Merge branch 'master' into MDBranch20H2SandboxPolicyCSP

.openpublishing.redirection.json

@@ -79,6 +79,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
@@ -14565,41 +14570,86 @@
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-admx-backed.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
       "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",

windows/application-management/apps-in-windows-10.md

@@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command:
 Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
 ```
 
-Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909.
+Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004.
 
-| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? |
+| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? |
-|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
+|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:|
-| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |          Yes          |
+| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |      |          Yes          |
-| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |    Via Settings App   |
+| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |   x  |    Via Settings App   |
-| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |                       |
+| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |   x  |                       |
-| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |           No          |
+| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |           No          |
+| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |   x  |          No          |
-| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |           No          |
+| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |   x  |           No          |
 
 >[!NOTE]
 >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.

windows/client-management/mdm/TOC.md

@@ -159,14 +159,14 @@
 #### [Personalization DDF file](personalization-ddf.md)
 ### [Policy CSP](policy-configuration-service-provider.md)
 #### [Policy DDF file](policy-ddf-file.md)
-#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
-#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
@@ -208,6 +208,19 @@
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
 #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
+#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
+#### [ADMX_Snmp](policy-csp-admx-snmp.md)
+#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
+#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
+#### [ADMX_TPM](policy-csp-admx-tpm.md)
+#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
+#### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WinCal](policy-csp-admx-wincal.md)
+#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
+#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
+#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WinInit](policy-csp-admx-wininit.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
@@ -257,6 +270,7 @@
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)
 #### [Messaging](policy-csp-messaging.md)
+#### [MixedReality](policy-csp-mixedreality.md)
 #### [MSSecurityGuide](policy-csp-mssecurityguide.md)
 #### [MSSLegacy](policy-csp-msslegacy.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a
 
 ### Add cloud-based MDM to the app gallery
 
-You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery.
+> [!NOTE]
+> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application 
+
+The following table shows the required information to create an entry in the Azure AD app gallery.
 
 <table>
 <colgroup>

windows/client-management/mdm/devicestatus-csp.md

@@ -36,9 +36,8 @@ Supported operation is Get.
 <a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**  
 Required. Node for queries on the SIM cards.
 
-> **Note**  Multiple SIMs are supported.
+>[!NOTE]
-
+>Multiple SIMs are supported.
- 
 
 <a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>  
 The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
@@ -107,7 +106,7 @@ Supported operation is Get.
 Node for the compliance query.
 
 <a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**  
-Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
 
 -   0 - not encrypted
 -   1 - encrypted

windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md

@@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
 
 1.  Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.  
     - GP English name

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -2515,7 +2515,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 </ul>
 <p>Added a new section:</p>
 <ul>
-<li><a href="policy-csps-supported-by-group-policy.md" data-raw-source="[[Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)">[Policy CSPs supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
+<li><a href="policy-csps-supported-by-group-policy.md" data-raw-source="[[Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)">[Policies in Policy CSP supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
 </ul>
 </td></tr>
 <tr>

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -1,6 +1,6 @@
 ---
-title: ADMX-backed policy CSPs
+title: ADMX-backed policies in Policy CSP
-description: ADMX-backed policy CSPs
+description: ADMX-backed policies in Policy CSP
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,15 +9,15 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/18/2020
+ms.date: 10/08/2020
 ---
 
-# ADMX-backed policy CSPs
+# ADMX-backed policies in Policy CSP
 
 > [!div class="op_single_selector"]
 >
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
@@ -259,6 +259,212 @@ ms.date: 08/18/2020
 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
 - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
 - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
+- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
+- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
+- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
+- [ADMX_Smartcard/AllowTimeInvalidCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates)
+- [ADMX_Smartcard/CertPropEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring)
+- [ADMX_Smartcard/CertPropRootCleanupString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring)
+- [ADMX_Smartcard/CertPropRootEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring)
+- [ADMX_Smartcard/DisallowPlaintextPin](./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin)
+- [ADMX_Smartcard/EnumerateECCCerts](./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts)
+- [ADMX_Smartcard/FilterDuplicateCerts](./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts)
+- [ADMX_Smartcard/ForceReadingAllCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates)
+- [ADMX_Smartcard/IntegratedUnblockPromptString](./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring)
+- [ADMX_Smartcard/ReverseSubject](./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject)
+- [ADMX_Smartcard/SCPnPEnabled](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled)
+- [ADMX_Smartcard/SCPnPNotification](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification)
+- [ADMX_Smartcard/X509HintsNeeded](./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded)
+- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
+- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
+- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
+- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
+- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
+- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
+- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate)
+- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state)
+- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name)
+- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state)
+- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port)
+- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified)
+- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate)
+- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name)
+- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state)
+- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state)
+- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
+- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
+- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
+- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
+- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
+- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
+- [ADMX_TPM/IgnoreLocalList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name)
+- [ADMX_TPM/OSManagedAuth_Name](./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name)
+- [ADMX_TPM/OptIntoDSHA_Name](./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureDuration_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name)
+- [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name)
+- [ADMX_UserExperienceVirtualization/Calculator](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator)
+- [ADMX_UserExperienceVirtualization/ConfigureSyncMethod](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod)
+- [ADMX_UserExperienceVirtualization/ConfigureVdi](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi)
+- [ADMX_UserExperienceVirtualization/ContactITDescription](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription)
+- [ADMX_UserExperienceVirtualization/ContactITUrl](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl)
+- [ADMX_UserExperienceVirtualization/DisableWin8Sync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync)
+- [ADMX_UserExperienceVirtualization/DisableWindowsOSSettings](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings)
+- [ADMX_UserExperienceVirtualization/EnableUEV](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev)
+- [ADMX_UserExperienceVirtualization/Finance](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance)
+- [ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled)
+- [ADMX_UserExperienceVirtualization/Games](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games)
+- [ADMX_UserExperienceVirtualization/InternetExplorer8](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8)
+- [ADMX_UserExperienceVirtualization/InternetExplorer9](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9)
+- [ADMX_UserExperienceVirtualization/InternetExplorer10](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10)
+- [ADMX_UserExperienceVirtualization/InternetExplorer11](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11)
+- [ADMX_UserExperienceVirtualization/InternetExplorerCommon](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon)
+- [ADMX_UserExperienceVirtualization/Maps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps)
+- [ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016)
+- [ADMX_UserExperienceVirtualization/Music](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music)
+- [ADMX_UserExperienceVirtualization/News](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news)
+- [ADMX_UserExperienceVirtualization/Notepad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad)
+- [ADMX_UserExperienceVirtualization/Reader](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader)
+- [ADMX_UserExperienceVirtualization/RepositoryTimeout](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout)
+- [ADMX_UserExperienceVirtualization/SettingsStoragePath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath)
+- [ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath)
+- [ADMX_UserExperienceVirtualization/Sports](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports)
+- [ADMX_UserExperienceVirtualization/SyncEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming)
+- [ADMX_UserExperienceVirtualization/SyncProviderPingEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled)
+- [ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps)
+- [ADMX_UserExperienceVirtualization/Travel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel)
+- [ADMX_UserExperienceVirtualization/TrayIconEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled)
+- [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video)
+- [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather)
+- [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
+- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
+- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
+- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
+- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
+- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
+- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings)
+- [ADMX_WindowsMediaPlayer/DisableAutoUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate)
+- [ADMX_WindowsMediaPlayer/DisableNetworkSettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings)
+- [ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration)
+- [ADMX_WindowsMediaPlayer/DoNotShowAnchor](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor)
+- [ADMX_WindowsMediaPlayer/DontUseFrameInterpolation](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation)
+- [ADMX_WindowsMediaPlayer/EnableScreenSaver](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver)
+- [ADMX_WindowsMediaPlayer/HidePrivacyTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab)
+- [ADMX_WindowsMediaPlayer/HideSecurityTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab)
+- [ADMX_WindowsMediaPlayer/NetworkBuffering](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering)
+- [ADMX_WindowsMediaPlayer/PolicyCodecUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate)
+- [ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventLibrarySharing](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing)
+- [ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut)
+- [ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval)
+- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
+- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
+- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
+- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
+- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Group Policy
+title: Policies in Policy CSP supported by Group Policy
-description: Policy CSPs supported by Group Policy
+description: Policies in Policy CSP supported by Group Policy
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Group Policy
+# Policies in Policy CSP supported by Group Policy
 
 > [!div class="op_single_selector"]
 > 
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
-description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/17/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Development Edition
+title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
-description: Policy CSPs supported by HoloLens (1st gen) Development Edition
+description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens 2
+title: Policies in Policy CSP supported by HoloLens 2
-description: Policy CSPs supported by HoloLens 2
+description: Policies in Policy CSP supported by HoloLens 2
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,10 +9,10 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 05/11/2020
+ms.date: 10/08/2020
 ---
 
-# Policy CSPs supported by HoloLens 2
+# Policies in Policy CSP supported by HoloLens 2
 
 > [!div class="op_single_selector"]
 >
@@ -50,6 +50,17 @@ ms.date: 05/11/2020
 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
+- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
+- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
+- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled)
+- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
+- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
 - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
 - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
@@ -73,6 +84,8 @@ ms.date: 05/11/2020
 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
+- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
+- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
 - [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
@@ -81,6 +94,10 @@ ms.date: 05/11/2020
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
+- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
+- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
+- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
+- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
@@ -91,6 +108,7 @@ ms.date: 05/11/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Core
+title: Policies in Policy CSP supported by Windows 10 IoT Core
-description: Policy CSPs supported by Windows 10 IoT Core
+description: Policies in Policy CSP supported by Windows 10 IoT Core
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/16/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Core
+# Policies in Policy CSP supported by Windows 10 IoT Core
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Enterprise
+title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-description: Policy CSPs supported by Windows 10 IoT Enterprise
+description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Enterprise
+# Policies in Policy CSP supported by Windows 10 IoT Enterprise
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Microsoft Surface Hub
-description: Policy CSPs supported by Microsoft Surface Hub
+description: Policies in Policy CSP supported by Microsoft Surface Hub
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/22/2020
 ---
 
-# Policy CSPs supported by Microsoft Surface Hub
+# Policies in Policy CSP supported by Microsoft Surface Hub
 
 
 - [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)

windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs that can be set using Exchange Active Sync (EAS)
+title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
-description: Policy CSPs that can be set using Exchange Active Sync (EAS)
+description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs that can be set using Exchange Active Sync (EAS)
+# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 
 - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)  
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)  

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -933,7 +933,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled" id"admx-scripts-allow-logon-script-netbiosdisabled">ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled</a>
+    <a href="./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled" id="admx-scripts-allow-logon-script-netbiosdisabled">ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled</a>
   </dd>
   <dd>
     <a href="./policy-csp-admx-scripts.md#admx-scripts-maxgposcriptwaitpolicy" id="admx-scripts-maxgposcriptwaitpolicy">ADMX_Scripts/MaxGPOScriptWaitPolicy</a>
@@ -1036,6 +1036,689 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_Smartcard policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku" id="admx-smartcard-allowcertificateswithnoeku">ADMX_Smartcard/AllowCertificatesWithNoEKU</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock" id="admx-smartcard-allowintegratedunblock">ADMX_Smartcard/AllowIntegratedUnblock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys" id="admx-smartcard-allowsignatureonlykeys">ADMX_Smartcard/AllowSignatureOnlyKeys</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates" id="admx-smartcard-allowtimeinvalidcertificates">ADMX_Smartcard/AllowTimeInvalidCertificates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring" id="admx-smartcard-certpropenabledstring">ADMX_Smartcard/CertPropEnabledString</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring" id="admx-smartcard-certproprootcleanupstring">ADMX_Smartcard/CertPropRootCleanupString</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring" id="admx-smartcard-certproprootenabledstring">ADMX_Smartcard/CertPropRootEnabledString</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin" id="admx-smartcard-disallowplaintextpin">ADMX_Smartcard/DisallowPlaintextPin</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts" id="admx-smartcard-enumerateecccerts">ADMX_Smartcard/EnumerateECCCerts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts" id="admx-smartcard-filterduplicatecerts">ADMX_Smartcard/FilterDuplicateCerts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates" id="admx-smartcard-forcereadingallcertificates">ADMX_Smartcard/ForceReadingAllCertificates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring" id="admx-smartcard-integratedunblockpromptstring">ADMX_Smartcard/IntegratedUnblockPromptString</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject" id="admx-smartcard-reversesubject">ADMX_Smartcard/ReverseSubject</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled" id="admx-smartcard-scpnpenabled">ADMX_Smartcard/SCPnPEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification" id="admx-smartcard-scpnpnotification">ADMX_Smartcard/SCPnPNotification</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded" id="admx-smartcard-x509hintsneeded">ADMX_Smartcard/X509HintsNeeded</a>
+  </dd>
+</dl>
+
+## ADMX_Snmp policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-communities" id="admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers" id="admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public" id="admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
+  </dd>
+</dl>
+
+## ADMX_tcpip policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name" id="admx-tcpip-6to4-router-name">ADMX_tcpip/6to4_Router_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval" id="admx-tcpip-6to4-router-name-resolution-interval">ADMX_tcpip/6to4_Router_Name_Resolution_Interval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state" id="admx-tcpip-6to4-state">ADMX_tcpip/6to4_State</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate" id="admx-tcpip-iphttps-clientstate">ADMX_tcpip/IPHTTPS_ClientState</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state" id="admx-tcpip-ip-stateless-autoconfiguration-limits-state">ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name" id="admx-tcpip-isatap-router-name">ADMX_tcpip/ISATAP_Router_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state" id="admx-tcpip-isatap-state">ADMX_tcpip/ISATAP_State</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port" id="admx-tcpip-teredo-client-port">ADMX_tcpip/Teredo_Client_Port</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified" id="admx-tcpip-teredo-default-qualified">ADMX_tcpip/Teredo_Default_Qualified</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate" id="admx-tcpip-teredo-refresh-rate">ADMX_tcpip/Teredo_Refresh_Rate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name" id="admx-tcpip-teredo-server-name">ADMX_tcpip/Teredo_Server_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state" id="admx-tcpip-teredo-state">ADMX_tcpip/Teredo_State</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state" id="admx-tcpip-windows-scaling-heuristics-state">ADMX_tcpip/Windows_Scaling_Heuristics_State</a>
+  </dd>
+</dl>
+
+## ADMX_Thumbnails policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails" id="admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
+  </dd>  
+  <dd>
+    <a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders" id="admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders" id="admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
+  </dd>
+</dl>
+
+### ADMX_TPM policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name" id="admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name" id="admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name" id="admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name" id="admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name" id="admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name" id="admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name" id="admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name" id="admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
+  </dd>
+</dl>
+
+### ADMX_UserExperienceVirtualization policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator" id="admx-userexperiencevirtualization-calculator">ADMX_UserExperienceVirtualization/Calculator</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod" id="admx-userexperiencevirtualization-configuresyncmethod">ADMX_UserExperienceVirtualization/ConfigureSyncMethod</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi" id="admx-userexperiencevirtualization-configurevdi">ADMX_UserExperienceVirtualization/ConfigureVdi</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription" id="admx-userexperiencevirtualization-contactitdescription">ADMX_UserExperienceVirtualization/ContactITDescription</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl" id="admx-userexperiencevirtualization-contactiturl">ADMX_UserExperienceVirtualization/ContactITUrl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync" id="admx-userexperiencevirtualization-disablewin8sync">ADMX_UserExperienceVirtualization/DisableWin8Sync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings" id="admx-userexperiencevirtualization-disablewindowsossettings">ADMX_UserExperienceVirtualization/DisableWindowsOSSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev" id="admx-userexperiencevirtualization-enableuev">ADMX_UserExperienceVirtualization/EnableUEV</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance" id="admx-userexperiencevirtualization-finance">ADMX_UserExperienceVirtualization/Finance</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled" id="admx-userexperiencevirtualization-firstusenotificationenabled">ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games" id="admx-userexperiencevirtualization-games">ADMX_UserExperienceVirtualization/Games</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8" id="admx-userexperiencevirtualization-internetexplorer8">ADMX_UserExperienceVirtualization/InternetExplorer8</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9" id="admx-userexperiencevirtualization-internetexplorer9">ADMX_UserExperienceVirtualization/InternetExplorer9</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10" id="admx-userexperiencevirtualization-internetexplorer10">ADMX_UserExperienceVirtualization/InternetExplorer10</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11" id="admx-userexperiencevirtualization-internetexplorer11">ADMX_UserExperienceVirtualization/InternetExplorer11</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon" id="admx-userexperiencevirtualization-internetexplorercommon">ADMX_UserExperienceVirtualization/InternetExplorerCommon</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps" id="admx-userexperiencevirtualization-maps">ADMX_UserExperienceVirtualization/Maps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes" id="admx-userexperiencevirtualization-maxpackagesizeinbytes">ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access" id="admx-userexperiencevirtualization-microsoftoffice2010access">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common" id="admx-userexperiencevirtualization-microsoftoffice2010common">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel" id="admx-userexperiencevirtualization-microsoftoffice2010excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath" id="admx-userexperiencevirtualization-microsoftoffice2010infopath">ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync" id="admx-userexperiencevirtualization-microsoftoffice2010lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote" id="admx-userexperiencevirtualization-microsoftoffice2010onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook" id="admx-userexperiencevirtualization-microsoftoffice2010outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2010powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project" id="admx-userexperiencevirtualization-microsoftoffice2010project">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher" id="admx-userexperiencevirtualization-microsoftoffice2010publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner" id="admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner">ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace" id="admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace">ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio" id="admx-userexperiencevirtualization-microsoftoffice2010visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word" id="admx-userexperiencevirtualization-microsoftoffice2010word">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access" id="admx-userexperiencevirtualization-microsoftoffice2013access">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup" id="admx-userexperiencevirtualization-microsoftoffice2013accessbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common" id="admx-userexperiencevirtualization-microsoftoffice2013common">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup" id="admx-userexperiencevirtualization-microsoftoffice2013commonbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel" id="admx-userexperiencevirtualization-microsoftoffice2013excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup" id="admx-userexperiencevirtualization-microsoftoffice2013excelbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath" id="admx-userexperiencevirtualization-microsoftoffice2013infopath">ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup" id="admx-userexperiencevirtualization-microsoftoffice2013infopathbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync" id="admx-userexperiencevirtualization-microsoftoffice2013lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup" id="admx-userexperiencevirtualization-microsoftoffice2013lyncbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness" id="admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote" id="admx-userexperiencevirtualization-microsoftoffice2013onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup" id="admx-userexperiencevirtualization-microsoftoffice2013onenotebackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook" id="admx-userexperiencevirtualization-microsoftoffice2013outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup" id="admx-userexperiencevirtualization-microsoftoffice2013outlookbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2013powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup" id="admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project" id="admx-userexperiencevirtualization-microsoftoffice2013project">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup" id="admx-userexperiencevirtualization-microsoftoffice2013projectbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher" id="admx-userexperiencevirtualization-microsoftoffice2013publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup" id="admx-userexperiencevirtualization-microsoftoffice2013publisherbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner" id="admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner">ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup" id="admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter" id="admx-userexperiencevirtualization-microsoftoffice2013uploadcenter">ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio" id="admx-userexperiencevirtualization-microsoftoffice2013visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup" id="admx-userexperiencevirtualization-microsoftoffice2013visiobackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word" id="admx-userexperiencevirtualization-microsoftoffice2013word">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup" id="admx-userexperiencevirtualization-microsoftoffice2013wordbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access" id="admx-userexperiencevirtualization-microsoftoffice2016access">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup" id="admx-userexperiencevirtualization-microsoftoffice2016accessbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common" id="admx-userexperiencevirtualization-microsoftoffice2016common">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup" id="admx-userexperiencevirtualization-microsoftoffice2016commonbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel" id="admx-userexperiencevirtualization-microsoftoffice2016excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup" id="admx-userexperiencevirtualization-microsoftoffice2016excelbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync" id="admx-userexperiencevirtualization-microsoftoffice2016lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup" id="admx-userexperiencevirtualization-microsoftoffice2016lyncbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness" id="admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote" id="admx-userexperiencevirtualization-microsoftoffice2016onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup" id="admx-userexperiencevirtualization-microsoftoffice2016onenotebackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook" id="admx-userexperiencevirtualization-microsoftoffice2016outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup" id="admx-userexperiencevirtualization-microsoftoffice2016outlookbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2016powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup" id="admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project" id="admx-userexperiencevirtualization-microsoftoffice2016project">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup" id="admx-userexperiencevirtualization-microsoftoffice2016projectbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher" id="admx-userexperiencevirtualization-microsoftoffice2016publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup" id="admx-userexperiencevirtualization-microsoftoffice2016publisherbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter" id="admx-userexperiencevirtualization-microsoftoffice2016uploadcenter">ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio" id="admx-userexperiencevirtualization-microsoftoffice2016visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup" id="admx-userexperiencevirtualization-microsoftoffice2016visiobackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word" id="admx-userexperiencevirtualization-microsoftoffice2016word">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup" id="admx-userexperiencevirtualization-microsoftoffice2016wordbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013" id="admx-userexperiencevirtualization-microsoftoffice365access2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016" id="admx-userexperiencevirtualization-microsoftoffice365access2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013" id="admx-userexperiencevirtualization-microsoftoffice365common2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016" id="admx-userexperiencevirtualization-microsoftoffice365common2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013" id="admx-userexperiencevirtualization-microsoftoffice365excel2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016" id="admx-userexperiencevirtualization-microsoftoffice365excel2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013" id="admx-userexperiencevirtualization-microsoftoffice365infopath2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013" id="admx-userexperiencevirtualization-microsoftoffice365lync2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016" id="admx-userexperiencevirtualization-microsoftoffice365lync2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013" id="admx-userexperiencevirtualization-microsoftoffice365onenote2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016" id="admx-userexperiencevirtualization-microsoftoffice365onenote2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013" id="admx-userexperiencevirtualization-microsoftoffice365outlook2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016" id="admx-userexperiencevirtualization-microsoftoffice365outlook2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013" id="admx-userexperiencevirtualization-microsoftoffice365powerpoint2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016" id="admx-userexperiencevirtualization-microsoftoffice365powerpoint2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013" id="admx-userexperiencevirtualization-microsoftoffice365project2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016" id="admx-userexperiencevirtualization-microsoftoffice365project2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013" id="admx-userexperiencevirtualization-microsoftoffice365publisher2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016" id="admx-userexperiencevirtualization-microsoftoffice365publisher2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013" id="admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013" id="admx-userexperiencevirtualization-microsoftoffice365visio2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016" id="admx-userexperiencevirtualization-microsoftoffice365visio2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013" id="admx-userexperiencevirtualization-microsoftoffice365word2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016" id="admx-userexperiencevirtualization-microsoftoffice365word2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music" id="admx-userexperiencevirtualization-music">ADMX_UserExperienceVirtualization/Music</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news" id="admx-userexperiencevirtualization-news">ADMX_UserExperienceVirtualization/News</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad" id="admx-userexperiencevirtualization-notepad">ADMX_UserExperienceVirtualization/Notepad</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader" id="admx-userexperiencevirtualization-reader">ADMX_UserExperienceVirtualization/Reader</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout" id="admx-userexperiencevirtualization-repositorytimeout">ADMX_UserExperienceVirtualization/RepositoryTimeout</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath" id="admx-userexperiencevirtualization-settingsstoragepath">ADMX_UserExperienceVirtualization/SettingsStoragePath</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath" id="admx-userexperiencevirtualization-settingstemplatecatalogpath">ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports" id="admx-userexperiencevirtualization-sports">ADMX_UserExperienceVirtualization/Sports</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled" id="admx-userexperiencevirtualization-syncenabled">ADMX_UserExperienceVirtualization/SyncEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork" id="admx-userexperiencevirtualization-syncovermeterednetwork">ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming" id="admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming">ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled" id="admx-userexperiencevirtualization-syncproviderpingenabled">ADMX_UserExperienceVirtualization/SyncProviderPingEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps" id="admx-userexperiencevirtualization-syncunlistedwindows8apps">ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel" id="admx-userexperiencevirtualization-travel">ADMX_UserExperienceVirtualization/Travel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled" id="admx-userexperiencevirtualization-trayiconenabled">ADMX_UserExperienceVirtualization/TrayIconEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video" id="admx-userexperiencevirtualization-video">ADMX_UserExperienceVirtualization/Video</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather" id="admx-userexperiencevirtualization-weather">ADMX_UserExperienceVirtualization/Weather</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad" id="admx-userexperiencevirtualization-wordpad">ADMX_UserExperienceVirtualization/Wordpad</a>
+  </dd>
+</dl>
+
+### ADMX_W32Time policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-w32time.md#admx-w32time-policy-config" id="admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient" id="admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient" id="admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver" id="admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
+  </dd>
+</dl>
+
+### ADMX_WinCal policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1" id="admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2" id="admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
+  </dd>
+</dl>
+
+### ADMX_WindowsAnytimeUpgrade policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled" id="admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
+  </dd>
+</dl>
+
+## ADMX_WindowsConnectNow policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1" id="admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2" id="admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar" id="admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
+  </dd>
+</dl>
+
+### ADMX_WindowsMediaDRM policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline" id="admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
+  </dd>
+</dl>
+
+### ADMX_WindowsMediaPlayer policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings" id="admx-windowsmediaplayer-configurehttpproxysettings">ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings" id="admx-windowsmediaplayer-configuremmsproxysettings">ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings" id="admx-windowsmediaplayer-configurertspproxysettings">ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate" id="admx-windowsmediaplayer-disableautoupdate">ADMX_WindowsMediaPlayer/DisableAutoUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings" id="admx-windowsmediaplayer-disablenetworksettings">ADMX_WindowsMediaPlayer/DisableNetworkSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration" id="admx-windowsmediaplayer-disablesetupfirstuseconfiguration">ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor" id="admx-windowsmediaplayer-donotshowanchor">ADMX_WindowsMediaPlayer/DoNotShowAnchor</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation" id="admx-windowsmediaplayer-dontuseframeinterpolation">ADMX_WindowsMediaPlayer/DontUseFrameInterpolation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver" id="admx-windowsmediaplayer-enablescreensaver">ADMX_WindowsMediaPlayer/EnableScreenSaver</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab" id="admx-windowsmediaplayer-hideprivacytab">ADMX_WindowsMediaPlayer/HidePrivacyTab</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab" id="admx-windowsmediaplayer-hidesecuritytab">ADMX_WindowsMediaPlayer/HideSecurityTab</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering" id="admx-windowsmediaplayer-networkbuffering">ADMX_WindowsMediaPlayer/NetworkBuffering</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate" id="admx-windowsmediaplayer-policycodecupdate">ADMX_WindowsMediaPlayer/PolicyCodecUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval" id="admx-windowsmediaplayer-preventcddvdmetadataretrieval">ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing" id="admx-windowsmediaplayer-preventlibrarysharing">ADMX_WindowsMediaPlayer/PreventLibrarySharing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval" id="admx-windowsmediaplayer-preventmusicfilemetadataretrieval">ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut" id="admx-windowsmediaplayer-preventquicklaunchshortcut">ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval" id="admx-windowsmediaplayer-preventradiopresetsretrieval">ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut" id="admx-windowsmediaplayer-preventwmpdesktopshortcut">ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown" id="admx-windowsmediaplayer-skinlockdown">ADMX_WindowsMediaPlayer/SkinLockDown</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols" id="admx-windowsmediaplayer-windowsstreamingmediaprotocols">ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols</a>
+  </dd>
+</dl>
+
+### ADMX_WinInit policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription" id="admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-wininit.md#admx-wininit-hiberboot" id="admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription" id="admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
+  </dd>
+</dl>
+
 ### ApplicationDefaults policies
 
 <dl>
@@ -3352,6 +4035,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### MixedReality policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays" id="mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled" id="mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics" id="mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mixedreality.md#mixedreality-microphonedisabled" id="mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled" id="mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
+  </dd>
+</dl>
+
 ### MSSecurityGuide policies
 
 <dl>
@@ -4924,27 +5627,27 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
-## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs
+## Policies in Policy CSP supported by Group Policy and ADMX-backed policies in Policy CSP
-- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+- [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-- [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+- [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 
 > [!NOTE]
-> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-## Policy CSPs supported by HoloLens devices
+## Policies in Policy CSP supported by HoloLens devices
-- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)  
+- [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)  
-- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)  
+- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)  
-- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
 
-## Policy CSPs supported by Windows 10 IoT
+## Policies in Policy CSP supported by Windows 10 IoT
-- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
 
-## Policy CSPs supported by Microsoft Surface Hub
+## Policies in Policy CSP supported by Microsoft Surface Hub
-- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+- [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 
-## Policy CSPs that can be set using Exchange ActiveSync (EAS)
+## Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)
-- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
+- [Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 
 ## Related topics
 

windows/client-management/mdm/policy-csp-admx-snmp.md

@@ -0,0 +1,290 @@
+---
+title: Policy CSP - ADMX_Snmp
+description: Policy CSP - ADMX_Snmp
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/24/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Snmp
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Snmp policies  
+
+<dl>
+  <dd>
+    <a href="#admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-communities"></a>**ADMX_Snmp/SNMP_Communities**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
+
+SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
+
+A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.
+
+If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
+
+> [!NOTE]
+> - It is good practice to use a cryptic community name.
+> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify communities*
+-   GP name: *SNMP_Communities*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-permittedmanagers"></a>**ADMX_Snmp/SNMP_PermittedManagers**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.
+
+If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
+
+If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
+
+> [!NOTE]
+> This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify permitted managers*
+-   GP name: *SNMP_PermittedManagers*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-traps-public"></a>**ADMX_Snmp/SNMP_Traps_Public**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.
+
+If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
+
+> [!NOTE]
+> This setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify traps for public community*
+-   GP name: *SNMP_Traps_Public*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-thumbnails.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_Thumbnails
+description: Policy CSP - ADMX_Thumbnails
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Thumbnails
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Thumbnails policies  
+
+<dl>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
+  </dd>  
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
+  </dd>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnails"></a>**ADMX_Thumbnails/DisableThumbnails**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
+
+File Explorer displays thumbnail images by default. 
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons.*
+-   GP name: *DisableThumbnails*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnailsonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
+
+File Explorer displays thumbnail images on network folders by default.
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons on network folders*
+-   GP name: *DisableThumbnailsOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbsdbonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files.
+
+This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
+
+If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.
+
+If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files*
+-   GP name: *DisableThumbsDBOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-tpm.md

@@ -0,0 +1,803 @@
+---
+title: Policy CSP - ADMX_TPM
+description: Policy CSP - ADMX_TPM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TPM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_TPM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-blockedcommandslist-name"></a>**ADMX_TPM/BlockedCommandsList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+
+If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
+
+If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the list of blocked TPM commands*
+-   GP name: *BlockedCommandsList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-cleartpmifnotready-name"></a>**ADMX_TPM/ClearTPMIfNotReady_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP name: *ClearTPMIfNotReady_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignoredefaultlist-name"></a>**ADMX_TPM/IgnoreDefaultList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
+
+The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. 
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the default list of blocked TPM commands*
+-   GP name: *IgnoreDefaultList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignorelocallist-name"></a>**ADMX_TPM/IgnoreLocalList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+
+The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the local list of blocked TPM commands*
+-   GP name: *IgnoreLocalList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-osmanagedauth-name"></a>**ADMX_TPM/OSManagedAuth_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+
+You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
+
+If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
+
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
+
+Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
+
+Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.
+
+> [!NOTE]
+> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the level of TPM owner authorization information available to the operating system*
+-   GP name: *OSManagedAuth_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-optintodsha-name"></a>**ADMX_TPM/OptIntoDSHA_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Device Health Attestation Monitoring and Reporting*
+-   GP name: *OptIntoDSHA_Name*
+-   GP path: *System\Device Health Attestation Service*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureduration-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 480 minutes (8 hours) is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Lockout Duration*
+-   GP name: *StandardUserAuthorizationFailureDuration_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 4 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Individual Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 9 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Total Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-uselegacydap-name"></a>**ADMX_TPM/UseLegacyDAP_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
+-   GP name: *UseLegacyDAP_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-w32time.md

@@ -0,0 +1,429 @@
+---
+title: Policy CSP - ADMX_W32Time
+description: Policy CSP - ADMX_W32Time
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_W32Time
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_W32Time policies  
+
+<dl>
+  <dd>
+    <a href="#admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-config"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIG**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
+
+If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
+
+For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
+
+**FrequencyCorrectRate**
+This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
+
+**HoldPeriod**
+This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5
+
+**LargePhaseOffset**
+If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds.
+
+**MaxAllowedPhaseOffset**
+If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds.
+
+**MaxNegPhaseCorrection**
+If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**MaxPosPhaseCorrection**
+If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**PhaseCorrectRate**
+This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar).
+
+**PollAdjustFactor**
+This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar).
+
+**SpikeWatchPeriod**
+This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds.
+
+**UpdateInterval**
+This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second.
+
+General parameters:
+
+**AnnounceFlags**
+This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal
+
+**EventLogFlags**
+This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask.
+
+**LocalClockDispersion**
+This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
+
+**MaxPollInterval**
+This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
+
+**MinPollInterval**
+This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
+
+**ClockHoldoverPeriod**
+This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
+
+**RequireSecureTimeSyncRequests**
+This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
+
+**UtilizeSslTimeData**
+This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock.  Default: 1 (enabled) Boolean
+
+**ClockAdjustmentAuditLimit**
+This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
+
+RODC parameters:
+
+**ChainEntryTimeout**
+This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds.
+
+**ChainMaxEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
+
+**ChainMaxHostEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
+
+**ChainDisable**
+This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
+
+**ChainLoggingRate**
+This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Global Configuration Settings*
+-   GP name: *W32TIME_POLICY_CONFIG*
+-   GP path: *System\Windows Time Service*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-configure-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
+
+If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
+
+If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
+
+**NtpServer**
+The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings.  The default value is ""time.windows.com,0x09"". 
+
+**Type**
+This value controls the authentication that W32time uses. The default value is NT5DS.
+
+**CrossSiteSyncFlags**
+This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
+
+**ResolvePeerBackoffMinutes**
+This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
+
+**ResolvePeerBackoffMaxTimes**
+This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.
+
+**SpecialPollInterval**
+This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
+
+**EventLogFlags**
+This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure Windows NTP Client*
+-   GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled.
+
+Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
+
+If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
+
+If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Client*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpserver"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled.
+
+If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
+
+If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Server*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wincal.md

@@ -0,0 +1,192 @@
+---
+title: Policy CSP - ADMX_WinCal
+description: Policy CSP - ADMX_WinCal
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinCal
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinCal policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-1"></a>**ADMX_WinCal/TurnOffWinCal_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_1*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-2"></a>**ADMX_WinCal/TurnOffWinCal_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_2*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md

@@ -0,0 +1,115 @@
+---
+title: Policy CSP - ADMX_WindowsAnytimeUpgrade
+description: Policy CSP - ADMX_WindowsAnytimeUpgrade
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsAnytimeUpgrade
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsAnytimeUpgrade policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsanytimeupgrade-disabled"></a>**ADMX_WindowsAnytimeUpgrade/Disabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators. 
+
+If you enable this policy setting, the wizard will not run.
+
+If you disable this policy setting or set it to Not Configured, the wizard will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent the wizard from running.*
+-   GP name: *Disabled*
+-   GP path: *Windows Components\Add features to Windows 10*
+-   GP ADMX file name: *WindowsAnytimeUpgrade.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_WindowsConnectNow
+description: Policy CSP - ADMX_WindowsConnectNow
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsConnectNow
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsConnectNow policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-1"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_1*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-2"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_2*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-enableregistrar"></a>**ADMX_WindowsConnectNow/WCN_EnableRegistrar**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
+
+Additional options are available to allow discovery and configuration over a specific medium. 
+
+If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. 
+
+If you disable this policy setting, operations are disabled over all media. 
+
+If you do not configure this policy setting, operations are enabled over all media. 
+
+The default for this policy setting allows operations over all media.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configuration of wireless settings using Windows Connect Now*
+-   GP name: *WCN_EnableRegistrar*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md

@@ -0,0 +1,116 @@
+---
+title: Policy CSP - ADMX_WindowsMediaDRM
+description: Policy CSP - ADMX_WindowsMediaDRM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/13/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsMediaDRM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsMediaDRM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsmediadrm-disableonline"></a>**ADMX_WindowsMediaDRM/DisableOnline**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
+
+When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
+
+When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses.  Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.
+
+When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Windows Media DRM Internet Access*
+-   GP name: *DisableOnline*
+-   GP path: *Windows Components\Windows Media Digital Rights Management*
+-   GP ADMX file name: *WindowsMediaDRM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wininit.md

@@ -0,0 +1,258 @@
+---
+title: Policy CSP - ADMX_WinInit
+description: Policy CSP - ADMX_WinInit
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinInit
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinInit policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-disablenamedpipeshutdownpolicydescription"></a>**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
+
+If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
+
+If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off legacy remote shutdown interface*
+-   GP name: *DisableNamedPipeShutdownPolicyDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-hiberboot"></a>**ADMX_WinInit/Hiberboot**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup.  
+
+If you enable this policy setting, the system requires hibernate to be enabled.
+
+If you disable or do not configure this policy setting, the local setting is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require use of fast startup*
+-   GP name: *Hiberboot*
+-   GP path: *System\Shutdown*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-shutdowntimeouthungsessionsdescription"></a>**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
+
+If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
+
+If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Timeout for hung logon sessions during shutdown*
+-   GP name: *ShutdownTimeoutHungSessionsDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
 -  \<MSFT:GPRegistryMappedName\>    
 -  \<MSFT:GPDBMappedName\>  
 
-For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
+For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
 ](policy-csps-supported-by-group-policy.md).
 
 The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

windows/client-management/mdm/policy-csp-mixedreality.md

@@ -0,0 +1,314 @@
+---
+title: Policy CSP - MixedReality
+description: Policy CSP - MixedReality
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/06/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - MixedReality
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## MixedReality policies  
+
+<dl>
+  <dd>
+    <a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-aadgroupmembershipcachevalidityindays"></a>**MixedReality/AADGroupMembershipCacheValidityInDays**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-brightnessbuttondisabled"></a>**MixedReality/BrightnessButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Disabled
+- 1 - Enabled for device owners
+- 2 - Enabled for all (Default)
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether microphone on HoloLens 2 is disabled or not.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-volumebuttondisabled"></a>**MixedReality/VolumeButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 9 - Available in the next major release of Windows 10.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-system.md

@@ -1,13 +1,13 @@
 ---
 title: Policy CSP - System
-description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update.
+description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/12/2020
+ms.date: 10/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -212,14 +212,13 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. 
+This policy setting opts the device into the Windows enterprise data pipeline. 
 
-If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
+If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
 
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
+If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
 
->[!Note]
+Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -234,8 +233,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 (default) - Do not use the Windows Commercial Data Pipeline
+-   0 (default) - Disabled.
--   1 - Use the Windows Commercial Data Pipeline
+-   1 - Enabled.
 
 <!--/SupportedValues-->
 <!--Example-->
@@ -245,7 +244,9 @@ The following list shows the supported values:
 
 <!--/Validation-->
 <!--/Policy-->
+
 <hr/>
+
 <!--Policy-->
 <a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**  
 
@@ -488,7 +489,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
+Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
 
 This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
 
@@ -509,7 +510,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
+-   0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
 -   1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
 
 <!--/SupportedValues-->
@@ -1605,7 +1606,7 @@ The following list shows the supported values:
 This policy setting, in combination with the System/AllowTelemetry 
  policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
-To enable this behavior you must complete two steps:
+To enable this behavior, you must complete two steps:
 <ul>
 <li>Enable this policy setting</li>
 <li>Set Allow Telemetry to level 2 (Enhanced)</li>

windows/client-management/mdm/surfacehub-csp.md

@@ -161,7 +161,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 <thead>
 <tr class="header">
 <th>ErrorContext value</th>
-<th>Stage where error occured</th>
+<th>Stage where error occurred</th>
 <th>Description and suggestions</th>
 </tr>
 </thead>
@@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 <p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
 
 <a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**  
-<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons).
+<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
 
 <p style="margin-left: 20px">The data type is string. Supported operation is Get and Replace.
 

windows/client-management/troubleshoot-stop-errors.md

@@ -43,7 +43,9 @@ To troubleshoot Stop error messages, follow these general steps:
 2. As a best practice, we recommend that you do the following:
 
     a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
-    
+   - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
+   - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
+   - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
    - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
    - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
    - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)

windows/deployment/update/delivery-optimization-proxy.md

@@ -54,7 +54,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user):
 |---------|---------|
 |Internet Explorer proxy, current user     |  No       |
 |Internet Explorer proxy, device-wide     |   Yes   | 
-|netsh proxy     |  No       |
+|netsh proxy     |  Yes      |
 |Both Internet Explorer proxy (current user) *and* netsh proxy     | Yes, netsh proxy is used        |
 |Both Internet Explorer proxy (device-wide) *and* netsh proxy     | Yes, netsh proxy is used        |
 

windows/deployment/update/waas-configure-wufb.md

@@ -5,7 +5,7 @@ manager: laurawi
 description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
 ms.prod: w10
 ms.mktglfcycl: deploy
-ms.collection: M365initiative-coredeploy
+ms.collection: m365initiative-coredeploy
 audience: itpro
 author: jaimeo
 ms.localizationpriority: medium

windows/deployment/update/waas-delivery-optimization.md

@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 ms.author: jaimeo
 ms.collection:
 - M365-modern-desktop
-- M365initiative-coredeploy
+- m365initiative-coredeploy
 ms.topic: article
 ---
 
@@ -137,7 +137,7 @@ If you set up Delivery Optimization to create peer groups that include devices a
 Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
 
 
-**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details.
+**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/delivery-optimization-proxy). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
 
 **What hostnames should I allow through my firewall to support Delivery Optimization?**: 
 
@@ -193,6 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol
 - Clients aren’t able to reach the Delivery Optimization cloud services.
 - The cloud service doesn’t see other peers on the network. 
 - Clients aren’t able to connect to peers that are offered back from the cloud service.
+- None of the computers on the network are getting updates from peers.
 
 
 ### Clients aren't able to reach the Delivery Optimization cloud services.
@@ -204,7 +205,6 @@ If you suspect this is the problem, try these steps:
 3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
 
 
-
 ### The cloud service doesn't see other peers on the network.
 
 If you suspect this is the problem, try these steps:
@@ -223,6 +223,15 @@ If you suspect this is the problem, try a Telnet test between two devices on the
 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
 
 
+### None of the computers on the network are getting updates from peers
+
+If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive:
+
+- Minimum RAM (inclusive) allowed to use peer caching
+- Minimum disk size allowed to use peer caching
+- Enable peer caching while the device connects using VPN.
+- Allow uploads when the device is on battery while under the set battery level
+
 
 
 

windows/deployment/update/waas-integrate-wufb.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.collection: M365initiative-coredeploy
+ms.collection: m365initiative-coredeploy
 manager: laurawi
 ms.topic: article
 ---

windows/deployment/update/waas-servicing-strategy-windows-10-updates.md

@@ -9,7 +9,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
-ms.collection: M365initiative-coredeploy
+ms.collection: m365initiative-coredeploy
 ---
 
 # Prepare servicing strategy for Windows 10 updates

windows/deployment/update/waas-wufb-group-policy.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.collection: M365initiative-coredeploy
+ms.collection: m365initiative-coredeploy
 manager: laurawi
 ms.topic: article
 ---

windows/deployment/upgrade/quick-fixes.md

@@ -3,7 +3,7 @@ title: Quick fixes - Windows IT Pro
 ms.reviewer: 
 manager: laurawi
 ms.author: greglin
-description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade.
+description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade.
 keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -38,6 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
 <li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
 <li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
 <li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
+<li>Check for unsigned drivers and update or repair them. <a href="#repair-unsigned-drivers" data-raw-source="[More information](#repair-unsigned-drivers)">More information</a>.</li>
 <li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
 <li>Temporarily uninstall non-Microsoft antivirus software.
   <a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
@@ -152,9 +153,78 @@ To check and repair system files:
 
     ```
     > [!NOTE] 
-    > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). 
+    > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
 
 
+### Repair unsigned drivers
+
+[Drivers](https://docs.microsoft.com/windows-hardware/drivers/gettingstarted/what-is-a-driver-) are files ending in *.dll or *.sys that are used to communicate with hardware components.  Because drivers are so important, they are cryptographically signed to ensure they are genuine. Drivers with a *.sys extension that are not properly signed frequently block the upgrade process. Drivers might not be properly signed if you:
+- Disabled driver signature verification (highly not recommended).
+- A catalog file used to sign a driver is corrupt or missing.
+
+ Catalog files (files with a *.cat extension) are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver.  All drivers should be signed to ensure the upgrade process works.
+
+To check your system for unsigned drivers:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **sigverif** and press ENTER. 
+6. The File Signature Verification tool will open. Click **Start**.
+
+    ![File Signature Verification](../images/sigverif.png)
+
+7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers.
+8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired.
+9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below).
+10. The next step is to check that the driver reported as unsigned by sigverif.exe has a problem. In some cases, sigverif.exe might not be successful at locating the catalog file used to sign a driver, even though the catalog file exists. To perform a detailed driver check, download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**.
+
+    [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck:
+
+11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
+12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -i \<driver path\>** and press ENTER (or sigcheck -i for a 32 bit OS). See the following example:
+    ```
+    C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys
+    
+    Sigcheck v2.80 - File version and signature viewer
+    Copyright (C) 2004-2020 Mark Russinovich
+    Sysinternals - www.sysinternals.com
+
+    c:\windows\system32\drivers\afd.sys:
+	    Verified:	Signed
+	    Signing date:	6:18 PM 11/29/2017
+	    Signing date:	6:18 PM 11/29/2017
+	    Catalog:	C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat
+	    Signers:
+	       Microsoft Windows
+		    Cert Status:	This certificate or one of the certificates in the certificate chain is not time valid.
+		    Valid Usage:	NT5 Crypto, Code Signing
+		    Cert Issuer:	Microsoft Windows Verification PCA
+		    Serial Number:	33 00 00 00 4B 76 63 2D 24 A2 39 9A 8B 00 01 00 00 00 4B
+		    Thumbprint:	B8037C46D0DB7A8CEE502407469B0EE3234D3365
+		    Algorithm:	sha1RSA
+		    Valid from:	11:46 AM 3/1/2017
+		    Valid to:	11:46 AM 5/9/2018
+            (output truncated)
+    ```
+    In the example above, the afd.sys driver is properly signed by the catalog file Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat. 
+
+
+13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example:
+
+    ```cmd
+    C:\>Driverquery /si
+    
+    DeviceName                     InfName       IsSigned Manufacturer             
+    ============================== ============= ======== =========================
+    Microsoft ISATAP Adapter       nettun.inf    TRUE     Microsoft                
+    Generic volume shadow copy     volsnap.inf   TRUE     Microsoft                
+    Generic volume                 volume.inf    TRUE     Microsoft                
+    (truncated)               
+    ```
+    For more information about using driverquery, see [Two Minute Drill: DriverQuery.exe](https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-driverquery-exe/ba-p/374977) and [driverquery](https://docs.microsoft.com/windows-server/administration/windows-commands/driverquery).
+
 ### Update Windows
 
 You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.

windows/deployment/upgrade/resolution-procedures.md

@@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1
 
 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).  
 
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.  
+To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
 
 See the following general troubleshooting procedures associated with a result code of 0xC1900101:<br /><br />
 
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co
 | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
 | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. |
 | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder.  An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP     Crash 0x0000007E detected<br>Info SP       Module name           :<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40<br>Info SP     Cannot recover the system.<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. |
-| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  <br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
+| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).<br>&nbsp;<br>Ensure that you select the option to "Download and install updates (recommended)."  Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).<br>&nbsp;<br><b>Computers that run Citrix VDA</b>  <br>You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.  <br>&nbsp;<br>This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.  <br>&nbsp;<br>**Resolution**<br>&nbsp;<br>To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).<br>&nbsp;<br>You can work around this problem in two ways:<br>&nbsp;<br>**Workaround 1**<br>&nbsp;<br>1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.<br>2. Run the Windows upgrade again.<br>3. Reinstall Citrix VDA.<br>&nbsp;<br>**Workaround 2**<br>&nbsp;<br>If you cannot uninstall Citrix VDA, follow these steps to work around this problem:  <br>&nbsp;<br>1. In Registry Editor, go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**<br>2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.<br>3. Go to the following subkey:<br> **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**<br>4. Delete the **CtxMcsWbc** entry.<br>5. Restart the computer, and then try the upgrade again.<br>&nbsp;<br>**Non-Microsoft information disclaimer**  <br>The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
 
 ## 0x800xxxxx
 

windows/privacy/windows-endpoints-1909-non-enterprise-editions.md

@@ -95,6 +95,8 @@ The following methodology was used to derive the network endpoints:
 |wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
 |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
 |adl.windows.com|HTTP|Used for compatibility database updates for Windows
+|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
+|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
 
 ## Windows 10 Pro
 
@@ -159,6 +161,8 @@ The following methodology was used to derive the network endpoints:
 |windows.policies.live.net|HTTP|OneDrive
 |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows
 |adl.windows.com|HTTP|Used for compatibility database updates for Windows
+|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile
+|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices.
 
 ## Windows 10 Education
 

windows/security/identity-protection/credential-guard/credential-guard-requirements.md

@@ -12,29 +12,30 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
-ms.date: 01/12/2018
+ms.date: 09/30/2020
 ms.reviewer: 
 ---
 
 # Windows Defender Credential Guard: Requirements
 
-**Applies to**
+## Applies to
+
 - Windows 10
 - Windows Server 2016
 
-
+For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
-For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
-
 
 ## Hardware and software requirements
 
 To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Windows Defender Credential Guard uses:
+
 - Support for Virtualization-based security (required)
 - Secure boot (required)
-- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware 
+- Trusted Platform Module (TPM, preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware
 - UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)
 
 The Virtualization-based security requires:
+
 - 64-bit CPU
 - CPU virtualization extensions plus extended page tables
 - Windows hypervisor (does not require Hyper-V Windows Feature to be installed)
@@ -47,6 +48,7 @@ Credential Guard can protect secrets in a Hyper-V virtual machine, just as it wo
 
 - The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
 - The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10.
+  - TPM is not a requirement, but we recommend that you implement TPM.
 
 For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/).
 
@@ -57,19 +59,21 @@ For information about Windows Defender Remote Credential Guard hardware and soft
 When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
 
 >[!WARNING]
-> Enabling Windows Defender Credential Guard on domain controllers is not supported. <br>
+> Enabling Windows Defender Credential Guard on domain controllers is not supported.
 > The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes.
 
 >[!NOTE]
 > Windows Defender Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Windows Defender Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts).
 
 Applications will break if they require:
+
 - Kerberos DES encryption support
 - Kerberos unconstrained delegation
 - Extracting the Kerberos TGT
 - NTLMv1
 
 Applications will prompt and expose credentials to risk if they require:
+
 - Digest authentication
 - Credential delegation
 - MS-CHAPv2
@@ -94,25 +98,25 @@ The following tables describe baseline protections, plus protections for improve
 |Baseline Protections|Description|Security benefits
 |---|---|---|
 |Hardware: **64-bit CPU**        |A 64-bit computer is required for the Windows hypervisor to provide VBS.|
-| Hardware: **CPU virtualization extensions**,<br>plus **extended page tables** | **Requirements**: These hardware features are required for VBS:<br>One of the following virtualization extensions:<br>• VT-x (Intel) or<br>• AMD-V<br>And:<br>• Extended page tables, also called Second Level Address Translation (SLAT). | VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. |
+|Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**: </br> - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system. </br></br> Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.|
-| Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br>[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
+|Hardware: **Trusted Platform Module (TPM)**|**Requirement**: </br> - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.|
-| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
+|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: </br> - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.|
-| Firmware: **Secure firmware update process**  | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
+|Firmware: **Secure firmware update process**|**Requirements**: </br> - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 or Windows Server 2016.<br><blockquote><p><b>Important:</b><br> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. </p></blockquote> |Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. |
+|Software: Qualified **Windows operating system**|**Requirement**: </br> - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
+
+> [!IMPORTANT]
+> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.
 
 > [!IMPORTANT]
 > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.
 
-
 ### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4
 
 |Protections for Improved Security|Description|
-|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|---|
-| Hardware: **IOMMU** (input/output memory management unit) |                                                                                                                                                                               **Requirement**: VT-D or AMD Vi IOMMU **Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables).                                                                                                                                                                               |
+|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: </br> - VT-D or AMD Vi IOMMU </br> </br> **Security benefits**: </br> - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)|
-| Firmware: **Securing Boot Configuration and Management**  | **Requirements**:<br>• BIOS password or stronger authentication must be supported.<br>• In the BIOS configuration, BIOS authentication must be set.<br>• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.<br>• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. |
+|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
-|    Firmware: **Secure MOR, revision 2 implementation**    |                                                                                                                                                                                                                                                                                          **Requirement**: Secure MOR, revision 2 implementation                                                                                                                                                                                                                                                                                          |
+|Firmware: **Secure MOR, revision 2 implementation**|**Requirement**: </br> - Secure MOR, revision 2 implementation|
-
-<br>
 
 ### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
 
@@ -121,11 +125,9 @@ The following tables describe baseline protections, plus protections for improve
 
 |Protections for Improved Security|Description|Security Benefits|
 |---|---|---|
-| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:<br>Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)<br>• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx). | Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.<br>• HSTI provides additional security assurance for correctly secured silicon and platform. |
+|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**: </br> - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby</br> - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware. </br> - HSTI provides additional security assurance for correctly secured silicon and platform.|
-| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update. | Helps ensure that firmware updates are fast, secure, and reliable. |
+|Firmware: **Firmware Update through Windows Update**|**Requirements**: </br> - Firmware must support field updates through Windows Update and UEFI encapsulation update.|Helps ensure that firmware updates are fast, secure, and reliable.|
-| Firmware: **Securing Boot Configuration and Management** | **Requirements**:<br>• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.<br>• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software. | • Enterprises can choose to allow proprietary EFI drivers/applications to run.<br>• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
+|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time. </br> - Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.|- Enterprises can choose to allow proprietary EFI drivers/applications to run. </br> - Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots.|
-
-<br>
 
 ### 2017 Additional security qualifications starting with Windows 10, version 1703
 
@@ -133,5 +135,21 @@ The following table lists qualifications for Windows 10, version 1703, which are
 
 |Protections for Improved Security|Description|Security Benefits
 |---|---|---|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:<br>• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.<br>• UEFI runtime service must meet these requirements: <br>&nbsp;&nbsp;&nbsp;&nbsp;- Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. <br>&nbsp;&nbsp;&nbsp;&nbsp;- PE sections need to be page-aligned in memory (not required for in non-volatile storage).<br>&nbsp;&nbsp;&nbsp;&nbsp;- The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. <br><blockquote><p><b>Notes:</b><br>• This only applies to UEFI runtime service memory, and not UEFI boot service memory. <br>• This protection is applied by VBS on OS page tables.</p></blockquote><br> Please also note the following: <br>• Do not use sections that are both writeable and executable<br>• Do not attempt to directly modify executable system memory<br>• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.     |
+|Firmware: **VBS enablement of No-Execute (NX) protection for UEFI runtime services**|**Requirements**: </br> - VBS will enable NX protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements: </br> - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. </br> - PE sections must be page-aligned in memory (not required for in non-volatile storage). </br> - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: </br> - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both. </br> - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. </br> (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) </br> - Reduces the attack surface to VBS from system firmware.|
-| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features. |  • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>• Reduces the attack surface to VBS from system firmware.<br>• Blocks additional security attacks against SMM. |
+|Firmware: **Firmware support for SMM protection**|**Requirements**: </br> - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an ACPI table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) </br> - Reduces the attack surface to VBS from system firmware. </br> - Blocks additional security attacks against SMM.|
+
+> [!IMPORTANT]
+>
+>Regarding **VBS enablement of NX protection for UEFI runtime services**:
+>
+> - This only applies to UEFI runtime service memory, and not UEFI boot service memory.
+>
+> - This protection is applied by VBS on OS page tables.
+>
+>   Please also note the following:
+>
+>   - Do not use sections that are both writeable and executable
+>
+>   - Do not attempt to directly modify executable system memory
+>
+>   - Do not use dynamic code

windows/security/identity-protection/hello-for-business/hello-faq.md

@@ -75,6 +75,7 @@ Communicating with Azure Active Directory uses the following URLs:
 - enterpriseregistration.windows.net
 - login.microsoftonline.com
 - login.windows.net
+- account.live.com
 
 If your environment uses Microsoft Intune, you need these additional URLs:
 - enrollment.manage.microsoft.com

windows/security/identity-protection/vpn/vpn-conditional-access.md

@@ -48,44 +48,54 @@ The following client-side components are also required:
 - Trusted Platform Module (TPM)
 
 ## VPN device compliance 
+
 At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section.
 
 Server-side infrastructure requirements to support VPN device compliance include:
 
-- The VPN server should be configured for certificate authentication
+- The VPN server should be configured for certificate authentication.
-- The VPN server should trust the tenant-specific Azure AD CA
+- The VPN server should trust the tenant-specific Azure AD CA.
-- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO)
+- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO).
    
 After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node.
 
 Two client-side configuration service providers are leveraged for VPN device compliance.
 
-- VPNv2 CSP DeviceCompliance settings
+- VPNv2 CSP DeviceCompliance settings:
+
    - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
    - **Sso**: entries under SSO should be used to direct the VPN client to use a certificate other than the VPN authentication certificate when accessing resources that require Kerberos authentication.
    - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication.
    - **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication.
    - **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication.
+   
 - HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include:
+
    - Collects TPM data used to verify health states
    - Forwards the data to the Health Attestation Service (HAS)
    - Provisions the Health Attestation Certificate received from the HAS
    - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
    
 > [!NOTE]
->Currently, it is required that certificates be issued from an on-premises CA, and that SSO be enabled in the user’s VPN profile. This will enable the user to obtain Kerberos tickets in order to access resources on-premises. Kerberos currently does not support the use of Azure AD certificates.
+> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. 
 
 ## Client connection flow
+
 The VPN client side connection flow works as follows:
 
-![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png)
+> [!div class="mx-imgBorder"]
+> ![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png)
  
 When a VPNv2 Profile is configured with \<DeviceCompliance> \<Enabled>true<\/Enabled> the VPN client uses this connection flow:
 
 1.	 The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client.
+
 2.	 The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies.
-3.	 If compliant, Azure AD requests a short-lived certificate
+
+3.	 If compliant, Azure AD requests a short-lived certificate.
+
 4.	 Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection  processing.
+
 5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server.
 
 ## Configure conditional access

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from
 
 - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms)
 
-- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune)
+- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
 
 - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/)
 

windows/security/threat-protection/intelligence/fileless-threats.md

@@ -43,7 +43,7 @@ A fully fileless malware can be considered one that never requires writing a fil
 
 A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls.
 
-Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks.
+Infections of this type can be particularly difficult to detect because most antivirus products don’t have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks.
 
 ## Type II: Indirect file activity
 

windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md

@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/06/2020
+ms.date: 10/08/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -74,39 +74,14 @@ All our updates contain:
 - serviceability improvements
 - integration improvements (Cloud, Microsoft 365 Defender)  
 <br/>
-<details>
-<summary> September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)</summary>
-
-&ensp;Security intelligence update version: **1.323.2254.0**  
-&ensp;Released: **October 6, 2020**  
-&ensp;Platform: **4.18.2009.x**  
-&ensp;Engine: **1.1.17500.4**  
-&ensp;Support phase: **Security and Critical Updates**
-    
-### What's new
-
-- Admin permissions are required to restore files in quarantine
-- XML formatted events are now supported
-- CSP support for ignoring exclusion merge
-- New management interfaces for: <br/>
-   - UDP Inspection
-   - Network Protection on Server 2019
-   - IP Address exclusions for Network Protection
-- Improved visibility into TPM measurements 
-- Improved Office VBA module scanning
-
-### Known Issues
-No known issues  
-<br/>
-</details>
 
 
 <details>
-<summary> September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4)</summary>
+<summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
 
 &ensp;Security intelligence update version: **1.325.10.0**  
 &ensp;Released: **October 01, 2020**  
-&ensp;Platform: **4.18.2009.X**  
+&ensp;Platform: **4.18.2009.7**  
 &ensp;Engine: **1.1.17500.4**  
 &ensp;Support phase: **Security and Critical Updates**
     
@@ -135,11 +110,14 @@ No known issues
 &ensp;Support phase: **Security and Critical Updates**
     
 ### What's new
-* Add more telemetry events
+
-* Improved scan event telemetry
+- Add more telemetry events
-* Improved behavior monitoring for memory scans
+- Improved scan event telemetry
-* Improved macro streams scanning
+- Improved behavior monitoring for memory scans
-* Added `AMRunningMode` to Get-MpComputerStatus PowerShell CmdLet
+- Improved macro streams scanning
+- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet
+- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program.
+
 
 ### Known Issues
 No known issues  

windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md

@@ -77,7 +77,7 @@ The following table summarizes the functionality and features that are available
 |Automatic disabled mode  |No |Yes |No |No |No |
 
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service.
+- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
 - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 

windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md

@@ -1,6 +1,6 @@
 ---
 title: Protect security settings with tamper protection
-ms.reviewer: 
+ms.reviewer: shwjha, hayhov
 manager: dansimp
 description: Use tamper protection to prevent malicious apps from changing important security settings.
 keywords: malware, defender, antivirus, tamper protection
@@ -14,7 +14,7 @@ audience: ITPro
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 08/31/2020
+ms.date: 10/14/2020
 ---
 
 # Protect security settings with tamper protection
@@ -25,6 +25,7 @@ ms.date: 08/31/2020
 **Applies to:**
 
 - Windows 10
+- Windows Server 2019 (if using tenant attach with [Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006))
 
 ## Overview
 
@@ -54,6 +55,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And,
 1. Turn tamper protection on <br/>
     - [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine).
     - [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
+    - [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006)
 
 2. [View information about tampering attempts](#view-information-about-tampering-attempts).
 
@@ -121,10 +123,38 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
 
 1. Open the Windows PowerShell app.
 
-2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) PowerShell cmdlet.
+2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet.
 
 3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
 
+## Manage tamper protection with Configuration Manager, version 2006
+
+> [!IMPORTANT]
+> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure.
+
+If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices.
+
+1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions).
+
+2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.<br/> 
+
+   - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**.  
+     
+   - In the **Profile** list, select **Windows Security experience (preview)**. <br/>
+   
+   The following screenshot illustrates how to create your policy:
+
+   :::image type="content" source="images/win-security- exp-policy-endpt-security.png" alt-text="Windows security experience in Endpoint Manager":::
+
+3. Deploy the policy to your device collection.
+
+Need help? See the following resources:
+
+- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings)
+
+- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin)
+
+
 ## View information about tampering attempts
 
 Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats.
@@ -133,7 +163,7 @@ When a tampering attempt is detected, an alert is raised in the [Microsoft Defen
 
 ![Microsoft Defender Security Center](images/tamperattemptalert.png)
 
-Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender ATP, your security operations team can investigate and address such attempts.
+Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts.
 
 ## Review your security recommendations
 
@@ -151,11 +181,9 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili
 
 ### To which Windows OS versions is configuring tamper protection is applicable?
 
-Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
+Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
 
-### Is configuring tamper protection in Intune supported on servers?
+If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy).
-
-No
 
 ### Will tamper protection have any impact on third party antivirus registration?
 
@@ -163,13 +191,17 @@ No. Third-party antivirus offerings will continue to register with the Windows S
 
 ### What happens if Microsoft Defender Antivirus is not active on a device?
 
-Tamper protection will not have any impact on such devices.
+Devices that are onboarded to Microsoft Defender for Endpoint will have Microsoft Defender Antivirus running in passive mode. Tamper protection will continue to protect the service and its features. 
 
 ### How can I turn tamper protection on/off?
 
 If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
 
-If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
+If you are an organization using [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: 
+
+- [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
+
+- [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) 
 
 ### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy?
 
@@ -186,19 +218,19 @@ Some sample Microsoft Defender Antivirus settings:
   Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\<br />
   Value `DisableRealtimeMonitoring` = 0
 
-### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only?
+### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only?
 
-Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups.
+Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups.
 
 ### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager?
 
-Currently we do not have support to manage Tamper Protection through Microsoft Endpoint Configuration Manager.
+If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) and [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin).
 
 ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune?
 
-Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
+Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
 
-### What happens if I try to change Microsoft Defender ATP settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
+### What happens if I try to change Microsoft Defender for Endpoint settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
 
 You won’t be able to change the features that are protected by tamper protection; such change requests are ignored.
 
@@ -206,9 +238,9 @@ You won’t be able to change the features that are protected by tamper protecti
 
 No. Local admins cannot change or modify tamper protection settings.
 
-### What happens if my device is onboarded with Microsoft Defender ATP and then goes into an off-boarded state?
+### What happens if my device is onboarded with Microsoft Defender for Endpoint and then goes into an off-boarded state?
 
-In this case, tamper protection status changes, and this feature is no longer applied.
+If a device is off-boarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. 
 
 ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center?
 
@@ -220,14 +252,10 @@ In addition, your security operations team can use hunting queries, such as the
 
 [View information about tampering attempts](#view-information-about-tampering-attempts).
 
-### Will there be a group policy setting for tamper protection?
+## See also
-
-No.
-
-## Related articles
 
 [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
 
-[Get an overview of Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
+[Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
 
-[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-defender-antivirus.md)
+[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md

@@ -13,7 +13,7 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: m365-security-compliance 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md

@@ -21,13 +21,12 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
-Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query.
+Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-reference.md). To understand these concepts better, run your first query.
 
 ## Try your first query
 
@@ -52,26 +51,21 @@ union DeviceProcessEvents, DeviceNetworkEvents
 FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType
 | top 100 by Timestamp
 ```
-
+**[Run this query in advanced hunting](https://securitycenter.windows.com/hunting?query=H4sIAAAAAAAEAI2TT0vDQBDF5yz4HUJPFcTqyZsXqyCIBFvxKNGWtpo_NVlbC8XP7m8mado0K5Zls8nkzdu3b2Z70pNAbmUmqYyk4D2UTJYyllwGMmWNGQHrN_NNvsSBzUBrbMFMiWieAx3xDEBl4GL4AuNd8B0bNgARENcdUmIZ3yM5liPwac3bN-YZPGPU5ET1rWDc7Ox4uod8YDp4MzI-GkjlX4Ne2nly0zEkKzFWh4ZE5sSuTN8Ehq5couvEMnvmUAhez-HsRBMipVa_W_OG6vEfGtT12JRHpqV064e1Kx04NsxFzXxW1aFjp_djXmDRPbfY3XMMcLogTz2bWZ2KqmIJI6q6wKe2WYnrRsa9KVeU9kCBBo2v7BzPxF_Bx2DKiqh63SGoRoc6Njti48z_yL71XHQAcgAur6rXRpcqH3l-4knZF23Utsbq2MircEqmw-G__xR1TdZ1r7zb7XLezmx3etkvGr-ze6NdGdW92azUfpcdluWvr-aqbh_nofnqcWI3aYyOsBV7giduRUO7187LMKTT5rxvHHX80_t8IeeMgLquvL7-Ak3q-kz8BAAA&runQuery=true&timeRangeId=week)**
-This is how it will look like in advanced hunting.
-
-![Image of Microsoft Defender ATP advanced hunting query](images/advanced-hunting-query-example-2.png)
-
 
 ### Describe the query and specify the tables to search
-A short comment has been added to the beginning of the query to describe what it is for. This helps if you later decide to save the query and share it with others in your organization. 
+A short comment has been added to the beginning of the query to describe what it is for. This comment helps if you later decide to save the query and share it with others in your organization.
 
 ```kusto
 // Finds PowerShell execution events that could involve a download
 ```
-
+The query itself will typically start with a table name followed by several elements that start with a pipe (`|`). In this example, we start by creating a union of two tables,  `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed.
-The query itself will typically start with a table name followed by a series of elements started by a pipe (`|`). In this example, we start by creating a union of two tables,  `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed.
 
 ```kusto
 union DeviceProcessEvents, DeviceNetworkEvents
 ```
 ### Set the time range
-The first piped element is a time filter scoped to the previous seven days. Keeping the time range as narrow as possible ensures that queries perform well, return manageable results, and don't time out.
+The first piped element is a time filter scoped to the previous seven days. Limiting the time range helps ensure that queries perform well, return manageable results, and don't time out.
 
 ```kusto
 | where Timestamp > ago(7d)
@@ -80,7 +74,7 @@ The first piped element is a time filter scoped to the previous seven days. Keep
 ### Check specific processes
 The time range is immediately followed by a search for process file names representing the PowerShell application.
 
-```
+```kusto
 // Pivoting on PowerShell processes
 | where FileName in~ ("powershell.exe", "powershell_ise.exe")
 ```
@@ -101,7 +95,7 @@ Afterwards, the query looks for strings in command lines that are typically used
 ```
 
 ### Customize result columns and length 
-Now that your query clearly identifies the data you want to locate, you can add elements that define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process.
+Now that your query clearly identifies the data you want to locate, you can define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process.
 
 ```kusto
 | project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, 
@@ -109,7 +103,7 @@ FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType
 | top 100 by Timestamp
 ```
 
-Click **Run query** to see the results. Select the expand icon at the top right of the query editor to focus on your hunting query and the results. 
+Select **Run query** to see the results. Use the expand icon at the top right of the query editor to focus on your hunting query and the results. 
 
 ![Image of the Expand control in the advanced hunting query editor](images/advanced-hunting-expand.png)
 
@@ -118,7 +112,7 @@ Click **Run query** to see the results. Select the expand icon at the top right
 
 ## Learn common query operators for advanced hunting
 
-Now that you've run your first query and have a general idea of its components, it's time to backtrack a little bit and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones.
+You've just run your first query and have a general idea of its components. It's time to backtrack slightly and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones.
 
 | Operator | Description and usage |
 |--|--|
@@ -137,15 +131,17 @@ To see a live example of these operators, run them from the **Get started** sect
 
 ## Understand data types
 
-Data in advanced hunting tables are generally classified into the following data types.
+Advanced hunting supports Kusto data types, including the following common types:
 
 | Data type | Description and query implications |
 |--|--|
-| `datetime` | Data and time information typically representing event timestamps |
+| `datetime` | Data and time information typically representing event timestamps. [See supported datetime formats](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/datetime) |
-| `string` | Character string |
+| `string` | Character string in UTF-8 enclosed in single quotes (`'`) or double quotes (`"`). [Read more about strings](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/string) |
-| `bool` | True or false |
+| `bool` | This data type supports `true` or `false` states. [See supported literals and operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/bool) |
-| `int` | 32-bit numeric value  |
+| `int` | 32-bit integer  |
-| `long` | 64-bit numeric value |
+| `long` | 64-bit integer |
+
+To learn more about these data types, [read about Kusto scalar data types](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/).
 
 ## Get help as you write queries
 Take advantage of the following functionality to write queries faster:
@@ -155,7 +151,7 @@ Take advantage of the following functionality to write queries faster:
 - **[Schema reference](advanced-hunting-schema-reference.md#get-schema-information-in-the-security-center)**—in-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries
 
 ## Work with multiple queries in the editor
-The query editor can serve as your scratch pad for experimenting with multiple queries. To use multiple queries:
+You can use the query editor to experiment with multiple queries. To use multiple queries:
 
 - Separate each query with an empty line.
 - Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**.
@@ -171,7 +167,7 @@ The **Get started** section provides a few simple queries using commonly used op
 ![Image of the advanced hunting get started tab](images/atp-advanced-hunting.png)
 
 > [!NOTE]
-> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the GitHub query repository.
+> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the [GitHub query repository](https://aka.ms/hunting-queries).
 
 ## Access comprehensive query language reference
 

windows/security/threat-protection/microsoft-defender-atp/android-configure.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/android-intune.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md

@@ -14,7 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md

@@ -11,9 +11,10 @@ ms.localizationpriority: medium
 audience: ITPro
 author: denisebmsft
 ms.author: deniseb
-ms.reviewer: 
+ms.reviewer: sugamar, jcedola
 manager: dansimp
 ms.custom: asr
+ms.date: 10/08/2020
 ---
 
 # Reduce attack surfaces with attack surface reduction rules
@@ -326,10 +327,7 @@ GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c`
 
 ### Block untrusted and unsigned processes that run from USB
 
-With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include:
+With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr)
-
-* Executable files (such as .exe, .dll, or .scr)
-* Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file)
 
 This rule was introduced in: 
 - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803)

windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md

@@ -12,7 +12,9 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.date: 09/24/2020

windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md

@@ -15,7 +15,9 @@ ms.date: 09/30/2020
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.custom: AIR

windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md

@@ -16,6 +16,8 @@ ms.custom:
 - next-gen
 - edr
 ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ---
 
 # Behavioral blocking and containment

windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md

@@ -16,6 +16,8 @@ ms.custom:
 - next-gen
 - edr
 ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ---
 
 # Client behavioral blocking

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md

@@ -40,7 +40,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib
 You'll need to take the following steps to onboard non-Windows devices:
 1. Select your preferred method of onboarding:
 
-   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-atp-mac).
+   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
    - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.   
        
      1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md

@@ -37,14 +37,14 @@ Based on the version of Configuration Manager you're running, the following clie
 
 #### Configuration Manager version 1910 and prior
 
-- Clients computers running Windows 10, version 1607 and later
+- Clients computers running Windows 10 
 
 #### Configuration Manager version 2002 and later
 
 Starting in Configuration Manager version 2002, you can onboard the following operating systems:
 
 - Windows 8.1
-- Windows 10, version 1607 or later
+- Windows 10
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server 2016, version 1803 or later

windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md

@@ -14,7 +14,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md

@@ -16,6 +16,9 @@ ms.custom:
 - next-gen
 - edr
 ms.date: 08/21/2020
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ---
 
 # Endpoint detection and response (EDR) in block mode

windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md

@@ -33,13 +33,15 @@ Check if network protection has been enabled on a local device by using Registry
 
 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
 1. Choose **HKEY_LOCAL_MACHINE** from the side menu
-1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager**
+1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection**
 1. Select **EnableNetworkProtection** to see the current state of network protection on the device
 
     * 0, or **Off**
     * 1, or **On**
     * 2, or **Audit** mode
     
+    ![networkprotection](https://user-images.githubusercontent.com/3296790/95341270-b738b280-08d3-11eb-84a0-16abb140c9fd.PNG)
+
 ## Enable network protection
 
 Enable network protection by using any of these methods:
@@ -107,7 +109,7 @@ Confirm network protection is enabled on a local computer by using Registry edit
 
 1. Select **Start** and type **regedit** to open **Registry Editor**.
 
-2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
+2. Navigate to **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection**
 
 3. Select **EnableNetworkProtection** and confirm the value:
    * 0=Off

windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.date: 04/24/2018
 ---

windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.date: 04/24/2018
 ---

windows/security/threat-protection/microsoft-defender-atp/investigate-files.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.date: 04/24/2018
 ---

windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.date: 04/24/2018
 ---

windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/investigate-user.md

@@ -13,7 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ms.date: 04/24/2018
 ---

windows/security/threat-protection/microsoft-defender-atp/investigation.md

@@ -12,7 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: article
 ---
 

windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md

@@ -14,7 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/ios-install.md

@@ -14,7 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md

@@ -1,58 +0,0 @@
----
-title: Microsoft Defender ATP for iOS note on Privacy
-ms.reviewer:
-description: Describes the Microsoft Defender ATP for iOS Privacy
-keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, 
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: sunasing
-author: sunasing
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-hideEdit: true
----
-
-# Microsoft Defender ATP for iOS note on Privacy
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-## What information can my organization see when I use Microsoft Defender ATP on iOS
-
-Your organization cannot see your personal information when you use Microsoft Defender ATP. Microsoft Defender ATP sends certain pieces of information from your device to the ATP portal, such as device threat level, device model, and serial number. Your organization uses this information to help protect you from web-based attacks.
-
-**What your organization can never see:**
-
-- Calling and web browsing history
-- Email and text messages
-- Contacts
-- Calendar
-- Passwords
-- Pictures, including what's in the photos app or camera roll
-- Files
-
-**What your organization can see:**
-
-- Malicious Connections that were blocked by Microsoft Defender ATP
-- Device model, like iPhone 11
-- Operating system and version, like iOS 12.0.1
-- Device name
-- Device serial number
-
-## VPN Usage
-
-Microsoft Defender ATP for iOS uses VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
-
-## More on Privacy
-
-[More information about Privacy](https://aka.ms/mdatpiosmainprivacystatement)
-
-
-

windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md

@@ -0,0 +1,78 @@
+---
+title: Microsoft Defender ATP for iOS note on Privacy
+ms.reviewer:
+description: Describes the Microsoft Defender ATP for iOS Privacy
+keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: sunasing
+author: sunasing
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+hideEdit: true
+---
+
+# Microsoft Defender ATP for iOS - Privacy information
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for iOS](microsoft-defender-atp-ios.md)
+
+>[!NOTE]
+> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**.
+
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP.
+
+Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service.
+
+## Required data
+
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected:
+
+### Web page / Network information
+
+- Connection information
+- Protocol type (such as HTTP, HTTPS, etc.)
+
+### Device and account information
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier
+- Device identifier is one of the below:
+    - Wi-Fi adapter MAC address
+    - Randomly generated globally unique identifier (GUID)
+
+- Tenant, Device, and User information
+    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory.
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory
+    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted
+    - User Principal Name - Email ID of the user
+
+### Product and service usage data
+
+- App package info, including name, version, and app upgrade status
+- Actions performed in the app
+- Crash report logs generated by iOS
+- Memory usage data
+
+## Optional data
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself.
+
+Optional diagnostic data includes:
+
+- App, CPU, and network usage
+- Features configured by the admin
+
+**Feedback Data** is collected through in-app feedback provided by the user.
+
+- The user's email address, if they choose to provide it
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user
+
+[More on Privacy](https://aka.ms/mdatpiosprivacystatement)

windows/security/threat-protection/microsoft-defender-atp/ios-terms.md

@@ -14,7 +14,9 @@ author: sunasing
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 hideEdit: true
 ---

windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 
@@ -51,6 +53,12 @@ In order to preview new features and provide early feedback, it is recommended t
 
 ### RHEL and variants (CentOS and Oracle Linux)
 
+- Install `yum-utils` if it isn't installed yet:
+
+    ```bash
+    sudo yum install yum-utils
+    ```
+
 - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`.
 
     In the below commands, replace *[distro]* and *[version]* with the information you've identified:
@@ -74,12 +82,6 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc
     ```
 
-- Install `yum-utils` if it isn't installed yet:
-
-    ```bash
-    sudo yum install yum-utils
-    ```
-
 - Download and make usable all the metadata for the currently enabled yum repositories:
 
     ```bash

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-pua.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-resources.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+mms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-updates.md

@@ -14,7 +14,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint  
 ms.topic: conceptual
 ---
 

windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md

@@ -13,7 +13,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
 ms.topic: conceptual
 ---