diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..c4eba79f3d 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,6 +121,8 @@ ms.date: 10/08/2020
- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist)
- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
@@ -150,6 +152,8 @@ ms.date: 10/08/2020
- [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose)
- [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving)
- [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper)
+- [ADMX_DeviceCompat/DeviceFlags](./policy-csp-admx-devicecompat.md#admx-devicecompat-deviceflags)
+- [ADMX_DeviceCompat/DriverShims](./policy-csp-admx-devicecompat.md#admx-devicecompat-drivershims)
- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall)
- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext)
- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext)
@@ -158,6 +162,7 @@ ms.date: 10/08/2020
- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny)
- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore)
- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser)
+- [ADMX_DeviceGuard/ConfigCIPolicy](./policy-csp-admx-deviceguard.md#admx-deviceguard-configcipolicy)
- [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips)
- [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration)
- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
@@ -185,6 +190,7 @@ ms.date: 10/08/2020
- [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
- [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
+- [ADMX_DFS/DFSDiscoverDC](./policy-csp-admx-dfs.md#admx-dfs-dfsdiscoverdc)
- [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1)
- [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2)
- [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a03f3f09f7..a394943879 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -555,7 +555,18 @@ The following diagram shows the Policy configuration service provider in tree fo
-### ADMX_Desktop policies
+### ADMX_DCOM policies
+
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+
+
+
+### ADMX_Desktop policies
-
@@ -647,6 +658,24 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DeviceCompat policies
+
+
+ -
+ ADMX_DeviceCompat/DeviceFlags
+
+ -
+ ADMX_DeviceCompat/DriverShims
+
+
+
+### ADMX_DeviceGuard policies
+
+ -
+ ADMX_DeviceGuard/ConfigCIPolicy
+
+
+
### ADMX_DeviceInstallation policies
@@ -687,9 +716,19 @@ The following diagram shows the Policy configuration service provider in tree fo
-### ADMX_DigitalLocker policies
-
+### ADMX_DFS policies
+
+
-
+ ADMX_DFS/DFSDiscoverDC
+
+
+
+### ADMX_DigitalLocker policies
+
+
+-
ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1
-
@@ -697,6 +736,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DiskDiagnostic policies
+
+
+ -
+ ADMX_DiskDiagnostic/DfdAlertPolicy
+
+ -
+ ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+
+
+
### ADMX_DistributedLinkTracking policies
@@ -777,7 +827,6 @@ The following diagram shows the Policy configuration service provider in tree fo
### ADMX_DWM policies
-
-
ADMX_DWM/DwmDefaultColorizationColor_1
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
new file mode 100644
index 0000000000..a7729ee3a4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -0,0 +1,212 @@
+---
+title: Policy CSP - ADMX_DCOM
+description: Policy CSP - ADMX_DCOM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DCOM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DCOM policies
+
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+
+
+
+
+
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
+
+- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.
+If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Allow local activation security check exemptions*
+- GP name: *DCOMActivationSecurityCheckAllowLocalList*
+- GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
+- GP ADMX file name: *DCOM.admx*
+
+
+
+
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to view and change a list of DCOM server application IDs (appids), which are exempted from the DCOM Activation security check.
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
+DCOM server application IDs added to this policy must be listed in curly brace format.
+
+For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
+If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors.
+- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
+If you add an application ID to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server.
+If you add an application ID to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local
+settings.
+- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+
+If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.
+DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
+
+> [!NOTE]
+> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
+>
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Allow local activation security check exemptions*
+- GP name: *DCOMActivationSecurityCheckExemptionList*
+- GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
+- GP ADMX file name: *DCOM.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
new file mode 100644
index 0000000000..f53dd522fc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -0,0 +1,175 @@
+---
+title: Policy CSP - ADMX_DeviceCompat
+description: Policy CSP - ADMX_DeviceCompat
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceCompat
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DeviceCompat policies
+
+
+ -
+ ADMX_DeviceCompat/DeviceFlags
+
+ -
+ ADMX_DeviceCompat/DriverShims
+
+
+
+
+
+
+
+**ADMX_DeviceCompat/DeviceFlags**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Changes behavior of Microsoft bus drivers to work with specific devices.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Device compatibility settings*
+- GP name: *DeviceFlags*
+- GP path: *Windows Components\Device and Driver Compatibility*
+- GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
+
+
+**ADMX_DeviceCompat/DriverShims**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Driver compatibility settings*
+- GP name: *DriverShims*
+- GP path: *Windows Components\Device and Driver Compatibility*
+- GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
new file mode 100644
index 0000000000..079455128a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_DeviceGuard
+description: Policy CSP - ADMX_DeviceGuard
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceGuard
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DeviceGuard policies
+
+
+ -
+ ADMX_DeviceGuard/ConfigCIPolicy
+
+
+
+
+
+
+
+**ADMX_DeviceGuard/ConfigCIPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
+
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
+
+To enable this policy the machine must be rebooted.
+The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
+
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
+If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+1. First update the policy to a non-protected policy and then disable the setting.
+2. Disable the setting and then remove the policy from each computer, with a physically present user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Deploy Windows Defender Application Control*
+- GP name: *ConfigCIPolicy*
+- GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
+- GP ADMX file name: *DeviceGuard.admx*
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
new file mode 100644
index 0000000000..fc3cdf1b1d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -0,0 +1,118 @@
+---
+title: Policy CSP - ADMX_DFS
+description: Policy CSP - ADMX_DFS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DFS
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+
+## ADMX_DFS policies
+
+
+ -
+ ADMX_DFS/DFSDiscoverDC
+
+
+
+
+
+
+
+**ADMX_DFS/DFSDiscoverDC**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
+By default, a DFS client attempts to discover domain controllers every 15 minutes.
+
+- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers.
+This value is specified in minutes.
+
+- If you disable or do not configure this policy setting, the default value of 15 minutes applies.
+
+> [!NOTE]
+> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure how often a DFS client discovers domain controllers*
+- GP name: *DFSDiscoverDC*
+- GP path: *Windows Components\ActiveX Installer Service*
+- GP ADMX file name: *DFS.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
new file mode 100644
index 0000000000..eecf8264d6
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -0,0 +1,204 @@
+---
+title: Policy CSP - ADMX_DiskDiagnostic
+description: Policy CSP - ADMX_DiskDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskDiagnostic
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DiskDiagnostic policies
+
+
+ -
+ ADMX_DiskDiagnostic/DfdAlertPolicy
+
+ -
+ ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+
+
+
+
+
+
+
+**ADMX_DiskDiagnostic/DfdAlertPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure custom alert text*
+- GP name: *DfdAlertPolicy*
+- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+- GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
+
+
+
+**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
+
+Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
+
+- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
+- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure execution level*
+- GP name: *WdiScenarioExecutionPolicy*
+- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+- GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are for upcoming release.
+
+
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 1d385366fb..4395fbc920 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -439,12 +439,20 @@ items:
href: policy-csp-admx-ctrlaltdel.md
- name: ADMX_DataCollection
href: policy-csp-admx-datacollection.md
+ - name: ADMX_DCOM
+ href: policy-csp-admx-dcom.md
- name: ADMX_Desktop
href: policy-csp-admx-desktop.md
+ - name: ADMX_DeviceCompat
+ href: policy-csp-admx-devicecompat.md
+ - name: ADMX_DeviceGuard
+ href: policy-csp-admx-deviceguard.md
- name: ADMX_DeviceInstallation
href: policy-csp-admx-deviceinstallation.md
- name: ADMX_DeviceSetup
href: policy-csp-admx-devicesetup.md
+ - name: ADMX_DFS
+ href: policy-csp-admx-dfs.md
- name: ADMX_DigitalLocker
href: policy-csp-admx-digitallocker.md
- name: ADMX_DistributedLinkTracking