Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into win10soffer

mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md

@@ -32,8 +32,8 @@ In the following sections, complete the instructions that correspond to the vers
     // Microsoft BitLocker Administration and Monitoring 
     //===================================================
 
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
     [ SMS_Report (TRUE),
       SMS_Group_Name ("BitLocker Encryption Details"),
       SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@@ -66,9 +66,9 @@ In the following sections, complete the instructions that correspond to the vers
         [ SMS_Report (TRUE) ]
         Boolean     IsAutoUnlockEnabled;
     };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
 
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
     [ SMS_Report(TRUE),
       SMS_Group_Name("BitLocker Policy"),
       SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")]
@@ -112,8 +112,8 @@ In the following sections, complete the instructions that correspond to the vers
     };
 
     //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
     [ SMS_Report     (TRUE),
       SMS_Group_Name ("Operating System Ex"),
       SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@@ -126,8 +126,8 @@ In the following sections, complete the instructions that correspond to the vers
     };
 
     //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
     [ SMS_Report     (TRUE),
       SMS_Group_Name ("Computer System Ex"),
       SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
@@ -194,8 +194,8 @@ In the following sections, complete the instructions that correspond to the vers
     // Microsoft BitLocker Administration and Monitoring 
     //===================================================
 
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
     [ SMS_Report (TRUE),
       SMS_Group_Name ("BitLocker Encryption Details"),
       SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@@ -229,8 +229,8 @@ In the following sections, complete the instructions that correspond to the vers
         Boolean     IsAutoUnlockEnabled;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
     [ SMS_Report(TRUE),
       SMS_Group_Name("BitLocker Policy"),
       SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@@ -275,8 +275,8 @@ In the following sections, complete the instructions that correspond to the vers
         string    EncodedComputerName;
     };
 
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
     [ SMS_Report(TRUE),
       SMS_Group_Name("BitLocker Policy"),
       SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@@ -322,8 +322,8 @@ In the following sections, complete the instructions that correspond to the vers
     };
 
     //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
     [ SMS_Report     (TRUE),
       SMS_Group_Name ("Operating System Ex"),
       SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@@ -336,8 +336,8 @@ In the following sections, complete the instructions that correspond to the vers
     };
 
     //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
     [ SMS_Report     (TRUE),
       SMS_Group_Name ("Computer System Ex"),
       SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]

windows/application-management/change-history-for-application-management.md

@@ -18,6 +18,6 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 | New or changed topic | Description |
 | --- | --- |
 | [Service Host process refactoring](svchost-service-refactoring.md) | New |
-| [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | New |
+| [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | New |
 
 

windows/client-management/mdm/TOC.md

@@ -203,6 +203,7 @@
 #### [InternetExplorer](policy-csp-internetexplorer.md)
 #### [Kerberos](policy-csp-kerberos.md)
 #### [Licensing](policy-csp-licensing.md)
+#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
 #### [Location](policy-csp-location.md)
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/28/2017
+ms.date: 08/04/2017
 ---
 
 # What's new in MDM enrollment and management
@@ -969,10 +969,34 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> 
 <ul>
-<li>CredentialProviders/EnableWindowsAutoPilotResetCredentials</li>
+<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
 <li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
 <li>DeviceGuard/RequirePlatformSecurityFeatures</li>
 <li>DeviceGuard/LsaCfgFlags</li>
+<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
+<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
+<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
+<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
+<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li> 
+<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li> 
+<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li> 
+<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li> 
 <li>Power/DisplayOffTimeoutOnBattery</li>
 <li>Power/DisplayOffTimeoutPluggedIn</li>
 <li>Power/HibernateTimeoutOnBattery</li>
@@ -1280,6 +1304,58 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### August 2017
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top">[CM\_CellularEntries CSP](cm-cellularentries-csp.md)</td>
+<td style="vertical-align:top"><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
+<ul>
+<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
+<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
+<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
+<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
+<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li> 
+<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li> 
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li> 
+<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li> 
+<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li> 
+<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li>
+</ul>
+<p>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.</p>
+</td></tr>
+</tbody>
+</table>
+
 ### July 2017
 
 <table>
@@ -1313,7 +1389,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <ul>
 <li>Education/DefaultPrinterName</li>
 <li>Education/PreventAddingNewPrinters</li>
-<li>Education/PrinterNames</li>
+<li>Education/PrinterNames</li> 
 <li>Security/ClearTPMIfNotReady</li>
 <li>WindowsDefenderSecurityCenter/CompanyName</li>
 <li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/27/2017
+ms.date: 08/04/2017
 ---
 
 # Policy CSP
@@ -534,7 +534,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword" id="credentialproviders-blockpicturepassword">CredentialProviders/BlockPicturePassword</a>
   </dd>
   <dd>
-    <a href="./policy-csp-credentialproviders.md#credentialproviders-enablewindowsautopilotresetcredentials" id="credentialproviders-enablewindowsautopilotresetcredentials">CredentialProviders/EnableWindowsAutoPilotResetCredentials</a>
+    <a href="./policy-csp-credentialproviders.md#credentialproviders-disableautomaticredeploymentcredentials" id="credentialproviders-disableautomaticredeploymentcredentials">CredentialProviders/DisableAutomaticReDeploymentCredentials</a>
   </dd>
 </dl>
 
@@ -1778,6 +1778,82 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### LocalPoliciesSecurityOptions policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_blockmicrosoftaccounts" id="localpoliciessecurityoptions-accounts_blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_enableadministratoraccountstatus" id="localpoliciessecurityoptions-accounts_enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus 	</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_enableguestaccountstatus" id="localpoliciessecurityoptions-accounts_enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_limitlocalaccountuseofblankpasswordstoconsolelogononly" id="localpoliciessecurityoptions-accounts_limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
+  </dd><dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_renameadministratoraccount" id="localpoliciessecurityoptions-accounts_renameadministratoraccount">LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_renameguestaccount" id="localpoliciessecurityoptions-accounts_renameguestaccount">LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon_displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotdisplaylastsignedin" id="localpoliciessecurityoptions-interactivelogon_donotdisplaylastsignedin">LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotdisplayusernameatsignin" id="localpoliciessecurityoptions-interactivelogon_donotdisplayusernameatsignin">LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotrequirectrlaltdel" id="localpoliciessecurityoptions-interactivelogon_donotrequirectrlaltdel">LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_machineinactivitylimit" id="localpoliciessecurityoptions-interactivelogon_machineinactivitylimit">LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_messagetextforusersattemptingtologon" id="localpoliciessecurityoptions-interactivelogon_messagetextforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_messagetitleforusersattemptingtologon" id="localpoliciessecurityoptions-interactivelogon_messagetitleforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity_allowpku2uauthenticationrequests" id="localpoliciessecurityoptions-networksecurity_allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-recoveryconsole_allowautomaticadministrativelogon" id="localpoliciessecurityoptions-recoveryconsole_allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown_allowsystemtobeshutdownwithouthavingtologon" id="localpoliciessecurityoptions-shutdown_allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol_allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforadministrators" id="localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforadministrators">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforstandardusers" id="localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforstandardusers">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_onlyelevateexecutablefilesthataresignedandvalidated" id="localpoliciessecurityoptions-useraccountcontrol_onlyelevateexecutablefilesthataresignedandvalidated">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations" id="localpoliciessecurityoptions-useraccountcontrol_onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_runalladministratorsinadminapprovalmode" id="localpoliciessecurityoptions-useraccountcontrol_runalladministratorsinadminapprovalmode">LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_switchtothesecuredesktopwhenpromptingforelevation" id="localpoliciessecurityoptions-useraccountcontrol_switchtothesecuredesktopwhenpromptingforelevation">LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</a>
+  </dd>
+  <dd>
+     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_virtualizefileandregistrywritefailurestoperuserlocations" id="localpoliciessecurityoptions-useraccountcontrol_virtualizefileandregistrywritefailurestoperuserlocations">LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</a>
+  </dd>
+</dl>
+
 ### Location policies
 
 <dl>

windows/client-management/mdm/policy-csp-credentialproviders.md

@@ -124,7 +124,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="credentialproviders-enablewindowsautopilotresetcredentials"></a>**CredentialProviders/EnableWindowsAutoPilotResetCredentials**  
+<a href="" id="credentialproviders-disableautomaticredeploymentcredentials"></a>**CredentialProviders/DisableAutomaticReDeploymentCredentials**  
 
 <!--StartSKU-->
 <table>
@@ -150,11 +150,12 @@ ADMX Info:
 
 <!--EndSKU-->
 <!--StartDescription-->
-Added in Windows 10, version 1709. Boolean policy to enable the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. When the policy is enabled, a WNF notification is generated that would schedule a task to update the visibility of the new provider. The admin user is required to authenticate to trigger the refresh on the target device.
+Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
 
-The auto pilot reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the auto pilot reset is triggered the devices are for ready for use by information workers or students.
+The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students.
 
-Default value is 0.
+- 0 - Enable the visibility of the credentials for Windows 10 Automatic ReDeployment
+- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment 
 
 <!--EndDescription-->
 <!--EndPolicy-->

windows/client-management/mdm/policy-csp-textinput.md

@@ -364,26 +364,6 @@ ms.date: 07/14/2017
 <a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  
 
 <!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
 
 <!--EndSKU-->
 <!--StartDescription-->

windows/client-management/mdm/policy-csp-wifi.md

@@ -23,26 +23,6 @@ ms.date: 07/14/2017
 <a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  
 
 <!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
 
 <!--EndSKU-->
 <!--StartDescription-->
@@ -303,8 +283,6 @@ Footnote:
 <!--EndIoTCore-->
 
 <!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Wifi policies supported by Microsoft Surface Hub  
-
--   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
+ 
 <!--EndSurfaceHub-->
 

windows/client-management/mdm/policy-csp-wirelessdisplay.md

@@ -163,26 +163,6 @@ ms.date: 07/14/2017
 <a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
 
 <!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
 
 <!--EndSKU-->
 <!--StartDescription-->

windows/deployment/vda-subscription-activation.md

@@ -12,7 +12,7 @@ author: greg-lindsay
 
 # Configure VDA for Windows 10 Subscription Activation
 
-This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based license.
+This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
 
 ## Requirements