Merge branch 'master' into nimishasatapathy-5556913-4226

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -6438,6 +6438,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### EAP policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-eap.md#eap-allowtls1_3" id="eap-allowtls1_3">EAP/AllowTLS1_3</a>
+  </dd>
+</dl>
+
 ### Education policies
 
 <dl>

windows/client-management/mdm/policy-csp-devicelock.md

@@ -28,6 +28,9 @@ manager: dansimp
   <dd>
     <a href="#devicelock-allowsimpledevicepassword">DeviceLock/AllowSimpleDevicePassword</a>
   </dd>
+  <dd>
+    <a href="#devicelock-allowscreentimeoutwhilelockeduserconfig">DeviceLock/AllowScreenTimeoutWhileLockedUserConfig</a>
+  </dd>
   <dd>
     <a href="#devicelock-alphanumericdevicepasswordrequired">DeviceLock/AlphanumericDevicePasswordRequired</a>
   </dd>
@@ -149,9 +152,49 @@ Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For th
 > This policy must be wrapped in an Atomic command.
 
 
-
 For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)).
 
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Blocked
+-   1 – Allowed
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:

windows/client-management/mdm/policy-csp-eap.md

@@ -0,0 +1,83 @@
+---
+title: Policy CSP - EAP
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app. 
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - EAP
+
+
+<hr/>
+
+<!--Policies-->
+## EAP policies  
+
+<dl>
+  <dd>
+    <a href="#eap-allowtls1_3">EAP/AllowTLS1_3</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="eap-allowtls1_3"></a>**EAP/AllowTLS1_3**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|Yes|Yes|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting is added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP Friendly name: *AllowTLS1_3*
+-   GP name: *AllowTLS1_3*
+-   GP path: *Windows Components/EAP*
+-   GP ADMX file name: *EAP.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:  
+- 0 – Use of TLS version 1.3 is not allowed for authentication.
+
+- 1 (default) – Use of TLS version 1.3 is allowed for authentication.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+
+<!--/Policies-->
+

windows/client-management/mdm/toc.yml

@@ -701,6 +701,8 @@ items:
               href: policy-csp-display.md
             - name: DmaGuard
               href: policy-csp-dmaguard.md
+            - name: EAP
+              href: policy-csp-eap.md
             - name: Education
               href: policy-csp-education.md
             - name: EnterpriseCloudPrint