Merge branch 'master' into App-v-revision

2025-05-16 23:37:22 +00:00 · 2018-07-20 16:25:29 -07:00 · 2018-07-20 16:25:29 -07:00 · 972d40d520
commit 972d40d520
parent 40f6c47338 456f40736e
108 changed files with 1546 additions and 943 deletions
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
 ms.localizationpriority: medium
-ms.date: 4/30/2018 
+ms.date: 07/20/2018 
 ---
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
@ -29,628 +29,132 @@ Microsoft Edge works with the following Group Policy settings to help you manage
 Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\
 ## Allow a shared books folder
->*Supported versions: Windows 10, version 1803*<br>
+[!INCLUDE [allow-shared-folder-books-include.md](includes/allow-shared-folder-books-include.md)] 
 >*Default setting: None*
 You can configure Microsoft Edge to store books from the Books Library to a default, shared folder for Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. For this policy to work properly, users must be signed in with a school or work account.  
 If you disable or don’t configure this policy, Microsoft Edge does not use a shared folder but downloads book files to a per-user folder for each user. 
 **MDM settings in Microsoft Intune** 
 |   |   |
 |---|---|
 |MDM name |Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks  |
 |Data type |Integer  |
 |Allowed values |<ul><li>**0** - Disabled.</li><li>**1** - Enabled.</li></ul> |
 ## Allow Address bar drop-down list suggestions
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [allow-address-bar-suggestions-include.md](includes/allow-address-bar-suggestions-include.md)]
 [!INCLUDE [allow-address-bar-drop-down-shortdesc](shortdesc/allow-address-bar-drop-down-shortdesc.md)]
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |
 |Supported devices |Desktop  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Disabled. Not allowed.</li><li>**1 (default)** - Enabled or not configured. Allowed.</li></ul> |
 ## Allow Adobe Flash 
->*Supported version: Windows 10*
+[!INCLUDE [allow-adobe-flash-include.md](includes/allow-adobe-flash-include.md)]
 Adobe Flash is integrated with Microsoft Edge and updated via Windows Update. With this policy, you can configure Microsoft Edge to run Adobe Flash content or prevent Adobe Flash from running.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |
 |Supported devices |Desktop  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Disabled. Microsoft Edge prevents Adobe Flash content from running.</li><li>**1 (default)** - Enabled or not configured. Microsoft Edge runs Adobe Flash content. </li></ul> |
 ## Allow clearing browsing data on exit
->*Supported versions: Windows 10, version 1703*
+[!INCLUDE [allow-clearing-browsing-data-include.md](includes/allow-clearing-browsing-data-include.md)]
 By default, Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.  Browsing data includes information you entered in forms, passwords, and even the websites visited. Enable this policy if you want to clear the browsing data automatically each time Microsoft Edge closes.
 **Microsoft Intune to manage your MDM settings**
 |   |   |
 |---|---|
 |MDM name |[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |
 |Supported devices |Desktop  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Disabled or not configured. Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.</li><li>**1** - Enabled. Clears the browsing data each time Microsoft Edge closes.</li></ul> |
 ## Allow configuration updates for the Books Library
->*Supported versions: Windows 10, version 1803*<br>
+[!INCLUDE [allow-config-updates-books-include.md](includes/allow-config-updates-books-include.md)]
 >*Default setting: Enabled or not configured*
 Microsoft Edge automatically retrieves the configuration data for the Books Library, when this policy is enabled or
 not configured. If disabled, Microsoft Edge does not retrieve the Books configuration data.
 **MDM settings in Microsoft Intune** 
 |   |   |
 |---|---|
 |MDM name |Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary  |
 |Data type |Integer  |
 |Allowed values |<ul><li>**0** - Disable. Microsoft Edge cannot retrieve a configuration.</li><li>**1 (default)** - Enable (default). Microsoft Edge can retrieve a configuration for Books Library.</li></ul> |
 ## Allow Cortana
->*Supported versions: Windows 10, version 1607 or later*
+[!INCLUDE [allow-cortana-include.md](includes/allow-cortana-include.md)]
 Cortana is integrated with Microsoft Edge, and when enabled, Cortana allows you to use the voice assistant on your device. If disabled, Cortana is not available for use, but you can search to find items on your device. 
 **Microsoft Intune to manage your MDM settings**
 |   |   |
 |---|---|
 |MDM name |[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) |
 |Supported devices |Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCortana  |
 |Location |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortana |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Not allowed.</li><li>**1 (default)** - Allowed.</li></ul> |
 ## Allow Developer Tools
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [allow-dev-tools-include.md](includes/allow-dev-tools-include.md)]
 F12 developer tools is a suite of tools to help you build and debug your webpage. By default, this policy is enabled making the F12 Developer Tools available to use.  
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - The F12 Developer Tools are disabled.</li><li>**1 (default)** - The F12 Developer Tools are enabled.</li></ul> |
 ## Allow extended telemetry for the Books tab
->*Supported versions: Windows 10, version 1803*<br>
+[!INCLUDE [allow-ext-telemetry-books-tab-include.md](includes/allow-ext-telemetry-books-tab-include.md)]
 >*Default setting: Disabled or not configured*
 If you enable this policy, both basic and additional diagnostic data is sent to Microsoft about the books you are
 reading from Books in Microsoft Edge. By default, this policy is disabled or not configured and only basic
 diagnostic data, depending on your device configuration, is sent to Microsoft.
 **MDM settings in Microsoft Intune** 
 |   |   |
 |---|---|
 |MDM name |Browser/[EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry  |
 |Data type |Integer  |
 |Allowed values |<ul><li>**0 (default)** - Disable. No additional diagnostic data.</li><li>**1** - Enable. Additional diagnostic data for schools.</li></ul> |
 ## Allow Extensions
->*Supported versions: Windows 10, version 1607 or later*
+[!INCLUDE [allow-extensions-include.md](includes/allow-extensions-include.md)]
 If you enable this policy, you can personalize and add new features to Microsoft Edge with extensions. By default, this policy is enabled. If you want to prevent others from installing unwanted extensions, disable this policy.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowExtensions  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Microsoft Edge extensions are disabled.</li><li>**1 (default)** - Microsoft Edge Extensions are enabled. </li></ul> |
 ## Allow InPrivate browsing
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [allow-inprivate-browsing-include.md](includes/allow-inprivate-browsing-include.md)]
 InPrivate browsing, when enabled, prevents your browsing data is not saved on your device. Microsoft Edge deletes temporary data from your device after all your InPrivate tabs are closed. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - InPrivate browsing is disabled.</li><li>**1 (default)** - InPrivate browsing is enabled.</li></ul> |
 ## Allow Microsoft Compatibility List
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [allow-microsoft-compatibility-list-include.md](includes/allow-microsoft-compatibility-list-include.md)]
 Microsoft Edge uses the compatibility list that helps websites with known compatibility issues display properly. When enabled, Microsoft Edge checks the list to determine if the website has compatibility issues during browser navigation. By default, this policy is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft compatibility list prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Disabled. The Microsoft compatibility list is ignored.</li><li>**1 (default)** - Enabled. The Microsoft compatibility list is periodically update and used during browser navigation.</li></ul> |
 ## Allow search engine customization
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [allow-search-engine-customization-include.md](includes/allow-search-engine-customization-include.md)]
-This policy setting allows search engine customization for domain-joined or MDM-enrolled devices only. For example, you can change the default search engine or add a new search engine. By default, this setting is enabled allowing you to add new search engines and change the default under Settings. If disabled, you cannot add search engines or change the default.
+## Allow Start and New Tab page preload
-
+[!INCLUDE [allow-tab-preloading-include](includes/allow-tab-preloading-include.md)]
 For more information, see [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy).
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Additional search engines are not allowed, and the default cannot be changed in the Address bar.</li><li>**1 (default)** - Additional search engines are allowed, and the default can be changed in the Address bar.</li></ul> |
 ## Allow web content on New Tab page
->*Supported versions: Windows 10*
+[!INCLUDE [allow-web-content-new-tab-page-include.md](includes/allow-web-content-new-tab-page-include.md)]
 This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. 
 If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.  
 If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it.  
 If you don't configure this setting, employees can choose how new tabs appears.
 ## Always show the Books Library in Microsoft Edge
->*Supported versions: Windows 10, version 1709 or later*
+[!INCLUDE [always-enable-book-library-include.md](includes/always-enable-book-library-include.md)]
 This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.</li><li>**1** - Enable. Always show the Books Library, regardless of countries or region of activation.</li></ul> |
 ## Configure additional search engines
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [configure-additional-search-engines-include.md](includes/configure-additional-search-engines-include.md)]
 This policy setting, when enabled, lets you add up to five additional search engines. Employees cannot remove these search engines, but they can set any one as the default. By default, this setting is not configured and does not allow additional search engines to be added. If disabled, the search engines added are deleted.
 For each additional search engine, you add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).
 This setting does not set the default search engine. For that, you must use the "Set default search engine" setting.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Additional search engines are not allowed.</li><li>**1** - Additional search engines are allowed.</li></ul> |
 ## Configure Autofill
->*Supported versions: Windows 10*
+[!INCLUDE [configure-autofill-include.md](includes/configure-autofill-include.md)]
 This policy setting specifies whether AutoFill on websites is allowed. By default, this setting is not configured allowing you to choose whether or not to use AutoFill. If enabled, AutoFill is used. If disabled, AutoFill is not used. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowAutofill  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Employees cannot use Autofill to complete form fields.</li><li>**1 (default)** - Employees can use Autofill to complete form fields.</li></ul> |
 ## Configure cookies
->*Supported versions: Windows 10*
+[!INCLUDE [configure-cookies-include.md](includes/configure-cookies-include.md)]
 This policy setting specifies whether cookies are allowed. By default, this setting is enabled with the Block all cookies and Block only 3rd-party cookies options available.  If disabled or not configured, all cookies are allowed from all sites. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCookies  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Allows all cookies from all sites.</li><li>**1** - Blocks only cookies from 3rd party websites.</li><li>**2** - Blocks all cookies from all sites.</li></ul> |
 ## Configure Do Not Track
->*Supported versions: Windows 10*
+[!INCLUDE [configure-do-not-track-include.md](includes/configure-do-not-track-include.md)]
 This policy setting specifies whether Do Not Track requests to websites is allowed. By default, this setting is not configured allowing you to choose if to send tracking information. If enabled, Do Not Track requests are always sent to websites asking for tracking information. If disabled, Do Not Track requests are never sent. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Stops you from sending Do Not Track headers to websites requesting tracking info.</li><li>**1** - Employees can send Do Not Track headers to websites requesting tracking info. </li></ul> |
 ## Configure Favorites
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+[!INCLUDE [configure-favorites-include.md](includes/configure-favorites-include.md)]
 This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their favorites by adding or removing items at any time.
 If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.
 If you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
 ## Configure Password Manager
->*Supported versions: Windows 10*
+[!INCLUDE [configure-password-manager-include.md](includes/configure-password-manager-include.md)]
 This policy setting specifies whether saving and managing passwords locally on the device is allowed. By default, this setting is enabled allowing you to save their passwords locally. If not configured, you can choose if to save and manage passwords locally. If disabled, saving and managing passwords locally is turned off. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Employees cannot use Password Manager to save passwords locally.</li><li>**1** - Employees can use Password Manager to save passwords locally.</li></ul> |
 ## Configure Pop-up Blocker
->*Supported versions: Windows 10*
+[!INCLUDE [configure-pop-up-blocker-include.md](includes/configure-pop-up-blocker-include.md)]
 This policy setting specifies whether pop-up blocker is allowed or enabled. By default, pop-up blocker is turned on. If not configured, you can choose whether to turn on or turn off pop-up blocker. If disabled, pop-up blocker is turned off.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPopups  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Turns off Pop-up Blocker, allowing pop-up windows.</li><li>**1** - Turns on Pop-up Blocker, stopping pop-up windows. </li></ul> |
 ## Configure search suggestions in Address bar
->*Supported versions: Windows 10*
+[!INCLUDE [configure-search-suggestions-address-bar-include.md](includes/configure-search-suggestions-address-bar-include.md)]
 This policy setting specifies whether search suggestions are allowed in the address bar. By default, this setting is not configured allowing you to choose whether search suggestions appear in the address bar.  If enabled, search suggestions appear.  If disabled, search suggestions do not appear.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Employees cannot see search suggestions in the Address bar of Microsoft Edge.</li><li>**1** - Employees can see search suggestions in the Address bar of Microsoft Edge.</li></ul> |
 ## Configure Start pages
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [configure-start-pages-include.md](includes/configure-start-pages-include.md)]
 This policy setting specifies your Start pages for domain-joined or MDM-enrolled devices. By default, this setting is disabled or not configured. Therefore, the Start page is the webpages specified in App settings. If enabled, you can configure one or more corporate Start pages. If enabling this setting, you must include URLs separating multiple pages by using XML-escaped characters < and >, for example, **<\support.contoso.com><\support.microsoft.com>**. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/HomePages  |
 |Data type |String |
 |Allowed values |Configure the Start page (previously known as Home page) URLs for your you. |
 ## Configure the Adobe Flash Click-to-Run setting
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [configure-adobe-flash-click-to-run-include.md](includes/configure-adobe-flash-click-to-run-include.md)]
 This policy setting specifies whether you must take action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. By default, this setting is enabled. When the setting is enabled, you must click the content, Click-to-Run button, or have the site appear on an auto-allow list before the Adobe Flash content loads. If disabled, Adobe Flash loads and runs automatically.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Adobe Flash content is automatically loaded and run by Microsoft Edge.</li><li>**1 (default)** - An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.</li></ul> |
 ## Configure the Enterprise Mode Site List
->*Supported versions: Windows 10*
+[!INCLUDE [configure-enterprise-mode-site-list-include.md](includes/configure-enterprise-mode-site-list-include.md)]
 This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. By default, this setting is disabled or not configured, which means the Enterprise Mode Site List is not used. In this case, you might experience compatibility problems while using legacy apps. If enabled, you must add the location to your site list in the **{URI}** box. when enabled, Microsoft Edge looks for the Enterprise Mode Site List XML file, which includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.
 >[!Note] 
 >If there is a .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server has a different version number than the version in the cache container, the server file is used and stored in the cache container.<br><br>
 >If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one.  
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList  |
 |Data type | String |
 |Allowed values |<ul><li>Not configured.</li><li>**1 (default)** - Use the Enterprise Mode Site List, if configured.</li><li>**2** - Specify the location to the site list.</li></ul> |
 ## Configure Windows Defender SmartScreen
->*Supported versions: Windows 10*
+[!INCLUDE [configure-windows-defender-smartscreen-include.md](includes/configure-windows-defender-smartscreen-include.md)]
 This policy setting specifies whether Windows Defender SmartScreen is allowed. By default, this setting is enabled or turned on, and you cannot turn it off. If disabled, Windows Defender SmartScreen is turned off, and you cannot turn it on. If not configured, you can choose whether to use Windows Defender SmartScreen.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen, providing warning messages to your you about potential phishing scams and malicious software.</li></ul> |
 ## Disable lockdown of Start pages
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [disable-lockdown-of-start-pages-include.md](includes/disable-lockdown-of-start-pages-include.md)]
 This policy setting specifies whether the lockdown on the Start pages is disabled on domain-joined or MDM-enrolled devices. By default, this policy is enabled locking down the Start pages according to the settings specified in the Browser/HomePages policy. When enabled, users cannot change the Start pages. If disabled, users can modify the Start pages.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.</li><li>**1** - Disable lockdown of the Start pages and allow users to modify them.</li></ul> |
 ## Do not sync
->*Supported versions: Windows 10*
+[!INCLUDE [do-not-sync-include.md](includes/do-not-sync-include.md)]
 This policy setting specifies whether you can use the Sync your Settings option to sync their settings to and from their device. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting you pick what can sync on their device. If enabled, the Sync your Settings options are turned off and none of the Sync your Setting groups are synced on the device. You can use the Allow users to turn syncing on the option to turn the feature off by default, but to let the employee change this setting. For information about what settings are synced, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
 **Microsoft Intune to manage your MDM settings**
 |   |   |
 |---|---|
 |MDM name |[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings  |
 |Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync |
 |Data type | Integer |
 |Allowed values |<ul><li>**0** - Disable syncing between PCs.</li><li>**1 (default)** - Allow syncing between PCs.</li></ul> |
 ## Do not sync browser settings
->*Supported versions: Windows 10*
+[!INCLUDE [do-not-sync-browser-settings-include.md](includes/do-not-sync-browser-settings-include.md)] 
 This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting.
 **MDM settings in Microsoft Intune** 
 |   |   |
 |---|---|
 |MDM name |Experience/DoNotSynBrowserSettings |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings  |
 |Data type |Integer  |
 |Allowed values |<ul><li>**0** - Disable browser syncing.</li><li>**1 (default)** - Allow browser syncing.</li></ul> |
 ## Keep favorites in sync between Internet Explorer and Microsoft Edge
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [keep-fav-sync-ie-edge-include.md](includes/keep-fav-sync-ie-edge-include.md)] 
 This policy setting specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including additions, deletions, modifications, and ordering. By default, this setting is disabled or not configured. When disabled or not configured, you cannot sync their favorites. If enabled, you can sync their favorites and stops Microsoft Edge favorites from syncing between connected Windows 10 devices. This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Turn off synchronization.</li><li>**1** - Turn on synchronization.</li></ul> |
 ## Prevent access to the about:flags page
->*Supported versions: Windows 10, version 1607 or later*
+[!INCLUDE [prevent-access-about-flag-include.md](includes/prevent-access-about-flag-include.md)] 
 This policy setting specifies whether you can access the about:flags page, which is used to change developer settings and to enable experimental features. By default, this setting is disabled or not configured, which means you can access the about:flags page. If enabled, you cannot access the about:flags page.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Employees can access the about:flags page in Microsoft Edge.</li><li>**1** - Employees cannot access the about:flags page in Microsoft Edge.</li></ul> |
 ## Prevent bypassing Windows Defender SmartScreen prompts for files
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [prevent-bypassing-win-defender-files-include.md](includes/prevent-bypassing-win-defender-files-include.md)] 
 This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about downloading unverified files. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and can continue the download process. If enabled (turned on), you cannot ignore the warnings and blocks them from downloading unverified files.  
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Lets you ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.</li><li>**1** - Stops you from ignoring the Windows Defender SmartScreen warnings about unverified files.</li></ul> |
 ## Prevent bypassing Windows Defender SmartScreen prompts for sites
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [prevent-bypassing-win-defender-sites-include.md](includes/prevent-bypassing-win-defender-sites-include.md)] 
 This policy setting specifies whether you can override the Windows Defender SmartScreen warnings about potentially malicious websites. By default, this setting is disabled or not configured (turned off), which means you can ignore the warnings and allows them to continue to the site. If enabled (turned on), you cannot ignore the warnings and blocks them from continuing to the site.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Turns off Windows Defender SmartScreen.</li><li>**1** - Turns on Windows Defender SmartScreen.</li></ul> |
 ## Prevent changes to Favorites on Microsoft Edge
->*Supported versions: Windows 10, version 1709*
+[!INCLUDE [prevent-changes-to-favorites-include.md](includes/prevent-changes-to-favorites-include.md)] 
 This policy setting specifies whether you can add, import, sort, or edit the Favorites list in Microsoft Edge. By default, this setting is disabled or not configured (turned on), which means the Favorites list is not locked down and you can make changes to the Favorites list. If enabled, you cannot make changes to the Favorites list. Also, the Save a Favorite, Import settings, and the context menu items, such as Create a new folder, are turned off. 
 >[!Important]
 >Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Disabled. Do not lockdown Favorites.</li><li>**1** - Enabled. Lockdown Favorites.</li></ul> |
 ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [prevent-live-tile-pinning-start-include](includes/prevent-live-tile-pinning-start-include.md)]
 This policy setting specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means Microsoft servers are contacted if a site is pinned. If enabled (turned on), Microsoft servers are not contacted if a site is pinned.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.</li><li>**1** - Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.</li></ul> |
 ## Prevent the First Run webpage from opening on Microsoft Edge
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [prevent-first-run-webpage-open-include.md](includes/prevent-first-run-webpage-open-include.md)] 
 This policy setting specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, the First Run webpage hosted on microsoft.com opens automatically. This policy allows enterprises, such as those enrolled in a zero-emissions configuration, to prevent this page from opening. By default, this setting is disabled or not configured (turned off), which means you see the First Run page. If enabled (turned on), the you do not see the First Run page.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Employees see the First Run webpage.</li><li>**1** - Employees do not see the First Run webpage.</li></ul> |
 ## Prevent using Localhost IP address for WebRTC
->*Supported versions: Windows 10, version 1511 or later*
+[!INCLUDE [prevent-localhost-address-for-webrtc-include.md](includes/prevent-localhost-address-for-webrtc-include.md)] 
 This policy setting specifies whether localhost IP address is visible or hidden while making phone calls to the WebRTC protocol. By default, this setting is disabled or not configured (turned off), which means the localhost IP address is visible. If enabled (turned on), localhost IP addresses are hidden. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Shows an employee's LocalHost IP address while using the WebRTC protocol.</li><li>**1** - Does not show an employee's LocalHost IP address while using the WebRTC protocol.</li></ul> |
 ## Provision Favorites
->*Supported versions: Windows 10, version 1709*
+[!INCLUDE [provision-favorites-include](includes/provision-favorites-include.md)]
 You can configure a default list of favorites that appear for your users in Microsoft Edge. 
 If disabled or not configured, a default list of favorites is not defined in Microsoft Edge. In this case, users can customize the Favorites list, such as adding folders for organizing, adding, or removing favorites.
 If enabled, a default list of favorites is defined for users in Microsoft Edge. Users are not allowed to add, import, or change the Favorites list. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off. 
 To define a default list of favorites, you can export favorites from Microsoft Edge and use the HTML file for provisioning user machines. In HTML format, specify the URL which points to the file that has all the data for provisioning favorites.
 URL can be specified as:
 - HTTP location: "SiteList"="http://localhost:8080/URLs.html"
 - Local network: "SiteList"="\network\shares\URLs.html"
 - Local file: "SiteList"="file:///c:\Users\\Documents\URLs.html"
 >[!Important]
 >You can only enable either this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy, but not both. Enabling both stops you from syncing favorites between Internet Explorer and Microsoft Edge. 
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites  |
 |Data type | String |
 ## Send all intranet sites to Internet Explorer 11
->*Supported versions: Windows 10*
+[!INCLUDE [send-all-intranet-sites-ie-include.md](includes/send-all-intranet-sites-ie-include.md)] 
 This policy setting specifies whether to send intranet traffic to Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge. By default, this setting is disabled or not configured (turned off), which means all websites, including intranet sites, open in Microsoft Edge. If enabled, all intranet sites are opened in Internet Explorer 11 automatically.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Automatically opens all websites, including intranet sites, using Microsoft Edge.</li><li>**1** - Automatically opens all intranet sites using Internet Explorer 11.</li></ul> |
 ## Set default search engine
->*Supported versions: Windows 10, version 1703 or later*
+[!INCLUDE [set-default-search-engine-include.md](includes/set-default-search-engine-include.md)] 
 This policy setting allows you to configure the default search engine for domain-joined or MDM-enrolled devices. By default, this setting is not configured, which means the default search engine is specified in App settings. In this case, you can change the default search engine at any time unless you disable the "Allow search engine customization" setting, which restricts any changes. If enabled, you can configure a default search engine for you. When enabled, you cannot change the default search engine. If disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. 
 To set the default search engine, you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see Search provider discovery. If you'd like your you to use the default Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your you to use Microsoft Bing as the default search engine, you can set the string to EDGEBING.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |
 |Supported devices |Desktop<br>Mobile  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - The default search engine is set to the one specified in App settings.</li><li>**1** - Allows you to configure the default search engine for your you.</li></ul> |
 ## Show message when opening sites in Internet Explorer
->*Supported versions: Windows 10, version 1607 and later*
+[!INCLUDE [show-message-opening-sites-ie-include.md](includes/show-message-opening-sites-ie-include.md)] 
 This policy setting specifies whether you see an additional page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List. By default, this policy is disabled, which means no additional page’s display. If enabled, you see an additional page.
 **Microsoft Intune to manage your MDM settings** 
 |   |   |
 |---|---|
 |MDM name |[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |
 |Supported devices |Desktop  |
 |URI full path |./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer  |
 |Data type | Integer |
 |Allowed values |<ul><li>**0 (default)** - Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li><li>**1** - Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.</li></ul> |
 ## Related topics
 * [Mobile Device Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
--- a/browsers/edge/images/home-buttom-custom-url-v4-sm.png
+++ b/browsers/edge/images/home-buttom-custom-url-v4-sm.png
--- a/browsers/edge/images/home-buttom-custom-url-v4.png
+++ b/browsers/edge/images/home-buttom-custom-url-v4.png
--- a/browsers/edge/images/home-button-custom-url.png
+++ b/browsers/edge/images/home-button-custom-url.png
--- a/browsers/edge/images/home-button-hide-v4-sm.png
+++ b/browsers/edge/images/home-button-hide-v4-sm.png
--- a/browsers/edge/images/home-button-hide-v4.png
+++ b/browsers/edge/images/home-button-hide-v4.png
--- a/browsers/edge/images/home-button-hide.png
+++ b/browsers/edge/images/home-button-hide.png
--- a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
+++ b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
--- a/browsers/edge/images/home-button-start-new-tab-page-v4.png
+++ b/browsers/edge/images/home-button-start-new-tab-page-v4.png
--- a/browsers/edge/images/home-button-start-new-tab-page.png
+++ b/browsers/edge/images/home-button-start-new-tab-page.png
--- a/browsers/edge/images/set-default-search-engine-v4-sm.png
+++ b/browsers/edge/images/set-default-search-engine-v4-sm.png
--- a/browsers/edge/images/set-default-search-engine-v4.png
+++ b/browsers/edge/images/set-default-search-engine-v4.png
--- a/browsers/edge/images/set-default-search-engine.png
+++ b/browsers/edge/images/set-default-search-engine.png
--- a/browsers/edge/includes/allow-address-bar-suggestions-include.md
+++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-adobe-flash-include.md
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-adobe-flash-shortdesc](../shortdesc/allow-adobe-flash-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
--- a/browsers/edge/includes/allow-clearing-browsing-data-include.md
+++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md
@ -1,15 +1,15 @@
 <!-- ## Allow clearing browsing data on exit -->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
->*Default setting:  Disabled or not configured (Prevented)*
+>*Default setting:  Disabled or not configured (Prevented/not allowed)*
 [!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed. Users can configure the _Clear browsing data_ option in Settings. | |
-|Enabled |1 |1 |Allowed. Clears the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. |![Most restricted value](../images/check-gn.png) |
 ---
--- a/browsers/edge/includes/allow-config-updates-books-include.md
+++ b/browsers/edge/includes/allow-config-updates-books-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-cortana-include.md
+++ b/browsers/edge/includes/allow-cortana-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-dev-tools-include.md
+++ b/browsers/edge/includes/allow-dev-tools-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-enable-book-library-include.md
+++ b/browsers/edge/includes/allow-enable-book-library-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
+++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-extensions-include.md
+++ b/browsers/edge/includes/allow-extensions-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
--- a/browsers/edge/includes/allow-full-screen-include.md
+++ b/browsers/edge/includes/allow-full-screen-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)]  
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-inprivate-browsing-include.md
+++ b/browsers/edge/includes/allow-inprivate-browsing-include.md
@ -6,7 +6,7 @@
 [!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
+++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-prelaunch-include.md
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-printing-include.md
+++ b/browsers/edge/includes/allow-printing-include.md
@ -4,12 +4,12 @@
 [!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Disabled |0 |0 |Prevented/not allowed |![Most restrictive value](../images/check-gn.png) |
-|Enabled<br>**(default)** |1 |1 |Allowed | |
+|Enabled or not configured<br>**(default)** |1 |1 |Allowed | |
 ---
 ### ADMX info and settings
--- a/browsers/edge/includes/allow-saving-history-include.md
+++ b/browsers/edge/includes/allow-saving-history-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/allow-search-engine-customization-include.md
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
@ -13,7 +13,7 @@
 ---
-### Configuration combinations
+### Configuration options
 | **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
 | --- | --- | --- | --- |
@ -25,7 +25,7 @@
 | Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
 ---
-![Set default search engine](../images/set-default-search-engine.png)
+![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
 ### ADMX info and settings
--- a/browsers/edge/includes/allow-shared-folder-books-include.md
+++ b/browsers/edge/includes/allow-shared-folder-books-include.md
@ -4,11 +4,11 @@
 [!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. |![Most restricted value](../images/check-gn.png) |
-|Enabled |1 |1 |Allowed. | |
+|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder.| |
 ---
 ### ADMX info and settings
@ -30,8 +30,4 @@
 - **Value name:** UseSharedFolderForBooks
 - **Value type:** REG_DWORD
 ### Scenarios
 Some schools may use a Shared Cart (a physical cart), to store some devices. For example, at the beginning of the lessons, each student picks up a device and returns their device at the end of the of lessons.
 <hr>
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@ -4,11 +4,11 @@
 [!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
-|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enable). |![Most restricted value](../images/check-gn.png) |
+|Disabled or not configured |0 |0 |Prevented/not allowed. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, enable **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** policy, located at Windows Components > App Package Deployment.<p>For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |![Most restricted value](../images/check-gn.png) |
 |Enabled<br>**(default)** |1 |1 |Allowed. | |
 ---
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
@ -15,7 +15,7 @@
 ### ADMX info and settings
 #### ADMX info
- **GP English name:** Allow Start and New Tab page preload
+- **GP English name:** Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
 - **GP name:** AllowTabPreloading
 - **GP path:** Windows Components/Microsoft Edge
 - **GP ADMX file name:** MicrosoftEdge.admx
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@ -6,7 +6,7 @@
 [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
@ -24,7 +24,7 @@
 - **GP ADMX file name:** MicrosoftEdge.admx
 #### MDM settings
- **MDM name:** Browser/[AllowWebContentOnNewTabPage](../new-policies.md#allowwebcontentonnewtabpage)
+- **MDM name:** Browser/[AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)
 - **Supported devices:** Desktop
 - **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage 
 - **Data type:** Integer
--- a/browsers/edge/includes/always-enable-book-library-include.md
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-additional-search-engines-include.md
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@ -1,20 +1,19 @@
 <!-- ## Configure additional search engines -->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*<br>
->*Default setting:  Disabled or not configured (Prevented/Not allowed)*
+>*Default setting:  Disabled or not configured (Prevented/not allowed)*
 [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
-|Disabled or not configured<br>**(default)** |0 |0 Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.<p>If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. |![Most restricted value](../images/check-gn.png) |
+|Disabled or not configured<br>**(default)** |0 |0 |Prevented/not allowed. Microsoft Edge uses the search engine specified in App settings.<p><p>If you enabled this policy and now want to disable it, disabling removes all previously configured search engines. |![Most restricted value](../images/check-gn.png) |
-|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.
+|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.<p><p>For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).  |  |
 For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).  | |
 ---
-### Configuration combinations
+### Configuration options
 | **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
 | --- | --- | --- | --- |
@ -26,7 +25,6 @@ For each search engine added you must specify a link to the OpenSearch XML file
 | Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
 ---
 ![Set default search engine](../images/set-default-search-engine.png)
 ### ADMX info and settings
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-allow-flash-url-list-include.md
+++ b/browsers/edge/includes/configure-allow-flash-url-list-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-allow-flash-for-url-list-shortdesc](../shortdesc/configure-allow-flash-for-url-list-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
@ -23,7 +23,7 @@
 - **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
 - **GP name:** ConfigureTelemetryForMicrosoft365Analytics
 - **GP element:** ZonesListBox
- **GP path:** Data Collection and Preview Builds
+- **GP path:** Windows Components/Microsoft Edge
 - **GP ADMX file name:** MicrosoftEdge.admx
--- a/browsers/edge/includes/configure-cookies-include.md
+++ b/browsers/edge/includes/configure-cookies-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-do-not-track-include.md
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@ -6,7 +6,7 @@
 You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
-### Allowed values
+### Supported values
 -   **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
--- a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
+++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-favorites-bar-include.md
+++ b/browsers/edge/includes/configure-favorites-bar-include.md
@ -6,7 +6,7 @@
 [!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
--- a/browsers/edge/includes/configure-favorites-include.md
+++ b/browsers/edge/includes/configure-favorites-include.md
@ -1,2 +1,2 @@
 <!-- ## Configure Favorites -->
->Deprecated. Use [Provision Favorites](../available-policies.md#provision-favorites).
+>Use [Provision Favorites](../available-policies.md#provision-favorites) in place of this policy.
--- a/browsers/edge/includes/configure-home-button-include.md
+++ b/browsers/edge/includes/configure-home-button-include.md
@ -5,23 +5,29 @@
 [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-### Allowed values
+
 ### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
-|Disabled or not configured<br>**(default)** |0 |0 |Show the home button and load the Start page. |
+|Disabled or not configured<br>**(default)** |0 |0 |Show home button and load the Start page. |
-|Enabled |1 |1 |Show the home button and load the New tab page. |
+|Enabled |1 |1 |Show home button and load the New tab page. |
-|Enabled |2 |2 |Show the home button and load the custom URL defined in the Set Home Button URL policy. |
+|Enabled |2 |2 |Show home button and load the custom URL defined in the Set Home Button URL policy. |
-|Enabled |3 |3 |Hide the home button. |
+|Enabled |3 |3 |Hide home button. |
 ---
-With these values, you can do any of the following configurations:
+>[!TIP]
 >If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
 ![Show home button and load Start page or New tab page](../images/home-button-start-new-tab-page.png)
 ![Show home button and load custom URL](../images/home-button-custom-url.png)
-![Hide home button](../images/home-button-hide.png)
+### Configuration options
 ![Show home button and load Start page or New tab page](../images/home-button-start-new-tab-page-v4-sm.png)
 ![Show home button and load custom URL](../images/home-buttom-custom-url-v4-sm.png)
 ![Hide home button](../images/home-button-hide-v4-sm.png)
 ### ADMX info and settings
 #### ADMX info
--- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@ -7,12 +7,12 @@
 For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
-### Allowed values
+### Supported values
 | | |
 |---|---|
 |(0) Default or not configured |<ul><li>If it’s a single app, Microsoft Edge runs InPrivate full screen for digital signage or interactive displays.</li><li>If it’s one of many apps, Microsoft Edge runs as normal.</li></ul> |
-|(1) Enabled |<ul><li>•	If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.<p>**_For single-app public browsing_**: If you do not configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.</li><li>If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</li></ul> |
+|(1) Enabled |<ul><li>If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy.<p>**_For single-app public browsing_**: If you do not configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time.</li><li>If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge.</li></ul> |
 ---
 ![Microsoft Edge kiosk experience](../images/microsoft-edge-kiosk-mode.png)
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@ -7,9 +7,9 @@
 **Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
-**Version 1810:**<br>When you enable this policy and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
+**Version 1810:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
@ -20,7 +20,10 @@
 |Enabled<br>**(default)** |3 |3 |Load a specific page or pages. |
 ---
-### Configuration combinations
+>[!TIP]
 >If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
 ### Configuration options
 | **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
 | --- | --- | --- | --- |
 | Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to make changes. |
@ -33,9 +36,6 @@
 ---
 If you want to make changes to this policy:<ol><li>Set the Disabled Lockdown of Start Pages to not configured.</li><li>Make changes to the Configure Open Microsoft With policy.</li><li>Enable the Disabled Lockdown of Start Pages.</li></ol>
 ### ADMX info and settings
 #### ADMX info
 - **GP English name:** Configure Open Microsoft Edge With
--- a/browsers/edge/includes/configure-password-manager-include.md
+++ b/browsers/edge/includes/configure-password-manager-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-pop-up-blocker-include.md
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)] 
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/configure-start-pages-include.md
+++ b/browsers/edge/includes/configure-start-pages-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
@ -12,18 +12,7 @@
 |Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\><p>**Version 1703 or later:**<br>If you do not want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non-domain-joined devices when it's the only configured URL.<p>**Version 1810:**<br>When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy.  | 
 ---
-### Configuration combinations
+
 | **Configure Open Microsoft Edge With** | **Configure Start Pages** | **Disabled Lockdown of Start Pages** | **Outcome** |
 | --- | --- | --- | --- |
 | Enabled (applies to all options) | Enabled – String | Enabled (all configured start pages are editable) | [\#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.](#1-load-the-urls-defined-in-the-configure-open-microsoft-edge-with-policy-and-allow-users-to-edit-all-configured-start-pages) |
 | Disabled or not configured | Enabled – String | Enabled (any Start page configured in the Configured Start Pages policy) | [\#2: Load any start page and allow users to edit their Start pages.](#2-load-any-start-page-configured-using-the-configured-start-pages-policy-and-allow-users-to-edit-their-start-pages) |
 | Enabled (Start page) | Enabled – String | Blank or not configured | [\#3: Load Start page(s) and prevent users from changing it.](#3-load-the-start-pages-and-prevent-users-from-making-changes) |
 | Enabled (New tab page) | Enabled – String | Blank or not configured | [\#4: Load New tab page and prevent users from changing it.](#4-load-the-new-tab-page-and-prevent-users-from-making-changes) |
 | Enabled (Previous pages) | Enabled – String | Blank or not configured | [\#5: Load previously opened pages and prevent users from changing it.](#5-load-the-previously-opened-pages-that-were-opened-when-microsoft-edge-last-closed-and-prevent-users-from-making-changes) |
 | Enabled (A specific page or pages) | Enabled – String | Blank or not configured | [\#6: Load a specific page or pages and prevent users from changing it.](#6-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-prevent-users-from-making-changes) |
 | Enabled (A specific page or pages) | Enabled – String | Enabled (any Start page configured in Configure Start Pages policy) | [\#7: Load a specific page or pages and allow users to make changes to their Start page.](#7-load-a-specific-page-or-pages-defined-in-the-configure-start-pages-policy-and-allow-users-to-make-changes-to-their-start-page) |
 | N/A | Blank or not configured | N/A | Microsoft Edge loads the pages specified in App settings as the default Start pages. |
 ---
 ### ADMX info and settings
 #### ADMX info
@ -51,79 +40,6 @@
 - [Configure Start Pages](#configure-start-pages-include): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
 ### Scenarios
 #### \#1: Load URLs defined in the Configure Open Microsoft Edge With policy, and allow users to edit all configured start pages.
 1. Enable the **Configure Open Microsoft Edge With** policy. Applies to all options for this policy. <p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *All configured start pages are editable*.
 ---
 #### \#2: Load any start page and allow users to edit their Start pages.
 1. Disable or don't configure the **Configure Open Microsoft Edge With** policy.
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets in the following format:<p> \<support.contoso.com\>\<support.microsoft.com\>
 3. Enable the **Disabled Lockdown of Start Pages** policy by selecting *Start pages are not editable*.
 ---
 #### \#3: Load Start page(s) and prevent users from changing it.
 1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Start page*.<p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
 ---
 #### \#4: Load New tab page and prevent users from changing it..
 1. Enable the **Configure Open Microsoft Edge With** policy by selecting *New tab page*.<p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
 ---
 #### \#5: Load previously opened pages and prevent users from changing it.
 1. Enable the **Configure Open Microsoft Edge With** policy by selecting *Previous pages*.<p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
 ---
 #### \#6: Load a specific page or pages and prevent users from changing it.
 1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*.<p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Disable or don't configure the **Disabled Lockdown of Start Pages** policy.
 ---
 #### \#7: Load a specific page or pages and allow users to make changes to their Start page.
 1. Enable the **Configure Open Microsoft Edge With** policy by selecting *A specific page or pages*. <p>
 2. In the **Configure Start Pages** policy, enter URLs to the pages, separating multiple pages by using angle brackets:<p>\<support.contoso.com\>\<support.microsoft.com\>
 3. Enable **Disabled Lockdown of Start Pages** by selecting *Start pages are not editable*.
 ---
 <hr>
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@ -4,12 +4,12 @@
 [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Not configured |0 |0 |Lockdown Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy. |![Most restricted value](../images/check-gn.png) |
-|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.<p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
+|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.<p><p>When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
 ---
 ### ADMX info and settings
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
@ -44,7 +44,7 @@ To verify if syncing is turned on or off:
 - **GP ADMX file name:** SettingSync.admx
 #### MDM settings
- **MDM name:** Experience/[Experience/DoNotSyncBrowserSetting](../new-policies.md#donotsyncbrowsersetting)
+- **MDM name:** [Experience/DoNotSyncBrowserSetting](../available-policies.md#do-not-sync-browser-settings)
 - **Supported devices:** Desktop
 - **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSetting
 - **Data type:** Integer
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
@ -12,8 +12,8 @@
 |Enabled |1 |1 |Turned on/syncing.  |![Most restricted value](../images/check-gn.png) |
 ---
-### Configuration combinations
+### Configuration options
-### Configuration combinations
+### Configuration options
 | **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Outcome** |
 | --- | --- | --- |
 | Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@ -4,12 +4,12 @@
 [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |Description |
 |---|---|
 |Disabled or not configured<br>**(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored.  | 
-|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following the OneNote Web Clipper and Office Online extension prevents users from turning it off:<p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | 
+|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:<p><p>_Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe_ <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune. Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. | 
 ---
 ### ADMX info and settings
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@ -5,7 +5,7 @@
 [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
 |Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings.  | 
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@ -7,7 +7,7 @@
 >[!IMPORTANT]
 >Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
-### Allowed values
+### Supported values
 |Group Policy  |Description |Most restricted |
 |---|---|:---:|
@ -15,8 +15,8 @@
 |Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file**, and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.  Specify the URL as: <ul><li>HTTP location: "SiteList"=http://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:\Users\\Documents\URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) | 
 ---
-### Configuration combinations
+### Configuration options
-| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Outcome** |
+| **Keep favorites in sync between IE and Microsoft Edge** | **Provision Favorites** | **Results** |
 | --- | --- | --- |
 | Disabled or not configured (default) | Disabled or not configured (default) | **Turned off/not syncing**. Microsoft Edge prevents users from syncing their favorites. |
 | Enabled (turned on/syncing) | Disabled or not configured (default) | **Turned on/syncing**. Syncs favorites between Internet Explorer and Microsoft Edge. |
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@ -8,7 +8,7 @@
 >Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. Allowed values.
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
@ -16,7 +16,7 @@
 |Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.<p>Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<br>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enabled** and then refresh the policy and then vew the affected sites in Microsoft Edge.<br><br>A message displays saying that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol>| |
 ---
-### Configuration combinations
+### Configuration options
 ### ADMX info and settings
--- a/browsers/edge/includes/set-default-search-engine-include.md
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@ -4,16 +4,16 @@
 [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Not configured<br>**(default)** |Blank |Blank |Microsoft Edge uses the default search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](#allow-search-engine-customization-include) policy, users cannot make changes. | |
 |Disabled |0 |0 |Microsoft Edge removes the policy-set search engine and uses the Microsoft Edge specified engine for the market. | |
-|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.<p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p>If you want users to use the default Microsoft Edge settings for each market set the string to EDGEDEFAULT. <p>If you would like users to use Microsoft Bing as the default search engine set the string to EDGEBING. |![Most restricted value](../images/check-gn.png) |
+|Enabled |1 |1 |Microsoft Edge uses the policy-set search engine specified in the OpenSearch XML file. Users cannot change the default search engine.<p><p>Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.<p><p>If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**.<p><p>If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. |![Most restricted value](../images/check-gn.png) |
 ---
-### Configuration combinations
+### Configuration options
 | **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
 | --- | --- | --- | --- |
@ -25,7 +25,7 @@
 | Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
 ---
-![Set default search engine](../images/set-default-search-engine.png)
+![Set default search engine configurations](../images/set-default-search-engine-v4-sm.png)
 ### ADMX info and settings
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@ -4,7 +4,7 @@
 [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
@ -12,7 +12,7 @@
 |Enabled - String |String |String |A custom URL loads when clicking the home button.  You must also enable the [Configure Home Button](../new-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option.<p>Enter a URL in string format, for example, https://www.msn.com.   |
 ---
-With these values, you can do any of the following configurations:
+### Configuration options
 #### Show the home button, load a custom URL, and let users make changes:
 1. **Configure Home Button:** Enable and select the _Show the home button & set a specific page_ option.
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@ -4,12 +4,12 @@
 [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
 |Disabled or not configured<br>**(default)** |Blank |Blank |Load the default New tab page. |
-|Enabled - String |String |String |Prevent users from changing the New tab page.<p>Enter a URL in string format, for example, https://www.msn.com. |
+|Enabled - String |String |String |Prevent users from changing the New tab page.<p><p>Enter a URL in string format, for example, https://www.msn.com. |
 ---
 ### ADMX info and settings
@ -33,7 +33,8 @@
 ### Related policies
-[Allow web content on New Tab page](../new-policies.md#allowwebcontentonnewtabpage):  [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+[Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page):  [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
 <hr>
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@ -5,13 +5,13 @@
 <!-- RS5 update: add option for showing interstitial page with stay in Edge link (Koch) -->
 [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |Most restricted |
 |---|:---:|:---:|---|:---:|
 |Disabled or not configured<br>**(default)** |0 |0 |No additional message displays. |![Most restricted value](../images/check-gn.png) |
 |Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | |
-|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link. | |
+|Enabled |2 |2 |Show an additional message with a "Keep going in Microsoft Edge" link to allow users to open the site in Microsoft Edge. | |
 ---
 ### ADMX info and settings
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@ -4,11 +4,11 @@
 [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
-### Allowed values
+### Supported values
 |Group Policy  |MDM |Registry |Description |
 |---|:---:|:---:|---|
-|Disabled or not configured<br>**(default)** |0 |0 |Lock down the home button to prevent users from making changes. | 
+|Disabled or not configured<br>**(default)** |0 |0 |Lock down the home button to prevent users from making changes to the home button settings. | 
 |Enabled |1 |1 |Let users make changes. | 
 ---
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@ -158,7 +158,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 | [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen)                                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)                                                    | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
 | [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\*                                                   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
-| [AllowWebContentOnNewTabPage](new-policies.md#allowwebcontentonnewtabpage)\*                                          | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
+| [AllowWebContentOnNewTabPage](available-policies.md#allow-web-content-on-new-tab-page)\*                                          | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)                                              | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit)                                                | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines)                                       | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
@ -169,7 +169,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 | [ConfigureOpenMicrosoftEdgeWith](new-policies.md#configure-open-microsoft-edge-with)\*                                       | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [ConfigureTelemetryForMicrosoft365Analytics](new-policies.md#configure-collection-of-browsing-data-for-microsoft-365-analytics)\*                           | ![Supported](images/148767.png)     | ![Supported](images/148767.png)     | ![Supported](images/148767.png)      | ![Supported](images/148767.png)   |
 | [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
-| [DoNotSyncBrowserSetting](new-policies.md#donotsyncbrowsersetting)\* and [PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
+| [DoNotSyncBrowserSetting](available-policies.md#do-not-sync-browser-settings)\* and [PreventUsersFromTurningOnBrowserSyncing](new-policies.md#prevent-users-from-turning-on-browser-syncing)\* | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)   |
 | [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)                                           | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Supported](images/148767.png)   |
 | [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist)                                                 | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Supported](images/148767.png)<sup>1</sup> | ![Supported](images/148767.png)   |
 | [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl)                                                            | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)   | ![Not supported](images/148766.png)    | ![Not supported](images/148766.png) |
@ -225,15 +225,11 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
 ## Known issues with RS_PRERELEASE build 17713+
 - When you set up Microsoft Edge as your kiosk app and define the URL in assigned access Settings the URL, Microsoft Edge may not get launched with the configured URL.
    - **Expected behavior** – Microsoft Edge kiosk mode opens the URL on startup. 
    - **Actual behavior** – Microsoft Edge kiosk mode may not open with the URL on startup.
 - When you set up Microsoft Edge kiosk mode on a single-app kiosk device you must set the “ConfigureKioskMode” policy because the default behavior is not honored. 
    - **Expected behavior** – Microsoft Edge kiosk mode launches in full-screen mode. 
    - **Actual behavior** – Normal Microsoft Edge launches.
- “Configure Favorites bar” policy when setting to enabled or 1 does not show the favorites bar in Microsoft Edge kiosk mode. 
+- When you enable or set the “Configure Favorites bar” policy to 1, the favorites bar does not show in Microsoft Edge kiosk mode. 
    - **Expected behavior** – Microsoft Edge kiosk mode shows the favorites bar. 
    - **Actual behavior** – The favorites bar is hidden.
--- a/browsers/edge/new-policies.md
+++ b/browsers/edge/new-policies.md
@ -1,5 +1,5 @@
 ---
-description: Windows Insider Preview - The Microsoft Edge team introduces new Group Policies and MDM Settings for IT administrators to configure Microsoft Edge. The new policies allow you to enable/disabled full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
+description: Microsoft Edge now has new Group Policies and MDM Settings for IT administrators to configure Microsoft Edge. The new policies allow you to enable/disabled full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
 ms.assetid: 
 author: shortpatti
 ms.author: pashort
@ -18,8 +18,13 @@ ms.date: 07/19/2018
 The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
-You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
+We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites. 
->*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
+
 >You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
 > 
 >>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\*
 <p>
 <!-- add links to the below policies -->
@ -32,14 +37,14 @@ You can find the Microsoft Edge Group Policy settings in the following location
 | [Allow printing](#allow-printing) | New |  AllowPrinting | New |
 | [Allow Saving History](#allow-saving-history) | New | AllowSavingHistory | New |
 | [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | AllowSideloadingOfExtensions | New |
-| Allow web content on new tab page | -- | [Browser/AllowWebContentOnNewTabPage](#allowwebcontentonnewtabpage) | New |
+| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
 | [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | ConfigureTelemetryForMicrosoft365Analytics | New |
 | [Configure Favorites Bar](#configure-favorites-bar) | New | ConfigureFavoritesBar | New |
 | [Configure Home Button](#configure-home-button) | New | ConfigureHomeButton | New |
 | [Configure kiosk mode](#configure-kiosk-mode) | New |  ConfigureKioskMode | New |
 | [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New |  ConfigureKioskResetAfterIdleTimeout | New |
 | [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | ConfigureOpenMicrosoftEdgeWith | New |
-| Do not sync browser settings | -- | [Experience/DoNotSyncBrowserSetting](#donotsyncbrowsersetting)  | New |
+| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | Experience/DoNotSyncBrowserSetting  | New |
 | [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | PreventCertErrorOverrides | New |
 | [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | PreventUsersFromTurningOnBrowserSyncing | New |
 | [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
@ -49,7 +54,6 @@ You can find the Microsoft Edge Group Policy settings in the following location
 | [Unlock Home button](#unlock-home-button) | New | UnlockHomeButton | New |
 ---
 We are also deprecating the **Configure Favorites** group policy because no MDM equivalent existed. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites.   
 <!-- RS5 policies -->
@ -71,8 +75,6 @@ We are also deprecating the **Configure Favorites** group policy because no MDM
 ## Allow sideloading of Extensions
 [!INCLUDE [allow-sideloading-extensions-include.md](includes/allow-sideloading-extensions-include.md)]
 ## AllowWebContentOnNewTabPage
 [!INCLUDE [allow-web-content-new-tab-page-include](includes/allow-web-content-new-tab-page-include.md)]
 ## Configure collection of browsing data for Microsoft 365 Analytics
 [!INCLUDE [configure-browser-telemetry-for-m365-analytics-include](includes/configure-browser-telemetry-for-m365-analytics-include.md)]
@ -92,9 +94,6 @@ We are also deprecating the **Configure Favorites** group policy because no MDM
 ## Configure Open Microsoft Edge With
 [!INCLUDE [configure-open-edge-with-include.md](includes/configure-open-edge-with-include.md)]
 ## DoNotSyncBrowserSetting
 [!INCLUDE [do-not-sync-browser-settings-include](includes/do-not-sync-browser-settings-include.md)]
 ## Prevent certificate error overrides
 [!INCLUDE [prevent-certificate-error-overrides-include.md](includes/prevent-certificate-error-overrides-include.md)]
--- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
@ -1 +1 @@
-Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
+Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
--- a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
@ -1 +1 @@
-Microsoft Edge automatically updates the configuration data for the Books Library. Disabling this policy prevents Microsoft Edge from updating the configuration data.
+Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
--- a/browsers/edge/shortdesc/configure-cookies-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
@ -1 +1 @@
-By default, Microsoft Edge allows all cookies from all websites.  With this policy, however, you can configure Microsoft to block only 3rd-party cookies or block all cookies. 
+Microsoft Edge allows all cookies from all websites by default.  With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. 
--- a/browsers/edge/shortdesc/configure-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
@ -1,2 +1 @@
-Being deprecated in RS5 >> You can configure a list of URLs and create a set of folders to appear in Microsoft Edge’s Favorites list.  When you enable this policy, users cannot customize the Favorites list, such as adding folders for organizing, and adding or removing any of the favorites configured. By default, this policy is disabled or not configured allowing users to customize the Favorites list.
+Use the **[Provision Favorites](../available-policies.md#provision-favorites)** in place of Configure Favorites. 
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@ -315,6 +315,8 @@
 #### [WiFi DDF file](wifi-ddf-file.md)
 ### [Win32AppInventory CSP](win32appinventory-csp.md)
 #### [Win32AppInventory DDF file](win32appinventory-ddf-file.md)
 ### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
 #### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md)
 ### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 #### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md)
 ### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@ -2417,6 +2417,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)  
 <!--StartSKU-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)  
--- a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
+++ b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
--- a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png
+++ b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@ -67,7 +67,8 @@ Added in Windows 10, version 1803. This policy allows the IT admin to control wh
 > [!Note]  
 > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
-This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 Note: This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. In Windows 10, next major version, Delete command and setting the value to be 0 again if it was previously set to 1 will be supported.
 The following list shows the supported values:
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 07/20/2018
 ---
 # SUPL CSP
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 The SUPL configuration service provider is used to configure the location client, as shown in the following table.
@ -220,35 +222,50 @@ Specifies the name of the H-SLP root certificate as a string, in the format *nam
 <a href="" id="rootcertificate-data"></a>**RootCertificate/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="rootcertificate"></a>**RootCertificate2**  
 Specifies the root certificate for the H-SLP server.
 <a href="" id="rootcertificate2-name"></a>**RootCertificate2/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 <a href="" id="rootcertificate2-data"></a>**RootCertificate2/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="rootcertificate"></a>**RootCertificate3**  
 Specifies the root certificate for the H-SLP server.
 <a href="" id="rootcertificate3-name"></a>**RootCertificate3/Name**  
 Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 <a href="" id="rootcertificate3-data"></a>**RootCertificate3/Data**  
 The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="rootcertificate"></a>**RootCertificate4**  
 Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
 <a href="" id="rootcertificate-name"></a>**RootCertificate4/Name**  
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 <a href="" id="rootcertificate-data"></a>**RootCertificate4/Data**  
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="rootcertificate"></a>**RootCertificate5**  
 Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
 <a href="" id="rootcertificate2-name"></a>**RootCertificate5/Name**  
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 <a href="" id="rootcertificate2-data"></a>**RootCertificate5/Data**  
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="rootcertificate"></a>**RootCertificate6**  
 Added in Windows 10, next major version. Specifies the root certificate for the H-SLP server.
 <a href="" id="rootcertificate3-name"></a>**RootCertificate6/Name**  
-Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
+Added in Windows 10, next major version. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
 <a href="" id="rootcertificate3-data"></a>**RootCertificate6/Data**  
-The base 64 encoded blob of the H-SLP root certificate.
+Added in Windows 10, next major version. The base 64 encoded blob of the H-SLP root certificate.
 <a href="" id="v2upl1"></a>**V2UPL1**  
 Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@ -7,17 +7,19 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2017
+ms.date: 07/20/2018
 ---
 # SUPL DDF file
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider.
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@ -43,7 +45,7 @@ The XML below is the current version for this CSP.
            <Permanent />
          </Scope>
          <DFType>
-            <DDFName></DDFName>
+            <MIME>com.microsoft/1.1/MDM/SUPL</MIME>
          </DFType>
        </DFProperties>
        <Node>
@ -200,7 +202,7 @@ The XML below is the current version for this CSP.
                    <Replace />
                  </AccessType>
                  <DefaultValue>0</DefaultValue>
-                  <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
+                  <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
                  <DFFormat>
                    <int />
                  </DFFormat>
@ -749,7 +751,7 @@ The XML below is the current version for this CSP.
                <Replace />
              </AccessType>
              <DefaultValue>0</DefaultValue>
-              <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
+              <Description>Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The default is 0. The default method in Windows Phones provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator's network or location services. The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters.</Description>
              <DFFormat>
                <int />
              </DFFormat>
@ -858,13 +860,3 @@ The XML below is the current version for this CSP.
      </Node>
 </MgmtTree>
 ```
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@ -0,0 +1,615 @@
 ---
 title: Win32CompatibilityAppraiser  CSP
 description: 
 ms.author: maricia
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
 ms.date: 07/19/2018
 ---
 #  Win32CompatibilityAppraiser CSP 
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, next major version.
 The following diagram shows the Storage configuration service provider in tree format.
 ![Win32CompatibilityAppraiser CSP diagram](images/provisioning-csp-win32compatibilityappraiser.png)
 <a href="" id="accountmanagement"></a>**./Vendor/MSFT/Win32CompatibilityAppraiser**  
 The root node for the Win32CompatibilityAppraiser configuration service provider.
 <a href="" id="compatibilityappraiser"></a>**CompatibilityAppraiser**  
 This represents the state of the Compatibility Appraiser.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis**  
 This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. 
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-commercialid"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId**  
 The unique identifier specifying what organization owns this device.  This helps correlate telemetry after it has been uploaded.
 Value type is string. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosiscommercialidsetandvalid"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid**  
 A boolean value representing whether the CommercialId is set to a valid value.  Valid values are strings in the form of GUIDs, with no surrounding braces.
 Value type is bool. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-alltargetosversionsrequested"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested**  
 A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set.  By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.
 Value type is bool. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-osskuisvalidforappraiser"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser**  
 A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.
 Value type is bool. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-appraisercodeanddataversionsaboveminimum"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum**  
 An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.  
 The values are:  
 -  0 == Neither the code nor data is of a sufficient version  
 -  1 == The code version is insufficient but the data version is sufficient 
 -  2 == The code version is sufficient but the data version is insufficient
 -  3 == Both the code and data are of a sufficient version
 Value type is integer. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-rebootpending"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending**  
 A boolean value representing whether a reboot is pending on this computer.  A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
 Value type is bool. Supported operation is Get.
 <a href="" id="compatibilityappraiser-appraiserrunresultreport"></a>**CompatibilityAppraiser/AppraiserRunResultReport**  
 This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.
 For the report XML schema see [Appraiser run result report](#appraiser-run-result-report).
 <a href="" id="universaltelemetryclient"></a>**UniversalTelemetryClient**  
 This represents the state of the Universal Telemetry Client, or DiagTrack service.
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis**  
 This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-telemetryoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn**  
 An integer value representing what level of telemetry will be uploaded.  
 Value type is integer. Supported operation is Get.
 The values are:  
 -  0 == Security data will be sent 
 -  1 == Basic telemetry will be sent 
 -  2 == Enhanced telemetry will be sent 
 -  3 == Full telemetry will be sent
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-commercialdataoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn**  
 An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.  
 Value type is integer. Supported operation is Get.
 The values are:  
 -  0 == Setting is disabled
 -  1 == Setting is enabled
 -  2 == Setting is not applicable to this version of Windows
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-diagtrackservicerunning"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning**  
 A boolean value representing whether the DiagTrack service is running.  This service must be running in order to upload UTC data.
 Value type is bool. Supported operation is Get.
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-msaserviceenabled"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**  
 A boolean value representing whether the MSA service is enabled.  This service must be enabled for UTC data to be indexed with Global Device IDs.
 Value type is bool. Supported operation is Get.
 <a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-internetexplorertelemetryoptin"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn**  
 An integer value representing what websites Internet Explorer will collect telemetry data for.    
 Value type is integer. Supported operation is Get.
 The values are:  
 -  0 == Telemetry collection is disabled 
 -  1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones 
 -  2 == Telemetry collection is enabled for internet websites and restricted website zones
 -  3 == Telemetry collection is enabled for all websites
 -  0x7FFFFFFF == Telemetry collection is not configured
 <a href="" id="universaltelemetryclient-utcconnectionreport"></a>**UniversalTelemetryClient/UtcConnectionReport**  
 This provides an XML representation of the UTC connections during the most recent summary period.
 For the report XML schema, see [UTC connection report](#utc-connection-report).
 <a href="" id="windowserrorreporting"></a>**WindowsErrorReporting**  
 This represents the state of the Windows Error Reporting service.
 <a href="" id="windowserrorreporting-werconfigurationdiagnosis"></a>**WindowsErrorReporting/WerConfigurationDiagnosis**  
 This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.
 <a href="" id="windowserrorreporting-werconfigurationdiagnosis-wertelemetryoptin"></a>**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn**  
 An integer value indicating the amount of WER data that will be uploaded.  
 Value type integer. Supported operation is Get.
 The values are:  
 -  0 == Data will not send due to UTC opt-in 
 -  1 == Data will not send due to WER opt-in 
 -  2 == Basic WER data will send but not the complete set of data 
 -  3 == The complete set of WER data will send
 <a href="" id="windowserrorreporting-werconfigurationdiagnosis-mostrestrictivesetting"></a>**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting**  
 An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.  
 Value type integer. Supported operation is Get.
 The values are:  
 -  0 == System telemetry settings are restricting uploads 
 -  1 == WER basic policies are restricting uploads 
 -  2 == WER advanced policies are restricting uploads 
 -  3 == WER consent policies are restricting uploads 
 -  4 == There are no restrictive settings
 <a href="" id="windowserrorreporting-werconnectionreport"></a>**WindowsErrorReporting/WerConnectionReport**  
 This provides an XML representation of the most recent WER connections of various types.
 For the report XML schema, see [Windows Error Reporting connection report](#windows-error-reporting-connection-report).
 ## XML schema for the reports
 ### Appraiser run result report
 ```
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
    <xs:annotation>
        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\CompatibilityAppraiser\AppraiserRunResultReport CSP node.</xs:documentation>
        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
    </xs:annotation>
    <xs:simpleType name="RunCategoryType">
        <xs:annotation>
            <xs:documentation>Defines a category of Appraiser run.</xs:documentation>
        </xs:annotation>
        <xs:restriction base="xs:string">
            <xs:enumeration value="LastSecurityModeRunAttempt">
                <xs:annotation>
                    <xs:documentation>LastSecurityModeRunAttempt - The most recent run that was skipped because the "Allow Telemetry" setting was set to "Security".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastEnterpriseRun">
                <xs:annotation>
                    <xs:documentation>LastEnterpriseRun - The most recent run that was invoked with the "ent" command line.</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastFatallyErroredRun">
                <xs:annotation>
                    <xs:documentation>LastFatallyErroredRun - The most recent run that returned a failed "ErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastSuccessfulRun">
                <xs:annotation>
                    <xs:documentation>LastSuccessfulRun - The most recent run that returned a successful "ErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastFullSyncRun">
                <xs:annotation>
                    <xs:documentation>LastFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run).</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastSuccessfulFullSyncRun">
                <xs:annotation>
                    <xs:documentation>LastSuccessfulFullSyncRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "ErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveRun">
                <xs:annotation>
                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveRun - The most recent run that returned a successful "EnterpriseErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveFullSyncRun">
                <xs:annotation>
                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that attempted to upload a complete set of compatibility data (instead of only new data that was found since the previous run) and also returned a successful "EnterpriseErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastSuccessfulFromEnterprisePerspectiveEnterpriseRun">
                <xs:annotation>
                    <xs:documentation>LastSuccessfulFromEnterprisePerspectiveEnterpriseRun - The most recent run that was invoked with the "ent" command line and also returned a successful "EnterpriseErrorCode".</xs:documentation>
                </xs:annotation>
            </xs:enumeration>
        </xs:restriction>
    </xs:simpleType>
    <xs:complexType name="LastRunResultOfAnyCategoryType">
        <xs:annotation>
            <xs:documentation>Represents the most recent run of the Compatibility Appraiser.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="CurrentlyRunning" type="xs:boolean" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>CurrentlyRunning - A boolean representing whether the specified Compatibility Appraiser run is still in progress.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="CrashedOrInterrupted" type="xs:boolean" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>CrashedOrInterrupted - A boolean representing whether the specified Compatibility Appraiser run ended before it finished scanning for compatibility data.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="EnterpriseErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="RunStartTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>RunStartTimestamp - The time when the specified Compatibility Appraiser run started.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="RunEndTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ComponentWhichCausedErrorCode" type="xs:string" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run.  Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ErroredComponent" type="xs:string" minOccurs="0" maxOccurs="unbounded">
                <xs:annotation>
                    <xs:documentation>ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run.  A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="RunResultOfSpecificCategoryType">
        <xs:annotation>
            <xs:documentation>Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="ErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ErrorCode - An integer which is the HRESULT error code, of a type that is relevant to any computer, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="EnterpriseErrorCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>EnterpriseErrorCode - An integer which is the HRESULT error code, of a type that is relevant mainly to enterprise computers, from the specified Compatibility Appraiser run.  This may be a successful HRESULT code or a failure HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="RunStartTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>RunStartTimestamp - The time when the specified Compatibility Appraiser run started.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="RunEndTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>RunEndTimestamp - The time when the specified Compatibility Appraiser run ended.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ComponentWhichCausedErrorCode" type="xs:string" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ComponentWhichCausedErrorCode - The name of the internal component, if any, which caused the ErrorCode node to be a failure value during the specified Compatibility Appraiser run.  Note that the ErrorCode node might be a failure value for a reason other than an internal component failure.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ErroredComponent" type="xs:string" minOccurs="0" maxOccurs="unbounded">
                <xs:annotation>
                    <xs:documentation>ErroredComponent - The name of one of the internal components, if any, which encountered failure HRESULT codes during the specified Compatibility Appraiser run.  A failure of an internal component may not necessarily cause the ErrorCode node to contain a failed HRESULT code.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
        <xs:attribute name="RunCategory" type="RunCategoryType" use="required">
            <xs:annotation>
                <xs:documentation>RunCategory - A string which details the category of Appraiser run.</xs:documentation>
            </xs:annotation>
        </xs:attribute>
    </xs:complexType>
    <xs:complexType name="RunResultReportType">
        <xs:annotation>
            <xs:documentation>Defines the latest run results for all known categories.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="LastRunResult" type="LastRunResultOfAnyCategoryType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastRunResult - Represents the most recent run of the Compatibility Appraiser.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastRunResultForCategory" type="RunResultOfSpecificCategoryType" minOccurs="0" maxOccurs="unbounded">
                <xs:annotation>
                    <xs:documentation>LastRunResultForCategory - Represents the most recent run of the Compatibility Appraiser that satisfied a particular condition.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:element name="RunResultReport" type="RunResultReportType"/>
 </xs:schema>
 ```
 ### UTC connection report
 ```
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fusion="urn:schemas-microsoft-com:asm.v1" elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <xs:annotation>
        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\UniversalTelemetryClient\UtcConnectionReport CSP node.</xs:documentation>
        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
    </xs:annotation>
    <xs:complexType name="ConnectionSummaryType">
        <xs:annotation>
            <xs:documentation>Defines the latest UTC connection results, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="ConnectionSummaryStartingTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ConnectionSummaryStartingTimestamp - The starting time of the most recent UTC summary window.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ConnectionSummaryEndingTimestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ConnectionSummaryEndingTimestamp - The ending time of the most recent UTC summary window.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="TimestampOfLastSuccessfulUpload" type="xs:unsignedLong" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>TimestampOfLastSuccessfulUpload - The ending time of the most recent UTC summary window that included a successful data upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastHttpErrorCode" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastHttpErrorCode - The HTTP error code from the last failed internet connection.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ProxyDetected" type="xs:boolean" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ProxyDetected - A boolean value representing whether an internet connection during the summary window was directed through a proxy.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ConnectionsSuccessful" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ConnectionsSuccessful - An integer value summarizing the success of internet connections during the summary window.  The values are: 0 == "All connections failed", 1 == "Some connections succeeded and some failed", and 2 == "All connections succeeded".</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="DataUploaded" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>DataUploaded - An integer value summarizing the success of data uploads during the summary window.  The values are: 0 == "All data was dropped", 1 == "Some data was dropped and some was sent successfully", 2 == "All data was sent successfully", and 3 == "No data was present to upload".</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="AnyCertificateValidationFailures" type="xs:boolean" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>AnyCertificateValidationFailures - A boolean value representing whether there were any failed attempts to validate certificates in the summary window.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastCertificateValidationFailureCode" type="xs:unsignedInt" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastCertificateValidationFailureCode - The most recent error code from a failed attempt at validating a certificate.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ConnectionReportType">
        <xs:annotation>
            <xs:documentation>Lists results of UTC connections.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="ConnectionSummary" type="ConnectionSummaryType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Defines the latest UTC connection results, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:element name="ConnectionReport" type="ConnectionReportType"/>
 </xs:schema>
 ```
 ### Windows Error Reporting connection report
 ```
 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fusion="urn:schemas-microsoft-com:asm.v1" elementFormDefault="qualified" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <xs:annotation>
        <xs:documentation>CSP schema for the Compatibility Appraiser Diagnostic CSP.</xs:documentation>
        <xs:documentation>Schema defining the Win32CompatibilityAppraiser\WindowsErrorReporting\WerConnectionReport CSP node.</xs:documentation>
        <xs:documentation>Copyright (c) Microsoft Corporation, all rights reserved.</xs:documentation>
    </xs:annotation>
    <xs:complexType name="LastNormalUploadSuccessType">
        <xs:annotation>
            <xs:documentation>LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="UploadDuration" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>UploadDuration - The time taken while attempting the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="PayloadSize" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>PayloadSize - The size of the payload that WER attempted to upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="Protocol" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Protocol - The communication protocol that WER used during the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="Stage" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Stage - The processing stage that WER was in when the upload ended.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="BytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>BytesUploaded - The number of bytes that WER successfully uploaded.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ServerName" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ServerName - The name of the server that WER attempted to upload data to.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="LastNormalUploadFailureType">
        <xs:annotation>
            <xs:documentation>LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="HttpExchangeResult" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="UploadDuration" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>UploadDuration - The time taken while attempting the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="PayloadSize" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>PayloadSize - The size of the payload that WER attempted to upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="Protocol" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Protocol - The communication protocol that WER used during the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="Stage" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Stage - The processing stage that WER was in when the upload ended.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="RequestStatusCode" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>RequestStatusCode - The status code returned by the server in response to the upload request.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="BytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>BytesUploaded - The number of bytes that WER successfully uploaded.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="ServerName" type="xs:string" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>ServerName - The name of the server that WER attempted to upload data to.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="TransportHr" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>TransportHr - The HRESULT code encountered when transferring data to the server.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="LastResumableUploadSuccessType">
        <xs:annotation>
            <xs:documentation>LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastBlockId" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="TotalBytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="LastResumableUploadFailureType">
        <xs:annotation>
            <xs:documentation>LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="Timestamp" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Timestamp - The time when WER attempted the upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="HttpExchangeResult" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>HttpExchangeResult - The result of the HTTP connection between WER and the server that it tried to upload to.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastBlockId" type="xs:unsignedInt" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastBlockId - The identifier of the most recent block of the payload that WER attempted to upload.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="TotalBytesUploaded" type="xs:unsignedLong" minOccurs="1" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>TotalBytesUploaded - The number of bytes that WER successfully uploaded so far, possibly over multiple resumable upload attempts.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ConnectionSummaryType">
        <xs:annotation>
            <xs:documentation>Defines the latest WER connection results, if any.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="LastNormalUploadSuccess" type="LastNormalUploadSuccessType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastNormalUploadSuccess - A summary of the last time WER successfully performed a normal data upload, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastNormalUploadFailure" type="LastNormalUploadFailureType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastNormalUploadFailure - A summary of the last time WER failed to perform a normal data upload, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastResumableUploadSuccess" type="LastResumableUploadSuccessType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastResumableUploadSuccess - A summary of the last time WER successfully performed a resumable data upload, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="LastResumableUploadFailure" type="LastResumableUploadFailureType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>LastResumableUploadFailure - A summary of the last time WER failed to perform a resumable data upload, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ConnectionReportType">
        <xs:annotation>
            <xs:documentation>Lists results of WER connections.</xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="ConnectionSummary" type="ConnectionSummaryType" minOccurs="0" maxOccurs="1">
                <xs:annotation>
                    <xs:documentation>Defines the latest WER connection results, if any.</xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:element name="ConnectionReport" type="ConnectionReportType"/>
 </xs:schema>
 ```
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@ -0,0 +1,537 @@
 ---
 title: Win32CompatibilityAppraiser DDF file
 description: XML file containing the device description framework
 ms.author: maricia
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
 ms.date: 07/19/2018
 ---
 # Win32CompatibilityAppraiser DDF file 
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 This topic shows the OMA DM device description framework (DDF) for the **Win32CompatibilityAppraiser** configuration service provider.
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 The XML below is for Windows 10, next major version.
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
  <VerDTD>1.2</VerDTD>
      <Node>
        <NodeName>Win32CompatibilityAppraiser</NodeName>
        <Path>./Device/Vendor/MSFT</Path>
        <DFProperties>
          <AccessType>
            <Get />
          </AccessType>
          <Description>The root node for the Win32CompatibilityAppraiser configuration service provider.</Description>
          <DFFormat>
            <node />
          </DFFormat>
          <Occurrence>
            <One />
          </Occurrence>
          <Scope>
            <Permanent />
          </Scope>
          <DFType>
            <MIME>com.microsoft/1.0/MDM/Win32CompatibilityAppraiser</MIME>
          </DFType>
        </DFProperties>
        <Node>
          <NodeName>CompatibilityAppraiser</NodeName>
          <DFProperties>
            <AccessType>
              <Get />
            </AccessType>
            <Description>This represents the state of the Compatibility Appraiser.</Description>
            <DFFormat>
              <node />
            </DFFormat>
            <Occurrence>
              <One />
            </Occurrence>
            <Scope>
              <Permanent />
            </Scope>
            <DFTitle>CompatibilityAppraiser</DFTitle>
            <DFType>
              <DDFName></DDFName>
            </DFType>
          </DFProperties>
          <Node>
            <NodeName>AppraiserConfigurationDiagnosis</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. </Description>
              <DFFormat>
                <node />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>AppraiserConfigurationDiagnosis</DFTitle>
              <DFType>
                <DDFName></DDFName>
              </DFType>
            </DFProperties>
            <Node>
              <NodeName>CommercialId</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>The unique identifier specifying what organization owns this device.  This helps correlate telemetry after it has been uploaded.</Description>
                <DFFormat>
                  <chr />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>CommercialId</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>CommercialIdSetAndValid</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value representing whether the CommercialId is set to a valid value.  Valid values are strings in the form of GUIDs, with no surrounding braces.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>CommercialIdSetAndValid</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>AllTargetOsVersionsRequested</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set.  By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>AllTargetOsVersionsRequested</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>OsSkuIsValidForAppraiser</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>OsSkuIsValidForAppraiser</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>AppraiserCodeAndDataVersionsAboveMinimum</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data.  The values are: 0 == "Neither the code nor data is of a sufficient version", 1 == "The code version is insufficient but the data version is sufficient", 2 == "The code version is sufficient but the data version is insufficient", and 3 == "Both the code and data are of a sufficient version".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>AppraiserCodeVersionAboveMinimum</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>RebootPending</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value representing whether a reboot is pending on this computer.  A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>RebootPending</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
          </Node>
          <Node>
            <NodeName>AppraiserRunResultReport</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations.</Description>
              <DFFormat>
                <xml />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>AppraiserRunResultReport</DFTitle>
              <DFType>
                <MIME>text/plain</MIME>
              </DFType>
            </DFProperties>
          </Node>
        </Node>
        <Node>
          <NodeName>UniversalTelemetryClient</NodeName>
          <DFProperties>
            <AccessType>
              <Get />
            </AccessType>
            <Description>This represents the state of the Universal Telemetry Client, or DiagTrack service.</Description>
            <DFFormat>
              <node />
            </DFFormat>
            <Occurrence>
              <One />
            </Occurrence>
            <Scope>
              <Permanent />
            </Scope>
            <DFTitle>UniversalTelemetryClient</DFTitle>
            <DFType>
              <DDFName></DDFName>
            </DFType>
          </DFProperties>
          <Node>
            <NodeName>UtcConfigurationDiagnosis</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload.</Description>
              <DFFormat>
                <node />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>UtcConfigurationDiagnosis</DFTitle>
              <DFType>
                <DDFName></DDFName>
              </DFType>
            </DFProperties>
            <Node>
              <NodeName>TelemetryOptIn</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value representing what level of telemetry will be uploaded.  The values are: 0 == "Security data will be sent", 1 == "Basic telemetry will be sent", 2 == "Enhanced telemetry will be sent", and 3 == "Full telemetry will be sent".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>TelemetryOptIn</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>CommercialDataOptIn</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload.  The values are: 0 == "Setting is disabled", 1 == "Setting is enabled", and 2 == "Setting is not applicable to this version of Windows".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>CommercialDataOptIn</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>DiagTrackServiceRunning</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value representing whether the DiagTrack service is running.  This service must be running in order to upload UTC data.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>DiagTrackServiceRunning</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>MsaServiceEnabled</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>A boolean value representing whether the MSA service is enabled.  This service must be enabled for UTC data to be indexed with Global Device IDs.</Description>
                <DFFormat>
                  <bool />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>MsaServiceEnabled</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>InternetExplorerTelemetryOptIn</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value representing what websites Internet Explorer will collect telemetry data for.    The values are: 0 == "Telemetry collection is disabled", 1 == "Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones", 2 == "Telemetry collection is enabled for internet websites and restricted website zones", 3 == "Telemetry collection is enabled for all websites", and 0x7FFFFFFF == "Telemetry collection is not configured".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>InternetExplorerTelemetryOptIn</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
          </Node>
          <Node>
            <NodeName>UtcConnectionReport</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This provides an XML representation of the UTC connections during the most recent summary period.</Description>
              <DFFormat>
                <xml />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>UtcConnectionReport</DFTitle>
              <DFType>
                <MIME>text/plain</MIME>
              </DFType>
            </DFProperties>
          </Node>
        </Node>
        <Node>
          <NodeName>WindowsErrorReporting</NodeName>
          <DFProperties>
            <AccessType>
              <Get />
            </AccessType>
            <Description>This represents the state of the Windows Error Reporting service.</Description>
            <DFFormat>
              <node />
            </DFFormat>
            <Occurrence>
              <One />
            </Occurrence>
            <Scope>
              <Permanent />
            </Scope>
            <DFTitle>WindowsErrorReporting</DFTitle>
            <DFType>
              <DDFName></DDFName>
            </DFType>
          </DFProperties>
          <Node>
            <NodeName>WerConfigurationDiagnosis</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload.</Description>
              <DFFormat>
                <node />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>WerConfigurationDiagnosis</DFTitle>
              <DFType>
                <DDFName></DDFName>
              </DFType>
            </DFProperties>
            <Node>
              <NodeName>WerTelemetryOptIn</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value indicating the amount of WER data that will be uploaded.  The values are: 0 == "Data will not send due to UTC opt-in", 1 == "Data will not send due to WER opt-in", 2 == "Basic WER data will send but not the complete set of data", and 3 == "The complete set of WER data will send".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>WerTelemetryOptIn</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>MostRestrictiveSetting</NodeName>
              <DFProperties>
                <AccessType>
                  <Get />
                </AccessType>
                <Description>An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted.  The values are: 0 == "System telemetry settings are restricting uploads", 1 == "WER basic policies are restricting uploads", 2 == "WER advanced policies are restricting uploads", 3 == "WER consent policies are restricting uploads", and 4 == "There are no restrictive settings".</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Permanent />
                </Scope>
                <DFTitle>MostRestrictiveSetting</DFTitle>
                <DFType>
                  <MIME>text/plain</MIME>
                </DFType>
              </DFProperties>
            </Node>
          </Node>
          <Node>
            <NodeName>WerConnectionReport</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <Description>This provides an XML representation of the most recent WER connections of various types.</Description>
              <DFFormat>
                <xml />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Permanent />
              </Scope>
              <DFTitle>WerConnectionReport</DFTitle>
              <DFType>
                <MIME>text/plain</MIME>
              </DFType>
            </DFProperties>
          </Node>
        </Node>
      </Node>
 </MgmtTree>
 ```
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@ -31,7 +31,7 @@ On Windows 10 for desktop editions, the customized Start works by:
    - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). 
 >[!NOTE]
->Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
+>To use the layout modification XML to configure Start with roaming user profiles, see [Deploying Roaming User Profiles](https://docs.microsoft.com/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs).
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@ -17,7 +17,7 @@ ms.date: 07/19/2018
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello for Business ](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
+Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
 ## Applies to
@ -29,5 +29,5 @@ Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for
 Select the desired value:
- `0`: security keys for Windows Hello for Business are disabled.
+- `0`: security keys for Windows Hello are disabled.
- `1`: security keys for Windows Hello for Business are enabled on [Shared PCs](wcd-sharedpc.md).
+- `1`: security keys for Windows Hello are enabled on [Shared PCs](wcd-sharedpc.md).
--- a/windows/deployment/update/images/app-reliability.png
+++ b/windows/deployment/update/images/app-reliability.png
--- a/windows/deployment/update/images/device-reliability-crash-count.png
+++ b/windows/deployment/update/images/device-reliability-crash-count.png
--- a/windows/deployment/update/images/device-reliability-device-count.png
+++ b/windows/deployment/update/images/device-reliability-device-count.png
--- a/windows/deployment/update/images/device-reliability-event1001-PSoutput.png
+++ b/windows/deployment/update/images/device-reliability-event1001-PSoutput.png
--- a/windows/deployment/update/images/event_1001.png
+++ b/windows/deployment/update/images/event_1001.png
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 07/11/2018
+ms.date: 07/20/2018
 ms.localizationpriority: high
 ---
@ -20,10 +20,13 @@ This topic compiles the most common issues encountered with configuring and usin
 If you've followed the steps in the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic and are still encountering problems, you might find the solution here.
-[Devices not showing up](#devices-not-showing-up)
+[Devices not appearing in Upgrade Readiness](#devices-not-appearing-in-upgrade-readiness)
-[Device Health crash data not appearing](#device-health-crash-data-not-appearing)
+[Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability)
 [Device crashes not appearing in Device Health Device Reliability](#device-crashes-not-appearing-in-device-health-device-reliability)
 [Apps not appearing in Device Health App Reliability](#apps-not-appearing-in-device-health-app-reliability)
 [Upgrade Readiness shows many "Computers with outdated KB"](#upgrade-readiness-shows-many-computers-with-outdated-kb)
@ -36,7 +39,7 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
 [Exporting large data sets](#exporting-large-data-sets)
-### Devices not showing up
+### Devices not appearing in Upgrade Readiness
 In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
@ -58,77 +61,96 @@ If you want to check a large number of devices, you should run the latest script
 If you think the issue might be related to a network proxy, check "Enable data sharing" section of the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic. Also see [Understanding connectivity scenarios and the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog.
-If you have deployed images that have not been generalized, then many of them might have the same ID and so analytics will see them as one device. If you suspect this is the issue, then you can reset the IDs on the non-generalized devices by performing these steps:
+If you have deployed images that have not been generalized, then many of them might have the same ID and so Windows Analytics will see them as one device. If you suspect this is the issue, then you can reset the IDs on the non-generalized devices by performing these steps:
 1. Net stop diagtrack
 2. Reg delete hklm\software\microsoft\sqmclient /v MachineId /f
 3. Net start diagtrack
 #### Devices not appearing in Device Health Device Reliability
-### Device Health crash data not appearing
+[![Device Reliability tile showing device count highlighted](images/device-reliability-device-count.png)](images/device-reliability-device-count.png)
-#### Is WER disabled?
+If you have devices that appear in other solutions, but not Device Health, follow these steps to investigate the issue:
-If Windows Error Reporting (WER) is disabled or redirected on your Windows devices, then reliability information cannot be shown in Device Health.
+1. Confirm that the devices are running Windows10.
 2. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551).
 3. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set).
 4. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information.
 5. Wait 48 hours for activity to appear in the reports.
 6. If you need additional troubleshooting, contact Microsoft Support.
-Check these registry settings in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting**:
+
 ### Device crashes not appearing in Device Health Device Reliability
 [![Device Reliability tile showing crash count highlighted](images/device-reliability-crash-count.png)](images/device-reliability-crash-count.png)
 If you know that devices are experiencing stop error crashes that do not seem to be reflected in the count of devices with crashes, follow these steps to investigate the issue:
 1. Verify that devices are reporting data properly by following the steps in the [Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability) section of this topic.
 2. Trigger a known crash on a test device by using a tool such as [NotMyFault](https://docs.microsoft.com/sysinternals/downloads/notmyfault) from Windows Sysinternals.
 3. Verify that Windows Error Reporting (WER) is not disabled or redirected by confirming the registry settings in **HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which will take precedence if set):
    - Verify that the value "Disabled" (REG_DWORD), if set, is 0.
    - Verify that the value "DontSendAdditionalData" (REG_DWORD), if set, is 0.
    - Verify that the value "CorporateWERServer" (REG_SZ) is not configured.
-If you need further information on Windows Error Reporting (WER) settings, see WER Settings. 
+4. Verify that WER can reach all diagnostic endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md)--if WER can only reach some of the endpoints, it could be included in the device count while not reporting crashes.
 5. Check that crash reports successfully complete the round trip with Event 1001 and that BucketID is not blank. A typical such event looks like this:
   [![Event viewer detail showing Event 1001 details](images/event_1001.png)](images/event_1001.png)
   You can use the following Windows PowerShell snippet to summarize recent occurences of Event 1001. Most events should have a value for BucketID (a few intermittent blank values are OK, however).
   ```powershell
   $limitToMostRecentNEvents = 20
   Get-WinEvent -FilterHashTable @{ProviderName="Windows Error Reporting"; ID=1001} | 
     ?{ $_.Properties[2].Value -match "crash|blue" } |
     % { [pscustomobject]@{ 
       TimeCreated=$_.TimeCreated
       WEREvent=$_.Properties[2].Value
       BucketId=$_.Properties[0].Value
       ContextHint = $(
          if($_.Properties[2].Value -eq "bluescreen"){"kernel"}
          else{ $_.Properties[5].Value }
       )
     }} | Select-Object -First $limitToMostRecentNEvents
   ```
   The output should look something like this:
   [![Typical output for this snippet](images/device-reliability-event1001-PSoutput.png)](images/device-reliability-event1001-PSoutput.png)
 6. Check that some other installed device, app, or crash monitoring solution is not intercepting crash events.
 7. Wait 48 hours for activity to appear in the reports.
 8. If you need additional troubleshooting, contact Microsoft Support.
 #### Endpoint connectivity
 Devices must be able to reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
-If you are using proxy server authentication, it is worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER uploads error reports in the machine context. Both user (typically authenticated) and machine (typically anonymous) contexts require access through proxy servers to the diagnostic endpoints. In Windows 10, version 1703, and later WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access.
+If you are using proxy server authentication, it's worth taking extra care to check the configuration. Prior to Windows 10, version 1703, WER only uploads error reports in the machine context, so whitelisting endpoints to allow non-authenticated access was typically used. In Windows 10, version 1703 and later versions, WER will attempt to use the context of the user that is logged on for proxy authentication such that only the user account requires proxy access.
 Therefore, it's important to ensure that both machine and user accounts have access to the endpoints using authentication (or to whitelist the endpoints so that outbound proxy authentication is not required). For suggested methods, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md#configuring-endpoint-access-with-proxy-server-authentication).
-To test access as a given user, you can run this Windows PowerShell cmdlet *while logged on as that user*: 
+For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md#configuring-endpoint-access-with-proxy-server-authentication).
-```powershell
+### Apps not appearing in Device Health App Reliability
-$endPoints = @(
+[![App Reliability tile showing relability events trend](images/app-reliability.png)](images/app-reliability.png)
        'watson.telemetry.microsoft.com'
        'oca.telemetry.microsoft.com'
        'v10.events.data.microsoft.com'
    )
-$endPoints | %{ Test-NetConnection -ComputerName $_ -Port 443 -ErrorAction Continue } | Select-Object -Property ComputerName,TcpTestSucceeded
+If apps that you know are crashing do not appear in App Reliability, follow these steps to investigate the issue:
-```
+1. Double-check the steps in the [Devices not appearing in Device Health Device Reliability](#devices-not-appearing-in-device-health-device-reliability) and [Device crashes not appearing in Device Health Device Reliability](#device-crashes-not-appearing-in-device-health-device-reliability) sections of this topic.
 2. Confirm that an in-scope application has crashed on an enrolled device. Keep the following points in mind:
    - Not all user-mode crashes are included in App Reliability, which tracks only apps that have a GUI, have been used interactively by a user, and are not part of the operating system.
    - Enrolling more devices helps to ensure that there are enough naturally occurring app crashes.
    - You can also use test apps which are designed to crash on demand.
-If this is successful, `TcpTestSucceeded` should return `True` for each of the endpoints.
+3. Verify that *per-user* Windows Error Reporting (WER) is not disabled or redirected by confirming the registry settings in **HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting** (or **HKCU\Software\Policies\Microsoft\Windows\DataCollection**, which will take precedence if set):
-To test access in the machine context (requires administrative rights), run the above as SYSTEM using PSexec or Task Scheduler, as in this example:
+    - Verify that the value "Disabled" (REG_DWORD), if set, is 0.
    - Verify that the value "DontSendAdditionalData" (REG_DWORD), if set, is 0.
    - Verify that the value "CorporateWERServer" (REG_SZ) is not configured.
 4. Check that some other installed device, app, or crash monitoring solution is not intercepting crash events.
 5. Wait 48 hours for activity to appear in the reports.
 6. If you need additional troubleshooting, contact Microsoft Support.
 ```powershell
 [scriptblock]$accessTest = {
    $endPoints = @(
        'watson.telemetry.microsoft.com'
        'oca.telemetry.microsoft.com'
        'v10.events.data.microsoft.com'
    )
    $endPoints | %{ Test-NetConnection -ComputerName $_ -Port 443 -ErrorAction Continue } | Select-Object -Property ComputerName,TcpTestSucceeded
 }
 $scriptFullPath = Join-Path $env:ProgramData "TestAccessToMicrosoftEndpoints.ps1"
 $outputFileFullPath = Join-Path $env:ProgramData "TestAccessToMicrosoftEndpoints_Output.txt"
 $accessTest.ToString() > $scriptFullPath
 $null > $outputFileFullPath
 $taskAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "-ExecutionPolicy Bypass -Command `"&{$scriptFullPath > $outputFileFullPath}`"" 
 $taskTrigger = New-ScheduledTaskTrigger -Once -At (Get-Date).Addseconds(10)
 $task = Register-ScheduledTask -User 'NT AUTHORITY\SYSTEM' -TaskName 'MicrosoftTelemetryAccessTest' -Trigger $taskTrigger -Action $taskAction -Force
 Start-Sleep -Seconds 120
 Unregister-ScheduledTask -TaskName $task.TaskName -Confirm:$false
 Get-Content $outputFileFullPath
 ```
 As in the other example, if this is successful, `TcpTestSucceeded` should return `True` for each of the endpoints.
 ### Upgrade Readiness shows many "Computers with outdated KB"
 If you see a large number of devices reported as shown in this screenshot of the Upgrade Readiness tile:
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/08/2018
+ms.date: 07/18/2018
 ms.localizationpriority: medium
 ---
@ -52,6 +52,9 @@ To enable data sharing, configure your proxy sever to whitelist the following en
 | `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
 | `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 | `https://oca.telemetry.microsoft.com`  | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
 | `https://login.live.com` | Windows Error Reporting (WER); required by Device Health for device tickets. |
 | `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
 | `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. **Note:** In this context login.live.com is *not* used for access to Microsoft Account consumer services. The endpoint is used only as part of the WIndows Error Reporting protocol to enhance the integrity of error reports. |
 >[!NOTE]
--- a/windows/security/hardware-protection/TOC.md
+++ b/windows/security/hardware-protection/TOC.md
@ -2,7 +2,7 @@
 ## [Encrypted Hard Drive](encrypted-hard-drive.md)
-## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
+## [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md)
 ## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
--- a/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
+++ b/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md
@ -15,46 +15,37 @@ ms.date: 06/29/2017
 Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised. 
 Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard. 
-Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesn’t protect the rest of the operating system, information on the device, other apps, or the network. 
+Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make the these security guarantees:
 Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network. 
 With this, Windows can start to protect the broader range of resources.
-The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system.
+- Protect and maintain the integrity of the system as it starts up
 - Protect and maintain the integrity of the system after it's running
 - Validate that system integrity has truly been maintained through local and remote attestation
-![Application Guard and System Guard](images/application-guard-and-system-guard.png)
+## Maintaining the integrity of the system as it starts
-## What security threats do containers protect against
+With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system. This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
-Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of. 
+With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) we have a hardware-based root of trust that helps us ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. This hardware-based root of trust comes from the device’s [Secure Boot feature](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-8.1-and-8/hh824987), which is part of the Unified Extensible Firmware Interface (UEFI). 
 The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it. 
 Let’s look at how an attacker might elevate privileges and move down the stack.
-![Traditional Windows software stack](images/traditional-windows-software-stack.png)
+After successful verification and startup of the device’s firmware and Windows bootloader, the next opportunity for attackers to tamper with the system’s integrity is while the rest of the Windows operating system and defenses are starting. As an attacker, embedding your malicious code using a rootkit within the boot process enables you to gain the maximum level of privilege and gives you the ability to more easily persist and evade detection. 
-In desktop operating systems, those apps typically run under the context of the user’s privileges. 
+This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device. At the end of the Windows boot process, System Guard will start the system’s antimalware solution, which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start.
 If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on. 
-A different type of app may run under the context of an Administrator. 
+![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png)
 If attackers exploit a vulnerability in that app, they could gain Administrator privileges. 
 Then they can start turning off defenses. 
-They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator. 
+## Maintaining integrity of the system after it’s running (run time)
 Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy. 
 SecOps tools could report the computer as healthy when in fact it’s completely under the control of someone else.
-One way to address this threat is to use a sandbox, as smartphones do. 
+Prior to Windows 10, if an attacker exploited the system and gained SYSTEM level privilege or they compromised the kernel itself, it was game over. The level of control that an attacker would acquire in this condition would enable them to tamper with and bypass many, if not all, of your system defenses. While we have a number of development practices and technologies (such as Windows Defender Exploit Guard) that have made it difficult to gain this level of privilege in Windows 10, the reality is that we needed a way to maintain the integrity of the most sensitive Windows services and data, even when the highest level of privilege has been secured by an adversary.
 That puts a layer between the app layer and the Windows platform services. 
 Universal Windows Platform (UWP) applications work this way. 
 But what if a vulnerability in the sandbox exists? 
 The attacker can escape and take control of the system.
-## How containers help protect Windows 10
+With Windows 10, we introduced the concept of virtualization-based security (VBS), which enables us to contain the most sensitive Windows services and data in hardware-based isolation, which is the Windows Defender System Guard container. This secure environment provides us with the hardware-based security boundary we need to be able to secure and maintain the integrity of critical system services at run time like Credential Guard, Device Guard, Virtual TPM and parts of Windows Defender Exploit Guard, just to name a few.
 Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container. 
 The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device.
 Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised. 
 Anything that's running in that container will also be secure against a compromised app. 
 Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time.
 ![Windows Defender System Guard](images/windows-defender-system-guard.png) 
 ## Validating platform integrity after Windows is running (run time)
 While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
 As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
 ![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) 
--- a/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png
+++ b/windows/security/hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`
	`<!-- ## Configure Favorites -->`	`<!-- ## Configure Favorites -->`
	`>Deprecated. Use [Provision Favorites](../available-policies.md#provision-favorites).`	`>Use [Provision Favorites](../available-policies.md#provision-favorites) in place of this policy.`
		`@ -1 +1 @@`
			Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the [Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar) policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.				`Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.`
		`@ -1 +1 @@`
			`Microsoft Edge automatically updates the configuration data for the Books Library. Disabling this policy prevents Microsoft Edge from updating the configuration data.`				`Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.`
		`@ -1 +1 @@`
			`By default, Microsoft Edge allows all cookies from all websites. With this policy, however, you can configure Microsoft to block only 3rd-party cookies or block all cookies.`				`Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.`
`@ -1,2 +1 @@`
	`Being deprecated in RS5 >> You can configure a list of URLs and create a set of folders to appear in Microsoft Edge’s Favorites list. When you enable this policy, users cannot customize the Favorites list, such as adding folders for organizing, and adding or removing any of the favorites configured. By default, this policy is disabled or not configured allowing users to customize the Favorites list.`	`Use the [Provision Favorites](../available-policies.md#provision-favorites) in place of Configure Favorites.`