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Added section for account verification and testing, with link to new Surface Hub Hardware Diagnostic app. 
+
 ## February 2018
 
 New or changed topic | Description
 --- | ---
 [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Updated instructions for custom settings using Microsoft Intune.
+[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts.
+| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts.
 
 ## January 2018
 

devices/surface-hub/create-and-test-a-device-account-surface-hub.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 07/27/2017
+ms.date: 03/06/2018
 ms.localizationpriority: medium
 ---
 
@@ -57,7 +57,9 @@ For detailed steps using PowerShell to provision a device account, choose an opt
 If you prefer to use a graphical user interface (UI), some steps can be done using UI instead of PowerShell. 
 For more information, see [Creating a device account using UI](create-a-device-account-using-office-365.md).
 
+## Account verification and testing
 
+There are two methods available that you can use to validate and test a Surface Hub device account: [account verifications scripts](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts) and the [Surface Hub Hardware Diagnostic app](https://www.microsoft.com/store/apps/9nblggh51f2g). The account verification script will validate a previously-created device account using PowerShell from your desktop. The Surface Hub Hardware Diagnostic app is installed on your Surface Hub and provides detailed feedback about signin and communication failures. Both are valuable tools to test newly created device accounts and should be used to ensure optimal account availability.
 
  
 

devices/surface-hub/docfx.json

@@ -24,6 +24,9 @@
 		"ms.sitesec": "library",
 		"ms.author": "jdecker",
 		"ms.date": "05/23/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.surface-hub"

devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 10/20/2017
+ms.date: 02/21/2018
 ms.localizationpriority: medium
 ---
 
@@ -38,11 +38,11 @@ Use this procedure if you use Exchange on-premises.
 
 
 
-3.  Enable the remote mailbox.
+2.  Enable the remote mailbox.
 
     Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
 
-    ```ps1
+    ```PowerShell
     Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
     ```
     >[!NOTE]
@@ -54,7 +54,7 @@ Use this procedure if you use Exchange on-premises.
     >
     >msExchRecipientTypeDetails = 8589934592
     
-2.  After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
+3.  After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
     
 4.  Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
 
@@ -62,8 +62,8 @@ Use this procedure if you use Exchange on-premises.
 
     The next steps will be run on your Office 365 tenant.
 
-    ```ps1
+    ```PowerShell
-    Set-ExecutionPolicy Unrestricted
+    Set-ExecutionPolicy RemoteSigned
     $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
     $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
     Import-PSSession $sess
@@ -77,13 +77,13 @@ Use this procedure if you use Exchange on-premises.
 
     If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```ps1
+    ```PowerShell
     $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
     ```
 
     Once you have a compatible policy, then you will need to apply the policy to the device account. 
 
-    ```ps1
+    ```PowerShell
     Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
     ```
 
@@ -91,31 +91,44 @@ Use this procedure if you use Exchange on-premises.
 
     Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```ps1
+    ```PowerShell
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
     ```
 
 7.  Connect to Azure AD.
 
-    You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+	You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
-
+    ```PowerShell
-    ```ps1
+    Install-Module -Name AzureAD
-    Connect-MsolService -Credential $cred
     ```
 	
+    You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
+    ```PowerShell
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
+    ```
 8.  Assign an Office 365 license.
 
     The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
  
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```ps1
+    ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US'
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-    Get-MsolAccountSku
+	
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
@@ -144,25 +157,25 @@ The following table lists the Office 365 plans and Skype for Business options.
 
 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment.
 
-        ```ps1
+        ```PowerShell
-        Import-Module LyncOnlineConnector  
+        Import-Module SkypeOnlineConnector  
         $cssess=New-CsOnlineSession -Credential $cred  
         Import-PSSession $cssess -AllowClobber
         ```
         
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-        ```ps1
+        ```PowerShell
         Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
         ```
         
     If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-        ```ps1
+        ```PowerShell
         Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
         ```
 
-2. Assign Skype for Business license to your Surface Hub account.
+3. Assign Skype for Business license to your Surface Hub account.
 
     Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
     
@@ -215,10 +228,10 @@ Use this procedure if you use Exchange online.
 
     Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
 
-    ```ps1
+    ```PowerShell
-    Set-ExecutionPolicy Unrestricted
+    Set-ExecutionPolicy RemoteSigned
     $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
-    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+    $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
     Import-PSSession $sess
     ```
 
@@ -228,13 +241,13 @@ Use this procedure if you use Exchange online.
 
     If you're changing an existing resource mailbox:
 
-    ```ps1
+    ```PowerShell
     Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
     ```
 
     If you’re creating a new resource mailbox:
 
-    ```ps1
+    ```PowerShell
     New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
     ```
 
@@ -246,13 +259,13 @@ Use this procedure if you use Exchange online.
 
     If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
 
-    ```ps1
+    ```PowerShell
     $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
     ```
 
     Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
 
-    ```ps1
+    ```PowerShell
     Set-Mailbox 'HUB01@contoso.com' -Type Regular
     Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
     Set-Mailbox 'HUB01@contoso.com' -Type Room
@@ -264,7 +277,7 @@ Use this procedure if you use Exchange online.
 
     Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
 
-    ```ps1
+    ```PowerShell
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
     Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
     ```
@@ -294,24 +307,38 @@ Use this procedure if you use Exchange online.
 
 7.  Connect to Azure AD.
 
+    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+    
+    ```PowerShell
+    Install-Module -Name AzureAD
+    ```
     You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
-    ```ps1
+    ```PowerShell
-    Connect-MsolService -Credential $cred
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
     ```
 
 8.  Assign an Office 365 license.
 
     The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
 
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
-    ```ps1
+    ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US'
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-    Get-MsolAccountSku
+	
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
@@ -323,22 +350,22 @@ In order to enable Skype for Business, your environment will need to meet the [p
 
 1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
 
-   ```
+   ```PowerShell
-   Import-Module LyncOnlineConnector  
+   Import-Module SkypeOnlineConnector  
    $cssess=New-CsOnlineSession -Credential $cred  
    Import-PSSession $cssess -AllowClobber
    ```
 
 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
 
-   ```
+   ```PowerShell
    Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool  
    'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
    ```
 
    If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
 
-   ```
+   ```PowerShell
    Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
    ```
 
@@ -368,7 +395,7 @@ For validation, you should be able to use any Skype for Business client (PC, And
 
 To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
 
-```
+```PowerShell
 Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName 
 ```
 
@@ -383,7 +410,7 @@ In a hybrid Skype environment, you have to create the user on-premises first, th
  
 In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server:
 
-``` 
+```PowerShell 
 Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
 ```
  

devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub, mobility
 author: jdeckerms
 ms.author: jdecker
-ms.date: 02/16/2018
+ms.date: 03/07/2018
 ms.localizationpriority: medium
 ---
 
@@ -24,9 +24,6 @@ Surface Hub has been validated with Microsoft’s first-party MDM providers:
 
 You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
 
->[!NOTE]
->[Azure Active Directory conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access) is not currently available for Surface Hub devices.
-
 ## <a href="" id="enroll-into-mdm"></a>Enroll a Surface Hub into MDM
 You can enroll your Surface Hubs using bulk or manual enrollment.
 
@@ -147,7 +144,7 @@ The following tables include info on Windows 10 settings that have been validate
 
 | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
 | --- | --- | --- |---- | --- | --- |
-| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | No | No | Yes |
+| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
 | Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
 | Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) |  Yes <br> [Use a custom policy.](#example-intune)  |  Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
 \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.

devices/surface-hub/online-deployment-surface-hub-device-accounts.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: surfacehub
 author: jdeckerms
 ms.author: jdecker
-ms.date: 08/29/2017
+ms.date: 02/21/2018
 ms.localizationpriority: medium
 ---
 
@@ -25,7 +25,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
     Be sure you have the right permissions set to run the associated cmdlets.
 
     ```PowerShell
-    Set-ExecutionPolicy Unrestricted
+    Set-ExecutionPolicy RemoteSigned
     $org='contoso.microsoft.com'
     $cred=Get-Credential admin@$org
     $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
@@ -71,36 +71,51 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
 
 5.  Connect to Azure AD.
     
+    You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+    
+    ```PowerShell
+    Install-Module -Name AzureAD
+    ```
     You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
 
     ```PowerShell
-    Connect-MsolService -Credential $cred
+    Import-Module AzureAD
+    Connect-AzureAD -Credential $cred
     ```
 
 6.  If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
 
     ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
     ```
 
 7.  Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
    
-    Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant.
+    Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
 
-    Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*).
+    Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
 
     ```PowerShell
-    Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation "US"
+    Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-    Get-MsolAccountSku
+	
-    Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense
+	Get-AzureADSubscribedSku | Select Sku*,*Units
+	$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+    $License.SkuId = SkuId You selected 
+	
+	$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+    $AssignedLicenses.AddLicenses = $License
+    $AssignedLicenses.RemoveLicenses = @()
+	
+    Set-AzureADUserLicense -ObjectId "HUB01@contoso.com"  -AssignedLicenses $AssignedLicenses
     ```
 
 8.  Enable the device account with Skype for Business.
+	If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). 
 
     -   Start by creating a remote PowerShell session from a PC.
 
         ```PowerShell
-        Import-Module LyncOnlineConnector  
+        Import-Module SkypeOnlineConnector  
         $cssess=New-CsOnlineSession -Credential $cred  
         Import-PSSession $cssess -AllowClobber
         ```
@@ -108,12 +123,13 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
    - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
 
         ```PowerShell
-        Get-CsOnlineUser -Identity ‘alice@contoso.com’| fl *registrarpool*
+        (Get-CsTenant).TenantPoolExtension
         ```
         OR by setting a variable
         
         ```PowerShell
-        $strRegistrarPool = (Get-CsOnlineUser -Identity ‘alice@contoso.com’).RegistrarPool
+		$strRegistrarPool = (Get-CsTenant).TenantPoolExtension
+		$strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
         ```
         
     - Enable the Surface Hub account with the following cmdlet:

devices/surface-hub/surface-hub-authenticator-app.md

@@ -34,7 +34,7 @@ To let people in your organization sign in to Surface Hub with their phones and
 
 - Surface Hub is set up with either a local or domain-joined account.
 
-Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to an Active Directory domain or to Azure AD. 
+Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD. 
 
 ## Individual prerequisites
 

devices/surface/change-history-for-surface.md

@@ -16,6 +16,7 @@ This topic lists new and updated topics in the Surface documentation library.
 
 |New or changed topic | Description |
 | --- | --- |
+|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.12.136.0 information  |
 |[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information  |
 
 ## January 2018

devices/surface/docfx.json

@@ -21,6 +21,9 @@
 		"ms.topic": "article",
 		"ms.author": "jdecker",
 		"ms.date": "05/09/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.surface"

devices/surface/surface-dock-updater.md

@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 11/03/2017
+ms.date: 02/23/2018
 ms.author: jdecker
 ---
 
@@ -116,6 +116,22 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
 
+### Version 2.12.136.0
+*Release Date: 29 January 2018*
+
+This version of Surface Dock Updater adds support for the following:
+* Update for Surface Dock Main Chipset Firmware
+* Update for Surface Dock DisplayPort Firmware
+* Improved display stability for external displays when used with Surface Book or Surface Book 2
+
+Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following:
+* Update for Surface Book Base Firmware
+* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices
+
+>[!Note]
+>Before the Surface Dock firmware update applied by Surface Dock Updater v2.12.136.0 will take effect on a Surface Book device, a firmware update for the Surface Book Base is required. If you install Surface Dock Updater v2.12.136.0 on a Surface Book and update an attached Surface Dock from that same device, the firmware of the Surface Book Base will automatically be updated when installing the Surface Dock Updater. However, if you update a Surface Dock using Surface Dock Updater v2.12.136.0 on different device, and then connect that Surface Dock to a Surface Book where Surface Dock Updater v2.12.136.0 has not been installed, the benefits of the updated Surface Dock will not be enabled. To enable the benefits of the updated Surface Dock on a Surface Book device, Surface Book Base firmware must also be updated by installing Surface Dock Updater v2.12.136.0 on the Surface Book device. Surface Book Base firmware update is not required on a Surface Book 2 device.
+
+
 ### Version 2.9.136.0
 *Release date: November 3, 2017*
 

education/docfx.json

@@ -20,11 +20,14 @@
 		"audience": "windows-education",
 		"ms.topic": "article",
 		"breadcrumb_path": "/education/breadcrumb/toc.json",
-      "ms.date": "05/09/2017",
+        "ms.date": "05/09/2017",
-      "_op_documentIdPathDepotMapping": {
+		"feedback_system": "GitHub",
-        "./": {
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
-          "depot_name": "Win.education"
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
-        }
+        "_op_documentIdPathDepotMapping": {
+          "./": {
+            "depot_name": "Win.education"
+          }
        }
     },
     "externalReference": [

education/index.md

@@ -4,6 +4,7 @@ hide_bc: true
 title: Microsoft 365 Education documentation and resources | Microsoft Docs
 description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
 author: CelesteDG
+ms.topic: hub-page
 ms.author: celested
 ms.date: 10/30/2017
 ---
@@ -271,7 +272,7 @@ ms.date: 10/30/2017
                                 </a>
                             </li>
                             <li>
-                                <a href="https://onedrive.live.com/view.aspx?resid=91F4E618548FC604!2261&ithint=file%2cdocx&app=Word&authkey=!AOgLvpbaerOOfwM" target="_blank">
+                                <a href="https://docs.microsoft.com/en-us/microsoftteams/teams-quick-start-edu" target="_blank">
                                     <div class="cardSize">
                                         <div class="cardPadding">
                                             <div class="card">
@@ -282,7 +283,7 @@ ms.date: 10/30/2017
                                                 </div>
                                                 <div class="cardText">
                                                     <h3>Microsoft Teams</h3>
-                                                    <p>Make the most of Microsoft Teams and find out how to deploy, launch pilot teams, and launch Teams to the rest of your institution.</p>
+                                                    <p>Make the most of Microsoft Teams and find out how to deploy, launch pilot teams, and launch Teams to the rest of your organization.</p>
                                                 </div>
                                             </div>
                                         </div>

education/trial-in-a-box/educator-tib-get-started.md

@@ -108,6 +108,7 @@ Microsoft OneNote organizes curriculum and lesson plans for teachers and student
 
 **Try this!**
 See how a group project comes together with opportunities to interact with other students and collaborate with peers. This one works best with the digital pen, included with your Trial in a Box.
+When you're not using the pen, just use the magnet to stick it to the left side of the screen until you need it again. 
 
 1. On the **Start** menu, click the OneNote shortcut named **Imagine Giza** to open the **Reimagine the Great Pyramid of Giza project**.
 2. Take the digital pen out of the box and make notes or draw.
@@ -121,7 +122,7 @@ See how a group project comes together with opportunities to interact with other
 
     ![OneNote To Do Tag](images/onenote_checkmark.png)
 
-  - The Researcher tool from the Insert tab can help find answers. 
+  - To find information without leaving OneNote, use the Researcher tool found under the Insert tab. 
 
     ![OneNote Researcher](images/onenote_researcher.png)
 
@@ -153,8 +154,9 @@ Today, we'll explore a Minecraft world through the eyes of a student.
 9. Explore the world by using the keys on your keyboard.
   * **W** moves forward.
   * **A** moves left.
-  * **D** moves right.
+  * **S** moves right.
-  * **S** moves backward
+  * **D** moves backward.
+  
 
 10. Use your mouse as your "eyes". Just move it to look around.
 11. For a bird's eye view, double-tap the SPACE BAR. Now press the SPACE BAR to fly higher. And then hold the SHIFT key to safely land.

education/windows/change-history-edu.md

@@ -8,13 +8,19 @@ ms.sitesec: library
 ms.pagetype: edu
 author: CelesteDG
 ms.author: celested
-ms.date: 11/27/2017
+ms.date: 03/08/2018
 ---
 
 # Change history for Windows 10 for Education
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## March 2018
+
+New or changed topic | Description
+--- | ---
+[Reset devices with Windows Automatic Redeployment](windows-automatic-redeployment.md) | Added section for troubleshooting Windows Automatic Redeployment.
+
 ## November 2017
 
 | New or changed topic | Description |

education/windows/set-up-school-pcs-technical.md

@@ -9,7 +9,7 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 02/02/2018
+ms.date: 03/12/2018
 ---
 
 # Technical reference for the Set up School PCs app 
@@ -291,9 +291,6 @@ The Set up School PCs app produces a specialized provisioning package that makes
 <tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
 <tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td> 
-</tr> 
-<tr> <td> <p> Shutdown: Allow system to be shut down without having to log on </p> </td> <td> <p> Enabled</p> </td> 
-</tr> 
 <tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny</p> </td>
 </tr> 
 </tbody>

education/windows/windows-automatic-redeployment.md

@@ -9,7 +9,7 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 12/11/2017
+ms.date: 03/08/2018
 ---
 
 # Reset devices with Windows Automatic Redeployment 
@@ -25,6 +25,9 @@ To enable Windows Automatic Redeployment in Windows 10, version 1709 (Fall Creat
 2. [Trigger a reset for each device](#trigger-windows-automatic-redeployment)
 
 ## Enable Windows Automatic Redeployment
+
+To use Windows Automatic Redeployment, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre).
+
 **DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Windows Automatic Redeployment. It is a policy node in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This ensures that Windows Automatic Redeployment isn't triggered by accident.
 
 You can set the policy using one of these methods:
@@ -84,6 +87,25 @@ Windows Automatic Redeployment is a two-step process: trigger it and then authen
 
     Once provisioning is complete, the device is again ready for use.
 
+<span id="winre"/>
+## Troubleshoot Windows Automatic Redeployment
+
+Windows Automatic Redeployment will fail when the [Windows Recovery Environment (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is not enabled on the device. You will see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`.
+
+To check if WinRE is enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+
+```
+reagent /info
+```
+
+If WinRE is not enabled, use the [REAgentC.exe tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
+
+```
+reagent /enable
+```
+
+If Windows Automatic Reployment fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance.
+
 ## Related topics
 
 [Set up Windows devices for education](set-up-windows-10.md)

gdpr/docfx.json

@@ -31,7 +31,10 @@
     "externalReference": [],
     "globalMetadata": {
     "author": "eross-msft",
-		"ms.author": "lizross"
+		"ms.author": "lizross",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app"
     },
     "fileMetadata": {},
     "template": [],

mdop/docfx.json

@@ -22,6 +22,9 @@
 		"ms.topic": "article",
 		"ms.author": "jamiet",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "Win.mdop"

mdop/uev-v1/deploying-the-ue-v-agent.md

@@ -82,7 +82,8 @@ The Microsoft User Experience Virtualization (UE-V) agent must run on each compu
 <td align="left"><p>CEIPEnabled</p></td>
 <td align="left"><p>Specifies the setting for participation in the Customer Experience Improvement program. If set to true, then installer information is uploaded to the Microsoft Customer Experience Improvement Program site. If set to false, then no information is uploaded.</p></td>
 <td align="left"><p>True | False</p>
-<p><strong>Default</strong>: False</p></td>
+<p><strong>Default</strong>: False</p>
+<p><strong>On Windows 7</strong>: True</p></td>
 </tr>
 </tbody>
 </table>

smb/docfx.json

@@ -31,6 +31,9 @@
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT",
 		"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "TechNet.smb"

store-for-business/docfx.json

@@ -37,7 +37,10 @@
 		"ms.technology": "windows",
 		"ms.topic": "article",
 		"ms.date": "05/09/2017",
-    "searchScope": ["Store"],
+		"searchScope": ["Store"],
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.store-for-business"

windows/application-management/app-v/appv-performance-guidance.md

@@ -13,7 +13,10 @@ ms.date: 04/19/2017
 # Performance Guidance for Application Virtualization
 
 **Applies to**
--   Windows 10, version 1607
+-   Windows 7 SP1
+-   Windows 10 
+-   Server 2012 R2
+-   Server 2016
 
 Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 

windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md

@@ -6,14 +6,17 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 03/08/2018
 ---
 
 
 # Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 
 **Applies to**
--   Windows 10, version 1607
+-   Windows 7 SP1
+-   Windows 10
+-   Windows Server 2012 R2
+-   Windows Server 2016
 
 You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you:
 
@@ -42,6 +45,7 @@ There is no Group Policy setting available to manage this registry key, so you h
 
 Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
 
+
 ### Steps to create the subkey
 
 1.  Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**.
@@ -79,7 +83,7 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo
     <li><p>If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.</p></li>
     <li><p>Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.</p></li>
     <li><p>The key under which you create the subkey must match the publishing method you used for the package.</p>
-    <p>For example, if you published the package to the user, you must create the subkey under <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</code>.</p></li>
+    <p>For example, if you published the package to the user, you must create the subkey under <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</code>. Do not add a key for the same application under both hives.</p></li>
     </ul></td>
     </tr>
     </tbody>

windows/application-management/docfx.json

@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "elizapo",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-app-management"

windows/application-management/per-user-services-in-windows.md

@@ -67,8 +67,6 @@ In light of these restrictions, you can use the following methods to manage per-
 
 You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
 
-device-security/security-policy-settings/administer-security-policy-settings
-
 For example: 
 
 ```
@@ -113,8 +111,8 @@ If a per-user service can't be disabled using a the security template, you can d
 
 ### Managing Template Services with reg.exe
 
-If you cannot use GPP to manage the per-user services you can edit the registry with reg.exe. 
+If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe. 
-To disable the Template Services change the Startup Type for each service to 4 (disabled). 
+To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
 For example:
 
 ```code
@@ -174,3 +172,9 @@ For example, you might see the following per-user services listed in the Service
 - Sync Host_443f50
 - User Data Access_443f50
 - User Data Storage_443f50
+
+## View per-user services from the command line
+
+You can query the service configuration from the command line. The **Type** value indicates whether the service is a user-service template or user-service instance.
+
+![Use sc.exe to view service type](media/cmd-type.png)

windows/client-management/docfx.json

@@ -37,6 +37,9 @@
 		"ms.topic": "article",
 		"ms.author": "dongill",
 		"ms.date": "04/05/2017",
+		"feedback_system": "GitHub",
+		"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+		"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
 		"_op_documentIdPathDepotMapping": {
 			"./": {
 			  "depot_name": "MSDN.win-client-management"

windows/client-management/mandatory-user-profile.md

@@ -89,7 +89,7 @@ First, you create a default user profile with the customizations that you want,
     
     >![Microsoft Bing Translator package](images/sysprep-error.png)
     
-    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
   
 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
 

windows/client-management/mdm/TOC.md

@@ -155,6 +155,8 @@
 #### [Maps DDF](maps-ddf-file.md)
 ### [Messaging CSP](messaging-csp.md)
 #### [Messaging DDF file](messaging-ddf.md)
+### [MultiSIM CSP](multisim-csp.md)
+#### [MultiSIM DDF file](multisim-ddf.md)
 ### [NAP CSP](nap-csp.md)
 ### [NAPDEF CSP](napdef-csp.md)
 ### [NetworkProxy CSP](networkproxy-csp.md)
@@ -178,6 +180,7 @@
 #### [ActiveXControls](policy-csp-activexcontrols.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
+#### [AppRuntime](policy-csp-appruntime.md)
 #### [AppVirtualization](policy-csp-appvirtualization.md)
 #### [AttachmentManager](policy-csp-attachmentmanager.md)
 #### [Authentication](policy-csp-authentication.md)
@@ -189,6 +192,7 @@
 #### [Cellular](policy-csp-cellular.md)
 #### [Connectivity](policy-csp-connectivity.md)
 #### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md)
+#### [CredentialsDelegation](policy-csp-credentialsdelegation.md)
 #### [CredentialProviders](policy-csp-credentialproviders.md)
 #### [CredentialsUI](policy-csp-credentialsui.md)
 #### [Cryptography](policy-csp-cryptography.md)
@@ -207,6 +211,7 @@
 #### [EventLogService](policy-csp-eventlogservice.md)
 #### [Experience](policy-csp-experience.md)
 #### [ExploitGuard](policy-csp-exploitguard.md)
+#### [FileExplorer](policy-csp-fileexplorer.md)
 #### [Games](policy-csp-games.md)
 #### [Handwriting](policy-csp-handwriting.md)
 #### [InternetExplorer](policy-csp-internetexplorer.md)
@@ -218,6 +223,8 @@
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)
 #### [Messaging](policy-csp-messaging.md)
+#### [MSSecurityGuide](policy-csp-mssecurityguide.md)
+#### [MSSLegacy](policy-csp-msslegacy.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)
 #### [Notifications](policy-csp-notifications.md)
 #### [Power](policy-csp-power.md)
@@ -244,9 +251,11 @@
 #### [Update](policy-csp-update.md)
 #### [UserRights](policy-csp-userrights.md)
 #### [Wifi](policy-csp-wifi.md)
+#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
 #### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
+#### [WindowsPowerShell](policy-csp-windowspowershell.md)
 #### [WirelessDisplay](policy-csp-wirelessdisplay.md)
 ### [PolicyManager CSP](policymanager-csp.md)
 ### [Provisioning CSP](provisioning-csp.md)

windows/client-management/mdm/assignedaccess-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/03/2017
+ms.date: 03/01/2018
 ---
 
 # AssignedAccess CSP
@@ -62,7 +62,8 @@ The supported operations are Add, Delete, Get and Replace. When there's no confi
 Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
 
 > [!Note]  
-> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.
+> You cannot set both KioskModeApp and Configuration at the same time on the device in Windows 10, version 1709.  
+> You cannot set both ShellLauncher and Configuration at the same time on the device.
 
 Enterprises can use this to easily configure and manage the curated lockdown experience. 
 
@@ -70,6 +71,58 @@ Supported operations are Add, Get, Delete, and Replace.
 
 Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
 
+<a href="" id="assignedaccess-status"></a>**./Device/Vendor/MSFT/AssignedAccess/Status**  
+Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload.
+ 
+In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. 
+ 
+|Status  |Description  |
+|---------|---------|---------|
+| KioskModeAppRunning | This means the kiosk app is running normally. |
+| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
+| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
+
+Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. 
+
+
+|Status code  | KioskModeAppRuntimeStatus |
+|---------|---------|
+| 1     | KioskModeAppRunning         |
+| 2     | KioskModeAppNotFound          |
+| 3     | KioskModeAppActivationFailure         |
+
+
+Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error. 
+
+Supported operation is Get.
+
+<a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**  
+Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
+
+> [!Note]  
+> You cannot set both ShellLauncher and Configuration at the same time on the device.
+>
+> Configuring Shell Launcher using the ShellLauncher node automatically enables the Shell Launcher feature if it is available within the SKU.
+
+<a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
+Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
+ 
+By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.  
+ 
+Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. 
+ 
+This MDM alert header is defined as follows:  
+
+-  MDMAlertMark: Critical 
+-  MDMAlertType: "com.microsoft.mdm.assignedaccess.status" 
+-  MDMAlertDataType: String 
+-  Source: "./Vendor/MSFT/AssignedAccess" 
+-  Target: N/A 
+ 
+> [!Note]  
+> MDM alert will only be sent for errors.  
+
+
 ## KioskModeApp examples
 
 KioskModeApp Add
@@ -160,32 +213,29 @@ KioskModeApp Replace
     elementFormDefault="qualified"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
     >
 
     <xs:complexType name="profile_list_t">
         <xs:sequence minOccurs="1" >
-            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded">
+            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"/>
-                <xs:unique name="duplicateRolesForbidden">
-                    <xs:selector xpath="Profile"/>
-                    <xs:field xpath="@Id"/>
-                </xs:unique>
-            </xs:element>
         </xs:sequence>
     </xs:complexType>
     
+    <xs:complexType name="kioskmodeapp_t">
+        <xs:attribute name="AppUserModelId" type="xs:string"/>
+    </xs:complexType>
+
     <xs:complexType name="profile_t">
-        <xs:sequence minOccurs="1" maxOccurs="1">
+        <xs:choice>
-            <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1">
+            <xs:sequence minOccurs="1" maxOccurs="1">
-                <xs:unique name="ForbidDupApps">
+                <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
-                    <xs:selector xpath="App"/>
+                <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
-                    <xs:field xpath="@AppUserModelId"/>
+                <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
-                    <xs:field xpath="@DesktopAppPath"/>
+            </xs:sequence>
-                </xs:unique>
+            <xs:element name="KioskModeApp" type="kioskmodeapp_t" minOccurs="1" maxOccurs="1"/>
-            </xs:element>
+        </xs:choice>
-            <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
-            <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
-        </xs:sequence>
         <xs:attribute name="Id" type="guid_t" use="required"/>
         <xs:attribute name="Name" type="xs:string" use="optional"/>
     </xs:complexType>
@@ -193,6 +243,10 @@ KioskModeApp Replace
     <xs:complexType name="allappslist_t">
         <xs:sequence minOccurs="1" >
             <xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
+                <xs:unique name="ForbidDupApps">
+                    <xs:selector xpath="default:App"/>
+                    <xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
+                </xs:unique>
             </xs:element>
         </xs:sequence>
     </xs:complexType>
@@ -235,22 +289,64 @@ KioskModeApp Replace
 
     <xs:complexType name="config_t">
         <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+            <xs:choice>
+                <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="UserGroup" type="group_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="SpecialGroup" type="specialGroup_t" minOccurs="1" maxOccurs="1" />
+            </xs:choice>
             <xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
         </xs:sequence>
     </xs:complexType>
 
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{74331115-F68A-4DF9-8D2C-52BA2CE2ADB1}"/>
+    </xs:complexType>
+
+    <xs:complexType name="group_t">
+        <xs:attribute name="Name" type="xs:string" use="required"/>
+        <xs:attribute name="Type" type="groupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="specialGroup_t">
+        <xs:attribute name="Name" type="specialGroupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="groupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="LocalGroup"/>
+            <xs:enumeration value="ActiveDirectoryGroup"/>
+            <xs:enumeration value="AzureActiveDirectoryGroup"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="specialGroupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Visitor"/>
+        </xs:restriction>
+    </xs:simpleType>
+
     <!--below is the definition of the config xml content-->
     <xs:element name="AssignedAccessConfiguration">
         <xs:complexType>
             <xs:all minOccurs="1">
                 <xs:element name="Profiles" type="profile_list_t">
+                    <xs:unique name="duplicateRolesForbidden">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t">
+                    <xs:unique name="duplicateAutoLogonAccountForbidden">
+                        <xs:selector xpath=".//default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
                 </xs:element>
-                <xs:element name="Configs" type="config_list_t"/>
             </xs:all>
         </xs:complexType>
     </xs:element>
 </xs:schema>
+
 ```
 
 ## Example AssignedAccessConfiguration XML
@@ -560,3 +656,480 @@ Example of the Delete command.
    </SyncBody>
 </SyncML>
 ```
+
+## StatusConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    >
+
+    <xs:simpleType name="status_enabled_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Off"/>
+            <xs:enumeration value="On"/>
+            <xs:enumeration value="OnWithAlerts"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="StatusConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="StatusEnabled" type="status_enabled_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## StatusConfiguration example
+
+StatusConfiguration Add OnWithAlerts 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Add> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>OnWithAlerts</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Add> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+ 
+ 
+StatusConfiguration Delete 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Delete> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Delete> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+StatusConfiguration Get 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML>
+```
+ 
+StatusConfiguration Replace On 
+ 
+```syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Replace> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>On</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Replace> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+
+## Status example
+
+Status Get 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/Status</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+## ShellLauncherConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    xmlns:default="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    targetNamespace="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    >
+
+    <xs:complexType name="profile_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="DefaultProfile" type="default_profile_t"/>
+                <xs:element name="Profile" type="profile_t"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_t" minOccurs="0" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="default_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_shell_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="custom_shell_t">
+        <xs:all minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeActions" type="return_code_action_list_t" minOccurs="0" maxOccurs="1">
+                <xs:unique name="ForbidDuplicatedReturnCodes">
+                    <xs:selector xpath="default:ReturnCodeAction"/>
+                    <xs:field xpath="@ReturnCode"/>
+                </xs:unique>
+            </xs:element>
+            <!--if "DefaultAction" is not supplied, pre-defined default action is "restart the shell"-->
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:all>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="default_action_t">
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="system_action_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="RestartShell" />
+            <xs:enumeration value="RestartDevice" />
+            <xs:enumeration value="ShutdownDevice" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="custom_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="return_code_action_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeAction" type="return_code_action_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="return_code_action_t">
+        <xs:attribute name="ReturnCode" type="xs:integer" use="required"/>
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="config_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="config_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="Account" type="account_t" minOccurs="1" maxOccurs="1">
+                    <xs:key name="mutexNameOrSID">
+                        <xs:selector xpath="."/>
+                        <xs:field xpath="@Name|@Sid"/>
+                    </xs:key>
+                </xs:element>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_id_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="account_t">
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+        <xs:attribute name="Sid" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{50021E57-1CE4-49DF-99A9-8DB659E2C2DD}"/>
+    </xs:complexType>
+
+    <xs:complexType name="profile_id_t">
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+    </xs:complexType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="ShellLauncherConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Profiles" type="profile_list_t" minOccurs="1" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedProfiles">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t" minOccurs="0" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedConfigs_Name">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Name"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedConfigs_Sid">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Sid"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedAutoLogonAccount">
+                        <xs:selector xpath="default:Config/default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## ShellLauncherConfiguration examples
+
+ShellLauncherConfiguration Add
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <!--default profile defines default shell and action for general purposes, should NOT be bound to any account-->
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe">
+                        <!--DefaultAction is optional; if not defined, the pre-defined default action is "restart shell"-->
+                        <DefaultAction Action="RestartShell"/>
+                    </Shell>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <!--ReturnCodeActions is optional, when none is provided, will always execute default action-->
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <!--restart device after shell exits, if its return code does not match any of the above-->
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+                <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}">
+                    <Shell Shell="%SystemRoot%\System32\cmd.exe"/>
+                    <!--DefaultAction is optional, if none is supplied, will use DefaultAction defined in DefaultProfile-->
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <!--AutoLogon account-->
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+                <Config>
+                    <!--BUILTIN\Administrators SID-->
+                    <Account Sid="S-1-5-32-544"/>
+                    <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}"/>
+                </Config>
+                <Config>
+                    <!--local account-->
+                    <Account Name="sluser1"/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Add AutoLogon
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe"/>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Get
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Get>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+## AssignedAccessAlert XSD
+
+```syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    >
+
+    <xs:simpleType name="status_t">
+        <xs:restriction base="xs:int">
+            <xs:enumeration value="0"/>
+            <xs:enumeration value="1"/>
+            <xs:enumeration value="2"/>
+            <xs:enumeration value="3"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="event_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="status" type="status_t" minOccurs="1" maxOccurs="1"/>
+            <xs:element name="profileId" type="guid_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Name" type="xs:string" fixed="KioskModeAppRuntimeStatus" use="required"/>
+    </xs:complexType>
+
+    <xs:element name="Events">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Event" type="event_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```

windows/client-management/mdm/assignedaccess-ddf.md

@@ -7,12 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 02/22/2018
 ---
 
 # AssignedAccess DDF
 
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below:
@@ -20,7 +23,7 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -48,7 +51,7 @@ The XML below is for Windows 10, version 1709.
                 <Permanent />
             </Scope>
             <DFType>
-                <MIME>com.microsoft/1.1/MDM/AssignedAccess</MIME>
+                <MIME>com.microsoft/2.0/MDM/AssignedAccess</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -111,6 +114,84 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
                 </DFType>
             </DFProperties>
         </Node>
+        <Node>
+            <NodeName>Status</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                </AccessType>
+                <Description>This read only node contains kiosk health event xml</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Permanent />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>ShellLauncher</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a ShellLauncherConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>StatusConfiguration</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a StatusConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
     </Node>
 </MgmtTree>
 ```

windows/client-management/mdm/bitlocker-csp.md

@@ -798,7 +798,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines.</p>
 
 > [!Important]  
-> Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0.
+> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0.
 
 > [!Warning]
 > When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows.
@@ -826,7 +826,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 
 <p style="margin-left: 20px">The following list shows the supported values:</p>
 
--   0 – Disables the warning prompt. Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable BitLocker for value 0.
+-   0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable BitLocker for value 0.
 -   1 (default) – Warning prompt allowed.
 
 ``` syntax

windows/client-management/mdm/cm-cellularentries-csp.md

@@ -14,9 +14,6 @@ ms.date: 08/02/2017
 
 The CM\_CellularEntries configuration service provider is used to configure the General Packet Radio Service (GPRS) entries on the device. It defines each GSM data access point.
 
-> [!Note]
-> Starting in the next major update to Windows 10, the CM\_CellularEntries CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
-
 This configuration service provider requires the ID\_CAP\_NETWORKING\_ADMIN capability to be accessed from a network configuration application.
 
 The following diagram shows the CM\_CellularEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/02/2018
+ms.date: 03/12/2018
 ---
 
 # Configuration service provider reference
@@ -1127,6 +1127,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[eUICCs CSP](euiccs-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [FileSystem CSP](filesystem-csp.md)  
 
@@ -1295,6 +1323,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[MultiSIM CSP](multisim-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [NAP CSP](nap-csp.md)  
 
@@ -2080,7 +2136,7 @@ Footnotes:
 <!--EndCSP-->
 
 <!--StartCSP-->
-[Uefi CSP](uefi-csp.md)  
+[UEFI CSP](uefi-csp.md)  
 
 <!--StartSKU-->
 <table>
@@ -2095,7 +2151,7 @@ Footnotes:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
@@ -2453,7 +2509,7 @@ Footnotes:
  Footnotes: 
 - 1 - Added in Windows 10, version 1607
 - 2 - Added in Windows 10, version 1703  
-- 3 - Added in the next major update to Windows 10  
+- 3 - Added in Windows 10, version 1803  
 
 ## CSP DDF files download
 
@@ -2540,6 +2596,7 @@ Footnotes:
 -   [Reporting CSP](reporting-csp.md)
 -   [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
 -   [SurfaceHub CSP](surfacehub-csp.md)
+-   [UEFI CSP](uefi-csp.md)  
 -   [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 
 

windows/client-management/mdm/defender-csp.md

@@ -314,7 +314,7 @@ Node that can be used to perform signature updates for Windows Defender.
 Supported operations are Get and Execute.
 
 <a href="" id="offlinescan"></a>**OfflineScan**  
-Added in Windows 10, next major update. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
+Added in Windows 10, version 1803. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
 
 Supported operations are Get and Execute.
 

windows/client-management/mdm/developersetup-csp.md

@@ -1,6 +1,6 @@
 ---
 title: DeveloperSetup CSP
-description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the next major update of Windows 10.
+description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
 ms.assetid: 
 ms.author: maricia
 ms.topic: article

windows/client-management/mdm/devicestatus-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus CSP
@@ -132,6 +132,15 @@ Added in Windows, version 1607. String that specifies the OS edition.
 
 Supported operation is Get.
 
+<a href="" id="devicestatus-os-mode"></a>**DeviceStatus/OS/Mode**  
+Added in Windows, version 1803. Read only node that specifies the device mode.
+
+Valid values:  
+-  0 - the device is in standard configuration
+-  1 - the device is in S mode configuration
+
+Supported operation is Get.
+
 <a href="" id="devicestatus-antivirus"></a>**DeviceStatus/Antivirus**  
 Added in Windows, version 1607. Node for the antivirus query.
 

windows/client-management/mdm/devicestatus-ddf.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/12/2018
 ---
 
 # DeviceStatus DDF
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DeviceS
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -469,6 +469,27 @@ The XML below is for Windows 10, version 1709.
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>Mode</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DefaultValue>Not available</DefaultValue>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
           <NodeName>Antivirus</NodeName>

windows/client-management/mdm/dmclient-csp.md

@@ -261,7 +261,7 @@ Optional. Number of days after last sucessful sync to unenroll.
 Supported operations are Add, Delete, Get, and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken**  
-Device. Added in Windows 10 next major update. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
+Device. Added in Windows 10 version 1803. For AZure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
 
 Supported operations are Add, Delete, Get, and Replace. Value type is bool.
 
@@ -713,27 +713,27 @@ Required. Added in Windows 10, version 1709. Integer node determining if a devic
 Supported operations are Get and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-firstsyncstatus-blockinstatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage**  
-Required. Device Only. Added in Windows 10, next major update. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available.
+Required. Device Only. Added in Windows 10, version 1803. This node determines whether or not the MDM progress page is blocking in the Azure AD joined or DJ++ case, as well as which remediation options are available.
 
 Supported operations are Get and Replace. Value type is integer.
 
 <a href="" id="provider-providerid-firstsyncstatus-allowcollectlogsbutton"></a>**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton**  
-Required. Added in Windows 10, next major update. This node decides whether or not the MDM progress page displays the Collect Logs button.  
+Required. Added in Windows 10, version 1803. This node decides whether or not the MDM progress page displays the Collect Logs button.  
 
 Supported operations are Get and Replace. Value type is bool.
 
 <a href="" id="provider-providerid-firstsyncstatus-customerrortext"></a>**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText**  
-Required. Added in Windows 10, next major update. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error.  
+Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do in case of error.  
 
 Supported operations are Add, Get, Delete, and Replace. Value type is string.
 
 <a href="" id="provider-providerid-firstsyncstatus-skipdevicestatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage**  
-Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
+Required. Device only. Added in Windows 10, version 1803. This node decides wheter or not the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
 
 Supported operations are Get and Replace. Value type is bool.
 
 <a href="" id="provider-providerid-firstsyncstatus-skipuserstatuspage"></a>**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage**  
-Required. Device only. Added in Windows 10, next major update. This node decides wheter or not the MDM user progress page skips after Azure AD joined or DJ++ after user login.
+Required. Device only. Added in Windows 10, version 1803. This node decides wheter or not the MDM user progress page skips after Azure AD joined or DJ++ after user login.
 
 Supported operations are Get and Replace. Value type is bool.
 

windows/client-management/mdm/dmclient-ddf-file.md

@@ -20,7 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DMClien
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, next major update.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>

windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md

@@ -298,3 +298,13 @@ The \<Data> payload is empty. Here an example to set AppVirtualization/Publishin
   </SyncBody>
 </SyncML>
 ```
+
+## Video walkthrough
+
+Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune.
+
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121]
+
+Here is a video of how to import a custom ADMX file to a device using Intune.
+
+> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73]

windows/client-management/mdm/enterprisemodernappmanagement-csp.md

@@ -7,11 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/22/2017
+ms.date: 03/01/2018
 ---
 
 # EnterpriseModernAppManagement CSP
 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
 
 > [!Note]
@@ -359,6 +363,20 @@ The following image shows the EnterpriseModernAppManagement configuration servic
 </Get>
 ```
 
+<a href="" id="----packagefamilyname-maintainprocessorarchitectureonupdate"></a>**.../*PackageFamilyName*/MaintainProcessorArchitectureOnUpdate**  
+Added in Windows 10, version 1803. Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
+
+Supported operations are Add, Get, Delete, and Replace. Value type is integer.
+
+Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins).
+
+|Applicability Setting |CSP state  |Result  |
+|---------|---------|---------|
+|True |Not configured     |X86 flavor is picked         |
+|True |Enabled    |X86 flavor is picked         |
+|True |Disabled         |X86 flavor is picked         |
+|False (not set) |Not configured         |X64 flavor is picked          |
+
 <a href="" id="appinstallation"></a>**AppInstallation**  
 <p style="margin-left: 20px">Required node. Used to perform app installation.
 

windows/client-management/mdm/euiccs-csp.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/15/2017
+ms.date: 03/02/2018
 ---
 
 # eUICCs CSP
@@ -61,6 +61,11 @@ Required. Current state of the profile (Installing = 1, Installed = 2, Deleting
 
 Supported operation is Get. Value type is integer. Default value is 1.
 
+<a href="" id="euicc-profiles-iccid-isenabled"></a>**_eUICC_/Profiles/_ICCID_/IsEnabled**  
+Added in Windows 10, version 1803. Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created to enable the profile once it’s successfully downloaded and installed on the device. Can also be queried and updated by the CSP.
+
+Supported operations are Add, Get, and Replace. Value type is bool.
+
 <a href="" id="euicc-policies"></a>**_eUICC_/Policies**  
 Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile).
 

windows/client-management/mdm/euiccs-ddf-file.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/02/2018
 ---
 
 # eUICCs DDF file
@@ -17,6 +17,8 @@ This topic shows the OMA DM device description framework (DDF) for the **eUICCs*
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
+The XML below if for Windows 10, version 1803.
+
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
@@ -26,7 +28,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
     <VerDTD>1.2</VerDTD>
     <Node>
         <NodeName>eUICCs</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
         <DFProperties>
             <AccessType>
                 <Get />
@@ -45,7 +47,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
                 <CIS />
             </CaseSense>
             <DFType>
-                <MIME>com.microsoft/1.0/MDM/eUICCs</MIME>
+                <MIME>com.microsoft/1.1/MDM/eUICCs</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -229,6 +231,29 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
                             </DFType>
                         </DFProperties>
                     </Node>
+                    <Node>
+                        <NodeName>IsEnabled</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                                <Add />
+                                <Replace />
+                            </AccessType>
+                            <Description>Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
                 </Node>
             </Node>
             <Node>

windows/client-management/mdm/multisim-csp.md

@@ -0,0 +1,58 @@
+---
+title: MultiSIM CSP
+description: MultiSIM CSP allows the enterprise to manage devices with dual SIM single active configuration.
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 02/27/2018
+---
+
+# MultiSIM CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
+
+
+The following diagram shows the MultiSIM configuration service provider in tree format.
+
+![MultiSIM CSP diagram](images/provisioning-csp-multisim.png) 
+
+<a href="" id="multisim"></a>**./Device/Vendor/MSFT/MultiSIM**  
+Root node.
+
+<a href="" id="tbd"></a>**_ModemID_**  
+Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem.
+
+<a href="" id="modemid"></a>**_ModemID_/Identifier**  
+Modem ID.
+
+<a href="" id="tbd"></a>**_ModemID_/IsEmbedded**  
+Indicates whether this modem is embedded or external.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots**  
+Represents all SIM slots in the Modem.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_**  
+Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
+Slot ID.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
+Indicates whether this Slot is embedded or a physical SIM slot.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
+Indicates whether this Slot is selected or not.
+
+<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/State**  
+Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)
+
+<a href="" id="tbd"></a>**_ModemID_/Policies**  
+Policies associated with the Modem.
+
+<a href="" id="tbd"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
+Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.

windows/client-management/mdm/multisim-ddf.md

@@ -0,0 +1,291 @@
+---
+title: MultiSIM DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 02/27/2018
+---
+
+# MultiSIM CSP 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **MultiSIM** configuration service provider.
+
+The XML below is for Windows 10, version 1803.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>MultiSIM</NodeName>
+        <Path>./Device/Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>Subtree for multi-SIM management.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/MultiSIM</MIME>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName></NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Node representing a Mobile Broadband Modem. The node name is the Modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded Modem.</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrMore />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>ModemID</DFTitle>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>Identifier</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Modem ID.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <CaseSense>
+                <CIS />
+              </CaseSense>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>IsEmbedded</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Indicates whether this Modem is embedded or external.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Slots</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Represents all SIM slots in the Modem.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName></NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.</Description>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrMore />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFTitle>SlotID</DFTitle>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>Identifier</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Slot ID.</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IsEmbedded</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Indicates whether this Slot is embedded or a physical SIM slot.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IsSelected</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>Indicates whether this Slot is selected or not.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>State</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <Description>Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>Policies</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>Policies associated with the Modem.</Description>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <DDFName></DDFName>
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>SlotSelectionEnabled</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+          </Node>
+        </Node>
+      </Node>
+</MgmtTree>
+```

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 02/05/2018
+ms.date: 03/03/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1389,6 +1389,45 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### March 2018
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>IsEnabled</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>OS/Mode</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)</td>
+<td style="vertical-align:top"><p>Added the following videos:</p>
+<ul>
+<li>[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)</li>
+<li>[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
 ### February 2018
 
 <table class="mx-tdBreakAll">
@@ -1403,10 +1442,50 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 </thead>
 <tbody>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
+<ul>
+<li>Display/DisablePerProcessDpiForApps</li>
+<li>Display/EnablePerProcessDpi</li>
+<li>Display/EnablePerProcessDpiForApps</li>
+<li>Experience/AllowWindowsSpotlightOnSettings</li>
+<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
+<li>TextInput/ForceTouchKeyboardDockedState</li>
+<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
+<li>TextInput/TouchKeyboardEmojiButtonAvailability</li>
+<li>TextInput/TouchKeyboardFullModeAvailability</li>
+<li>TextInput/TouchKeyboardHandwritingModeAvailability</li>
+<li>TextInput/TouchKeyboardNarrowModeAvailability</li>
+<li>TextInput/TouchKeyboardSplitModeAvailability</li>
+<li>TextInput/TouchKeyboardWideModeAvailability</li>
+<ul>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
 <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
+<ul>
+<li>Status</li>
+<li>ShellLauncher</li>
+<li>StatusConfiguration</li>
+</ul>
+<p>Updated the AssigneAccessConfiguration schema.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>MaintainProcessorArchitectureOnUpdate</li>
+</ul>
+</td></tr>
 </tbody>
 </table>
 
@@ -1426,7 +1505,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <tbody>
 <tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
@@ -1539,11 +1618,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 <tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AADSendDeviceToken</li>
 <li>BlockInStatusPage</li>
@@ -1555,7 +1638,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AutomaticRedeployment</li>
 <li>doAutomaticRedeployment</li>
@@ -1565,11 +1648,21 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Update CSP](update-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
+<ul>
+<li>Rollback</li>
+<li>Rollback/FeatureUpdate</li>
+<li>Rollback/QualityUpdateStatus</li>
+<li>Rollback/FeatureUpdateStatus</li>
+</ul>
 </td></tr>
 </tbody>
 </table>

windows/client-management/mdm/policy-csp-abovelock.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AboveLock
@@ -127,6 +127,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Cortana above lock screen*
+-   GP name: *AllowCortanaAboveLock*
+-   GP path: *Windows Components/Search*
+-   GP ADMX file name: *Search.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -194,6 +202,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AccountPoliciesAccountLockoutPolicy
@@ -180,6 +180,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-accounts.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Accounts
@@ -244,6 +244,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-activexcontrols.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ActiveXControls
@@ -79,14 +79,14 @@ Note: Wild card characters cannot be used when specifying the host URLs.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Approved Installation Sites for ActiveX Controls*
 -   GP name: *ApprovedActiveXInstallSites*
 -   GP path: *Windows Components/ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -95,6 +95,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-applicationdefaults.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ApplicationDefaults
@@ -68,6 +68,15 @@ Added in Windows 10, version 1703. This policy allows an administrator to set de
 If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set a default associations configuration file*
+-   GP name: *DefaultAssociationsConfiguration*
+-   GP element: *DefaultAssociationsConfiguration_TextBox*
+-   GP path: *File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+<!--/ADMXMapped-->
 <!--Example-->
 To create create the SyncML, follow these steps:
 <ol>
@@ -130,6 +139,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ApplicationManagement
@@ -98,6 +98,14 @@ Specifies whether non Microsoft Store apps are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow all trusted apps to install*
+-   GP name: *AppxDeploymentAllowAllTrustedApps*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -152,6 +160,14 @@ Specifies whether automatic update of apps from Microsoft Store are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download and Install of updates*
+-   GP name: *DisableAutoInstall*
+-   GP path: *Windows Components/Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -204,6 +220,14 @@ Specifies whether developer unlock is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)*
+-   GP name: *AllowDevelopmentWithoutDevLicense*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -260,6 +284,14 @@ Specifies whether DVR and broadcasting is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enables or disables Windows Game Recording and Broadcasting*
+-   GP name: *AllowGameDVR*
+-   GP path: *Windows Components/Windows Game Recording and Broadcasting*
+-   GP ADMX file name: *GameDVR.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -312,6 +344,14 @@ Specifies whether multiple users of the same app can share data.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow a Windows app to share application data between users*
+-   GP name: *AllowSharedLocalAppData*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -479,6 +519,14 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
 Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable all apps from Microsoft Store *
+-   GP name: *DisableStoreApps*
+-   GP path: *Windows Components/Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -521,6 +569,7 @@ The following list shows the supported values:
 
 > [!div class = "checklist"]
 > * User
+> * Device
 
 <hr/>
 
@@ -532,6 +581,12 @@ Allows disabling of the retail catalog and only enables the Private store.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *RequirePrivateStoreOnly*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -584,6 +639,14 @@ Specifies whether application data is restricted to the system drive.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent users' app data from being stored on non-system volumes*
+-   GP name: *RestrictAppDataToSystemVolume*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -636,6 +699,14 @@ Specifies whether the installation of applications is restricted to the system d
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable installing Windows apps on non-system volumes*
+-   GP name: *DisableDeploymentToNonSystemVolumes*
+-   GP path: *Windows Components/App Package Deployment*
+-   GP ADMX file name: *AppxPackageManager.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -651,6 +722,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-appruntime.md

@@ -0,0 +1,78 @@
+---
+title: Policy CSP - AppRuntime
+description: Policy CSP - AppRuntime
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/12/2018
+---
+
+# Policy CSP - AppRuntime
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## AppRuntime policies  
+
+<dl>
+  <dd>
+    <a href="#appruntime-allowmicrosoftaccountstobeoptional">AppRuntime/AllowMicrosoftAccountsToBeOptional</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="appruntime-allowmicrosoftaccountstobeoptional"></a>**AppRuntime/AllowMicrosoftAccountsToBeOptional**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.
+
+If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
+
+If you disable or do not configure this policy setting, users will need to sign in with a Microsoft account.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft accounts to be optional*
+-   GP name: *AppxRuntimeMicrosoftAccountsOptional*
+-   GP path: *Windows Components/App runtime*
+-   GP ADMX file name: *AppXRuntime.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-appvirtualization.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AppVirtualization
@@ -154,14 +154,14 @@ This policy setting allows you to enable or disable Microsoft Application Virtua
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable App-V Client*
 -   GP name: *EnableAppV*
 -   GP path: *System/App-V*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -212,14 +212,14 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Dynamic Virtualization*
 -   GP name: *Virtualization_JITVEnable*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -270,14 +270,14 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable automatic cleanup of unused appv packages*
 -   GP name: *PackageManagement_AutoCleanupEnable*
 -   GP path: *System/App-V/PackageManagement*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -328,14 +328,14 @@ Enables scripts defined in the package manifest of configuration files that shou
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Package Scripts*
 -   GP name: *Scripting_Enable_Package_Scripts*
 -   GP path: *System/App-V/Scripting*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -386,14 +386,14 @@ Enables a UX to display to the user when a publishing refresh is performed on th
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Publishing Refresh UX*
 -   GP name: *Enable_Publishing_Refresh_UX*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -454,14 +454,14 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reporting Server*
 -   GP name: *Reporting_Server_Policy*
 -   GP path: *System/App-V/Reporting*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -512,14 +512,14 @@ Specifies the file paths relative to %userprofile% that do not roam with a user'
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Roaming File Exclusions*
 -   GP name: *Integration_Roaming_File_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -570,14 +570,14 @@ Specifies the registry paths that do not roam with a user profile. Example usage
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Roaming Registry Exclusions*
 -   GP name: *Integration_Roaming_Registry_Exclusions*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -628,14 +628,14 @@ Specifies how new packages should be loaded automatically by App-V on a specific
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify what to load in background (aka AutoLoad)*
 -   GP name: *Steaming_Autoload*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -686,14 +686,14 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Migration Mode*
 -   GP name: *Client_Coexistence_Enable_Migration_mode*
 -   GP path: *System/App-V/Client Coexistence*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -744,14 +744,14 @@ Specifies the location where symbolic links are created to the current version o
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Integration Root User*
 -   GP name: *Integration_Root_User*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -802,14 +802,14 @@ Specifies the location where symbolic links are created to the current version o
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Integration Root Global*
 -   GP name: *Integration_Root_Global*
 -   GP path: *System/App-V/Integration*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -878,14 +878,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 1 Settings*
 -   GP name: *Publishing_Server1_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -954,14 +954,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 2 Settings*
 -   GP name: *Publishing_Server2_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1030,14 +1030,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 3 Settings*
 -   GP name: *Publishing_Server3_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1106,14 +1106,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 4 Settings*
 -   GP name: *Publishing_Server4_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1182,14 +1182,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Publishing Server 5 Settings*
 -   GP name: *Publishing_Server5_Policy*
 -   GP path: *System/App-V/Publishing*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1240,14 +1240,14 @@ Specifies the path to a valid certificate in the certificate store.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certificate Filter For Client SSL*
 -   GP name: *Streaming_Certificate_Filter_For_Client_SSL*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1298,14 +1298,14 @@ This setting controls whether virtualized applications are launched on Windows 8
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
 -   GP name: *Streaming_Allow_High_Cost_Launch*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1356,14 +1356,14 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Location Provider*
 -   GP name: *Streaming_Location_Provider*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1414,14 +1414,14 @@ Specifies directory where all new applications and updates will be installed.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Package Installation Root*
 -   GP name: *Streaming_Package_Installation_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1472,14 +1472,14 @@ Overrides source location for downloading package content.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Package Source Root*
 -   GP name: *Streaming_Package_Source_Root*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1530,14 +1530,14 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reestablishment Interval*
 -   GP name: *Streaming_Reestablishment_Interval*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1588,14 +1588,14 @@ Specifies the number of times to retry a dropped session.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reestablishment Retries*
 -   GP name: *Streaming_Reestablishment_Retries*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1646,14 +1646,14 @@ Specifies that streamed package contents will be not be saved to the local hard
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Shared Content Store (SCS) mode*
 -   GP name: *Streaming_Shared_Content_Store_Mode*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1704,14 +1704,14 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Support for BranchCache*
 -   GP name: *Streaming_Support_Branch_Cache*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1762,14 +1762,14 @@ Verifies Server certificate revocation status before streaming using HTTPS.
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Verify certificate revocation list*
 -   GP name: *Streaming_Verify_Certificate_Revocation_List*
 -   GP path: *System/App-V/Streaming*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1820,14 +1820,14 @@ Specifies a list of process paths (may contain wildcards) which are candidates f
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Virtual Component Process Allow List*
 -   GP name: *Virtualization_JITVAllowList*
 -   GP path: *System/App-V/Virtualization*
 -   GP ADMX file name: *appv.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -1836,6 +1836,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-attachmentmanager.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - AttachmentManager
@@ -85,14 +85,14 @@ If you do not configure this policy setting, Windows marks file attachments with
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not preserve zone information in file attachments*
 -   GP name: *AM_MarkZoneOnSavedAtttachments*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -149,14 +149,14 @@ If you do not configure this policy setting, Windows hides the check box and Unb
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hide mechanisms to remove zone information*
 -   GP name: *AM_RemoveZoneInfo*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -213,14 +213,14 @@ If you do not configure this policy setting, Windows does not call the registere
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Notify antivirus programs when opening attachments*
 -   GP name: *AM_CallIOfficeAntiVirus*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -229,6 +229,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-authentication.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Authentication
@@ -286,6 +286,14 @@ Added in Windows 10, version 1607. Allows secondary authentication devices to w
 The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow companion device for secondary authentication*
+-   GP name: *MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice*
+-   GP path: *Windows Components/Microsoft Secondary Authentication Factor*
+-   GP ADMX file name: *DeviceCredential.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -301,6 +309,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-autoplay.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Autoplay
@@ -84,14 +84,14 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disallow Autoplay for non-volume devices*
 -   GP name: *NoAutoplayfornonVolume*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -156,14 +156,14 @@ If you disable or not configure this policy setting, Windows Vista or later will
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set the default behavior for AutoRun*
 -   GP name: *NoAutorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -229,14 +229,14 @@ Note: This policy setting appears in both the Computer Configuration and User Co
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Autoplay*
 -   GP name: *Autorun*
 -   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -245,6 +245,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-bitlocker.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Bitlocker
@@ -114,6 +114,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-bluetooth.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Bluetooth
@@ -293,6 +293,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-browser.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/31/2018
+ms.date: 03/13/2018
 ---
 
 # Policy CSP - Browser
@@ -117,6 +117,9 @@ ms.date: 01/31/2018
   <dd>
     <a href="#browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
   </dd>
+  <dd>
+    <a href="#browser-preventtabpreloading">Browser/PreventTabPreloading</a>
+  </dd>
   <dd>
     <a href="#browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
   </dd>
@@ -188,6 +191,14 @@ Added in Windows 10, version 1703. Specifies whether to allow the address bar dr
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Address bar drop-down list suggestions*
+-   GP name: *AllowAddressBarDropdown*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -241,6 +252,14 @@ Specifies whether autofill on websites is allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Autofill*
+-   GP name: *AllowAutofill*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -366,14 +385,7 @@ The following list shows the supported values:
 -   0 - Disable. Microsoft Edge cannot retrieve a configuration
 -   1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library
 
-
 <!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
 <!--/Policy-->
 
 <hr/>
@@ -421,6 +433,15 @@ Specifies whether cookies are allowed.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure cookies*
+-   GP name: *Cookies*
+-   GP element: *CookiesListBox*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -487,6 +508,14 @@ Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turni
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Developer Tools*
+-   GP name: *AllowDeveloperTools*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -540,6 +569,14 @@ Specifies whether Do Not Track headers are allowed.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Do Not Track*
+-   GP name: *AllowDoNotTrack*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -600,6 +637,14 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Extensions*
+-   GP name: *AllowExtensions*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -651,6 +696,14 @@ The following list shows the supported values:
 Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Adobe Flash*
+-   GP name: *AllowFlash*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -702,6 +755,14 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure the Adobe Flash Click-to-Run setting*
+-   GP name: *AllowFlashClickToRun*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -755,6 +816,14 @@ Specifies whether InPrivate browsing is allowed on corporate networks.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow InPrivate browsing*
+-   GP name: *AllowInPrivate*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -811,6 +880,14 @@ If you enable or don’t configure this setting, Microsoft Edge periodically dow
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Microsoft Compatibility List*
+-   GP name: *AllowCVList*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -864,6 +941,14 @@ Specifies whether saving and managing passwords locally on the device is allowed
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Password Manager*
+-   GP name: *AllowPasswordManager*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -926,6 +1011,14 @@ Specifies whether pop-up blocker is allowed or enabled.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Pop-up Blocker*
+-   GP name: *AllowPopups*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -990,6 +1083,14 @@ If this setting is turned on or not configured, users can add new search engines
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow search engine customization*
+-   GP name: *AllowSearchEngineCustomization*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1043,6 +1144,14 @@ Specifies whether search suggestions are allowed in the address bar.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure search suggestions in Address bar*
+-   GP name: *AllowSearchSuggestionsinAddressBar*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1096,6 +1205,14 @@ Specifies whether Windows Defender SmartScreen is allowed.
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *AllowSmartScreen*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1156,6 +1273,14 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Always show the Books Library in Microsoft Edge*
+-   GP name: *AlwaysEnableBooksLibrary*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1209,6 +1334,14 @@ Added in Windows 10, version 1703. Specifies whether to clear browsing data on e
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow clearing browsing data on exit*
+-   GP name: *AllowClearingBrowsingDataOnExit*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1279,6 +1412,15 @@ If this setting is not configured, the search engines used are the ones that are
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure additional search engines*
+-   GP name: *ConfigureAdditionalSearchEngines*
+-   GP element: *ConfigureAdditionalSearchEngines_Prompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1338,6 +1480,14 @@ Added in Windows 10, version 1703. Boolean value that specifies whether the lock
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable lockdown of Start pages*
+-   GP name: *DisableLockdownOfStartPages*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1391,6 +1541,14 @@ This policy setting lets you decide how much data to send to Microsoft about the
 If you enable this setting, Microsoft Edge sends additional diagnostic data, on top of the basic diagnostic data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic diagnostic data, depending on your device configuration.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow extended telemetry for the Books tab*
+-   GP name: *EnableExtendedBooksTelemetry*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1446,6 +1604,15 @@ The following list shows the supported values:
 Allows the user to specify an URL of an enterprise site list.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure the Enterprise Mode Site List*
+-   GP name: *EnterpriseModeSiteList*
+-   GP element: *EnterSiteListPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1604,6 +1771,15 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
 > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Start pages*
+-   GP name: *HomePages*
+-   GP element: *HomePagesPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1657,6 +1833,14 @@ If you disable or don't configure this setting (default), employees can add, imp
 Data type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent changes to Favorites on Microsoft Edge*
+-   GP name: *LockdownFavorites*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1708,6 +1892,14 @@ The following list shows the supported values:
 Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent access to the about:flags page in Microsoft Edge*
+-   GP name: *PreventAccessToAboutFlagsInMicrosoftEdge*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1761,6 +1953,14 @@ Added in Windows 10, version 1703. Specifies whether to enable or disable the Fi
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent the First Run webpage from opening on Microsoft Edge*
+-   GP name: *PreventFirstRunPage*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1814,6 +2014,14 @@ Added in Windows 10, version 1703. Specifies whether Microsoft can collect infor
 Most restricted value is 1.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start*
+-   GP name: *PreventLiveTileDataCollection*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1867,6 +2075,14 @@ Specifies whether users can override the Windows Defender SmartScreen Filter war
 Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for sites*
+-   GP name: *PreventSmartScreenPromptOverride*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1918,6 +2134,14 @@ The following list shows the supported values:
 Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for files*
+-   GP name: *PreventSmartScreenPromptOverrideForFiles*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1929,6 +2153,58 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-preventtabpreloading"></a>**Browser/PreventTabPreloading**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. 
+
+<!--/Description-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Allow pre-launch and preload.
+-   1 – Prevent pre-launch and preload.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
 
@@ -1973,6 +2249,14 @@ The following list shows the supported values:
 Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent using Localhost IP address for WebRTC*
+-   GP name: *HideLocalHostIPAddress*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2037,6 +2321,15 @@ If you disable or don't configure this setting, employees will see the favorites
 Data type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Provision Favorites*
+-   GP name: *ConfiguredFavorites*
+-   GP element: *ConfiguredFavoritesPrompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -2087,6 +2380,14 @@ Specifies whether to send intranet traffic over to Internet Explorer.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Send all intranet sites to Internet Explorer 11*
+-   GP name: *SendIntranetTraffictoInternetExplorer*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2148,6 +2449,15 @@ If this setting is not configured, the default search engine is set to the one s
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Set default search engine*
+-   GP name: *SetDefaultSearchEngine*
+-   GP element: *SetDefaultSearchEngine_Prompt*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2205,6 +2515,14 @@ Added in Windows 10, version 1607. Specifies whether users should see a full in
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Show message when opening sites in Internet Explorer*
+-   GP name: *ShowMessageWhenOpeningSitesInInternetExplorer*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2261,6 +2579,14 @@ Added in Windows 10, version 1703. Specifies whether favorites are kept in sync
 > Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Keep favorites in sync between Internet Explorer and Microsoft Edge*
+-   GP name: *SyncFavoritesBetweenIEAndMicrosoftEdge*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2322,6 +2648,14 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow a shared Books folder*
+-   GP name: *UseSharedFolderForBooks*
+-   GP path: *Windows Components/Microsoft Edge*
+-   GP ADMX file name: *MicrosoftEdge.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2331,68 +2665,13 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
-<!--StartPolicy-->
-<a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartScope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-<hr/>
-
-<!--EndScope-->
-<!--StartDescription-->
-This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
-
-<!--EndDescription-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - No shared folder.
--   1 - Use a shared folder.
-
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--EndPolicy-->
-<hr/>
 
 Footnote:
 
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-camera.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Camera
@@ -68,6 +68,14 @@ Disables or enables the camera.
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow Use of Camera*
+-   GP name: *L_AllowCamera*
+-   GP path: *Windows Components/Camera*
+-   GP ADMX file name: *Camera.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -83,6 +91,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-cellular.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Cellular
@@ -23,13 +23,13 @@ ms.date: 01/30/2018
     <a href="#cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
   </dd>
   <dd>
-    <a href="#cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
+    <a href="#cellular-letappsaccesscellulardata-userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
   </dd>
   <dd>
     <a href="#cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
@@ -90,6 +90,13 @@ If you disable or do not configure this policy setting, employees in your organi
 If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.”
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_Enum*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -103,7 +110,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**  
 
 <!--SupportedSKUs-->
 <table>
@@ -141,12 +148,19 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**  
 
 <!--SupportedSKUs-->
 <table>
@@ -184,12 +198,19 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
 
 <!--Policy-->
-<a href="" id="cellular-letappsaccesscellulardata_userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**  
+<a href="" id="cellular-letappsaccesscellulardata-userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**  
 
 <!--SupportedSKUs-->
 <table>
@@ -227,6 +248,13 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *LetAppsAccessCellularData*
+-   GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -270,13 +298,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
 This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX.
 
 If this policy setting is enabled, a drop-down list box presenting possible values will be active.  Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page.
-
+If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.
-If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.”
-
-Supported values:
-
-- 0 - Hide
-- 1 - Show
 
 <!--/Description-->
 > [!TIP]
@@ -286,14 +308,14 @@ Supported values:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set Per-App Cellular Access UI Visibility*
 -   GP name: *ShowAppCellularAccessUI*
 -   GP path: *Network/WWAN Service/WWAN UI Settings*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -302,6 +324,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-connectivity.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Connectivity
@@ -216,6 +216,14 @@ Allows or disallows cellular data roaming on the device. Device reboot is not re
 Most restricted value is 0.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prohibit connection to roaming Mobile Broadband networks*
+-   GP name: *WCM_DisableRoaming*
+-   GP path: *Network/Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -545,6 +553,17 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether to allow printing over HTTP from this client.
+
+Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
+
+Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
+
+If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.
+
+If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.
+
+Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
 
 <!--/Description-->
 > [!TIP]
@@ -554,14 +573,14 @@ The following list shows the supported values:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off printing over HTTP*
 -   GP name: *DisableHTTPPrinting_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -602,6 +621,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether to allow this client to download print driver packages over HTTP.
+
+To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
+
+Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.  It only prohibits downloading drivers that are not already installed locally.
+
+If you enable this policy setting, print drivers cannot be downloaded over HTTP.
+
+If you disable or do not configure this policy setting, users can download print drivers over HTTP.
 
 <!--/Description-->
 > [!TIP]
@@ -611,14 +639,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off downloading of print drivers over HTTP*
 -   GP name: *DisableWebPnPDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -659,6 +687,15 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.
+
+These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
+
+If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
+
+If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.
+
+See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
 
 <!--/Description-->
 > [!TIP]
@@ -668,14 +705,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
 -   GP name: *ShellPreventWPWDownload_2*
 -   GP path: *Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -721,6 +758,14 @@ Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) de
 Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Network Connectivity Status Indicator active tests*
+-   GP name: *NoActiveProbe*
+-   GP path: *Internet Communication settings*
+-   GP ADMX file name: *ICM.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -773,14 +818,14 @@ If you enable this policy, Windows only allows access to the specified UNC paths
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hardened UNC Paths*
 -   GP name: *Pol_HardenedPaths*
 -   GP path: *Network/Network Provider*
 -   GP ADMX file name: *networkprovider.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -821,6 +866,13 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
+Determines whether a user can install and configure the Network Bridge.
+
+Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+
+The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.
+
+If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
 
 <!--/Description-->
 > [!TIP]
@@ -830,14 +882,14 @@ ADMX Info:
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
 -   GP name: *NC_AllowNetBridge_NLA*
 -   GP path: *Network/Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -846,6 +898,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - ControlPolicyConflict
@@ -65,9 +65,9 @@ ms.date: 01/30/2018
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.
+Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.
 
-This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. In next major update, the MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
 The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that:
 
@@ -91,6 +91,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-credentialproviders.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - CredentialProviders
@@ -87,14 +87,14 @@ To configure Windows Hello for Business, use the Administrative Template policie
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on convenience PIN sign-in*
 -   GP name: *AllowDomainPINLogon*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -151,14 +151,14 @@ Note that the user's domain password will be cached in the system vault when usi
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off picture password sign-in*
 -   GP name: *BlockDomainPicturePassword*
 -   GP path: *System/Logon*
 -   GP ADMX file name: *credentialproviders.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -219,6 +219,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-credentialsdelegation.md

@@ -0,0 +1,80 @@
+---
+title: Policy CSP - CredentialsDelegation
+description: Policy CSP - CredentialsDelegation
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/12/2018
+---
+
+# Policy CSP - CredentialsDelegation
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## CredentialsDelegation policies  
+
+<dl>
+  <dd>
+    <a href="#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials">CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials"></a>**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Remote host allows delegation of non-exportable credentials
+
+When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host.
+
+If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode.
+
+If you disable or do not configure this policy setting, Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the host.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Remote host allows delegation of non-exportable credentials*
+-   GP name: *AllowProtectedCreds*
+-   GP path: *System/Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-credentialsui.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - CredentialsUI
@@ -85,14 +85,14 @@ The policy applies to all Windows components and applications that use the Windo
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not display the password reveal button*
 -   GP name: *DisablePasswordReveal*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -147,14 +147,14 @@ If you disable this policy setting, users will always be required to type a user
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enumerate administrator accounts on elevation*
 -   GP name: *EnumerateAdministrators*
 -   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -163,6 +163,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-cryptography.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Cryptography
@@ -69,6 +69,12 @@ ms.date: 01/30/2018
 Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 
 <!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -127,6 +133,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-dataprotection.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DataProtection
@@ -136,6 +136,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-datausage.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DataUsage
@@ -86,14 +86,14 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set 3G Cost*
 -   GP name: *SetCost3G*
 -   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -154,14 +154,14 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set 4G Cost*
 -   GP name: *SetCost4G*
 -   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -170,6 +170,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-defender.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Defender
@@ -172,6 +172,14 @@ ms.date: 01/30/2018
 Allows or disallows scanning of archives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan archive files*
+-   GP name: *Scan_DisableArchiveScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -226,6 +234,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender Behavior Monitoring functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on behavior monitoring*
+-   GP name: *RealtimeProtection_DisableBehaviorMonitoring*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -280,6 +296,15 @@ The following list shows the supported values:
 To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Join Microsoft MAPS*
+-   GP name: *SpynetReporting*
+-   GP element: *SpynetReporting*
+-   GP path: *Windows Components/Windows Defender Antivirus/MAPS*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -334,6 +359,14 @@ The following list shows the supported values:
 Allows or disallows scanning of email.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on e-mail scanning*
+-   GP name: *Scan_DisableEmailScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -388,6 +421,14 @@ The following list shows the supported values:
 Allows or disallows a full scan of mapped network drives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Run full scan on mapped network drives*
+-   GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -442,6 +483,14 @@ The following list shows the supported values:
 Allows or disallows a full scan of removable drives.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan removable drives*
+-   GP name: *Scan_DisableRemovableDriveScanning*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -496,6 +545,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender IOAVP Protection functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan all downloaded files and attachments*
+-   GP name: *RealtimeProtection_DisableIOAVProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -604,6 +661,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender On Access Protection functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Monitor file and program activity on your computer*
+-   GP name: *RealtimeProtection_DisableOnAccessProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -658,6 +723,14 @@ The following list shows the supported values:
 Allows or disallows Windows Defender Realtime Monitoring functionality.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off real-time protection*
+-   GP name: *DisableRealtimeMonitoring*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -712,6 +785,14 @@ The following list shows the supported values:
 Allows or disallows a scanning of network files.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Scan network files*
+-   GP name: *Scan_DisableScanningNetworkFiles*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -820,6 +901,14 @@ The following list shows the supported values:
 Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable headless UI mode*
+-   GP name: *UX_Configuration_UILockdown*
+-   GP path: *Windows Components/Windows Defender Antivirus/Client Interface*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -876,6 +965,15 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att
 Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Exclude files and paths from Attack Surface Reduction Rules*
+-   GP name: *ExploitGuard_ASR_ASROnlyExclusions*
+-   GP element: *ExploitGuard_ASR_ASROnlyExclusions*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -927,6 +1025,15 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface
 Value type is string.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Attack Surface Reduction rules*
+-   GP name: *ExploitGuard_ASR_Rules*
+-   GP element: *ExploitGuard_ASR_Rules*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -977,6 +1084,15 @@ Represents the average CPU load factor for the Windows Defender scan (in percent
 The default value is 50.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the maximum percentage of CPU utilization during a scan*
+-   GP name: *Scan_AvgCPULoadFactor*
+-   GP element: *Scan_AvgCPULoadFactor*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–100
 
@@ -1035,6 +1151,15 @@ For more information about specific values that are supported, see the Windows D
 > This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select cloud protection level*
+-   GP name: *MpEngine_MpCloudBlockLevel*
+-   GP element: *MpCloudBlockLevel*
+-   GP path: *Windows Components/Windows Defender Antivirus/MpEngine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1097,6 +1222,15 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure extended cloud check*
+-   GP name: *MpEngine_MpBafsExtendedTimeout*
+-   GP element: *MpBafsExtendedTimeout*
+-   GP path: *Windows Components/Windows Defender Antivirus/MpEngine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1143,6 +1277,15 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure allowed applications*
+-   GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
+-   GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1189,6 +1332,15 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
 Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure protected folders*
+-   GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
+-   GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1239,6 +1391,15 @@ Time period (in days) that quarantine items will be stored on the system.
 The default value is 0, which keeps items in quarantine, and does not automatically remove them.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure removal of items from Quarantine folder*
+-   GP name: *Quarantine_PurgeItemsAfterDelay*
+-   GP element: *Quarantine_PurgeItemsAfterDelay*
+-   GP path: *Windows Components/Windows Defender Antivirus/Quarantine*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–90
 
@@ -1289,6 +1450,15 @@ Valid values: 0–90
 Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Controlled folder access*
+-   GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
+-   GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1349,6 +1519,15 @@ If you disable this policy, users/apps will not be blocked from connecting to da
 If you do not configure this policy, network blocking will be disabled by default.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent users and apps from accessing dangerous websites*
+-   GP name: *ExploitGuard_EnableNetworkProtection*
+-   GP element: *ExploitGuard_EnableNetworkProtection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Windows Defender Exploit Guard/Network Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1404,6 +1583,15 @@ The following list shows the supported values:
 Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Path Exclusions*
+-   GP name: *Exclusions_Paths*
+-   GP element: *Exclusions_PathsList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1451,6 +1639,15 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Extension Exclusions*
+-   GP name: *Exclusions_Extensions*
+-   GP element: *Exclusions_ExtensionsList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1504,6 +1701,15 @@ Allows an administrator to specify a list of files opened by processes to ignore
 Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Process Exclusions*
+-   GP name: *Exclusions_Processes*
+-   GP element: *Exclusions_ProcessesList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Exclusions*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1609,6 +1815,15 @@ Controls which sets of files should be monitored.
 > If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure monitoring for incoming and outgoing file and program activity*
+-   GP name: *RealtimeProtection_RealtimeScanDirection*
+-   GP element: *RealtimeProtection_RealtimeScanDirection*
+-   GP path: *Windows Components/Windows Defender Antivirus/Real-time Protection*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1664,6 +1879,15 @@ The following list shows the supported values:
 Selects whether to perform a quick scan or full scan.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the scan type to use for a scheduled scan*
+-   GP name: *Scan_ScanParameters*
+-   GP element: *Scan_ScanParameters*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1727,6 +1951,15 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an
 The default value is 120
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the time for a daily quick scan*
+-   GP name: *Scan_ScheduleQuickScantime*
+-   GP element: *Scan_ScheduleQuickScantime*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–1380
 
@@ -1781,6 +2014,15 @@ Selects the day that the Windows Defender scan should run.
 > The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the day of the week to run a scheduled scan*
+-   GP name: *Scan_ScheduleDay*
+-   GP element: *Scan_ScheduleDay*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1851,6 +2093,15 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an
 The default value is 120.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the time of day to run a scheduled scan*
+-   GP name: *Scan_ScheduleTime*
+-   GP element: *Scan_ScheduleTime*
+-   GP path: *Windows Components/Windows Defender Antivirus/Scan*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–1380.
 
@@ -1907,6 +2158,15 @@ A value of 0 means no check for new signatures, a value of 1 means to check ever
 The default value is 8.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the interval to check for definition updates*
+-   GP name: *SignatureUpdate_SignatureUpdateInterval*
+-   GP element: *SignatureUpdate_SignatureUpdateInterval*
+-   GP path: *Windows Components/Windows Defender Antivirus/Signature Updates*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 Valid values: 0–24.
 
@@ -1958,6 +2218,15 @@ Valid values: 0–24.
 Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Send file samples when further analysis is required*
+-   GP name: *SubmitSamplesConsent*
+-   GP element: *SubmitSamplesConsent*
+-   GP path: *Windows Components/Windows Defender Antivirus/MAPS*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -2032,6 +2301,15 @@ The following list shows the supported values for possible actions:
 -   10 – Block
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify threat alert levels at which default action should not be taken when detected*
+-   GP name: *Threats_ThreatSeverityDefaultAction*
+-   GP element: *Threats_ThreatSeverityDefaultActionList*
+-   GP path: *Windows Components/Windows Defender Antivirus/Threats*
+-   GP ADMX file name: *WindowsDefender.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 <hr/>
 
@@ -2040,6 +2318,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeliveryOptimization
@@ -76,13 +76,13 @@ ms.date: 01/30/2018
     <a href="#deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
   </dd>
   <dd>
-    <a href="#deliveryoptimization-dopercentagemaxbackdownloadbandwidth">DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth</a>
+    <a href="#deliveryoptimization-dopercentagemaxbackgroundbandwidth">DeliveryOptimization/DOPercentageMaxBackgroundBandwidth</a>
   </dd>
   <dd>
     <a href="#deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
   </dd>
   <dd>
-    <a href="#deliveryoptimization-dopercentagemaxforedownloadbandwidth">DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth</a>
+    <a href="#deliveryoptimization-dopercentagemaxforegroundbandwidth">DeliveryOptimization/DOPercentageMaxForegroundBandwidth</a>
   </dd>
   <dd>
     <a href="#deliveryoptimization-dorestrictpeerselectionby">DeliveryOptimization/DORestrictPeerSelectionBy</a>
@@ -143,6 +143,15 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery
 The default value is 10.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Absolute Max Cache Size (in GB)*
+-   GP name: *AbsoluteMaxCacheSize*
+-   GP element: *AbsoluteMaxCacheSize*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -190,6 +199,15 @@ The default value is 10.
 Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable Peer Caching while the device connects via VPN*
+-   GP name: *AllowVPNPeerCaching*
+-   GP element: *AllowVPNPeerCaching*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -237,11 +255,20 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
+Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
 
 After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay background download from http (in secs)*
+-   GP name: *DelayBackgroundDownloadFromHttp*
+-   GP element: *DelayBackgroundDownloadFromHttp*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -282,7 +309,7 @@ After the max delay is reached, the download will resume using HTTP, either down
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
+Added in Windows 10, version 1803. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer.
 
 After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers.
 
@@ -291,6 +318,15 @@ Note that a download that is waiting for peer sources, will appear to be stuck f
 The recommended value is 1 minute (60).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay Foreground download from http (in secs)*
+-   GP name: *DelayForegroundDownloadFromHttp*
+-   GP element: *DelayForegroundDownloadFromHttp*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values as number of seconds:
 
@@ -346,6 +382,15 @@ The following list shows the supported values as number of seconds:
 Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Download Mode*
+-   GP name: *DownloadMode*
+-   GP element: *DownloadMode*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -407,6 +452,15 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
 > You must use a GUID as the group ID.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Group ID*
+-   GP name: *GroupId*
+-   GP element: *GroupId*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -447,7 +501,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
+Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
 
 When set, the Group ID will be assigned automatically from the selected source.
 
@@ -458,6 +512,15 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the source of Group IDs*
+-   GP name: *GroupIdSource*
+-   GP element: *GroupIdSource*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -516,6 +579,15 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt
 The default value is 259200 seconds (3 days).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Cache Age (in seconds)*
+-   GP name: *MaxCacheAge*
+-   GP element: *MaxCacheAge*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -565,6 +637,15 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe
 The default value is 20.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Cache Size (percentage)*
+-   GP name: *MaxCacheSize*
+-   GP element: *MaxCacheSize*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -614,6 +695,15 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in
 The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Maximum Download Bandwidth (in KB/s)*
+-   GP name: *MaxDownloadBandwidth*
+-   GP element: *MaxDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -663,6 +753,15 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us
 The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Max Upload Bandwidth (in KB/s)*
+-   GP name: *MaxUploadBandwidth*
+-   GP element: *MaxUploadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -712,6 +811,15 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality
 The default value is 500.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum Background QoS (in KB/s)*
+-   GP name: *MinBackgroundQos*
+-   GP element: *MinBackgroundQos*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -760,6 +868,15 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe
 The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow uploads while the device is on battery while under set Battery level (percentage)*
+-   GP name: *MinBatteryPercentageAllowedToUpload*
+-   GP element: *MinBatteryPercentageAllowedToUpload*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -812,6 +929,15 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap
 The default value is 32 GB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum disk size allowed to use Peer Caching (in GB)*
+-   GP name: *MinDiskSizeAllowedToPeer*
+-   GP element: *MinDiskSizeAllowedToPeer*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -861,6 +987,15 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB
 The default value is 100 MB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum Peer Caching Content File Size (in MB)*
+-   GP name: *MinFileSizeToCache*
+-   GP element: *MinFileSizeToCache*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -910,6 +1045,15 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required
 The default value is 4 GB.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)*
+-   GP name: *MinRAMAllowedToPeer*
+-   GP element: *MinRAMAllowedToPeer*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -959,6 +1103,15 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati
 By default, %SystemDrive% is used to store the cache.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Modify Cache Drive*
+-   GP name: *ModifyCacheDrive*
+-   GP element: *ModifyCacheDrive*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1010,12 +1163,21 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is
 The default value is 20.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Monthly Upload Data Cap (in GB)*
+-   GP name: *MonthlyUploadDataCap*
+-   GP element: *MonthlyUploadDataCap*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
 
 <!--Policy-->
-<a href="" id="deliveryoptimization-dopercentagemaxbackdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth**  
+<a href="" id="deliveryoptimization-dopercentagemaxbackgroundbandwidth"></a>**DeliveryOptimization/DOPercentageMaxBackgroundBandwidth**  
 
 <!--SupportedSKUs-->
 <table>
@@ -1050,11 +1212,18 @@ The default value is 20.
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads.
 
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *PercentageMaxBackgroundBandwidth*
+-   GP element: *PercentageMaxBackgroundBandwidth*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1063,7 +1232,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
 
 <!--Description-->
-This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead.
+This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead.
 
 <!--/Description-->
 <!--/Policy-->
@@ -1071,7 +1240,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
 <hr/>
 
 <!--Policy-->
-<a href="" id="deliveryoptimization-dopercentagemaxforedownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth**  
+<a href="" id="deliveryoptimization-dopercentagemaxforegroundbandwidth"></a>**DeliveryOptimization/DOPercentageMaxForegroundBandwidth**  
 
 <!--SupportedSKUs-->
 <table>
@@ -1106,11 +1275,18 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads.
 
 Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP name: *PercentageMaxForegroundBandwidth*
+-   GP element: *PercentageMaxForegroundBandwidth*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--/Policy-->
 
 <hr/>
@@ -1151,12 +1327,21 @@ Note that downloads from LAN peers will not be throttled even when this policy i
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Set this policy to restrict peer selection via selected option. 
+Added in Windows 10, version 1803. Set this policy to restrict peer selection via selected option. 
 Options available are: 1=Subnet mask (more options will be added in a future release).
 
 Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2).
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select a method to restrict Peer Selection*
+-   GP name: *RestrictPeerSelectionBy*
+-   GP element: *RestrictPeerSelectionBy*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -1203,17 +1388,30 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
- 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Business Hours to Limit Background Download Bandwidth*
+-   GP name: *SetHoursToLimitBackgroundDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXBacked-->
 <!--SupportedValues-->
 This policy allows an IT Admin to define the following:
 
 -  Business hours range (for example 06:00 to 18:00)
--  % of throttle for foreground traffic during business hours
+-  % of throttle for background traffic during business hours
--  % of throttle for foreground traffic outside of business hours
+-  % of throttle for background traffic outside of business hours
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -1256,11 +1454,24 @@ This policy allows an IT Admin to define the following:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. 
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
- 
-Note that downloads from LAN peers will not be throttled even when this policy is set.
 
 <!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Business Hours to Limit Foreground Download Bandwidth*
+-   GP name: *SetHoursToLimitForegroundDownloadBandwidth*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXBacked-->
 <!--SupportedValues-->
 This policy allows an IT Admin to define the following:
 
@@ -1277,6 +1488,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-desktop.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Desktop
@@ -77,14 +77,14 @@ If you enable this setting, users are unable to type a new location in the Targe
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit User from manually redirecting Profile Folders*
 -   GP name: *DisablePersonalDirChange*
 -   GP path: *Desktop*
 -   GP ADMX file name: *desktop.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -93,6 +93,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deviceguard.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceGuard
@@ -72,6 +72,14 @@ ms.date: 01/30/2018
 Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -122,6 +130,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP element: *CredentialIsolationDrop*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -173,6 +190,15 @@ The following list shows the supported values:
 Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn On Virtualization Based Security*
+-   GP name: *VirtualizationBasedSecurity*
+-   GP element: *RequirePlatformSecurityFeaturesDrop*
+-   GP path: *System/Device Guard*
+-   GP ADMX file name: *DeviceGuard.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -188,6 +214,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-deviceinstallation.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceInstallation
@@ -80,14 +80,14 @@ If you disable or do not configure this policy setting, devices can be installed
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent installation of devices that match any of these device IDs*
 -   GP name: *DeviceInstall_IDs_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -142,14 +142,14 @@ If you disable or do not configure this policy setting, Windows can install and
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent installation of devices using drivers that match these device setup classes*
 -   GP name: *DeviceInstall_Classes_Deny*
 -   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 
@@ -158,6 +158,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-devicelock.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - DeviceLock
@@ -66,6 +66,9 @@ ms.date: 01/30/2018
   <dd>
     <a href="#devicelock-minimumpasswordage">DeviceLock/MinimumPasswordAge</a>
   </dd>
+  <dd>
+    <a href="#devicelock-preventenablinglockscreencamera">DeviceLock/PreventEnablingLockScreenCamera</a>
+  </dd>
   <dd>
     <a href="#devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
@@ -1020,6 +1023,51 @@ The minimum password age must be less than the Maximum password age, unless the
 Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
 
 <!--/Description-->
+<!--DbMapped-->
+GP Info:  
+-   GP English name: *Minimum password age*
+-   GP path: *Windows Settings/Security Settings/Account Policies/Password Policy*
+
+<!--/DbMapped-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="devicelock-preventenablinglockscreencamera"></a>**DeviceLock/PreventEnablingLockScreenCamera**  
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.
+
+By default, users can enable invocation of an available camera on the lock screen.
+
+If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent enabling lock screen camera*
+-   GP name: *CPL_Personalization_NoLockScreenCamera*
+-   GP path: *Control Panel/Personalization*
+-   GP ADMX file name: *ControlPanelDisplay.admx*
+
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1074,14 +1122,14 @@ If you enable this setting, users will no longer be able to modify slide show se
 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMX-->
+<!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent enabling lock screen slide show*
 -   GP name: *CPL_Personalization_NoLockScreenSlideshow*
 -   GP path: *Control Panel/Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*
 
-<!--/ADMX-->
+<!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
@@ -1144,6 +1192,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-display.md

@@ -6,11 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Display
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 <hr/>
@@ -19,6 +21,15 @@ ms.date: 01/30/2018
 ## Display policies  
 
 <dl>
+  <dd>
+    <a href="#display-disableperprocessdpiforapps">Display/DisablePerProcessDpiForApps</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpi">Display/EnablePerProcessDpi</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpiforapps">Display/EnablePerProcessDpiForApps</a>
+  </dd>
   <dd>
     <a href="#display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
   </dd>
@@ -28,6 +39,182 @@ ms.date: 01/30/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-disableperprocessdpiforapps"></a>**Display/DisablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayDisablePerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpi"></a>**Display/EnablePerProcessDpi**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until you log out and back in to Windows. 
+
+When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. 
+
+Be aware of the following:
+
+Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display that has the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. 
+
+Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. 
+
+In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled.
+
+Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayGlobalPerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - Disable.
+-   1 - Enable.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpiforapps"></a>**Display/EnablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure Per-Process System DPI settings*
+-   GP name: *DisplayPerProcessSystemDpiSettings*
+-   GP element: *DisplayEnablePerProcessSystemDpiSettings*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -77,6 +264,15 @@ If you disable or do not configure this policy setting, GDI DPI Scaling might st
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off GdiDPIScaling for applications*
+-   GP name: *DisplayTurnOffGdiDPIScaling*
+-   GP element: *DisplayTurnOffGdiDPIScalingPrompt*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
 <!--Validation-->
 To validate on Desktop, do the following:
 
@@ -135,6 +331,15 @@ If you disable or do not configure this policy setting, GDI DPI Scaling will not
 If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn on GdiDPIScaling for applications*
+-   GP name: *DisplayTurnOnGdiDPIScaling*
+-   GP element: *DisplayTurnOnGdiDPIScalingPrompt*
+-   GP path: *System/Display*
+-   GP ADMX file name: *Display.admx*
+
+<!--/ADMXMapped-->
 <!--Validation-->
 To validate on Desktop, do the following:
 
@@ -150,6 +355,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-education.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 03/12/2018
 ---
 
 # Policy CSP - Education
@@ -117,6 +117,14 @@ The policy value is expected to be the name (network host name) of an installed
 Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
 
 <!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Prevent addition of printers*
+-   GP name: *NoAddPrinter*
+-   GP path: *Control Panel/Printers*
+-   GP ADMX file name: *Printing.admx*
+
+<!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
@@ -177,6 +185,7 @@ Footnote:
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->