merge conflict

windows/client-management/mandatory-user-profile.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
-ms.date: 10/16/2017
+ms.date: 08/28/2018
 ---
 
 # Create mandatory user profiles
@@ -39,7 +39,7 @@ The name of the folder in which you store the mandatory profile must use the cor
 | Windows 8 | Windows Server 2012 | v3 |
 | Windows 8.1 | Windows Server 2012 R2 | v4 |
 | Windows 10, versions 1507 and 1511 | N/A | v5 |
-| Windows 10, version 1607 (Anniversary Update) and version 1703 (Creators Update) |  Windows Server 2016 | v6 |
+| Windows 10, versions 1607, 1703, 1709, and 1803 |  Windows Server 2016 | v6 |
 
 For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
 

windows/client-management/mdm/bitlocker-csp.md

@@ -14,7 +14,7 @@ ms.date: 07/16/2018
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703.
+The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, next major version, it is also supported in Windows 10 Pro.
 
 > [!Note]  
 > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.  

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/17/2018
+ms.date: 08/27/2018
 ---
 
 # Configuration service provider reference
@@ -276,7 +276,7 @@ Footnotes:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/17/2018
+ms.date: 08/24/2018
 ---
 
 # Policy CSP
@@ -3114,6 +3114,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-system.md#system-allowbuildpreview" id="system-allowbuildpreview">System/AllowBuildPreview</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowdevicenameindiagnosticdata" id="system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
+  </dd>
   <dd>
     <a href="./policy-csp-system.md#system-allowembeddedmode" id="system-allowembeddedmode">System/AllowEmbeddedMode</a>
   </dd>
@@ -3138,12 +3141,21 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-configuremicrosoft365uploadendpoint" id="system-configuremicrosoft365uploadendpoint">System/ConfigureMicrosoft365UploadEndpoint</a>
+  </dd>
   <dd>
     <a href="./policy-csp-system.md#system-configuretelemetryoptinchangenotification" id="system-configuretelemetryoptinchangenotification">System/ConfigureTelemetryOptInChangeNotification</a>
   </dd>
   <dd>
     <a href="./policy-csp-system.md#system-configuretelemetryoptinsettingsux" id="system-configuretelemetryoptinsettingsux">System/ConfigureTelemetryOptInSettingsUx</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-disabledevicedelete" id="system-disabledevicedelete">System/DisableDeviceDelete</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-disablediagnosticdataviewer" id="system-disablediagnosticdataviewer">System/DisableDiagnosticDataViewer</a>
+  </dd>
   <dd>
     <a href="./policy-csp-system.md#system-disableenterpriseauthproxy" id="system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
   </dd>
@@ -4839,12 +4851,16 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
 -   [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
 -   [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
+-   [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata)
 -   [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
 -   [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
 -   [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
 -   [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
+-   [System/ConfigureMicrosoft365UploadEndpoint](./policy-csp-system.md#system-configuremicrosoft365uploadendpoint)
 -   [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
 -   [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
+-   [System/DisableDeviceDelete](./policy-csp-system.md#system-disabledevicedelete)
+-   [System/DisableDiagnosticDataViewer](./policy-csp-system.md#system-disablediagnosticdataviewer)
 -   [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
 -   [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
 -   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)

windows/client-management/mdm/policy-csp-settings.md

@@ -793,7 +793,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo".  Multiple page identifiers are separated by semicolons.
+Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth".  Multiple page identifiers are separated by semicolons.
 
 The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
 
@@ -807,17 +807,17 @@ The format of the PageVisibilityList value is as follows:
 -   There are two variants: one that shows only the given pages and one which hides the given pages.
 -   The first variant starts with the string "showonly:" and the second with the string "hide:".
 -	Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
--   Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi".
+-   Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
 
 The default value for this setting is an empty string, which is interpreted as show everything.
 
-Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
+Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:network-wifi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
 
-showonly:wi-fi;bluetooth
+showonly:network-wifi;bluetooth
 
 Example 2, specifies that the wifi page should not be shown:
 
-hide:wifi
+hide:network-wifi
 
 <!--/Description-->
 <!--ADMXMapped-->

windows/client-management/mdm/policy-csp-userrights.md

@@ -12,6 +12,61 @@ ms.date: 03/12/2018
 # Policy CSP - UserRights
 
 
+<hr/>
+
+User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. Here is a list for reference, [Well-Known SID Structures](https://msdn.microsoft.com/en-us/library/cc980032.aspx). Even though strings are supported for well-known accounts and groups, it is better to use SIDs because strings are localized for different languages. Some user rights allow things, like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
+
+Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
+
+```syntax
+<SyncML xmlns="SYNCML:SYNCML1.2">
+
+<SyncBody>
+    <Replace>
+      <CmdID>2</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories</LocURI>
+        </Target>
+        <Data>Authenticated Users&#xF000;Administrators</Data>
+      </Item>
+    </Replace>
+  <Final/>
+  </SyncBody>
+</SyncML>
+```
+
+Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator
+
+-  Grant an user right to Administrators group via SID:
+    ```
+    <Data>*S-1-5-32-544</Data>
+    ```
+ 
+-  Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
+    ```
+    <Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
+    ```
+
+-  Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
+    ```
+    <Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
+    ```
+ 
+-  Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
+    ```
+    <Data>Authenticated Users&#xF000;Administrators</Data>
+    ```
+
+-  Empty input indicates that there are no users configured to have that user right
+    ```
+    <Data></Data>
+    ```
+
 <hr/>
 
 <!--Policies-->