Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into DSplatform

browsers/edge/emie-to-improve-compatibility.md

@@ -27,8 +27,32 @@ If you have specific websites and apps that have compatibility problems with Mic
 
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
 
+## Interoperability goals and enterprise guidance
 
-[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)]
+Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
+
+You must continue using IE11 if web apps use any of the following:
+
+* ActiveX controls
+
+* x-ua-compatible headers
+
+* <meta> tags with an http-equivalent value of X-UA-Compatible header
+
+* Enterprise mode or compatibility view to addressing compatibility issues
+
+* legacy document modes
+
+If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. 
+
+> [!TIP]
+> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).  
+
+|Technology  |Why it existed  |Why we don't need it anymore  |
+|---------|---------|---------|
+|ActiveX     |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer.         |         |
+|Browser Helper Objects (BHO)     |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer.         |         |
+|Document modes     | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions.        |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default.         |
 
 ## Enterprise guidance
 Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that rely on ActiveX controls, continue using Internet Explorer 11 for the web apps to work correctly. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Also, if you use an earlier version of Internet Explorer, upgrade to IE11. 

browsers/includes/interoperability-goals-enterprise-guidance.md

@@ -1,40 +0,0 @@
----
-author: eavena
-ms.author: eravena
-ms.date:  10/15/2018
-ms.reviewer: 
-audience: itpro
-manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-## Interoperability goals and enterprise guidance
-
-Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
-
-You must continue using IE11 if web apps use any of the following:
-
-* ActiveX controls
-
-* x-ua-compatible headers
-
-* <meta> tags with an http-equivalent value of X-UA-Compatible header
-
-* Enterprise mode or compatibility view to addressing compatibility issues
-
-* legacy document modes
-
-If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. 
-
-> [!TIP]
-> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).  
-
-
-|Technology  |Why it existed  |Why we don't need it anymore  |
-|---------|---------|---------|
-|ActiveX     |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer.         |         |
-|Browser Helper Objects (BHO)     |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer.         |         |
-|Document modes     | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions.        |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default.         |
-
-

windows/application-management/TOC.md

@@ -0,0 +1,112 @@
+# [Manage applications in Windows 10](index.md)
+## [Sideload apps](sideload-apps-in-windows-10.md)
+## [Remove background task resource restrictions](enterprise-background-activity-controls.md)
+## [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md)
+## [Understand apps in Windows 10](apps-in-windows-10.md)
+## [Add apps and features in Windows 10](add-apps-and-features.md)
+## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md)
+## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md)
+### [Getting Started with App-V](app-v/appv-getting-started.md)
+#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md)
+##### [Release Notes for App-V for Windows 10, version 1607](app-v/appv-release-notes-for-appv-for-windows.md)
+##### [Release Notes for App-V for Windows 10, version 1703](app-v/appv-release-notes-for-appv-for-windows-1703.md)
+#### [Evaluating App-V](app-v/appv-evaluating-appv.md)
+#### [High Level Architecture for App-V](app-v/appv-high-level-architecture.md)
+### [Planning for App-V](app-v/appv-planning-for-appv.md)
+#### [Preparing Your Environment for App-V](app-v/appv-preparing-your-environment.md)
+##### [App-V Prerequisites](app-v/appv-prerequisites.md)
+##### [App-V Security Considerations](app-v/appv-security-considerations.md)
+#### [Planning to Deploy App-V](app-v/appv-planning-to-deploy-appv.md)
+##### [App-V Supported Configurations](app-v/appv-supported-configurations.md)
+##### [App-V Capacity Planning](app-v/appv-capacity-planning.md)
+##### [Planning for High Availability with App-V](app-v/appv-planning-for-high-availability-with-appv.md)
+##### [Planning to Deploy App-V with an Electronic Software Distribution System](app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+##### [Planning for the App-V Server Deployment](app-v/appv-planning-for-appv-server-deployment.md)
+##### [Planning for the App-V Sequencer and Client Deployment](app-v/appv-planning-for-sequencer-and-client-deployment.md)
+##### [Planning for Using App-V with Office](app-v/appv-planning-for-using-appv-with-office.md)
+##### [Planning to Use Folder Redirection with App-V](app-v/appv-planning-folder-redirection-with-appv.md)
+#### [App-V Planning Checklist](app-v/appv-planning-checklist.md)
+### [Deploying App-V](app-v/appv-deploying-appv.md)
+#### [Deploying the App-V Sequencer and Configuring the Client](app-v/appv-deploying-the-appv-sequencer-and-client.md)
+##### [About Client Configuration Settings](app-v/appv-client-configuration-settings.md)
+##### [Enable the App-V desktop client](app-v/appv-enable-the-app-v-desktop-client.md)
+##### [How to Install the Sequencer](app-v/appv-install-the-sequencer.md)
+#### [Deploying the App-V Server](app-v/appv-deploying-the-appv-server.md)
+##### [How to Deploy the App-V Server](app-v/appv-deploy-the-appv-server.md)
+##### [How to Deploy the App-V Server Using a Script](app-v/appv-deploy-the-appv-server-with-a-script.md)
+##### [How to Deploy the App-V Databases by Using SQL Scripts](app-v/appv-deploy-appv-databases-with-sql-scripts.md)
+##### [How to Install the Publishing Server on a Remote Computer](app-v/appv-install-the-publishing-server-on-a-remote-computer.md)
+##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-management-server-on-a-standalone-computer.md)
+##### [About App-V Reporting](app-v/appv-reporting.md)
+##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](app-v/appv-install-the-reporting-server-on-a-standalone-computer.md)
+#### [App-V Deployment Checklist](app-v/appv-deployment-checklist.md)
+#### [Deploying Microsoft Office 2016 by Using App-V](app-v/appv-deploying-microsoft-office-2016-with-appv.md)
+#### [Deploying Microsoft Office 2013 by Using App-V](app-v/appv-deploying-microsoft-office-2013-with-appv.md)
+#### [Deploying Microsoft Office 2010 by Using App-V](app-v/appv-deploying-microsoft-office-2010-wth-appv.md)
+### [Operations for App-V](app-v/appv-operations.md)
+#### [Creating and Managing App-V Virtualized Applications](app-v/appv-creating-and-managing-virtualized-applications.md)
+##### [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-provision-a-vm.md)
+##### [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-sequencing.md)
+##### [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-auto-batch-updating.md)
+##### [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](app-v/appv-sequence-a-new-application.md)
+##### [How to Modify an Existing Virtual Application Package](app-v/appv-modify-an-existing-virtual-application-package.md)
+##### [How to Create and Use a Project Template](app-v/appv-create-and-use-a-project-template.md)
+##### [How to Create a Package Accelerator](app-v/appv-create-a-package-accelerator.md)
+##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](app-v/appv-create-a-virtual-application-package-package-accelerator.md)
+#### [Administering App-V Virtual Applications by Using the Management Console](app-v/appv-administering-virtual-applications-with-the-management-console.md)
+##### [About App-V Dynamic Configuration](app-v/appv-dynamic-configuration.md)
+##### [How to Connect to the Management Console](app-v/appv-connect-to-the-management-console.md)
+##### [How to Add or Upgrade Packages by Using the Management Console](app-v/appv-add-or-upgrade-packages-with-the-management-console.md)
+##### [How to Configure Access to Packages by Using the Management Console](app-v/appv-configure-access-to-packages-with-the-management-console.md)
+##### [How to Publish a Package by Using the Management Console](app-v/appv-publish-a-packages-with-the-management-console.md)
+##### [How to Delete a Package in the Management Console](app-v/appv-delete-a-package-with-the-management-console.md)
+##### [How to Add or Remove an Administrator by Using the Management Console](app-v/appv-add-or-remove-an-administrator-with-the-management-console.md)
+##### [How to Register and Unregister a Publishing Server by Using the Management Console](app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md)
+##### [How to Create a Custom Configuration File by Using the App-V Management Console](app-v/appv-create-a-custom-configuration-file-with-the-management-console.md)
+##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md)
+##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](app-v/appv-customize-virtual-application-extensions-with-the-management-console.md)
+##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md)
+#### [Managing Connection Groups](app-v/appv-managing-connection-groups.md)
+##### [About the Connection Group Virtual Environment](app-v/appv-connection-group-virtual-environment.md)
+##### [About the Connection Group File](app-v/appv-connection-group-file.md)
+##### [How to Create a Connection Group](app-v/appv-create-a-connection-group.md)
+##### [How to Create a Connection Group with User-Published and Globally Published Packages](app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)
+##### [How to Delete a Connection Group](app-v/appv-delete-a-connection-group.md)
+##### [How to Publish a Connection Group](app-v/appv-publish-a-connection-group.md)
+##### [How to Make a Connection Group Ignore the Package Version](app-v/appv-configure-connection-groups-to-ignore-the-package-version.md)
+##### [How to Allow Only Administrators to Enable Connection Groups](app-v/appv-allow-administrators-to-enable-connection-groups.md)
+#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+##### [How to deploy App-V Packages Using Electronic Software Distribution](app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+##### [How to Enable Only Administrators to Publish Packages by Using an ESD](app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
+#### [Using the App-V Client Management Console](app-v/appv-using-the-client-management-console.md)
+##### [Automatically clean-up unpublished packages on the App-V client](app-v/appv-auto-clean-unpublished-packages.md)
+#### [Migrating to App-V from a Previous Version](app-v/appv-migrating-to-appv-from-a-previous-version.md)
+##### [How to Convert a Package Created in a Previous Version of App-V](app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md)
+#### [Maintaining App-V](app-v/appv-maintaining-appv.md)
+##### [How to Move the App-V Server to Another Computer](app-v/appv-move-the-appv-server-to-another-computer.md)
+#### [Administering App-V by Using Windows PowerShell](app-v/appv-administering-appv-with-powershell.md)
+##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)
+##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Modify Client Configuration by Using Windows PowerShell](app-v/appv-modify-client-configuration-with-powershell.md)
+##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+##### [How to Apply the User Configuration File by Using Windows PowerShell](app-v/appv-apply-the-user-configuration-file-with-powershell.md)
+##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](app-v/appv-apply-the-deployment-configuration-file-with-powershell.md)
+##### [How to Sequence a Package  by Using Windows PowerShell](app-v/appv-sequence-a-package-with-powershell.md)
+##### [How to Create a Package Accelerator by Using Windows PowerShell](app-v/appv-create-a-package-accelerator-with-powershell.md)
+##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md)
+##### [How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using Windows PowerShell](app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)
+### [Troubleshooting App-V](app-v/appv-troubleshooting.md)
+### [Technical Reference for App-V](app-v/appv-technical-reference.md)
+#### [Available Mobile Device Management (MDM) settings for App-V](app-v/appv-available-mdm-settings.md)
+#### [Performance Guidance for Application Virtualization](app-v/appv-performance-guidance.md)
+#### [Application Publishing and Client Interaction](app-v/appv-application-publishing-and-client-interaction.md)
+#### [Viewing App-V Server Publishing Metadata](app-v/appv-viewing-appv-server-publishing-metadata.md)
+#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md)
+## [Service Host process refactoring](svchost-service-refactoring.md)
+## [Per-user services in Windows](per-user-services-in-windows.md)
+## [Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server)
+## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
+## [Change history for Application management](change-history-for-application-management.md)
+## [How to keep apps removed from Windows 10 from returning during an update](remove-provisioned-apps-during-update.md)

windows/application-management/TOC.yml

@@ -1,244 +0,0 @@
-- name: Manage applications in Windows 10
-  href: index.md
-  items: 
-    - name: Sideload apps
-      href: sideload-apps-in-windows-10.md
-    - name: Remove background task resource restrictions
-      href: enterprise-background-activity-controls.md
-    - name: Enable or block Windows Mixed Reality apps in the enterprise
-      href: manage-windows-mixed-reality.md
-    - name: Understand apps in Windows 10
-      href: apps-in-windows-10.md
-    - name: Add apps and features in Windows 10
-      href: add-apps-and-features.md
-    - name: Repackage win32 apps in the MSIX format
-      href: msix-app-packaging-tool.md
-    - name: Application Virtualization (App-V) for Windows
-      href: app-v/appv-for-windows.md
-      items: 
-        - name: Getting Started with App-V
-          href: app-v/appv-getting-started.md
-          items: 
-            - name: What's new in App-V for Windows 10, version 1703 and earlier
-              href: app-v/appv-about-appv.md
-              items: 
-                - name: Release Notes for App-V for Windows 10, version 1607
-                  href: app-v/appv-release-notes-for-appv-for-windows.md
-                - name: Release Notes for App-V for Windows 10, version 1703
-                  href: app-v/appv-release-notes-for-appv-for-windows-1703.md
-            - name: Evaluating App-V
-              href: app-v/appv-evaluating-appv.md
-            - name: High Level Architecture for App-V
-              href: app-v/appv-high-level-architecture.md
-        - name: Planning for App-V
-          href: app-v/appv-planning-for-appv.md
-          items: 
-            - name: Preparing Your Environment for App-V
-              href: app-v/appv-preparing-your-environment.md
-              items: 
-                - name: App-V Prerequisites
-                  href: app-v/appv-prerequisites.md
-                - name: App-V Security Considerations
-                  href: app-v/appv-security-considerations.md
-            - name: Planning to Deploy App-V
-              href: app-v/appv-planning-to-deploy-appv.md
-              items: 
-                - name: App-V Supported Configurations
-                  href: app-v/appv-supported-configurations.md
-                - name: App-V Capacity Planning
-                  href: app-v/appv-capacity-planning.md
-                - name: Planning for High Availability with App-V
-                  href: app-v/appv-planning-for-high-availability-with-appv.md
-                - name: Planning to Deploy App-V with an Electronic Software Distribution System
-                  href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
-                - name: Planning for the App-V Server Deployment
-                  href: app-v/appv-planning-for-appv-server-deployment.md
-                - name: Planning for the App-V Sequencer and Client Deployment
-                  href: app-v/appv-planning-for-sequencer-and-client-deployment.md
-                - name: Planning for Using App-V with Office
-                  href: app-v/appv-planning-for-using-appv-with-office.md
-                - name: Planning to Use Folder Redirection with App-V
-                  href: app-v/appv-planning-folder-redirection-with-appv.md
-            - name: App-V Planning Checklist
-              href: app-v/appv-planning-checklist.md
-        - name: Deploying App-V
-          href: app-v/appv-deploying-appv.md
-          items: 
-            - name: Deploying the App-V Sequencer and Configuring the Client
-              href: app-v/appv-deploying-the-appv-sequencer-and-client.md
-              items: 
-                - name: About Client Configuration Settings
-                  href: app-v/appv-client-configuration-settings.md
-                - name: Enable the App-V desktop client
-                  href: app-v/appv-enable-the-app-v-desktop-client.md
-                - name: How to Install the Sequencer
-                  href: app-v/appv-install-the-sequencer.md
-            - name: Deploying the App-V Server
-              href: app-v/appv-deploying-the-appv-server.md
-              items: 
-                - name: How to Deploy the App-V Server
-                  href: app-v/appv-deploy-the-appv-server.md
-                - name: How to Deploy the App-V Server Using a Script
-                  href: app-v/appv-deploy-the-appv-server-with-a-script.md
-                - name: How to Deploy the App-V Databases by Using SQL Scripts
-                  href: app-v/appv-deploy-appv-databases-with-sql-scripts.md
-                - name: How to Install the Publishing Server on a Remote Computer
-                  href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md
-                - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-                  href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
-                - name: How to install the Management Server on a Standalone Computer and Connect it to the Database
-                  href: app-v/appv-install-the-management-server-on-a-standalone-computer.md
-                - name: About App-V Reporting
-                  href: app-v/appv-reporting.md
-                - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-                  href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
-            - name: App-V Deployment Checklist
-              href: app-v/appv-deployment-checklist.md
-            - name: Deploying Microsoft Office 2016 by Using App-V
-              href: app-v/appv-deploying-microsoft-office-2016-with-appv.md
-            - name: Deploying Microsoft Office 2013 by Using App-V
-              href: app-v/appv-deploying-microsoft-office-2013-with-appv.md
-            - name: Deploying Microsoft Office 2010 by Using App-V
-              href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md
-        - name: Operations for App-V
-          href: app-v/appv-operations.md
-          items: 
-            - name: Creating and Managing App-V Virtualized Applications
-              href: app-v/appv-creating-and-managing-virtualized-applications.md
-              items: 
-                - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: app-v/appv-auto-provision-a-vm.md
-                - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: app-v/appv-auto-batch-sequencing.md
-                - name: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: app-v/appv-auto-batch-updating.md
-                - name: Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-                  href: app-v/appv-sequence-a-new-application.md
-                - name: How to Modify an Existing Virtual Application Package
-                  href: app-v/appv-modify-an-existing-virtual-application-package.md
-                - name: How to Create and Use a Project Template
-                  href: app-v/appv-create-and-use-a-project-template.md
-                - name: How to Create a Package Accelerator
-                  href: app-v/appv-create-a-package-accelerator.md
-                - name: How to Create a Virtual Application Package Using an App-V Package Accelerator
-                  href: app-v/appv-create-a-virtual-application-package-package-accelerator.md
-            - name: Administering App-V Virtual Applications by Using the Management Console
-              href: app-v/appv-administering-virtual-applications-with-the-management-console.md
-              items: 
-                - name: About App-V Dynamic Configuration
-                  href: app-v/appv-dynamic-configuration.md
-                - name: How to Connect to the Management Console
-                  href: app-v/appv-connect-to-the-management-console.md
-                - name: How to Add or Upgrade Packages by Using the Management Console
-                  href: app-v/appv-add-or-upgrade-packages-with-the-management-console.md
-                - name: How to Configure Access to Packages by Using the Management Console
-                  href: app-v/appv-configure-access-to-packages-with-the-management-console.md
-                - name: How to Publish a Package by Using the Management Console
-                  href: app-v/appv-publish-a-packages-with-the-management-console.md
-                - name: How to Delete a Package in the Management Console
-                  href: app-v/appv-delete-a-package-with-the-management-console.md
-                - name: How to Add or Remove an Administrator by Using the Management Console
-                  href: app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
-                - name: How to Register and Unregister a Publishing Server by Using the Management Console
-                  href: app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
-                - name: How to Create a Custom Configuration File by Using the App-V Management Console
-                  href: app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
-                - name: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
-                  href: app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
-                - name: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
-                  href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
-                - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-                  href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
-            - name: Managing Connection Groups
-              href: app-v/appv-managing-connection-groups.md
-              items: 
-                - name: About the Connection Group Virtual Environment
-                  href: app-v/appv-connection-group-virtual-environment.md
-                - name: About the Connection Group File
-                  href: app-v/appv-connection-group-file.md
-                - name: How to Create a Connection Group
-                  href: app-v/appv-create-a-connection-group.md
-                - name: How to Create a Connection Group with User-Published and Globally Published Packages
-                  href: app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
-                - name: How to Delete a Connection Group
-                  href: app-v/appv-delete-a-connection-group.md
-                - name: How to Publish a Connection Group
-                  href: app-v/appv-publish-a-connection-group.md
-                - name: How to Make a Connection Group Ignore the Package Version
-                  href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
-                - name: How to Allow Only Administrators to Enable Connection Groups
-                  href: app-v/appv-allow-administrators-to-enable-connection-groups.md
-            - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
-              href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
-              items: 
-                - name: How to deploy App-V Packages Using Electronic Software Distribution
-                  href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
-                - name: How to Enable Only Administrators to Publish Packages by Using an ESD
-                  href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
-            - name: Using the App-V Client Management Console
-              href: app-v/appv-using-the-client-management-console.md
-              items: 
-                - name: Automatically clean-up unpublished packages on the App-V client
-                  href: app-v/appv-auto-clean-unpublished-packages.md
-            - name: Migrating to App-V from a Previous Version
-              href: app-v/appv-migrating-to-appv-from-a-previous-version.md
-              items: 
-                - name: How to Convert a Package Created in a Previous Version of App-V
-                  href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
-            - name: Maintaining App-V
-              href: app-v/appv-maintaining-appv.md
-              items: 
-                - name: How to Move the App-V Server to Another Computer
-                  href: app-v/appv-move-the-appv-server-to-another-computer.md
-            - name: Administering App-V by Using Windows PowerShell
-              href: app-v/appv-administering-appv-with-powershell.md
-              items: 
-                - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-                  href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
-                - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
-                  href: app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
-                - name: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-                  href: app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
-                - name: How to Modify Client Configuration by Using Windows PowerShell
-                  href: app-v/appv-modify-client-configuration-with-powershell.md
-                - name: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
-                  href: app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
-                - name: How to Apply the User Configuration File by Using Windows PowerShell
-                  href: app-v/appv-apply-the-user-configuration-file-with-powershell.md
-                - name: How to Apply the Deployment Configuration File by Using Windows PowerShell
-                  href: app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
-                - name: How to Sequence a Package  by Using Windows PowerShell
-                  href: app-v/appv-sequence-a-package-with-powershell.md
-                - name: How to Create a Package Accelerator by Using Windows PowerShell
-                  href: app-v/appv-create-a-package-accelerator-with-powershell.md
-                - name: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-                  href: app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
-                - name: How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using Windows PowerShell
-                  href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
-        - name: Troubleshooting App-V
-          href: app-v/appv-troubleshooting.md
-        - name: Technical Reference for App-V
-          href: app-v/appv-technical-reference.md
-          items: 
-            - name: Available Mobile Device Management (MDM) settings for App-V
-              href: app-v/appv-available-mdm-settings.md
-            - name: Performance Guidance for Application Virtualization
-              href: app-v/appv-performance-guidance.md
-            - name: Application Publishing and Client Interaction
-              href: app-v/appv-application-publishing-and-client-interaction.md
-            - name: Viewing App-V Server Publishing Metadata
-              href: app-v/appv-viewing-appv-server-publishing-metadata.md
-            - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
-              href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
-    - name: Service Host process refactoring
-      href: svchost-service-refactoring.md
-    - name: Per-user services in Windows
-      href: per-user-services-in-windows.md
-    - name: Disabling System Services in Windows Server
-      href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server
-    - name: Deploy app upgrades on Windows 10 Mobile
-      href: deploy-app-upgrades-windows-10-mobile.md
-    - name: Change history for Application management
-      href: change-history-for-application-management.md
-    - name: How to keep apps removed from Windows 10 from returning during an update
-      href: remove-provisioned-apps-during-update.md

windows/client-management/TOC.md

@@ -0,0 +1,38 @@
+# [Manage clients in Windows 10](index.md)
+## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)
+### [Use Quick Assist to help users](quick-assist.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
+## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
+## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)
+## [New policies for Windows 10](new-policies-for-windows-10.md)
+## [Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md)
+## [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md)
+## [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md)
+## [What version of Windows am I running](windows-version-search.md)
+## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)
+## [Transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md)
+## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
+## [Windows libraries](windows-libraries.md)
+## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
+### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md)
+#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md)
+##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md)
+#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
+##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
+##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md)
+##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
+### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md)
+#### [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
+#### [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
+#### [Introduction to the page file](introduction-page-file.md)
+#### [Configure system failure and recovery options in Windows](system-failure-recovery-options.md)
+#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
+#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md)
+#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md)
+#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
+#### [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
+#### [Stop error occurs when you update the in-box Broadcom network adapter driver](troubleshoot-stop-error-on-broadcom-driver-update.md)
+## [Mobile device management for solution providers](mdm/index.md)
+## [Change history for Client management](change-history-for-client-management.md)

windows/client-management/TOC.yml

@@ -1,83 +0,0 @@
-- name: Manage clients in Windows 10
-  href: index.md
-  items: 
-    - name: Administrative Tools in Windows 10
-      href: administrative-tools-in-windows-10.md
-      items: 
-        - name: Use Quick Assist to help users
-          href: quick-assist.md
-    - name: Create mandatory user profiles
-      href: mandatory-user-profile.md
-    - name: Connect to remote Azure Active Directory-joined PC
-      href: connect-to-remote-aadj-pc.md
-    - name: Join Windows 10 Mobile to Azure Active Directory
-      href: join-windows-10-mobile-to-azure-active-directory.md
-    - name: New policies for Windows 10
-      href: new-policies-for-windows-10.md
-    - name: Windows 10 default media removal policy
-      href: change-default-removal-policy-external-storage-media.md
-    - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education
-      href: group-policies-for-enterprise-and-education-editions.md
-    - name: Manage the Settings app with Group Policy
-      href: manage-settings-app-with-group-policy.md
-    - name: What version of Windows am I running
-      href: windows-version-search.md
-    - name: Reset a Windows 10 Mobile device
-      href: reset-a-windows-10-mobile-device.md
-    - name: Transitioning to modern management
-      href: manage-windows-10-in-your-organization-modern-management.md
-    - name: Windows 10 Mobile deployment and management guide
-      href: windows-10-mobile-and-mdm.md
-    - name: Windows libraries
-      href: windows-libraries.md
-    - name: Troubleshoot Windows 10 clients
-      href: windows-10-support-solutions.md
-      items: 
-        - name: Advanced troubleshooting for Windows networking
-          href: troubleshoot-networking.md
-          items: 
-            - name: Advanced troubleshooting Wireless network connectivity
-              href: advanced-troubleshooting-wireless-network-connectivity.md
-            - name: Advanced troubleshooting 802.1X authentication
-              href: advanced-troubleshooting-802-authentication.md
-              items: 
-                - name: Data collection for troubleshooting 802.1X authentication
-                  href: data-collection-for-802-authentication.md
-            - name: Advanced troubleshooting for TCP/IP
-              href: troubleshoot-tcpip.md
-              items: 
-                - name: Collect data using Network Monitor
-                  href: troubleshoot-tcpip-netmon.md
-                - name: Troubleshoot TCP/IP connectivity
-                  href: troubleshoot-tcpip-connectivity.md
-                - name: Troubleshoot port exhaustion
-                  href: troubleshoot-tcpip-port-exhaust.md
-                - name: Troubleshoot Remote Procedure Call (RPC) errors
-                  href: troubleshoot-tcpip-rpc-errors.md
-        - name: Advanced troubleshooting for Windows startup
-          href: troubleshoot-windows-startup.md
-          items: 
-            - name: How to determine the appropriate page file size for 64-bit versions of Windows
-              href: determine-appropriate-page-file-size.md
-            - name: Generate a kernel or complete crash dump
-              href: generate-kernel-or-complete-crash-dump.md
-            - name: Introduction to the page file
-              href: introduction-page-file.md
-            - name: Configure system failure and recovery options in Windows
-              href: system-failure-recovery-options.md
-            - name: Advanced troubleshooting for Windows boot problems
-              href: advanced-troubleshooting-boot-problems.md
-            - name: Advanced troubleshooting for Windows-based computer freeze
-              href: troubleshoot-windows-freeze.md
-            - name: Advanced troubleshooting for stop error or blue screen error
-              href: troubleshoot-stop-errors.md
-            - name: Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device
-              href: troubleshoot-inaccessible-boot-device.md
-            - name: Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"
-              href: troubleshoot-event-id-41-restart.md
-            - name: Stop error occurs when you update the in-box Broadcom network adapter driver
-              href: troubleshoot-stop-error-on-broadcom-driver-update.md
-    - name: Mobile device management for solution providers
-      href: mdm/index.md
-    - name: Change history for Client management
-      href: change-history-for-client-management.md

windows/client-management/mdm/TOC.md

@@ -0,0 +1,435 @@
+# [Mobile device management](index.md)
+## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md)
+### [Change history for MDM documentation](change-history-for-mdm-documentation.md)
+## [Mobile device enrollment](mobile-device-enrollment.md)
+### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)
+#### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md)
+### [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)
+### [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
+### [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
+### [On-premises authentication device enrollment](on-premise-authentication-device-enrollment.md)
+## [Understanding ADMX-backed policies](understanding-admx-backed-policies.md)
+## [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)
+## [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md)
+## [Implement server-side support for mobile application management on Windows](implement-server-side-mobile-application-management.md)
+## [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)
+## [Deploy and configure App-V apps using MDM](appv-deploy-and-config.md)
+## [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
+### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md)
+### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md)
+## [Enterprise app management](enterprise-app-management.md)
+## [Mobile device management (MDM) for device updates](device-update-management.md)
+## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md)
+## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md)
+### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md)
+#### [Data structures for Microsoft Store for Business](data-structures-windows-store-for-business.md)
+#### [Get Inventory](get-inventory.md)
+#### [Get product details](get-product-details.md)
+#### [Get localized product details](get-localized-product-details.md)
+#### [Get offline license](get-offline-license.md)
+#### [Get product packages](get-product-packages.md)
+#### [Get product package](get-product-package.md)
+#### [Get seats](get-seats.md)
+#### [Get seat](get-seat.md)
+#### [Assign seats](assign-seats.md)
+#### [Reclaim seat from user](reclaim-seat-from-user.md)
+#### [Bulk assign and reclaim seats from users](bulk-assign-and-reclaim-seats-from-user.md)
+#### [Get seats assigned to a user](get-seats-assigned-to-a-user.md)
+## [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
+## [Certificate renewal](certificate-renewal-windows-mdm.md)
+## [Disconnecting from the management infrastructure (unenrollment)](disconnecting-from-mdm-unenrollment.md)
+## [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
+## [Push notification support for device management](push-notification-windows-mdm.md)
+## [OMA DM protocol support](oma-dm-protocol-support.md)
+## [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
+## [Server requirements for OMA DM](server-requirements-windows-mdm.md)
+## [DMProcessConfigXMLFiltered](dmprocessconfigxmlfiltered.md)
+## [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
+## [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
+## [Configuration service provider reference](configuration-service-provider-reference.md)
+### [AccountManagement CSP](accountmanagement-csp.md)
+#### [AccountManagement DDF file](accountmanagement-ddf.md)
+### [Accounts CSP](accounts-csp.md)
+#### [Accounts DDF file](accounts-ddf-file.md)
+### [ActiveSync CSP](activesync-csp.md)
+#### [ActiveSync DDF file](activesync-ddf-file.md)
+### [AllJoynManagement CSP](alljoynmanagement-csp.md)
+#### [AllJoynManagement DDF](alljoynmanagement-ddf.md)
+### [APPLICATION CSP](application-csp.md)
+### [ApplicationControl CSP](applicationcontrol-csp.md)
+#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md)
+### [AppLocker CSP](applocker-csp.md)
+#### [AppLocker DDF file](applocker-ddf-file.md)
+#### [AppLocker XSD](applocker-xsd.md)
+### [AssignedAccess CSP](assignedaccess-csp.md)
+#### [AssignedAccess DDF file](assignedaccess-ddf.md)
+### [BitLocker CSP](bitlocker-csp.md)
+#### [BitLocker DDF file](bitlocker-ddf-file.md)
+### [BOOTSTRAP CSP](bootstrap-csp.md)
+### [BrowserFavorite CSP](browserfavorite-csp.md)
+### [CellularSettings CSP](cellularsettings-csp.md)
+### [CertificateStore CSP](certificatestore-csp.md)
+#### [CertificateStore DDF file](certificatestore-ddf-file.md)
+### [CleanPC CSP](cleanpc-csp.md)
+#### [CleanPC DDF](cleanpc-ddf.md)
+### [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
+#### [ClientCertificateInstall DDF file](clientcertificateinstall-ddf-file.md)
+### [CM_CellularEntries CSP](cm-cellularentries-csp.md)
+### [CM_ProxyEntries CSP](cm-proxyentries-csp.md)
+### [CMPolicy CSP](cmpolicy-csp.md)
+### [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)
+#### [CMPolicyEnterprise DDF file](cmpolicyenterprise-ddf-file.md)
+### [CustomDeviceUI CSP](customdeviceui-csp.md)
+#### [CustomDeviceUI DDF file](customdeviceui-ddf.md)
+### [Defender CSP](defender-csp.md)
+#### [Defender DDF file](defender-ddf.md)
+### [DevDetail CSP](devdetail-csp.md)
+#### [DevDetail DDF file](devdetail-ddf-file.md)
+### [DeveloperSetup CSP](developersetup-csp.md)
+#### [DeveloperSetup DDF](developersetup-ddf.md)
+### [DeviceInstanceService CSP](deviceinstanceservice-csp.md)
+### [DeviceLock CSP](devicelock-csp.md)
+#### [DeviceLock DDF file](devicelock-ddf-file.md)
+### [DeviceManageability CSP](devicemanageability-csp.md)
+#### [DeviceManageability DDF](devicemanageability-ddf.md)
+### [DeviceStatus CSP](devicestatus-csp.md)
+#### [DeviceStatus DDF](devicestatus-ddf.md)
+### [DevInfo CSP](devinfo-csp.md)
+#### [DevInfo DDF file](devinfo-ddf-file.md)
+### [DiagnosticLog CSP](diagnosticlog-csp.md)
+#### [DiagnosticLog DDF file](diagnosticlog-ddf.md)
+### [DMAcc CSP](dmacc-csp.md)
+#### [DMAcc DDF file](dmacc-ddf-file.md)
+### [DMClient CSP](dmclient-csp.md)
+#### [DMClient DDF file](dmclient-ddf-file.md)
+### [DMSessionActions CSP](dmsessionactions-csp.md)
+#### [DMSessionActions DDF file](dmsessionactions-ddf.md)
+### [DynamicManagement CSP](dynamicmanagement-csp.md)
+#### [DynamicManagement DDF file](dynamicmanagement-ddf.md)
+### [EMAIL2 CSP](email2-csp.md)
+#### [EMAIL2 DDF file](email2-ddf-file.md)
+### [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)
+#### [EnrollmentStatusTracking DDF file](enrollmentstatustracking-csp-ddf.md)
+### [EnterpriseAPN CSP](enterpriseapn-csp.md)
+#### [EnterpriseAPN DDF](enterpriseapn-ddf.md)
+### [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
+### [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
+#### [EnterpriseAppVManagement DDF file](enterpriseappvmanagement-ddf.md)
+### [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)
+#### [EnterpriseAssignedAccess DDF file](enterpriseassignedaccess-ddf.md)
+#### [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md)
+### [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
+#### [EnterpriseDataProtection DDF file](enterprisedataprotection-ddf-file.md)
+### [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)
+#### [EnterpriseDesktopAppManagement DDF](enterprisedesktopappmanagement-ddf-file.md)
+#### [EnterpriseDesktopAppManagement XSD](enterprisedesktopappmanagement2-xsd.md)
+### [EnterpriseExt CSP](enterpriseext-csp.md)
+#### [EnterpriseExt DDF file](enterpriseext-ddf.md)
+### [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md)
+#### [EnterpriseExtFileSystem DDF file](enterpriseextfilesystem-ddf.md)
+### [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
+#### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md)
+#### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md)
+### [eUICCs CSP](euiccs-csp.md)
+#### [eUICCs DDF file](euiccs-ddf-file.md)
+### [FileSystem CSP](filesystem-csp.md)
+### [Firewall CSP](firewall-csp.md)
+#### [Firewall DDF file](firewall-ddf-file.md)
+### [HealthAttestation CSP](healthattestation-csp.md)
+#### [HealthAttestation DDF](healthattestation-ddf.md)
+### [HotSpot CSP](hotspot-csp.md)
+### [Maps CSP](maps-csp.md)
+#### [Maps DDF](maps-ddf-file.md)
+### [Messaging CSP](messaging-csp.md)
+#### [Messaging DDF file](messaging-ddf.md)
+### [MultiSIM CSP](multisim-csp.md)
+#### [MultiSIM DDF file](multisim-ddf.md)
+### [NAP CSP](nap-csp.md)
+### [NAPDEF CSP](napdef-csp.md)
+### [NetworkProxy CSP](networkproxy-csp.md)
+#### [NetworkProxy DDF file](networkproxy-ddf.md)
+### [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
+#### [NetworkQoSPolicy DDF file](networkqospolicy-ddf.md)
+### [NodeCache CSP](nodecache-csp.md)
+#### [NodeCache DDF file](nodecache-ddf-file.md)
+### [Office CSP](office-csp.md)
+#### [Office DDF](office-ddf.md)
+### [PassportForWork CSP](passportforwork-csp.md)
+#### [PassportForWork DDF file](passportforwork-ddf.md)
+### [Personalization CSP](personalization-csp.md)
+#### [Personalization DDF file](personalization-ddf.md)
+### [Policy CSP](policy-configuration-service-provider.md)
+#### [Policy CSP DDF file](policy-ddf-file.md)
+#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md)
+#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](./configuration-service-provider-reference.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md)
+#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md)
+#### [AboveLock](policy-csp-abovelock.md)
+#### [Accounts](policy-csp-accounts.md)
+#### [ActiveXControls](policy-csp-activexcontrols.md)
+#### [ADMX_ActiveXInstallService](policy-csp-admx-activexinstallservice.md)
+#### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
+#### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
+#### [ADMX_AppxPackageManager](policy-csp-admx-appxpackagemanager.md)
+#### [ADMX_AppXRuntime](policy-csp-admx-appxruntime.md)
+#### [ADMX_AttachmentManager](policy-csp-admx-attachmentmanager.md)
+#### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_Bits](policy-csp-admx-bits.md)
+#### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
+#### [ADMX_COM](policy-csp-admx-com.md)
+#### [ADMX_ControlPanel](policy-csp-admx-controlpanel.md)
+#### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md)
+#### [ADMX_Cpls](policy-csp-admx-cpls.md)
+#### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md)
+#### [ADMX_CredSsp](policy-csp-admx-credssp.md)
+#### [ADMX_CredUI](policy-csp-admx-credui.md)
+#### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md)
+#### [ADMX_DataCollection](policy-csp-admx-datacollection.md)
+#### [ADMX_Desktop](policy-csp-admx-desktop.md)
+#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md)
+#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md)
+#### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md)
+#### [ADMX_DistributedLinkTracking](policy-csp-admx-distributedlinktracking.md)
+#### [ADMX_DnsClient](policy-csp-admx-dnsclient.md)
+#### [ADMX_DWM](policy-csp-admx-dwm.md)
+#### [ADMX_EAIME](policy-csp-admx-eaime.md)
+#### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md)
+#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md)
+#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md)
+#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
+#### [ADMX_EventLog](policy-csp-admx-eventlog.md)
+#### [ADMX_Explorer](policy-csp-admx-explorer.md)
+#### [ADMX_FileRecovery](policy-csp-admx-filerecovery.md)
+#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md)
+#### [ADMX_FileSys](policy-csp-admx-filesys.md)
+#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md)
+#### [ADMX_Globalization](policy-csp-admx-globalization.md)
+#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md)
+#### [ADMX_Help](policy-csp-admx-help.md)
+#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md)
+#### [ADMX_ICM](policy-csp-admx-icm.md)
+#### [ADMX_kdc](policy-csp-admx-kdc.md)
+#### [ADMX_Kerberos](policy-csp-admx-kerberos.md)
+#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md)
+#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md)
+#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md)
+#### [ADMX_Logon](policy-csp-admx-logon.md)
+#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md)
+#### [ADMX_MMC](policy-csp-admx-mmc.md)
+#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md)
+#### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md)
+#### [ADMX_msched](policy-csp-admx-msched.md)
+#### [ADMX_MSDT](policy-csp-admx-msdt.md)
+#### [ADMX_MSI](policy-csp-admx-msi.md)
+#### [ADMX_nca](policy-csp-admx-nca.md)
+#### [ADMX_NCSI](policy-csp-admx-ncsi.md)
+#### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
+#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
+#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
+#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
+#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_Power](policy-csp-admx-power.md)
+#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
+#### [ADMX_Printing](policy-csp-admx-printing.md)
+#### [ADMX_Printing2](policy-csp-admx-printing2.md)
+#### [ADMX_Programs](policy-csp-admx-programs.md)
+#### [ADMX_Reliability](policy-csp-admx-reliability.md)
+#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md)
+#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md)
+#### [ADMX_RPC](policy-csp-admx-rpc.md)
+#### [ADMX_Scripts](policy-csp-admx-scripts.md)
+#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
+#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
+#### [ADMX_Sensors](policy-csp-admx-sensors.md)
+#### [ADMX_Servicing](policy-csp-admx-servicing.md)
+#### [ADMX_SettingSync](policy-csp-admx-settingsync.md)
+#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
+#### [ADMX_Sharing](policy-csp-admx-sharing.md)
+#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
+#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md)
+#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
+#### [ADMX_Snmp](policy-csp-admx-snmp.md)
+#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md)
+#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
+#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
+#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
+#### [ADMX_TPM](policy-csp-admx-tpm.md)
+#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
+#### [ADMX_UserProfiles](policy-csp-admx-userprofiles.md)
+#### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WCM](policy-csp-admx-wcm.md)
+#### [ADMX_WinCal](policy-csp-admx-wincal.md)
+#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
+#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
+#### [ADMX_WindowsFileProtection](policy-csp-admx-windowsfileprotection.md)
+#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
+#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md)
+#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
+#### [ADMX_WinInit](policy-csp-admx-wininit.md)
+#### [ADMX_WinLogon](policy-csp-admx-winlogon.md)
+#### [ADMX-Winsrv](policy-csp-admx-winsrv.md)
+#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
+#### [ADMX_WPN](policy-csp-admx-wpn.md)
+#### [ApplicationDefaults](policy-csp-applicationdefaults.md)
+#### [ApplicationManagement](policy-csp-applicationmanagement.md)
+#### [AppRuntime](policy-csp-appruntime.md)
+#### [AppVirtualization](policy-csp-appvirtualization.md)
+#### [AttachmentManager](policy-csp-attachmentmanager.md)
+#### [Audit](policy-csp-audit.md)
+#### [Authentication](policy-csp-authentication.md)
+#### [Autoplay](policy-csp-autoplay.md)
+#### [BitLocker](policy-csp-bitlocker.md)
+#### [BITS](policy-csp-bits.md)
+#### [Bluetooth](policy-csp-bluetooth.md)
+#### [Browser](policy-csp-browser.md)
+#### [Camera](policy-csp-camera.md)
+#### [Cellular](policy-csp-cellular.md)
+#### [Connectivity](policy-csp-connectivity.md)
+#### [ControlPolicyConflict](policy-csp-controlpolicyconflict.md)
+#### [CredentialsDelegation](policy-csp-credentialsdelegation.md)
+#### [CredentialProviders](policy-csp-credentialproviders.md)
+#### [CredentialsUI](policy-csp-credentialsui.md)
+#### [Cryptography](policy-csp-cryptography.md)
+#### [DataProtection](policy-csp-dataprotection.md)
+#### [DataUsage](policy-csp-datausage.md)
+#### [Defender](policy-csp-defender.md)
+#### [DeliveryOptimization](policy-csp-deliveryoptimization.md)
+#### [Desktop](policy-csp-desktop.md)
+#### [DeviceGuard](policy-csp-deviceguard.md)
+#### [DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md)
+#### [DeviceInstallation](policy-csp-deviceinstallation.md)
+#### [DeviceLock](policy-csp-devicelock.md)
+#### [Display](policy-csp-display.md)
+#### [DmaGuard](policy-csp-dmaguard.md)
+#### [Education](policy-csp-education.md)
+#### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md)
+#### [ErrorReporting](policy-csp-errorreporting.md)
+#### [EventLogService](policy-csp-eventlogservice.md)
+#### [Experience](policy-csp-experience.md)
+#### [ExploitGuard](policy-csp-exploitguard.md)
+#### [FileExplorer](policy-csp-fileexplorer.md)
+#### [Games](policy-csp-games.md)
+#### [Handwriting](policy-csp-handwriting.md)
+#### [InternetExplorer](policy-csp-internetexplorer.md)
+#### [Kerberos](policy-csp-kerberos.md)
+#### [KioskBrowser](policy-csp-kioskbrowser.md)
+#### [LanmanWorkstation](policy-csp-lanmanworkstation.md)
+#### [Licensing](policy-csp-licensing.md)
+#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
+#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md)
+#### [LockDown](policy-csp-lockdown.md)
+#### [Maps](policy-csp-maps.md)
+#### [Messaging](policy-csp-messaging.md)
+#### [MixedReality](policy-csp-mixedreality.md)
+#### [MSSecurityGuide](policy-csp-mssecurityguide.md)
+#### [MSSLegacy](policy-csp-msslegacy.md)
+#### [Multitasking](policy-csp-multitasking.md)
+#### [NetworkIsolation](policy-csp-networkisolation.md)
+#### [Notifications](policy-csp-notifications.md)
+#### [Power](policy-csp-power.md)
+#### [Printers](policy-csp-printers.md)
+#### [Privacy](policy-csp-privacy.md)
+#### [RemoteAssistance](policy-csp-remoteassistance.md)
+#### [RemoteDesktopServices](policy-csp-remotedesktopservices.md)
+#### [RemoteManagement](policy-csp-remotemanagement.md)
+#### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md)
+#### [RemoteShell](policy-csp-remoteshell.md)
+#### [RestrictedGroups](policy-csp-restrictedgroups.md)
+#### [Search](policy-csp-search.md)
+#### [Security](policy-csp-security.md)
+#### [ServiceControlManager](policy-csp-servicecontrolmanager.md)
+#### [Settings](policy-csp-settings.md)
+#### [Speech](policy-csp-speech.md)
+#### [Start](policy-csp-start.md)
+#### [Storage](policy-csp-storage.md)
+#### [System](policy-csp-system.md)
+#### [SystemServices](policy-csp-systemservices.md)
+#### [TaskManager](policy-csp-taskmanager.md)
+#### [TaskScheduler](policy-csp-taskscheduler.md)
+#### [TextInput](policy-csp-textinput.md)
+#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
+#### [Troubleshooting](policy-csp-troubleshooting.md)
+#### [Update](policy-csp-update.md)
+#### [UserRights](policy-csp-userrights.md)
+#### [Wifi](policy-csp-wifi.md)
+#### [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
+#### [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
+#### [WindowsDefenderSmartScreen](policy-csp-smartscreen.md)
+#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
+#### [WindowsLogon](policy-csp-windowslogon.md)
+#### [WindowsPowerShell](policy-csp-windowspowershell.md)
+#### [WindowsSandbox](policy-csp-windowssandbox.md)
+#### [WirelessDisplay](policy-csp-wirelessdisplay.md)
+### [PolicyManager CSP](policymanager-csp.md)
+### [Provisioning CSP](provisioning-csp.md)
+### [PROXY CSP](proxy-csp.md)
+### [PXLOGICAL CSP](pxlogical-csp.md)
+### [Reboot CSP](reboot-csp.md)
+#### [Reboot DDF file](reboot-ddf-file.md)
+### [Registry CSP](registry-csp.md)
+#### [Registry DDF file](registry-ddf-file.md)
+### [RemoteFind CSP](remotefind-csp.md)
+#### [RemoteFind DDF file](remotefind-ddf-file.md)
+### [RemoteLock CSP](remotelock-csp.md)
+#### [RemoteLock DDF file](remotelock-ddf-file.md)
+### [RemoteRing CSP](remotering-csp.md)
+#### [RemoteRing DDF file](remotering-ddf-file.md)
+### [RemoteWipe CSP](remotewipe-csp.md)
+#### [RemoteWipe DDF file](remotewipe-ddf-file.md)
+### [Reporting CSP](reporting-csp.md)
+#### [Reporting DDF file](reporting-ddf-file.md)
+### [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
+#### [RootCATrustedCertificates DDF file](rootcacertificates-ddf-file.md)
+### [SecureAssessment CSP](secureassessment-csp.md)
+#### [SecureAssessment DDF file](secureassessment-ddf-file.md)
+### [SecurityPolicy CSP](securitypolicy-csp.md)
+### [SharedPC CSP](sharedpc-csp.md)
+#### [SharedPC DDF file](sharedpc-ddf-file.md)
+### [Storage CSP](storage-csp.md)
+#### [Storage DDF file](storage-ddf-file.md)
+### [SUPL CSP](supl-csp.md)
+#### [SUPL DDF file](supl-ddf-file.md)
+### [SurfaceHub CSP](surfacehub-csp.md)
+#### [SurfaceHub DDF file](surfacehub-ddf-file.md)
+### [TenantLockdown CSP](tenantlockdown-csp.md)
+#### [TenantLockdown DDF file](tenantlockdown-ddf.md)
+### [TPMPolicy CSP](tpmpolicy-csp.md)
+#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md)
+### [UEFI CSP](uefi-csp.md)
+#### [UEFI DDF file](uefi-ddf.md)
+### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
+#### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md)
+### [Update CSP](update-csp.md)
+#### [Update DDF file](update-ddf-file.md)
+### [VPN CSP](vpn-csp.md)
+#### [VPN DDF file](vpn-ddf-file.md)
+### [VPNv2 CSP](vpnv2-csp.md)
+#### [VPNv2 DDF file](vpnv2-ddf-file.md)
+#### [ProfileXML XSD](vpnv2-profile-xsd.md)
+#### [EAP configuration](eap-configuration.md)
+### [w4 APPLICATION CSP](w4-application-csp.md)
+### [w7 APPLICATION CSP](w7-application-csp.md)
+### [WiFi CSP](wifi-csp.md)
+#### [WiFi DDF file](wifi-ddf-file.md)
+### [Win32AppInventory CSP](win32appinventory-csp.md)
+#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md)
+### [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)
+#### [Win32CompatibilityAppraiser DDF file](win32compatibilityappraiser-ddf.md)
+### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
+#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md)
+### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
+#### [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md)
+### [WindowsLicensing CSP](windowslicensing-csp.md)
+#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md)
+### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
+#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md)
+### [WiredNetwork CSP](wirednetwork-csp.md)
+#### [WiredNetwork DDF file](wirednetwork-ddf-file.md)

windows/client-management/mdm/TOC.yml

@@ -1,954 +0,0 @@
-- name: Mobile device management
-  href: index.md
-  items: 
-    - name: What's new in MDM enrollment and management
-      href: new-in-windows-mdm-enrollment-management.md
-      items: 
-        - name: Change history for MDM documentation
-          href: change-history-for-mdm-documentation.md
-    - name: Mobile device enrollment
-      href: mobile-device-enrollment.md
-      items: 
-        - name: MDM enrollment of Windows devices
-          href: mdm-enrollment-of-windows-devices.md
-          items: 
-            - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal"
-              href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
-        - name: Enroll a Windows 10 device automatically using Group Policy
-          href: enroll-a-windows-10-device-automatically-using-group-policy.md
-        - name: Federated authentication device enrollment
-          href: federated-authentication-device-enrollment.md
-        - name: Certificate authentication device enrollment
-          href: certificate-authentication-device-enrollment.md
-        - name: On-premises authentication device enrollment
-          href: on-premise-authentication-device-enrollment.md
-    - name: Understanding ADMX-backed policies
-      href: understanding-admx-backed-policies.md
-    - name: Enable ADMX-backed policies in MDM
-      href: enable-admx-backed-policies-in-mdm.md
-    - name: Win32 and Desktop Bridge app policy configuration
-      href: win32-and-centennial-app-policy-configuration.md
-    - name: Implement server-side support for mobile application management on Windows
-      href: implement-server-side-mobile-application-management.md
-    - name: Diagnose MDM failures in Windows 10
-      href: diagnose-mdm-failures-in-windows-10.md
-    - name: Deploy and configure App-V apps using MDM
-      href: appv-deploy-and-config.md
-    - name: Azure Active Directory integration with MDM
-      href: azure-active-directory-integration-with-mdm.md
-      items: 
-        - name: Add an Azure AD tenant and Azure AD subscription
-          href: add-an-azure-ad-tenant-and-azure-ad-subscription.md
-        - name: Register your free Azure Active Directory subscription
-          href: register-your-free-azure-active-directory-subscription.md
-    - name: Enterprise app management
-      href: enterprise-app-management.md
-    - name: Mobile device management (MDM) for device updates
-      href: device-update-management.md
-    - name: Bulk enrollment
-      href: bulk-enrollment-using-windows-provisioning-tool.md
-    - name: Management tool for the Microsoft Store for Business
-      href: management-tool-for-windows-store-for-business.md
-      items: 
-        - name: REST API reference for Microsoft Store for Business
-          href: rest-api-reference-windows-store-for-business.md
-          items: 
-            - name: Data structures for Microsoft Store for Business
-              href: data-structures-windows-store-for-business.md
-            - name: Get Inventory
-              href: get-inventory.md
-            - name: Get product details
-              href: get-product-details.md
-            - name: Get localized product details
-              href: get-localized-product-details.md
-            - name: Get offline license
-              href: get-offline-license.md
-            - name: Get product packages
-              href: get-product-packages.md
-            - name: Get product package
-              href: get-product-package.md
-            - name: Get seats
-              href: get-seats.md
-            - name: Get seat
-              href: get-seat.md
-            - name: Assign seats
-              href: assign-seats.md
-            - name: Reclaim seat from user
-              href: reclaim-seat-from-user.md
-            - name: Bulk assign and reclaim seats from users
-              href: bulk-assign-and-reclaim-seats-from-user.md
-            - name: Get seats assigned to a user
-              href: get-seats-assigned-to-a-user.md
-    - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
-      href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
-    - name: Certificate renewal
-      href: certificate-renewal-windows-mdm.md
-    - name: Disconnecting from the management infrastructure (unenrollment)
-      href: disconnecting-from-mdm-unenrollment.md
-    - name: Enterprise settings, policies, and app management
-      href: windows-mdm-enterprise-settings.md
-    - name: Push notification support for device management
-      href: push-notification-windows-mdm.md
-    - name: OMA DM protocol support
-      href: oma-dm-protocol-support.md
-    - name: Structure of OMA DM provisioning files
-      href: structure-of-oma-dm-provisioning-files.md
-    - name: Server requirements for OMA DM
-      href: server-requirements-windows-mdm.md
-    - name: DMProcessConfigXMLFiltered
-      href: dmprocessconfigxmlfiltered.md
-    - name: Using PowerShell scripting with the WMI Bridge Provider
-      href: using-powershell-scripting-with-the-wmi-bridge-provider.md
-    - name: WMI providers supported in Windows 10
-      href: wmi-providers-supported-in-windows.md
-    - name: Configuration service provider reference
-      href: configuration-service-provider-reference.md
-      items: 
-        - name: AccountManagement CSP
-          href: accountmanagement-csp.md
-          items: 
-            - name: AccountManagement DDF file
-              href: accountmanagement-ddf.md
-        - name: Accounts CSP
-          href: accounts-csp.md
-          items: 
-            - name: Accounts DDF file
-              href: accounts-ddf-file.md
-        - name: ActiveSync CSP
-          href: activesync-csp.md
-          items: 
-            - name: ActiveSync DDF file
-              href: activesync-ddf-file.md
-        - name: AllJoynManagement CSP
-          href: alljoynmanagement-csp.md
-          items: 
-            - name: AllJoynManagement DDF
-              href: alljoynmanagement-ddf.md
-        - name: APPLICATION CSP
-          href: application-csp.md
-        - name: ApplicationControl CSP
-          href: applicationcontrol-csp.md
-          items: 
-            - name: ApplicationControl DDF file
-              href: applicationcontrol-csp-ddf.md
-        - name: AppLocker CSP
-          href: applocker-csp.md
-          items: 
-            - name: AppLocker DDF file
-              href: applocker-ddf-file.md
-            - name: AppLocker XSD
-              href: applocker-xsd.md
-        - name: AssignedAccess CSP
-          href: assignedaccess-csp.md
-          items: 
-            - name: AssignedAccess DDF file
-              href: assignedaccess-ddf.md
-        - name: BitLocker CSP
-          href: bitlocker-csp.md
-          items: 
-            - name: BitLocker DDF file
-              href: bitlocker-ddf-file.md
-        - name: BOOTSTRAP CSP
-          href: bootstrap-csp.md
-        - name: BrowserFavorite CSP
-          href: browserfavorite-csp.md
-        - name: CellularSettings CSP
-          href: cellularsettings-csp.md
-        - name: CertificateStore CSP
-          href: certificatestore-csp.md
-          items: 
-            - name: CertificateStore DDF file
-              href: certificatestore-ddf-file.md
-        - name: CleanPC CSP
-          href: cleanpc-csp.md
-          items: 
-            - name: CleanPC DDF
-              href: cleanpc-ddf.md
-        - name: ClientCertificateInstall CSP
-          href: clientcertificateinstall-csp.md
-          items: 
-            - name: ClientCertificateInstall DDF file
-              href: clientcertificateinstall-ddf-file.md
-        - name: CM_CellularEntries CSP
-          href: cm-cellularentries-csp.md
-        - name: CM_ProxyEntries CSP
-          href: cm-proxyentries-csp.md
-        - name: CMPolicy CSP
-          href: cmpolicy-csp.md
-        - name: CMPolicyEnterprise CSP
-          href: cmpolicyenterprise-csp.md
-          items: 
-            - name: CMPolicyEnterprise DDF file
-              href: cmpolicyenterprise-ddf-file.md
-        - name: CustomDeviceUI CSP
-          href: customdeviceui-csp.md
-          items: 
-            - name: CustomDeviceUI DDF file
-              href: customdeviceui-ddf.md
-        - name: Defender CSP
-          href: defender-csp.md
-          items: 
-            - name: Defender DDF file
-              href: defender-ddf.md
-        - name: DevDetail CSP
-          href: devdetail-csp.md
-          items: 
-            - name: DevDetail DDF file
-              href: devdetail-ddf-file.md
-        - name: DeveloperSetup CSP
-          href: developersetup-csp.md
-          items: 
-            - name: DeveloperSetup DDF
-              href: developersetup-ddf.md
-        - name: DeviceInstanceService CSP
-          href: deviceinstanceservice-csp.md
-        - name: DeviceLock CSP
-          href: devicelock-csp.md
-          items: 
-            - name: DeviceLock DDF file
-              href: devicelock-ddf-file.md
-        - name: DeviceManageability CSP
-          href: devicemanageability-csp.md
-          items: 
-            - name: DeviceManageability DDF
-              href: devicemanageability-ddf.md
-        - name: DeviceStatus CSP
-          href: devicestatus-csp.md
-          items: 
-            - name: DeviceStatus DDF
-              href: devicestatus-ddf.md
-        - name: DevInfo CSP
-          href: devinfo-csp.md
-          items: 
-            - name: DevInfo DDF file
-              href: devinfo-ddf-file.md
-        - name: DiagnosticLog CSP
-          href: diagnosticlog-csp.md
-          items: 
-            - name: DiagnosticLog DDF file
-              href: diagnosticlog-ddf.md
-        - name: DMAcc CSP
-          href: dmacc-csp.md
-          items: 
-            - name: DMAcc DDF file
-              href: dmacc-ddf-file.md
-        - name: DMClient CSP
-          href: dmclient-csp.md
-          items: 
-            - name: DMClient DDF file
-              href: dmclient-ddf-file.md
-        - name: DMSessionActions CSP
-          href: dmsessionactions-csp.md
-          items: 
-            - name: DMSessionActions DDF file
-              href: dmsessionactions-ddf.md
-        - name: DynamicManagement CSP
-          href: dynamicmanagement-csp.md
-          items: 
-            - name: DynamicManagement DDF file
-              href: dynamicmanagement-ddf.md
-        - name: EMAIL2 CSP
-          href: email2-csp.md
-          items: 
-            - name: EMAIL2 DDF file
-              href: email2-ddf-file.md
-        - name: EnrollmentStatusTracking CSP
-          href: enrollmentstatustracking-csp.md
-          items: 
-            - name: EnrollmentStatusTracking DDF file
-              href: enrollmentstatustracking-csp-ddf.md
-        - name: EnterpriseAPN CSP
-          href: enterpriseapn-csp.md
-          items: 
-            - name: EnterpriseAPN DDF
-              href: enterpriseapn-ddf.md
-        - name: EnterpriseAppManagement CSP
-          href: enterpriseappmanagement-csp.md
-        - name: EnterpriseAppVManagement CSP
-          href: enterpriseappvmanagement-csp.md
-          items: 
-            - name: EnterpriseAppVManagement DDF file
-              href: enterpriseappvmanagement-ddf.md
-        - name: EnterpriseAssignedAccess CSP
-          href: enterpriseassignedaccess-csp.md
-          items: 
-            - name: EnterpriseAssignedAccess DDF file
-              href: enterpriseassignedaccess-ddf.md
-            - name: EnterpriseAssignedAccess XSD
-              href: enterpriseassignedaccess-xsd.md
-        - name: EnterpriseDataProtection CSP
-          href: enterprisedataprotection-csp.md
-          items: 
-            - name: EnterpriseDataProtection DDF file
-              href: enterprisedataprotection-ddf-file.md
-        - name: EnterpriseDesktopAppManagement CSP
-          href: enterprisedesktopappmanagement-csp.md
-          items: 
-            - name: EnterpriseDesktopAppManagement DDF
-              href: enterprisedesktopappmanagement-ddf-file.md
-            - name: EnterpriseDesktopAppManagement XSD
-              href: enterprisedesktopappmanagement2-xsd.md
-        - name: EnterpriseExt CSP
-          href: enterpriseext-csp.md
-          items: 
-            - name: EnterpriseExt DDF file
-              href: enterpriseext-ddf.md
-        - name: EnterpriseExtFileSystem CSP
-          href: enterpriseextfilessystem-csp.md
-          items: 
-            - name: EnterpriseExtFileSystem DDF file
-              href: enterpriseextfilesystem-ddf.md
-        - name: EnterpriseModernAppManagement CSP
-          href: enterprisemodernappmanagement-csp.md
-          items: 
-            - name: EnterpriseModernAppManagement DDF
-              href: enterprisemodernappmanagement-ddf.md
-            - name: EnterpriseModernAppManagement XSD
-              href: enterprisemodernappmanagement-xsd.md
-        - name: eUICCs CSP
-          href: euiccs-csp.md
-          items: 
-            - name: eUICCs DDF file
-              href: euiccs-ddf-file.md
-        - name: FileSystem CSP
-          href: filesystem-csp.md
-        - name: Firewall CSP
-          href: firewall-csp.md
-          items: 
-            - name: Firewall DDF file
-              href: firewall-ddf-file.md
-        - name: HealthAttestation CSP
-          href: healthattestation-csp.md
-          items: 
-            - name: HealthAttestation DDF
-              href: healthattestation-ddf.md
-        - name: HotSpot CSP
-          href: hotspot-csp.md
-        - name: Maps CSP
-          href: maps-csp.md
-          items: 
-            - name: Maps DDF
-              href: maps-ddf-file.md
-        - name: Messaging CSP
-          href: messaging-csp.md
-          items: 
-            - name: Messaging DDF file
-              href: messaging-ddf.md
-        - name: MultiSIM CSP
-          href: multisim-csp.md
-          items: 
-            - name: MultiSIM DDF file
-              href: multisim-ddf.md
-        - name: NAP CSP
-          href: nap-csp.md
-        - name: NAPDEF CSP
-          href: napdef-csp.md
-        - name: NetworkProxy CSP
-          href: networkproxy-csp.md
-          items: 
-            - name: NetworkProxy DDF file
-              href: networkproxy-ddf.md
-        - name: NetworkQoSPolicy CSP
-          href: networkqospolicy-csp.md
-          items: 
-            - name: NetworkQoSPolicy DDF file
-              href: networkqospolicy-ddf.md
-        - name: NodeCache CSP
-          href: nodecache-csp.md
-          items: 
-            - name: NodeCache DDF file
-              href: nodecache-ddf-file.md
-        - name: Office CSP
-          href: office-csp.md
-          items: 
-            - name: Office DDF
-              href: office-ddf.md
-        - name: PassportForWork CSP
-          href: passportforwork-csp.md
-          items: 
-            - name: PassportForWork DDF file
-              href: passportforwork-ddf.md
-        - name: Personalization CSP
-          href: personalization-csp.md
-          items: 
-            - name: Personalization DDF file
-              href: personalization-ddf.md
-        - name: Policy CSP
-          href: policy-configuration-service-provider.md
-          items: 
-            - name: Policy CSP DDF file
-              href: policy-ddf-file.md
-            - name: Policies in Policy CSP supported by Group Policy
-              href: policies-in-policy-csp-supported-by-group-policy.md
-            - name: ADMX-backed policies in Policy CSP
-              href: policies-in-policy-csp-admx-backed.md
-            - name: Policies in Policy CSP supported by HoloLens 2
-              href: policies-in-policy-csp-supported-by-hololens2.md
-            - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
-              href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
-            - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
-              href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
-            - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-              href: ./configuration-service-provider-reference.md
-            - name: Policies in Policy CSP supported by Windows 10 IoT Core
-              href: policies-in-policy-csp-supported-by-iot-core.md
-            - name: Policies in Policy CSP supported by Microsoft Surface Hub
-              href: policies-in-policy-csp-supported-by-surface-hub.md
-            - name: Policy CSPs that can be set using Exchange Active Sync (EAS)
-              href: policies-in-policy-csp-that-can-be-set-using-eas.md
-            - name: AboveLock
-              href: policy-csp-abovelock.md
-            - name: Accounts
-              href: policy-csp-accounts.md
-            - name: ActiveXControls
-              href: policy-csp-activexcontrols.md
-            - name: ADMX_ActiveXInstallService
-              href: policy-csp-admx-activexinstallservice.md
-            - name: ADMX_AddRemovePrograms
-              href: policy-csp-admx-addremoveprograms.md
-            - name: ADMX_AppCompat
-              href: policy-csp-admx-appcompat.md
-            - name: ADMX_AppxPackageManager
-              href: policy-csp-admx-appxpackagemanager.md
-            - name: ADMX_AppXRuntime
-              href: policy-csp-admx-appxruntime.md
-            - name: ADMX_AttachmentManager
-              href: policy-csp-admx-attachmentmanager.md
-            - name: ADMX_AuditSettings
-              href: policy-csp-admx-auditsettings.md
-            - name: ADMX_Bits
-              href: policy-csp-admx-bits.md
-            - name: ADMX_CipherSuiteOrder
-              href: policy-csp-admx-ciphersuiteorder.md
-            - name: ADMX_COM
-              href: policy-csp-admx-com.md
-            - name: ADMX_ControlPanel
-              href: policy-csp-admx-controlpanel.md
-            - name: ADMX_ControlPanelDisplay
-              href: policy-csp-admx-controlpaneldisplay.md
-            - name: ADMX_Cpls
-              href: policy-csp-admx-cpls.md
-            - name: ADMX_CredentialProviders
-              href: policy-csp-admx-credentialproviders.md
-            - name: ADMX_CredSsp
-              href: policy-csp-admx-credssp.md
-            - name: ADMX_CredUI
-              href: policy-csp-admx-credui.md
-            - name: ADMX_CtrlAltDel
-              href: policy-csp-admx-ctrlaltdel.md
-            - name: ADMX_DataCollection
-              href: policy-csp-admx-datacollection.md
-            - name: ADMX_Desktop
-              href: policy-csp-admx-desktop.md
-            - name: ADMX_DeviceInstallation
-              href: policy-csp-admx-deviceinstallation.md
-            - name: ADMX_DeviceSetup
-              href: policy-csp-admx-devicesetup.md
-            - name: ADMX_DigitalLocker
-              href: policy-csp-admx-digitallocker.md
-            - name: ADMX_DistributedLinkTracking
-              href: policy-csp-admx-distributedlinktracking.md
-            - name: ADMX_DnsClient
-              href: policy-csp-admx-dnsclient.md
-            - name: ADMX_DWM
-              href: policy-csp-admx-dwm.md
-            - name: ADMX_EAIME
-              href: policy-csp-admx-eaime.md
-            - name: ADMX_EncryptFilesonMove
-              href: policy-csp-admx-encryptfilesonmove.md
-            - name: ADMX_EnhancedStorage
-              href: policy-csp-admx-enhancedstorage.md
-            - name: ADMX_ErrorReporting
-              href: policy-csp-admx-errorreporting.md
-            - name: ADMX_EventForwarding
-              href: policy-csp-admx-eventforwarding.md
-            - name: ADMX_EventLog
-              href: policy-csp-admx-eventlog.md
-            - name: ADMX_Explorer
-              href: policy-csp-admx-explorer.md
-            - name: ADMX_FileRecovery
-              href: policy-csp-admx-filerecovery.md
-            - name: ADMX_FileServerVSSProvider
-              href: policy-csp-admx-fileservervssprovider.md
-            - name: ADMX_FileSys
-              href: policy-csp-admx-filesys.md
-            - name: ADMX_FolderRedirection
-              href: policy-csp-admx-folderredirection.md
-            - name: ADMX_Globalization
-              href: policy-csp-admx-globalization.md
-            - name: ADMX_GroupPolicy
-              href: policy-csp-admx-grouppolicy.md
-            - name: ADMX_Help
-              href: policy-csp-admx-help.md
-            - name: ADMX_HelpAndSupport
-              href: policy-csp-admx-helpandsupport.md
-            - name: ADMX_ICM
-              href: policy-csp-admx-icm.md
-            - name: ADMX_kdc
-              href: policy-csp-admx-kdc.md
-            - name: ADMX_Kerberos
-              href: policy-csp-admx-kerberos.md
-            - name: ADMX_LanmanServer
-              href: policy-csp-admx-lanmanserver.md
-            - name: ADMX_LanmanWorkstation
-              href: policy-csp-admx-lanmanworkstation.md
-            - name: ADMX_LinkLayerTopologyDiscovery
-              href: policy-csp-admx-linklayertopologydiscovery.md
-            - name: ADMX_Logon
-              href: policy-csp-admx-logon.md
-            - name: ADMX_MicrosoftDefenderAntivirus
-              href: policy-csp-admx-microsoftdefenderantivirus.md
-            - name: ADMX_MMC
-              href: policy-csp-admx-mmc.md
-            - name: ADMX_MMCSnapins
-              href: policy-csp-admx-mmcsnapins.md
-            - name: ADMX_MSAPolicy
-              href: policy-csp-admx-msapolicy.md
-            - name: ADMX_msched
-              href: policy-csp-admx-msched.md
-            - name: ADMX_MSDT
-              href: policy-csp-admx-msdt.md
-            - name: ADMX_MSI
-              href: policy-csp-admx-msi.md
-            - name: ADMX_nca
-              href: policy-csp-admx-nca.md
-            - name: ADMX_NCSI
-              href: policy-csp-admx-ncsi.md
-            - name: ADMX_Netlogon
-              href: policy-csp-admx-netlogon.md
-            - name: ADMX_NetworkConnections
-              href: policy-csp-admx-networkconnections.md
-            - name: ADMX_OfflineFiles
-              href: policy-csp-admx-offlinefiles.md
-            - name: ADMX_PeerToPeerCaching
-              href: policy-csp-admx-peertopeercaching.md
-            - name: ADMX_PerformanceDiagnostics
-              href: policy-csp-admx-performancediagnostics.md
-            - name: ADMX_Power
-              href: policy-csp-admx-power.md
-            - name: ADMX_PowerShellExecutionPolicy
-              href: policy-csp-admx-powershellexecutionpolicy.md
-            - name: ADMX_Printing
-              href: policy-csp-admx-printing.md
-            - name: ADMX_Printing2
-              href: policy-csp-admx-printing2.md
-            - name: ADMX_Programs
-              href: policy-csp-admx-programs.md
-            - name: ADMX_Reliability
-              href: policy-csp-admx-reliability.md
-            - name: ADMX_RemoteAssistance
-              href: policy-csp-admx-remoteassistance.md
-            - name: ADMX_RemovableStorage
-              href: policy-csp-admx-removablestorage.md
-            - name: ADMX_RPC
-              href: policy-csp-admx-rpc.md
-            - name: ADMX_Scripts
-              href: policy-csp-admx-scripts.md
-            - name: ADMX_sdiageng
-              href: policy-csp-admx-sdiageng.md
-            - name: ADMX_Securitycenter
-              href: policy-csp-admx-securitycenter.md
-            - name: ADMX_Sensors
-              href: policy-csp-admx-sensors.md
-            - name: ADMX_Servicing
-              href: policy-csp-admx-servicing.md
-            - name: ADMX_SettingSync
-              href: policy-csp-admx-settingsync.md
-            - name: ADMX_SharedFolders
-              href: policy-csp-admx-sharedfolders.md
-            - name: ADMX_Sharing
-              href: policy-csp-admx-sharing.md
-            - name: ADMX_ShellCommandPromptRegEditTools
-              href: policy-csp-admx-shellcommandpromptregedittools.md
-            - name: ADMX_SkyDrive
-              href: policy-csp-admx-skydrive.md
-            - name: ADMX_Smartcard
-              href: policy-csp-admx-smartcard.md
-            - name: ADMX_Snmp
-              href: policy-csp-admx-snmp.md
-            - name: ADMX_StartMenu
-              href: policy-csp-admx-startmenu.md
-            - name: ADMX_SystemRestore
-              href: policy-csp-admx-systemrestore.md
-            - name: ADMX_Taskbar
-              href: policy-csp-admx-taskbar.md
-            - name: ADMX_tcpip
-              href: policy-csp-admx-tcpip.md
-            - name: ADMX_Thumbnails
-              href: policy-csp-admx-thumbnails.md
-            - name: ADMX_TPM
-              href: policy-csp-admx-tpm.md
-            - name: ADMX_UserExperienceVirtualization
-              href: policy-csp-admx-userexperiencevirtualization.md
-            - name: ADMX_UserProfiles
-              href: policy-csp-admx-userprofiles.md
-            - name: ADMX_W32Time
-              href: policy-csp-admx-w32time.md
-            - name: ADMX_WCM
-              href: policy-csp-admx-wcm.md
-            - name: ADMX_WinCal
-              href: policy-csp-admx-wincal.md
-            - name: ADMX_WindowsAnytimeUpgrade
-              href: policy-csp-admx-windowsanytimeupgrade.md
-            - name: ADMX_WindowsConnectNow
-              href: policy-csp-admx-windowsconnectnow.md
-            - name: ADMX_WindowsExplorer
-              href: policy-csp-admx-windowsexplorer.md
-            - name: ADMX_WindowsFileProtection
-              href: policy-csp-admx-windowsfileprotection.md
-            - name: ADMX_WindowsMediaDRM
-              href: policy-csp-admx-windowsmediadrm.md
-            - name: ADMX_WindowsMediaPlayer
-              href: policy-csp-admx-windowsmediaplayer.md
-            - name: ADMX_WindowsRemoteManagement
-              href: policy-csp-admx-windowsremotemanagement.md
-            - name: ADMX_WindowsStore
-              href: policy-csp-admx-windowsstore.md
-            - name: ADMX_WinInit
-              href: policy-csp-admx-wininit.md
-            - name: ADMX_WinLogon
-              href: policy-csp-admx-winlogon.md
-            - name: ADMX-Winsrv
-              href: policy-csp-admx-winsrv.md
-            - name: ADMX_wlansvc
-              href: policy-csp-admx-wlansvc.md
-            - name: ADMX_WPN
-              href: policy-csp-admx-wpn.md
-            - name: ApplicationDefaults
-              href: policy-csp-applicationdefaults.md
-            - name: ApplicationManagement
-              href: policy-csp-applicationmanagement.md
-            - name: AppRuntime
-              href: policy-csp-appruntime.md
-            - name: AppVirtualization
-              href: policy-csp-appvirtualization.md
-            - name: AttachmentManager
-              href: policy-csp-attachmentmanager.md
-            - name: Audit
-              href: policy-csp-audit.md
-            - name: Authentication
-              href: policy-csp-authentication.md
-            - name: Autoplay
-              href: policy-csp-autoplay.md
-            - name: BitLocker
-              href: policy-csp-bitlocker.md
-            - name: BITS
-              href: policy-csp-bits.md
-            - name: Bluetooth
-              href: policy-csp-bluetooth.md
-            - name: Browser
-              href: policy-csp-browser.md
-            - name: Camera
-              href: policy-csp-camera.md
-            - name: Cellular
-              href: policy-csp-cellular.md
-            - name: Connectivity
-              href: policy-csp-connectivity.md
-            - name: ControlPolicyConflict
-              href: policy-csp-controlpolicyconflict.md
-            - name: CredentialsDelegation
-              href: policy-csp-credentialsdelegation.md
-            - name: CredentialProviders
-              href: policy-csp-credentialproviders.md
-            - name: CredentialsUI
-              href: policy-csp-credentialsui.md
-            - name: Cryptography
-              href: policy-csp-cryptography.md
-            - name: DataProtection
-              href: policy-csp-dataprotection.md
-            - name: DataUsage
-              href: policy-csp-datausage.md
-            - name: Defender
-              href: policy-csp-defender.md
-            - name: DeliveryOptimization
-              href: policy-csp-deliveryoptimization.md
-            - name: Desktop
-              href: policy-csp-desktop.md
-            - name: DeviceGuard
-              href: policy-csp-deviceguard.md
-            - name: DeviceHealthMonitoring
-              href: policy-csp-devicehealthmonitoring.md
-            - name: DeviceInstallation
-              href: policy-csp-deviceinstallation.md
-            - name: DeviceLock
-              href: policy-csp-devicelock.md
-            - name: Display
-              href: policy-csp-display.md
-            - name: DmaGuard
-              href: policy-csp-dmaguard.md
-            - name: Education
-              href: policy-csp-education.md
-            - name: EnterpriseCloudPrint
-              href: policy-csp-enterprisecloudprint.md
-            - name: ErrorReporting
-              href: policy-csp-errorreporting.md
-            - name: EventLogService
-              href: policy-csp-eventlogservice.md
-            - name: Experience
-              href: policy-csp-experience.md
-            - name: ExploitGuard
-              href: policy-csp-exploitguard.md
-            - name: FileExplorer
-              href: policy-csp-fileexplorer.md
-            - name: Games
-              href: policy-csp-games.md
-            - name: Handwriting
-              href: policy-csp-handwriting.md
-            - name: InternetExplorer
-              href: policy-csp-internetexplorer.md
-            - name: Kerberos
-              href: policy-csp-kerberos.md
-            - name: KioskBrowser
-              href: policy-csp-kioskbrowser.md
-            - name: LanmanWorkstation
-              href: policy-csp-lanmanworkstation.md
-            - name: Licensing
-              href: policy-csp-licensing.md
-            - name: LocalPoliciesSecurityOptions
-              href: policy-csp-localpoliciessecurityoptions.md
-            - name: LocalUsersAndGroups
-              href: policy-csp-localusersandgroups.md
-            - name: LockDown
-              href: policy-csp-lockdown.md
-            - name: Maps
-              href: policy-csp-maps.md
-            - name: Messaging
-              href: policy-csp-messaging.md
-            - name: MixedReality
-              href: policy-csp-mixedreality.md
-            - name: MSSecurityGuide
-              href: policy-csp-mssecurityguide.md
-            - name: MSSLegacy
-              href: policy-csp-msslegacy.md
-            - name: Multitasking
-              href: policy-csp-multitasking.md
-            - name: NetworkIsolation
-              href: policy-csp-networkisolation.md
-            - name: Notifications
-              href: policy-csp-notifications.md
-            - name: Power
-              href: policy-csp-power.md
-            - name: Printers
-              href: policy-csp-printers.md
-            - name: Privacy
-              href: policy-csp-privacy.md
-            - name: RemoteAssistance
-              href: policy-csp-remoteassistance.md
-            - name: RemoteDesktopServices
-              href: policy-csp-remotedesktopservices.md
-            - name: RemoteManagement
-              href: policy-csp-remotemanagement.md
-            - name: RemoteProcedureCall
-              href: policy-csp-remoteprocedurecall.md
-            - name: RemoteShell
-              href: policy-csp-remoteshell.md
-            - name: RestrictedGroups
-              href: policy-csp-restrictedgroups.md
-            - name: Search
-              href: policy-csp-search.md
-            - name: Security
-              href: policy-csp-security.md
-            - name: ServiceControlManager
-              href: policy-csp-servicecontrolmanager.md
-            - name: Settings
-              href: policy-csp-settings.md
-            - name: Speech
-              href: policy-csp-speech.md
-            - name: Start
-              href: policy-csp-start.md
-            - name: Storage
-              href: policy-csp-storage.md
-            - name: System
-              href: policy-csp-system.md
-            - name: SystemServices
-              href: policy-csp-systemservices.md
-            - name: TaskManager
-              href: policy-csp-taskmanager.md
-            - name: TaskScheduler
-              href: policy-csp-taskscheduler.md
-            - name: TextInput
-              href: policy-csp-textinput.md
-            - name: TimeLanguageSettings
-              href: policy-csp-timelanguagesettings.md
-            - name: Troubleshooting
-              href: policy-csp-troubleshooting.md
-            - name: Update
-              href: policy-csp-update.md
-            - name: UserRights
-              href: policy-csp-userrights.md
-            - name: Wifi
-              href: policy-csp-wifi.md
-            - name: WindowsConnectionManager
-              href: policy-csp-windowsconnectionmanager.md
-            - name: WindowsDefenderSecurityCenter
-              href: policy-csp-windowsdefendersecuritycenter.md
-            - name: WindowsDefenderSmartScreen
-              href: policy-csp-smartscreen.md
-            - name: WindowsInkWorkspace
-              href: policy-csp-windowsinkworkspace.md
-            - name: WindowsLogon
-              href: policy-csp-windowslogon.md
-            - name: WindowsPowerShell
-              href: policy-csp-windowspowershell.md
-            - name: WindowsSandbox
-              href: policy-csp-windowssandbox.md
-            - name: WirelessDisplay
-              href: policy-csp-wirelessdisplay.md
-        - name: PolicyManager CSP
-          href: policymanager-csp.md
-        - name: Provisioning CSP
-          href: provisioning-csp.md
-        - name: PROXY CSP
-          href: proxy-csp.md
-        - name: PXLOGICAL CSP
-          href: pxlogical-csp.md
-        - name: Reboot CSP
-          href: reboot-csp.md
-          items: 
-            - name: Reboot DDF file
-              href: reboot-ddf-file.md
-        - name: Registry CSP
-          href: registry-csp.md
-          items: 
-            - name: Registry DDF file
-              href: registry-ddf-file.md
-        - name: RemoteFind CSP
-          href: remotefind-csp.md
-          items: 
-            - name: RemoteFind DDF file
-              href: remotefind-ddf-file.md
-        - name: RemoteLock CSP
-          href: remotelock-csp.md
-          items: 
-            - name: RemoteLock DDF file
-              href: remotelock-ddf-file.md
-        - name: RemoteRing CSP
-          href: remotering-csp.md
-          items: 
-            - name: RemoteRing DDF file
-              href: remotering-ddf-file.md
-        - name: RemoteWipe CSP
-          href: remotewipe-csp.md
-          items: 
-            - name: RemoteWipe DDF file
-              href: remotewipe-ddf-file.md
-        - name: Reporting CSP
-          href: reporting-csp.md
-          items: 
-            - name: Reporting DDF file
-              href: reporting-ddf-file.md
-        - name: RootCATrustedCertificates CSP
-          href: rootcacertificates-csp.md
-          items: 
-            - name: RootCATrustedCertificates DDF file
-              href: rootcacertificates-ddf-file.md
-        - name: SecureAssessment CSP
-          href: secureassessment-csp.md
-          items: 
-            - name: SecureAssessment DDF file
-              href: secureassessment-ddf-file.md
-        - name: SecurityPolicy CSP
-          href: securitypolicy-csp.md
-        - name: SharedPC CSP
-          href: sharedpc-csp.md
-          items: 
-            - name: SharedPC DDF file
-              href: sharedpc-ddf-file.md
-        - name: Storage CSP
-          href: storage-csp.md
-          items: 
-            - name: Storage DDF file
-              href: storage-ddf-file.md
-        - name: SUPL CSP
-          href: supl-csp.md
-          items: 
-            - name: SUPL DDF file
-              href: supl-ddf-file.md
-        - name: SurfaceHub CSP
-          href: surfacehub-csp.md
-          items: 
-            - name: SurfaceHub DDF file
-              href: surfacehub-ddf-file.md
-        - name: TenantLockdown CSP
-          href: tenantlockdown-csp.md
-          items: 
-            - name: TenantLockdown DDF file
-              href: tenantlockdown-ddf.md
-        - name: TPMPolicy CSP
-          href: tpmpolicy-csp.md
-          items: 
-            - name: TPMPolicy DDF file
-              href: tpmpolicy-ddf-file.md
-        - name: UEFI CSP
-          href: uefi-csp.md
-          items: 
-            - name: UEFI DDF file
-              href: uefi-ddf.md
-        - name: UnifiedWriteFilter CSP
-          href: unifiedwritefilter-csp.md
-          items: 
-            - name: UnifiedWriteFilter DDF file
-              href: unifiedwritefilter-ddf.md
-        - name: Update CSP
-          href: update-csp.md
-          items: 
-            - name: Update DDF file
-              href: update-ddf-file.md
-        - name: VPN CSP
-          href: vpn-csp.md
-          items: 
-            - name: VPN DDF file
-              href: vpn-ddf-file.md
-        - name: VPNv2 CSP
-          href: vpnv2-csp.md
-          items: 
-            - name: VPNv2 DDF file
-              href: vpnv2-ddf-file.md
-            - name: ProfileXML XSD
-              href: vpnv2-profile-xsd.md
-            - name: EAP configuration
-              href: eap-configuration.md
-        - name: w4 APPLICATION CSP
-          href: w4-application-csp.md
-        - name: w7 APPLICATION CSP
-          href: w7-application-csp.md
-        - name: WiFi CSP
-          href: wifi-csp.md
-          items: 
-            - name: WiFi DDF file
-              href: wifi-ddf-file.md
-        - name: Win32AppInventory CSP
-          href: win32appinventory-csp.md
-          items: 
-            - name: Win32AppInventory DDF file
-              href: win32appinventory-ddf-file.md
-        - name: Win32CompatibilityAppraiser CSP
-          href: win32compatibilityappraiser-csp.md
-          items: 
-            - name: Win32CompatibilityAppraiser DDF file
-              href: win32compatibilityappraiser-ddf.md
-        - name: WindowsAdvancedThreatProtection CSP
-          href: windowsadvancedthreatprotection-csp.md
-          items: 
-            - name: WindowsAdvancedThreatProtection DDF file
-              href: windowsadvancedthreatprotection-ddf.md
-        - name: WindowsDefenderApplicationGuard CSP
-          href: windowsdefenderapplicationguard-csp.md
-          items: 
-            - name: WindowsDefenderApplicationGuard DDF file
-              href: windowsdefenderapplicationguard-ddf-file.md
-        - name: WindowsLicensing CSP
-          href: windowslicensing-csp.md
-          items: 
-            - name: WindowsLicensing DDF file
-              href: windowslicensing-ddf-file.md
-        - name: WindowsSecurityAuditing CSP
-          href: windowssecurityauditing-csp.md
-          items: 
-            - name: WindowsSecurityAuditing DDF file
-              href: windowssecurityauditing-ddf-file.md
-        - name: WiredNetwork CSP
-          href: wirednetwork-csp.md
-          items: 
-            - name: WiredNetwork DDF file
-              href: wirednetwork-ddf-file.md

windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md

@@ -194,7 +194,7 @@ On **MDT01**:
     2.  WinPE x64
     3.  Windows 10 x64
 3.  In the new Windows 10 x64 folder, create the following folder structure:
-    -   Dell Inc
+    -   Dell Inc.
         -   Latitude E7450
     -   Hewlett-Packard
         -   HP EliteBook 8560w
@@ -215,7 +215,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
     2.  WinPE x64
     3.  Windows 10 x64
 3.  In the **Windows 10 x64** folder, create the following folder structure:
-    -   Dell Inc
+    -   Dell Inc.
         -   Latitude E7450
     -   Hewlett-Packard
         -   HP EliteBook 8560w
@@ -304,15 +304,15 @@ On **MDT01**:
 
 For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
 
-In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc\\Latitude E7450** folder.
+In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc.\\Latitude E7450** folder.
 
 On **MDT01**:
 
-1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc** node.
+1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc.** node.
 
 2.  Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: 
 
-    **D:\\Drivers\\Windows 10 x64\\Dell Inc\\Latitude E7450**
+    **D:\\Drivers\\Windows 10 x64\\Dell Inc.\\Latitude E7450**
 
 ### For the HP EliteBook 8560w
 

windows/deployment/update/update-compliance-get-started.md

@@ -41,10 +41,40 @@ Update Compliance is offered as an Azure Marketplace application which is linked
 
 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this.
 2. Select **Get it now**.
-3. Choose an existing or configure a new Log Analytics Workspace. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data.
+3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
-   - [Desktop Analytics](/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
+   - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.
-   - [Azure Update Management](/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance.
+   - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
-4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created.
+4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.
+
+|Compatible Log Analytics regions |
+| ------------------------------- |
+|Australia Central |
+|Australia East |
+|Australia Southeast |
+|Brazil South |
+|Canada Central |
+|Central India |
+|Central US |
+|East Asia |
+|East US |
+|East US 2 |
+|Eastus2euap(canary) |
+|France Central |
+|Japan East |
+|Korea Central |
+|North Central US |
+|North Europe |
+|South Africa North |
+|South Central US |
+|Southeast Asia |
+|Switzerland North |
+|Switzerland West |
+|UK West |
+|UK south |
+|West Central US |
+|West Europe |
+|West US |
+|West US 2 |
 
 > [!NOTE]
 > It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
@@ -80,4 +110,4 @@ To download the script and learn what you need to configure and how to troublesh
 
 ### Configure devices manually
 
-It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
+It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).

windows/deployment/upgrade/quick-fixes.md

@@ -297,7 +297,7 @@ When you run Disk Cleanup and enable the option to Clean up system files, you ca
 > [!TIP]
 > It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool.
 
-To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). 
+To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then click **Yes** to confirm the elevation prompt. Screenshots and other steps to open an elevated command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). 
 
 Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23).
 

windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md

@@ -35,7 +35,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| 
+|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.| 
 |B | The Cloud AP provider requests a nonce from Azure Active Directory.  Azure AD returns a nonce. The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory.|
 |C | Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature.  After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.|
 |D | The Cloud AP provider receives the encrypted PRT with session key.  Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.|
@@ -47,9 +47,12 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication.  The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain.  Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.|
+|A | Authentication to Active Directory from an Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication.  The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain.  Using the hint, the provider uses the DClocator service to locate a 2016 domain controller. After the provider locates an active 2016 domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.|
 |B | The Kerberos provider sends the signed pre-authentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.<br>The 2016 domain controller determines the certificate is a self-signed certificate.  It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory.  It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory.  On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not be revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not been revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
+
+> [!NOTE]
+> You might have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Azure AD joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins.
 
 
 ## Azure AD join authentication to Active Directory using a Certificate
@@ -57,18 +60,22 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication.  The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate.  Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider use the private key to sign the Kerberos pre-authentication data.|
+|A | Authentication to Active Directory from a Azure AD joined device begins with the user first attempts to use a resource that needs Kerberos authentication.  The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate.  Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider uses the private key to sign the Kerberos pre-authentication data.|
 |B | The Kerberos provider sends the signed pre-authentication data and  user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate is not self-signed certificate.  The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked.  It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory.  It validates the signed pre-authentication data using the public key from the certificate.  On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not be revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not been revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
+
+> [!NOTE]
+> You may have an on-premises domain federated with Azure AD. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Azure AD to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation.  
+
 
 ## Hybrid Azure AD join authentication using a Key
 ![Hybrid Azure AD join authentication using a Key](images/howitworks/auth-haadj-keytrust.png)
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider.  The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
+|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider.  The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
 |B | The Kerberos provider sends the signed pre-authentication data and the user's public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the 2016 domain controller in the form of a KERB_AS_REQ.<br>The 2016 domain controller determines the certificate is a self-signed certificate.  It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory.  It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed pre-authentication data using the public key from Active Directory.  On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| 
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not be revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. 
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not been revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. 
 |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
 |E | Lsass informs winlogon of the success authentication.  Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
 |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.  The Cloud AP provider requests a nonce from Azure Active Directory.  Azure AD returns a nonce.|
@@ -82,9 +89,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the users dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider.  The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
+|A | Authentication begins when the user dismisses the lock screen, which triggers winlogon to show the Windows Hello for Business credential provider.  The user provides their Windows Hello gesture (PIN or biometrics).  The credential provider packages these credentials and returns them to winlogon.  Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider.  The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
 |B | The Kerberos provider sends the signed pre-authentication data and  user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate is not self-signed certificate.  The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and has not been revoked.  It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory.  It validates the signed pre-authentication data using the public key from the certificate.  On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.| 
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not be revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. 
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device.  Next, it ensures the certificate is within its validity period and that it has not been revoked.  The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. 
 |D | After passing this criteria, Kerberos returns the TGT to lsass, where it is cached and used for subsequent service ticket requests.|
 |E | Lsass informs winlogon of the success authentication.  Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
 |F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.  The Cloud AP provider requests a nonce from Azure Active Directory.  Azure AD returns a nonce.|

windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 01/21/2021
+ms.date: 04/26/2021
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -19,11 +19,12 @@ ms.technology: mde
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
+This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration.
 
 ## Frequently Asked Questions
 
 ### Can I enable Application Guard on machines equipped with 4-GB RAM?
+
 We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
@@ -34,25 +35,25 @@ We recommend 8-GB RAM for optimal performance but you can use the following regi
 
 ### Can employees download documents from the Application Guard Edge session onto host devices? 
 
-In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
+In Windows 10 Enterprise edition, version 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
 
-In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
+In Windows 10 Enterprise edition, version 1709, or Windows 10 Professional edition, version 1803, it is not possible to download files from the isolated Application Guard container to the host computer. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
 
 ### Can employees copy and paste between the host device and the Application Guard Edge session? 
 
 Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. 
 
-### Why don't employees see their Favorites in the Application Guard Edge session?
+### Why don't employees see their favorites in the Application Guard Edge session?
 
-To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. 
+To help keep the Application Guard Edge session secure and isolated from the host device, favorites that are stored in the Application Guard Edge session are not copied back to the host device. 
 
-### Why aren’t employees able to see their Extensions in the Application Guard Edge session?
+### Why aren’t employees able to see their extensions in the Application Guard Edge session?
 
-Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. 
+Currently, the Application Guard Edge session doesn't support extensions. However, we're closely monitoring your feedback about this. 
 
 ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? 
 
-Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. 
+Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. 
 
 ### Which Input Method Editors (IME) in 19H1 are not supported? 
 
@@ -102,7 +103,7 @@ Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnet
 Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
@@ -128,22 +129,25 @@ First rule (DHCP Server):
 Second rule (DHCP Client)
 This is the same as the first rule, but scoped to local port 68.
 In the Microsoft Defender Firewall user interface go through the following steps:
-1. Right click on inbound rules, create a new rule.
+1. Right-click on inbound rules, and then create a new rule.
 2. Choose **custom rule**.
-3. Program path: `%SystemRoot%\System32\svchost.exe`.
+3. Specify the following program path: `%SystemRoot%\System32\svchost.exe`.
-4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
+4. Specify the following settings:
-5. Any IP addresses.
+    - Protocol Type: UDP
-6. Allow the connection.
+    - Specific ports: 67
-7. All profiles.
+    - Remote port: any
-8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
+6. Specify any IP addresses.
-9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
+7. Allow the connection.
+8. Specify to use all profiles.
+9. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
+10. In the **Programs and services** tab, under the **Services** section, select **settings**. 
+11. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
 
 ### Why can I not launch Application Guard when Exploit Guard is enabled?
 
 There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**.
 
-
+### How can I disable portions of ICS without breaking Application Guard?
-### How can I have ICS in enabled state yet still use Application Guard?
 
 ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
 
@@ -161,6 +165,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 5. Reboot the device.
 
 ### Why doesn't the container fully load when device control policies are enabled?
+
 Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. 
 
 Policy: Allow installation of devices that match any of these device IDs 
@@ -184,4 +189,4 @@ Policy: Allow installation of devices using drivers that match these device setu
 
 ## See also
 
-[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md)
+[Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md)