Merge branch 'master' into WDAC-gp-multipolicy

.openpublishing.redirection.json

@@ -79,6 +79,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
@@ -14565,41 +14570,86 @@
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-admx-backed.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
       "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
@@ -16019,6 +16069,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/gov",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md",

education/developers.yml

@@ -18,16 +18,16 @@ additionalContent:
         # Card
         - title: UWP apps for education
           summary: Learn how to write universal apps for education.
-          url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
+          url: https://docs.microsoft.com/windows/uwp/apps-for-education/
         # Card
         - title: Take a test API
           summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
-          url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
+          url: https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api
         # Card
         - title: Office Education Dev center
           summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
-          url: https://dev.office.com/industry-verticals/edu
+          url: https://developer.microsoft.com/office/edu
         # Card
         - title: Data Streamer
           summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
-          url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
+          url: https://docs.microsoft.com/microsoft-365/education/data-streamer

education/includes/education-content-updates.md

@@ -0,0 +1,11 @@
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+
+
+
+## Week of October 19, 2020
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 10/22/2020 | [Microsoft 365 Education Documentation for developers](/education/developers) | modified |
+| 10/22/2020 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |

education/windows/windows-editions-for-education-customers.md

@@ -30,10 +30,10 @@ Windows 10, version 1607 introduces two editions designed for the unique needs o
 
 Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
-For Cortana<sup>[1](#footnote1)</sup>,
+For Cortana<sup>[1](#footnote1)</sup>:
 - If you're using version 1607, Cortana is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
 You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
@@ -49,10 +49,10 @@ Customers who deploy Windows 10 Pro are able to configure the product to have si
 
 Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
-For Cortana<sup>1</sup>,
+For Cortana<sup>1</sup>:
 - If you're using version 1607, Cortana<sup>1</sup> is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
 You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 

store-for-business/add-unsigned-app-to-code-integrity-policy.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Add unsigned app to code integrity policy
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

store-for-business/device-guard-signing-portal.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com.  
 
 
 **Applies to**

store-for-business/includes/store-for-business-content-updates.md

@@ -0,0 +1,12 @@
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+
+
+
+## Week of October 26, 2020
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 10/27/2020 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
+| 10/27/2020 | [Device Guard signing (Windows 10)](/microsoft-store/device-guard-signing-portal) | modified |
+| 10/27/2020 | [Sign code integrity policy with Device Guard signing (Windows 10)](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing) | modified |

store-for-business/sign-code-integrity-policy-with-device-guard-signing.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Sign code integrity policy with Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

windows/application-management/apps-in-windows-10.md

@@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command:
 Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
 ```
 
-Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909.
+Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004.
 
-| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? |
+| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? |
-|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
+|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:|
-| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |          Yes          |
+| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |      |          Yes          |
-| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |    Via Settings App   |
+| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |   x  |    Via Settings App   |
-| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |                       |
+| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |   x  |                       |
-| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |           No          |
+| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |           No          |
+| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |   x  |          No          |
-| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |           No          |
+| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |   x  |           No          |
 
 >[!NOTE]
 >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.

windows/application-management/docfx.json

@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",

windows/client-management/advanced-troubleshooting-802-authentication.md

@@ -17,17 +17,17 @@ ms.topic: troubleshooting
  
 ## Overview
 
-This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
+This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves a lot of third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
-## Known Issues
+## Known issues
 
 None
  
-## Data Collection
+## Data collection
 
 See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md).
  
@@ -35,11 +35,11 @@ See [Advanced troubleshooting 802.1X authentication data collection](data-collec
 
 Viewing [NPS authentication status events](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications.
 
-NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on [NPS audit policy](#audit-policy).
+NPS event log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the [NPS audit policy](#audit-policy) section later in this article.
 
-Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
+Check Windows Security Event log on the NPS Server for NPS events that correspond to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
  
-In the event message, scroll to the very bottom, and check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text associated with it.
+In the event message, scroll to the very bottom, and then check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
  
    ![example of an audit failure](images/auditfailure.png)
    *Example: event ID 6273 (Audit Failure)*<br><br>
@@ -47,35 +47,35 @@ In the event message, scroll to the very bottom, and check the [Reason Code](htt
    ![example of an audit success](images/auditsuccess.png)
    *Example: event ID 6272 (Audit Success)*<br>
 
-‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
+‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
 
-On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to  **..\Wired-AutoConfig/Operational**. See the following example:
+On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to  **..\Wired-AutoConfig/Operational**. See the following example:
 
 ![event viewer screenshot showing wired-autoconfig and WLAN autoconfig](images/eventviewer.png)
  
-Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.). 
+Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure. 
 
-First, validate the type of EAP method being used:
+First, validate the type of EAP method that's used:
  
 ![eap authentication type comparison](images/comparisontable.png)
 
-If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Right click on the policy and select **Properties**. In the pop-up window, go to the **Constraints** tab and select the **Authentication Methods** section.
+If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
 
 ![Constraints tab of the secure wireless connections properties](images/eappropertymenu.png)
  
-The CAPI2 event log will be useful for troubleshooting certificate-related issues.
+The CAPI2 event log is useful for troubleshooting certificate-related issues.
-This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**.
+By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
 
 ![screenshot of event viewer](images/capi.png)
  
-The following article explains how to analyze CAPI2 event logs:
+For information about how to analyze CAPI2 event logs, see
 [Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
 
-When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
+When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
 
 ![authenticator flow chart](images/authenticator_flow_chart.png)
  
-If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples:
+If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
 
 ![client-side packet capture data](images/clientsidepacket_cap_data.png)
 *Client-side packet capture data*<br><br>
@@ -85,16 +85,16 @@ If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both
 ‎
 
 > [!NOTE]
-> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below.
+> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/), see the instructions under the **Help** menu in Network Monitor. Here's an example:
 
 ![ETL parse](images/etl.png) 
 
 ## Audit policy
 
-NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
+By default, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
 
 View the current audit policy settings by running the following command on the NPS server:
-```
+```console
 auditpol /get /subcategory:"Network Policy Server"
 ```
 
@@ -106,13 +106,12 @@ Logon/Logoff
   Network Policy Server                   Success and Failure
 </pre>
 
-If it shows ‘No auditing’, you can run this command to enable it:
+If it says, "No auditing," you can run this command to enable it:
-
+```console
-```
 auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
 ```
 
-Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**.
+Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
 
 ## Additional references
 

windows/client-management/connect-to-remote-aadj-pc.md

@@ -22,13 +22,10 @@ ms.topic: article
 
 - Windows 10
 
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
+From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 
 ![Remote Desktop Connection client](images/rdp.png)
 
-> [!TIP]
-> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
-
 ## Set up
 
 - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
@@ -37,16 +34,18 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
 
 - On the PC you want to connect to:
+
   1. Open system properties for the remote PC.
+  
   2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
 
      ![Allow remote connections to this computer](images/allow-rdp.png)
 
-  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
+  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
 
      > [!NOTE]
      > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
-    > ```PowerShell
+     > ```powershell
      > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
      > ```
      > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
@@ -55,15 +54,16 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
      > Otherwise this command throws the below error. For example:
      > - for cloud only user: "There is no such global user or group : *name*"
      > - for synced user: "There is no such global user or group : *name*" </br>
-    >
+    
+     > [!NOTE]
      > In Windows 10, version 1709, the user does not have to sign in to the remote device first.
      >
      > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
    
-  4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
+  4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-  > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

windows/client-management/docfx.json

@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",

windows/client-management/manage-settings-app-with-group-policy.md

@@ -19,13 +19,13 @@ ms.topic: article
 
 -   Windows 10, Windows Server 2016
 
-You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
+You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
-To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
+To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
 
 >[!Note]
 >Each server that you want to manage access to the Settings App must be patched.
 
-To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
 
 This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
 
@@ -39,7 +39,7 @@ Policy paths:
 
 ## Configuring the Group Policy
 
-The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
+The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon-delimited list of URIs in **Settings Page Visibility**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
 
 >[!NOTE]
 > When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string.

windows/client-management/manage-windows-10-in-your-organization-modern-management.md

@@ -53,7 +53,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
 With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
 
 
--   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune).
+-   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/).
 
 -   Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
 
@@ -69,7 +69,7 @@ You can envision user and device management as falling into these two categories
 
 -   **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
 
-    -   For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://blogs.technet.microsoft.com/ad/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+    -   For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
 
     -   Likewise, for personal devices, employees can use a new, simplified [BYOD experience](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-windows10-devices/) to add their work account to Windows, then access work resources on the device.
 
@@ -135,6 +135,6 @@ There are a variety of steps you can take to begin the process of modernizing de
 
 ## Related topics
 
--   [What is Intune?](https://docs.microsoft.com/intune/introduction-intune)
+-   [What is Intune?](https://docs.microsoft.com//mem/intune/fundamentals/what-is-intune)
 -   [Windows 10 Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
 -   [Windows 10 Configuration service Providers](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference)

windows/client-management/mdm/TOC.md

@@ -1,5 +1,6 @@
 # [Mobile device management](index.md)
 ## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md)
+### [Change history for MDM documentation](change-history-for-mdm-documentation.md)
 ## [Mobile device enrollment](mobile-device-enrollment.md)
 ### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)
 #### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md)
@@ -159,14 +160,14 @@
 #### [Personalization DDF file](personalization-ddf.md)
 ### [Policy CSP](policy-configuration-service-provider.md)
 #### [Policy DDF file](policy-ddf-file.md)
-#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
-#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
@@ -174,6 +175,7 @@
 #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
 #### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
 #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_Bits](policy-csp-admx-bits.md)
 #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
 #### [ADMX_COM](policy-csp-admx-com.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
@@ -197,17 +199,39 @@
 #### [ADMX_nca](policy-csp-admx-nca.md)
 #### [ADMX_NCSI](policy-csp-admx-ncsi.md)
 #### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
+#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
 #### [ADMX_Reliability](policy-csp-admx-reliability.md)
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
 #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
+#### [ADMX_Sensors](policy-csp-admx-sensors.md)
 #### [ADMX_Servicing](policy-csp-admx-servicing.md)
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
 #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
+#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
+#### [ADMX_Snmp](policy-csp-admx-snmp.md)
+#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
+#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
+#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
+#### [ADMX_TPM](policy-csp-admx-tpm.md)
+#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
+#### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WCM](policy-csp-admx-wcm.md)
+#### [ADMX_WinCal](policy-csp-admx-wincal.md)
+#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
+#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
+#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
+#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
+#### [ADMX_WinInit](policy-csp-admx-wininit.md)
+#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
@@ -216,7 +240,7 @@
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
-#### [Bitlocker](policy-csp-bitlocker.md)
+#### [BitLocker](policy-csp-bitlocker.md)
 #### [BITS](policy-csp-bits.md)
 #### [Bluetooth](policy-csp-bluetooth.md)
 #### [Browser](policy-csp-browser.md)
@@ -254,11 +278,14 @@
 #### [LanmanWorkstation](policy-csp-lanmanworkstation.md)
 #### [Licensing](policy-csp-licensing.md)
 #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
+#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md)
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)
 #### [Messaging](policy-csp-messaging.md)
+#### [MixedReality](policy-csp-mixedreality.md)
 #### [MSSecurityGuide](policy-csp-mssecurityguide.md)
 #### [MSSLegacy](policy-csp-msslegacy.md)
+#### [Multitasking](policy-csp-multitasking.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)
 #### [Notifications](policy-csp-notifications.md)
 #### [Power](policy-csp-power.md)
@@ -293,6 +320,7 @@
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
 #### [WindowsPowerShell](policy-csp-windowspowershell.md)
+#### [WindowsSandbox](policy-csp-windowssandbox.md)
 #### [WirelessDisplay](policy-csp-wirelessdisplay.md)
 ### [PolicyManager CSP](policymanager-csp.md)
 ### [Provisioning CSP](provisioning-csp.md)

windows/client-management/mdm/accounts-csp.md

@@ -52,6 +52,7 @@ This node specifies the username for a new local user account.  This setting can
 This node specifies the password for a new local user account.  This setting can be managed remotely. 
 
 Supported operation is Add.
+GET operation is not supported.  This setting will report as failed when deployed from the Endpoint Manager.
 
 <a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**  
 This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a
 
 ### Add cloud-based MDM to the app gallery
 
-You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery.
+> [!NOTE]
+> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application 
+
+The following table shows the required information to create an entry in the Azure AD app gallery.
 
 <table>
 <colgroup>

windows/client-management/mdm/devicestatus-csp.md

@@ -36,9 +36,8 @@ Supported operation is Get.
 <a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**  
 Required. Node for queries on the SIM cards.
 
-> **Note**  Multiple SIMs are supported.
+>[!NOTE]
-
+>Multiple SIMs are supported.
- 
 
 <a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>  
 The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
@@ -107,7 +106,7 @@ Supported operation is Get.
 Node for the compliance query.
 
 <a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**  
-Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
 
 -   0 - not encrypted
 -   1 - encrypted

windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md

@@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
 
 1.  Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.  
     - GP English name

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -119,6 +119,7 @@ Requirements:
     > [!NOTE]
     > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
     > The default behavior for older releases is to revert to **User Credential**. 
+    > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device. 
 
     When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
 

windows/client-management/mdm/esim-enterprise-management.md

@@ -12,15 +12,17 @@ ms.topic: conceptual
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
-The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
+The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
- If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
+ If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
 - Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding as well as mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include:
+    - [HPE’s Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html)
+    - [IDEMIA’s The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub)
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
 - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator doesn't have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
 - Real-time solution
 - MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
 - Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
-**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
+**Note:** End users don't notice the solution type. The choice between the two is made between the MDM and the Mobile Operator.

windows/client-management/mdm/firewall-csp.md

@@ -248,10 +248,10 @@ Sample syncxml to provision the firewall settings to evaluate
 <p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
 
 <a href="" id="localaddressranges"></a>**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
-<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
+<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:</p>
 <ul>
-<li>&quot;</em>&quot; indicates any local address. If present, this must be the only token included.</li>
+<li>"*" indicates any local address. If present, this must be the only token included.</li>
-<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
+<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
 <li>A valid IPv6 address.</li>
 <li>An IPv4 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
 <li>An IPv6 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
@@ -260,9 +260,9 @@ Sample syncxml to provision the firewall settings to evaluate
 <p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
 
 <a href="" id="remoteaddressranges"></a>**FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
-<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
+<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:</p>
 <ul>
-<li>&quot;</em>&quot; indicates any remote address. If present, this must be the only token included.</li>
+<li>"*" indicates any remote address. If present, this must be the only token included.</li>
 <li>&quot;Defaultgateway&quot;</li>
 <li>&quot;DHCP&quot;</li>
 <li>&quot;DNS&quot;</li>

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -1,6 +1,6 @@
 ---
-title: ADMX-backed policy CSPs
+title: ADMX-backed policies in Policy CSP
-description: ADMX-backed policy CSPs
+description: ADMX-backed policies in Policy CSP
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,15 +9,15 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/18/2020
+ms.date: 10/08/2020
 ---
 
-# ADMX-backed policy CSPs
+# ADMX-backed policies in Policy CSP
 
 > [!div class="op_single_selector"]
 >
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
@@ -42,6 +42,24 @@ ms.date: 08/18/2020
 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
 - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
 - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_Bits/BITS_DisableBranchCache](./policy-csp-admx-bits.md#admx-bits-bits-disablebranchcache)
+- [ADMX_Bits/BITS_DisablePeercachingClient](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingclient)
+- [ADMX_Bits/BITS_DisablePeercachingServer](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingserver)
+- [ADMX_Bits/BITS_EnablePeercaching](./policy-csp-admx-bits.md#admx-bits-bits-enablepeercaching)
+- [ADMX_Bits/BITS_MaxBandwidthServedForPeers](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthservedforpeers)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Maintenance](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-maintenance)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Work](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-work)
+- [ADMX_Bits/BITS_MaxCacheSize](./policy-csp-admx-bits.md#admx-bits-bits-maxcachesize)
+- [ADMX_Bits/BITS_MaxContentAge](./policy-csp-admx-bits.md#admx-bits-bits-maxcontentage)
+- [ADMX_Bits/BITS_MaxDownloadTime](./policy-csp-admx-bits.md#admx-bits-bits-maxdownloadtime)
+- [ADMX_Bits/BITS_MaxFilesPerJob](./policy-csp-admx-bits.md#admx-bits-bits-maxfilesperjob)
+- [ADMX_Bits/BITS_MaxJobsPerMachine](./policy-csp-admx-bits.md#admx-bits-bits-maxjobspermachine)
+- [ADMX_Bits/BITS_MaxJobsPerUser](./policy-csp-admx-bits.md#admx-bits-bits-maxjobsperuser)
+- [ADMX_Bits/BITS_MaxRangesPerFile](./policy-csp-admx-bits.md#admx-bits-bits-maxrangesperfile)
+- [ADMX_CipherSuiteOrder/SSLCipherSuiteOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslciphersuiteorder)
+- [ADMX_CipherSuiteOrder/SSLCurveOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslcurveorder)
+- [ADMX_COM/AppMgmt_COM_SearchForCLSID_1](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-1)
+- [ADMX_COM/AppMgmt_COM_SearchForCLSID_2](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-2)
 - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
@@ -121,6 +139,110 @@ ms.date: 08/18/2020
 - [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb)
 - [ADMX_MMC/MMC_Restrict_Author](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-author)
 - [ADMX_MMC/MMC_Restrict_To_Permitted_Snapins](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-to-permitted-snapins)
+- [ADMX_MMCSnapins/MMC_ADMComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-1)
+- [ADMX_MMCSnapins/MMC_ADMComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-2)
+- [ADMX_MMCSnapins/MMC_ADMUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-1)
+- [ADMX_MMCSnapins/MMC_ADMUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-2)
+- [ADMX_MMCSnapins/MMC_ADSI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-adsi)
+- [ADMX_MMCSnapins/MMC_ActiveDirDomTrusts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirdomtrusts)
+- [ADMX_MMCSnapins/MMC_ActiveDirSitesServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirsitesservices)
+- [ADMX_MMCSnapins/MMC_ActiveDirUsersComp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activediruserscomp)
+- [ADMX_MMCSnapins/MMC_AppleTalkRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-appletalkrouting)
+- [ADMX_MMCSnapins/MMC_AuthMan](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-authman)
+- [ADMX_MMCSnapins/MMC_CertAuth](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauth)
+- [ADMX_MMCSnapins/MMC_CertAuthPolSet](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauthpolset)
+- [ADMX_MMCSnapins/MMC_Certs](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certs)
+- [ADMX_MMCSnapins/MMC_CertsTemplate](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certstemplate)
+- [ADMX_MMCSnapins/MMC_ComponentServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-componentservices)
+- [ADMX_MMCSnapins/MMC_ComputerManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-computermanagement)
+- [ADMX_MMCSnapins/MMC_ConnectionSharingNAT](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-connectionsharingnat)
+- [ADMX_MMCSnapins/MMC_DCOMCFG](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dcomcfg)
+- [ADMX_MMCSnapins/MMC_DFS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dfs)
+- [ADMX_MMCSnapins/MMC_DHCPRelayMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dhcprelaymgmt)
+- [ADMX_MMCSnapins/MMC_DeviceManager_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-1)
+- [ADMX_MMCSnapins/MMC_DeviceManager_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-2)
+- [ADMX_MMCSnapins/MMC_DiskDefrag](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskdefrag)
+- [ADMX_MMCSnapins/MMC_DiskMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskmgmt)
+- [ADMX_MMCSnapins/MMC_EnterprisePKI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-enterprisepki)
+- [ADMX_MMCSnapins/MMC_EventViewer_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-1)
+- [ADMX_MMCSnapins/MMC_EventViewer_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-2)
+- [ADMX_MMCSnapins/MMC_EventViewer_3](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-3)
+- [ADMX_MMCSnapins/MMC_EventViewer_4](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-4)
+- [ADMX_MMCSnapins/MMC_FAXService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-faxservice)
+- [ADMX_MMCSnapins/MMC_FailoverClusters](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-failoverclusters)
+- [ADMX_MMCSnapins/MMC_FolderRedirection_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-1)
+- [ADMX_MMCSnapins/MMC_FolderRedirection_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-2)
+- [ADMX_MMCSnapins/MMC_FrontPageExt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-frontpageext)
+- [ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicymanagementsnapin)
+- [ADMX_MMCSnapins/MMC_GroupPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicysnapin)
+- [ADMX_MMCSnapins/MMC_GroupPolicyTab](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicytab)
+- [ADMX_MMCSnapins/MMC_HRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-hra)
+- [ADMX_MMCSnapins/MMC_IAS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ias)
+- [ADMX_MMCSnapins/MMC_IASLogging](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iaslogging)
+- [ADMX_MMCSnapins/MMC_IEMaintenance_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-1)
+- [ADMX_MMCSnapins/MMC_IEMaintenance_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-2)
+- [ADMX_MMCSnapins/MMC_IGMPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-igmprouting)
+- [ADMX_MMCSnapins/MMC_IIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iis)
+- [ADMX_MMCSnapins/MMC_IPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iprouting)
+- [ADMX_MMCSnapins/MMC_IPSecManage_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage-gp)
+- [ADMX_MMCSnapins/MMC_IPXRIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxriprouting)
+- [ADMX_MMCSnapins/MMC_IPXRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxrouting)
+- [ADMX_MMCSnapins/MMC_IPXSAPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxsaprouting)
+- [ADMX_MMCSnapins/MMC_IndexingService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-indexingservice)
+- [ADMX_MMCSnapins/MMC_IpSecManage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage)
+- [ADMX_MMCSnapins/MMC_IpSecMonitor](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmonitor)
+- [ADMX_MMCSnapins/MMC_LocalUsersGroups](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-localusersgroups)
+- [ADMX_MMCSnapins/MMC_LogicalMappedDrives](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-logicalmappeddrives)
+- [ADMX_MMCSnapins/MMC_NPSUI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-npsui)
+- [ADMX_MMCSnapins/MMC_NapSnap](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap)
+- [ADMX_MMCSnapins/MMC_NapSnap_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap-gp)
+- [ADMX_MMCSnapins/MMC_Net_Framework](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-net-framework)
+- [ADMX_MMCSnapins/MMC_OCSP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ocsp)
+- [ADMX_MMCSnapins/MMC_OSPFRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ospfrouting)
+- [ADMX_MMCSnapins/MMC_PerfLogsAlerts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-perflogsalerts)
+- [ADMX_MMCSnapins/MMC_PublicKey](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-publickey)
+- [ADMX_MMCSnapins/MMC_QoSAdmission](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-qosadmission)
+- [ADMX_MMCSnapins/MMC_RAS_DialinUser](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ras-dialinuser)
+- [ADMX_MMCSnapins/MMC_RIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-riprouting)
+- [ADMX_MMCSnapins/MMC_RIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ris)
+- [ADMX_MMCSnapins/MMC_RRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rra)
+- [ADMX_MMCSnapins/MMC_RSM](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rsm)
+- [ADMX_MMCSnapins/MMC_RemStore](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remstore)
+- [ADMX_MMCSnapins/MMC_RemoteAccess](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remoteaccess)
+- [ADMX_MMCSnapins/MMC_RemoteDesktop](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remotedesktop)
+- [ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-resultantsetofpolicysnapin)
+- [ADMX_MMCSnapins/MMC_Routing](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-routing)
+- [ADMX_MMCSnapins/MMC_SCA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sca)
+- [ADMX_MMCSnapins/MMC_SMTPProtocol](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-smtpprotocol)
+- [ADMX_MMCSnapins/MMC_SNMP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-snmp)
+- [ADMX_MMCSnapins/MMC_ScriptsMachine_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-1)
+- [ADMX_MMCSnapins/MMC_ScriptsMachine_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-2)
+- [ADMX_MMCSnapins/MMC_ScriptsUser_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-1)
+- [ADMX_MMCSnapins/MMC_ScriptsUser_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-2)
+- [ADMX_MMCSnapins/MMC_SecuritySettings_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-1)
+- [ADMX_MMCSnapins/MMC_SecuritySettings_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-2)
+- [ADMX_MMCSnapins/MMC_SecurityTemplates](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitytemplates)
+- [ADMX_MMCSnapins/MMC_SendConsoleMessage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sendconsolemessage)
+- [ADMX_MMCSnapins/MMC_ServerManager](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servermanager)
+- [ADMX_MMCSnapins/MMC_ServiceDependencies](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servicedependencies)
+- [ADMX_MMCSnapins/MMC_Services](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-services)
+- [ADMX_MMCSnapins/MMC_SharedFolders](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders)
+- [ADMX_MMCSnapins/MMC_SharedFolders_Ext](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders-ext)
+- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-1)
+- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-2)
+- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-1)
+- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-2)
+- [ADMX_MMCSnapins/MMC_SysInfo](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysinfo)
+- [ADMX_MMCSnapins/MMC_SysProp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysprop)
+- [ADMX_MMCSnapins/MMC_TPMManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-tpmmanagement)
+- [ADMX_MMCSnapins/MMC_Telephony](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-telephony)
+- [ADMX_MMCSnapins/MMC_TerminalServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-terminalservices)
+- [ADMX_MMCSnapins/MMC_WMI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wmi)
+- [ADMX_MMCSnapins/MMC_WindowsFirewall](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall)
+- [ADMX_MMCSnapins/MMC_WindowsFirewall_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall-gp)
+- [ADMX_MMCSnapins/MMC_WiredNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirednetworkpolicy)
+- [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
+- [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
 - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
 - [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
 - [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
@@ -172,6 +294,33 @@ ms.date: 08/18/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
+- [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
+- [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)
+- [ADMX_NetworkConnections/NC_DeleteAllUserConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deletealluserconnection)
+- [ADMX_NetworkConnections/NC_DeleteConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deleteconnection)
+- [ADMX_NetworkConnections/NC_DialupPrefs](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-dialupprefs)
+- [ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-donotshowlocalonlyicon)
+- [ADMX_NetworkConnections/NC_EnableAdminProhibits](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-enableadminprohibits)
+- [ADMX_NetworkConnections/NC_ForceTunneling](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-forcetunneling)
+- [ADMX_NetworkConnections/NC_IpStateChecking](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-ipstatechecking)
+- [ADMX_NetworkConnections/NC_LanChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanchangeproperties)
+- [ADMX_NetworkConnections/NC_LanConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanconnect)
+- [ADMX_NetworkConnections/NC_LanProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanproperties)
+- [ADMX_NetworkConnections/NC_NewConnectionWizard](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-newconnectionwizard)
+- [ADMX_NetworkConnections/NC_PersonalFirewallConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-personalfirewallconfig)
+- [ADMX_NetworkConnections/NC_RasAllUserProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasalluserproperties)
+- [ADMX_NetworkConnections/NC_RasChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-raschangeproperties)
+- [ADMX_NetworkConnections/NC_RasConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasconnect)
+- [ADMX_NetworkConnections/NC_RasMyProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasmyproperties)
+- [ADMX_NetworkConnections/NC_RenameAllUserRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamealluserrasconnection)
+- [ADMX_NetworkConnections/NC_RenameConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renameconnection)
+- [ADMX_NetworkConnections/NC_RenameLanConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamelanconnection)
+- [ADMX_NetworkConnections/NC_RenameMyRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamemyrasconnection)
+- [ADMX_NetworkConnections/NC_ShowSharedAccessUI](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-showsharedaccessui)
+- [ADMX_NetworkConnections/NC_Statistics](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-statistics)
+- [ADMX_NetworkConnections/NC_StdDomainUserSetLocation](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-stddomainusersetlocation)
 - [ADMX_OfflineFiles/Pol_AlwaysPinSubFolders](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-alwayspinsubfolders)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-1)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-2)
@@ -231,6 +380,10 @@ ms.date: 08/18/2020
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
+- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
+- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
+- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
+- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
@@ -251,6 +404,11 @@ ms.date: 08/18/2020
 - [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
 - [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
 - [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
+- [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
+- [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
+- [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
+- [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
+- [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
@@ -259,6 +417,383 @@ ms.date: 08/18/2020
 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
 - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
 - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
+- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
+- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
+- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
+- [ADMX_Smartcard/AllowTimeInvalidCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates)
+- [ADMX_Smartcard/CertPropEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring)
+- [ADMX_Smartcard/CertPropRootCleanupString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring)
+- [ADMX_Smartcard/CertPropRootEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring)
+- [ADMX_Smartcard/DisallowPlaintextPin](./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin)
+- [ADMX_Smartcard/EnumerateECCCerts](./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts)
+- [ADMX_Smartcard/FilterDuplicateCerts](./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts)
+- [ADMX_Smartcard/ForceReadingAllCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates)
+- [ADMX_Smartcard/IntegratedUnblockPromptString](./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring)
+- [ADMX_Smartcard/ReverseSubject](./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject)
+- [ADMX_Smartcard/SCPnPEnabled](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled)
+- [ADMX_Smartcard/SCPnPNotification](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification)
+- [ADMX_Smartcard/X509HintsNeeded](./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded)
+- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
+- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
+- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
+- [ADMX_StartMenu/AddSearchInternetLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-addsearchinternetlinkinstartmenu)
+- [ADMX_StartMenu/ClearRecentDocsOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentdocsonexit)
+- [ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentprogfornewuserinstartmenu)
+- [ADMX_StartMenu/ClearTilesOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-cleartilesonexit)
+- [ADMX_StartMenu/DesktopAppsFirstInAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-desktopappsfirstinappsview)
+- [ADMX_StartMenu/DisableGlobalSearchOnAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-disableglobalsearchonappsview)
+- [ADMX_StartMenu/ForceStartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-forcestartmenulogoff)
+- [ADMX_StartMenu/GoToDesktopOnSignIn](./policy-csp-admx-startmenu.md#admx-startmenu-gotodesktoponsignin)
+- [ADMX_StartMenu/GreyMSIAds](./policy-csp-admx-startmenu.md#admx-startmenu-greymsiads)
+- [ADMX_StartMenu/HidePowerOptions](./policy-csp-admx-startmenu.md#admx-startmenu-hidepoweroptions)
+- [ADMX_StartMenu/Intellimenus](./policy-csp-admx-startmenu.md#admx-startmenu-intellimenus)
+- [ADMX_StartMenu/LockTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-locktaskbar)
+- [ADMX_StartMenu/MemCheckBoxInRunDlg](./policy-csp-admx-startmenu.md#admx-startmenu-memcheckboxinrundlg)
+- [ADMX_StartMenu/NoAutoTrayNotify](./policy-csp-admx-startmenu.md#admx-startmenu-noautotraynotify)
+- [ADMX_StartMenu/NoBalloonTip](./policy-csp-admx-startmenu.md#admx-startmenu-noballoontip)
+- [ADMX_StartMenu/NoChangeStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nochangestartmenu)
+- [ADMX_StartMenu/NoClose](./policy-csp-admx-startmenu.md#admx-startmenu-noclose)
+- [ADMX_StartMenu/NoCommonGroups](./policy-csp-admx-startmenu.md#admx-startmenu-nocommongroups)
+- [ADMX_StartMenu/NoFavoritesMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nofavoritesmenu)
+- [ADMX_StartMenu/NoFind](./policy-csp-admx-startmenu.md#admx-startmenu-nofind)
+- [ADMX_StartMenu/NoGamesFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nogamesfolderonstartmenu)
+- [ADMX_StartMenu/NoHelp](./policy-csp-admx-startmenu.md#admx-startmenu-nohelp)
+- [ADMX_StartMenu/NoInstrumentation](./policy-csp-admx-startmenu.md#admx-startmenu-noinstrumentation)
+- [ADMX_StartMenu/NoMoreProgramsList](./policy-csp-admx-startmenu.md#admx-startmenu-nomoreprogramslist)
+- [ADMX_StartMenu/NoNetAndDialupConnect](./policy-csp-admx-startmenu.md#admx-startmenu-nonetanddialupconnect)
+- [ADMX_StartMenu/NoPinnedPrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nopinnedprograms)
+- [ADMX_StartMenu/NoRecentDocsMenu](./policy-csp-admx-startmenu.md#admx-startmenu-norecentdocsmenu)
+- [ADMX_StartMenu/NoResolveSearch](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvesearch)
+- [ADMX_StartMenu/NoResolveTrack](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvetrack)
+- [ADMX_StartMenu/NoRun](./policy-csp-admx-startmenu.md#admx-startmenu-norun)
+- [ADMX_StartMenu/NoSMConfigurePrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nosmconfigureprograms)
+- [ADMX_StartMenu/NoSMMyDocuments](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmydocuments)
+- [ADMX_StartMenu/NoSMMyMusic](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmymusic)
+- [ADMX_StartMenu/NoSMMyNetworkPlaces](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmynetworkplaces)
+- [ADMX_StartMenu/NoSMMyPictures](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmypictures)
+- [ADMX_StartMenu/NoSearchCommInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomminstartmenu)
+- [ADMX_StartMenu/NoSearchComputerLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomputerlinkinstartmenu)
+- [ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearcheverywherelinkinstartmenu)
+- [ADMX_StartMenu/NoSearchFilesInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchfilesinstartmenu)
+- [ADMX_StartMenu/NoSearchInternetInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchinternetinstartmenu)
+- [ADMX_StartMenu/NoSearchProgramsInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchprogramsinstartmenu)
+- [ADMX_StartMenu/NoSetFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nosetfolders)
+- [ADMX_StartMenu/NoSetTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-nosettaskbar)
+- [ADMX_StartMenu/NoStartMenuDownload](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenudownload)
+- [ADMX_StartMenu/NoStartMenuHomegroup](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuhomegroup)
+- [ADMX_StartMenu/NoStartMenuRecordedTV](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenurecordedtv)
+- [ADMX_StartMenu/NoStartMenuSubFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenusubfolders)
+- [ADMX_StartMenu/NoStartMenuVideos](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuvideos)
+- [ADMX_StartMenu/NoStartPage](./policy-csp-admx-startmenu.md#admx-startmenu-nostartpage)
+- [ADMX_StartMenu/NoTaskBarClock](./policy-csp-admx-startmenu.md#admx-startmenu-notaskbarclock)
+- [ADMX_StartMenu/NoTaskGrouping](./policy-csp-admx-startmenu.md#admx-startmenu-notaskgrouping)
+- [ADMX_StartMenu/NoToolbarsOnTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-notoolbarsontaskbar)
+- [ADMX_StartMenu/NoTrayContextMenu](./policy-csp-admx-startmenu.md#admx-startmenu-notraycontextmenu)
+- [ADMX_StartMenu/NoTrayItemsDisplay](./policy-csp-admx-startmenu.md#admx-startmenu-notrayitemsdisplay)
+- [ADMX_StartMenu/NoUninstallFromStart](./policy-csp-admx-startmenu.md#admx-startmenu-nouninstallfromstart)
+- [ADMX_StartMenu/NoUserFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nouserfolderonstartmenu)
+- [ADMX_StartMenu/NoUserNameOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nousernameonstartmenu)
+- [ADMX_StartMenu/NoWindowsUpdate](./policy-csp-admx-startmenu.md#admx-startmenu-nowindowsupdate)
+- [ADMX_StartMenu/PowerButtonAction](./policy-csp-admx-startmenu.md#admx-startmenu-powerbuttonaction)
+- [ADMX_StartMenu/QuickLaunchEnabled](./policy-csp-admx-startmenu.md#admx-startmenu-quicklaunchenabled)
+- [ADMX_StartMenu/RemoveUnDockPCButton](./policy-csp-admx-startmenu.md#admx-startmenu-removeundockpcbutton)
+- [ADMX_StartMenu/ShowAppsViewOnStart](./policy-csp-admx-startmenu.md#admx-startmenu-showappsviewonstart)
+- [ADMX_StartMenu/ShowRunAsDifferentUserInStart](./policy-csp-admx-startmenu.md#admx-startmenu-showrunasdifferentuserinstart)
+- [ADMX_StartMenu/ShowRunInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-showruninstartmenu)
+- [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
+- [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
+- [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnothumbnail)
+- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
+- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
+- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
+- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate)
+- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state)
+- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name)
+- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state)
+- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port)
+- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified)
+- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate)
+- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name)
+- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state)
+- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state)
+- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
+- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
+- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
+- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
+- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
+- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
+- [ADMX_TPM/IgnoreLocalList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name)
+- [ADMX_TPM/OSManagedAuth_Name](./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name)
+- [ADMX_TPM/OptIntoDSHA_Name](./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureDuration_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name)
+- [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name)
+- [ADMX_UserExperienceVirtualization/Calculator](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator)
+- [ADMX_UserExperienceVirtualization/ConfigureSyncMethod](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod)
+- [ADMX_UserExperienceVirtualization/ConfigureVdi](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi)
+- [ADMX_UserExperienceVirtualization/ContactITDescription](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription)
+- [ADMX_UserExperienceVirtualization/ContactITUrl](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl)
+- [ADMX_UserExperienceVirtualization/DisableWin8Sync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync)
+- [ADMX_UserExperienceVirtualization/DisableWindowsOSSettings](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings)
+- [ADMX_UserExperienceVirtualization/EnableUEV](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev)
+- [ADMX_UserExperienceVirtualization/Finance](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance)
+- [ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled)
+- [ADMX_UserExperienceVirtualization/Games](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games)
+- [ADMX_UserExperienceVirtualization/InternetExplorer8](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8)
+- [ADMX_UserExperienceVirtualization/InternetExplorer9](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9)
+- [ADMX_UserExperienceVirtualization/InternetExplorer10](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10)
+- [ADMX_UserExperienceVirtualization/InternetExplorer11](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11)
+- [ADMX_UserExperienceVirtualization/InternetExplorerCommon](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon)
+- [ADMX_UserExperienceVirtualization/Maps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps)
+- [ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016)
+- [ADMX_UserExperienceVirtualization/Music](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music)
+- [ADMX_UserExperienceVirtualization/News](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news)
+- [ADMX_UserExperienceVirtualization/Notepad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad)
+- [ADMX_UserExperienceVirtualization/Reader](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader)
+- [ADMX_UserExperienceVirtualization/RepositoryTimeout](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout)
+- [ADMX_UserExperienceVirtualization/SettingsStoragePath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath)
+- [ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath)
+- [ADMX_UserExperienceVirtualization/Sports](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports)
+- [ADMX_UserExperienceVirtualization/SyncEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming)
+- [ADMX_UserExperienceVirtualization/SyncProviderPingEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled)
+- [ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps)
+- [ADMX_UserExperienceVirtualization/Travel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel)
+- [ADMX_UserExperienceVirtualization/TrayIconEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled)
+- [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video)
+- [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather)
+- [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
+- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
+- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
+- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
+- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
+- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
+- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
+- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
+- [ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-checksamesourceandtargetforfranddfs)
+- [ADMX_WindowsExplorer/ClassicShell](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-classicshell)
+- [ADMX_WindowsExplorer/ConfirmFileDelete](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-confirmfiledelete)
+- [ADMX_WindowsExplorer/DefaultLibrariesLocation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-defaultlibrarieslocation)
+- [ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablebinddirectlytopropertysetstorage)
+- [ADMX_WindowsExplorer/DisableIndexedLibraryExperience](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableindexedlibraryexperience)
+- [ADMX_WindowsExplorer/DisableKnownFolders](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableknownfolders)
+- [ADMX_WindowsExplorer/DisableSearchBoxSuggestions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablesearchboxsuggestions)
+- [ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enableshellshortcuticonremotepath)
+- [ADMX_WindowsExplorer/EnableSmartScreen](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enablesmartscreen)
+- [ADMX_WindowsExplorer/EnforceShellExtensionSecurity](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enforceshellextensionsecurity)
+- [ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-explorerribbonstartsminimized)
+- [ADMX_WindowsExplorer/HideContentViewModeSnippets](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-hidecontentviewmodesnippets)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trustedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trustedlockdown)
+- [ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-linkresolveignorelinkinfo)
+- [ADMX_WindowsExplorer/MaxRecentDocs](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-maxrecentdocs)
+- [ADMX_WindowsExplorer/NoBackButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nobackbutton)
+- [ADMX_WindowsExplorer/NoCDBurning](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocdburning)
+- [ADMX_WindowsExplorer/NoCacheThumbNailPictures](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocachethumbnailpictures)
+- [ADMX_WindowsExplorer/NoChangeAnimation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangeanimation)
+- [ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangekeyboardnavigationindicators)
+- [ADMX_WindowsExplorer/NoDFSTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodfstab)
+- [ADMX_WindowsExplorer/NoDrives](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodrives)
+- [ADMX_WindowsExplorer/NoEntireNetwork](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noentirenetwork)
+- [ADMX_WindowsExplorer/NoFileMRU](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemru)
+- [ADMX_WindowsExplorer/NoFileMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemenu)
+- [ADMX_WindowsExplorer/NoFolderOptions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofolderoptions)
+- [ADMX_WindowsExplorer/NoHardwareTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nohardwaretab)
+- [ADMX_WindowsExplorer/NoManageMyComputerVerb](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomanagemycomputerverb)
+- [ADMX_WindowsExplorer/NoMyComputerSharedDocuments](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomycomputershareddocuments)
+- [ADMX_WindowsExplorer/NoNetConnectDisconnect](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonetconnectdisconnect)
+- [ADMX_WindowsExplorer/NoNewAppAlert](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonewappalert)
+- [ADMX_WindowsExplorer/NoPlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noplacesbar)
+- [ADMX_WindowsExplorer/NoRecycleFiles](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norecyclefiles)
+- [ADMX_WindowsExplorer/NoRunAsInstallPrompt](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norunasinstallprompt)
+- [ADMX_WindowsExplorer/NoSearchInternetTryHarderButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosearchinternettryharderbutton)
+- [ADMX_WindowsExplorer/NoSecurityTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosecuritytab)
+- [ADMX_WindowsExplorer/NoShellSearchButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noshellsearchbutton)
+- [ADMX_WindowsExplorer/NoStrCmpLogical](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nostrcmplogical)
+- [ADMX_WindowsExplorer/NoViewContextMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewcontextmenu)
+- [ADMX_WindowsExplorer/NoViewOnDrive](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewondrive)
+- [ADMX_WindowsExplorer/NoWindowsHotKeys](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nowindowshotkeys)
+- [ADMX_WindowsExplorer/NoWorkgroupContents](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noworkgroupcontents)
+- [ADMX_WindowsExplorer/PlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-placesbar)
+- [ADMX_WindowsExplorer/PromptRunasInstallNetPath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-promptrunasinstallnetpath)
+- [ADMX_WindowsExplorer/RecycleBinSize](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-recyclebinsize)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-1)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-2)
+- [ADMX_WindowsExplorer/ShowHibernateOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showhibernateoption)
+- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
+- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
+- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
+- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
+- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings)
+- [ADMX_WindowsMediaPlayer/DisableAutoUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate)
+- [ADMX_WindowsMediaPlayer/DisableNetworkSettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings)
+- [ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration)
+- [ADMX_WindowsMediaPlayer/DoNotShowAnchor](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor)
+- [ADMX_WindowsMediaPlayer/DontUseFrameInterpolation](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation)
+- [ADMX_WindowsMediaPlayer/EnableScreenSaver](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver)
+- [ADMX_WindowsMediaPlayer/HidePrivacyTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab)
+- [ADMX_WindowsMediaPlayer/HideSecurityTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab)
+- [ADMX_WindowsMediaPlayer/NetworkBuffering](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering)
+- [ADMX_WindowsMediaPlayer/PolicyCodecUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate)
+- [ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventLibrarySharing](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing)
+- [ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut)
+- [ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval)
+- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
+- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
+- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
+- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
+- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
+- [ADMX_WindowsStore/RemoveWindowsStore_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-1)
+- [ADMX_WindowsStore/RemoveWindowsStore_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-2)
+- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
+- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
+- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
+- [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
+- [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
+- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) 
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Group Policy
+title: Policies in Policy CSP supported by Group Policy
-description: Policy CSPs supported by Group Policy
+description: Policies in Policy CSP supported by Group Policy
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Group Policy
+# Policies in Policy CSP supported by Group Policy
 
 > [!div class="op_single_selector"]
 > 
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
-description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/17/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Development Edition
+title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
-description: Policy CSPs supported by HoloLens (1st gen) Development Edition
+description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens 2
+title: Policies in Policy CSP supported by HoloLens 2
-description: Policy CSPs supported by HoloLens 2
+description: Policies in Policy CSP supported by HoloLens 2
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,10 +9,10 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 05/11/2020
+ms.date: 10/08/2020
 ---
 
-# Policy CSPs supported by HoloLens 2
+# Policies in Policy CSP supported by HoloLens 2
 
 > [!div class="op_single_selector"]
 >
@@ -50,6 +50,17 @@ ms.date: 05/11/2020
 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
+- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
+- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
+- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled)
+- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
+- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
 - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
 - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
@@ -73,7 +84,8 @@ ms.date: 05/11/2020
 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
+- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
+- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
@@ -81,6 +93,10 @@ ms.date: 05/11/2020
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
+- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
+- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
+- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
+- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
@@ -91,6 +107,7 @@ ms.date: 05/11/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Core
+title: Policies in Policy CSP supported by Windows 10 IoT Core
-description: Policy CSPs supported by Windows 10 IoT Core
+description: Policies in Policy CSP supported by Windows 10 IoT Core
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/16/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Core
+# Policies in Policy CSP supported by Windows 10 IoT Core
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Enterprise
+title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-description: Policy CSPs supported by Windows 10 IoT Enterprise
+description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Enterprise
+# Policies in Policy CSP supported by Windows 10 IoT Enterprise
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Microsoft Surface Hub
-description: Policy CSPs supported by Microsoft Surface Hub
+description: Policies in Policy CSP supported by Microsoft Surface Hub
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/22/2020
 ---
 
-# Policy CSPs supported by Microsoft Surface Hub
+# Policies in Policy CSP supported by Microsoft Surface Hub
 
 
 - [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)

windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs that can be set using Exchange Active Sync (EAS)
+title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
-description: Policy CSPs that can be set using Exchange Active Sync (EAS)
+description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs that can be set using Exchange Active Sync (EAS)
+# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 
 - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)  
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)  

windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md

@@ -0,0 +1,351 @@
+---
+title: Policy CSP - ADMX_PowerShellExecutionPolicy
+description: Policy CSP - ADMX_PowerShellExecutionPolicy
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PowerShellExecutionPolicy
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_PowerShellExecutionPolicy policies  
+
+<dl>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enablemodulelogging">ADMX_PowerShellExecutionPolicy/EnableModuleLogging</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enablescripts">ADMX_PowerShellExecutionPolicy/EnableScripts</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enabletranscripting">ADMX_PowerShellExecutionPolicy/EnableTranscripting</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath">ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enablemodulelogging"></a>**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on Module Logging*
+-   GP name: *EnableModuleLogging*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enablescripts"></a>**ADMX_PowerShellExecutionPolicy/EnableScripts**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+
+If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
+
+The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher.  The "Allow all scripts" policy setting allows all scripts to run.
+
+If you disable this policy setting, no scripts are allowed to run.
+
+> [!NOTE]
+> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on Script Execution*
+-   GP name: *EnableScripts*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enabletranscripting"></a>**ADMX_PowerShellExecutionPolicy/EnableTranscripting**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+
+If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
+
+If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled  through the Start-Transcript cmdlet.
+
+If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users  from viewing the transcripts of other users or computers.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on PowerShell Transcription*
+-   GP name: *EnableTranscripting*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath"></a>**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+
+If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
+
+If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set the default source path for Update-Help*
+-   GP name: *EnableUpdateHelpDefaultSourcePath*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-sensors.md

@@ -0,0 +1,401 @@
+---
+title: Policy CSP - ADMX_Sensors
+description: Policy CSP - ADMX_Sensors
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Sensors
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Sensors policies  
+
+<dl>
+  <dd>
+    <a href="#admx-sensors-disablelocationscripting-1">ADMX_Sensors/DisableLocationScripting_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablelocationscripting-2">ADMX_Sensors/DisableLocationScripting_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablelocation-1">ADMX_Sensors/DisableLocation_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablesensors-1">ADMX_Sensors/DisableSensors_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablesensors-2">ADMX_Sensors/DisableSensors_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocationscripting-1"></a>**ADMX_Sensors/DisableLocationScripting_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocationscripting-2"></a>**ADMX_Sensors/DisableLocationScripting_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocation-1"></a>**ADMX_Sensors/DisableLocation_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+
+If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
+
+If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location*
+-   GP name: *DisableLocation_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablesensors-1"></a>**ADMX_Sensors/DisableSensors_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablesensors-2"></a>**ADMX_Sensors/DisableSensors_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-snmp.md

@@ -0,0 +1,290 @@
+---
+title: Policy CSP - ADMX_Snmp
+description: Policy CSP - ADMX_Snmp
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/24/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Snmp
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Snmp policies  
+
+<dl>
+  <dd>
+    <a href="#admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-communities"></a>**ADMX_Snmp/SNMP_Communities**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
+
+SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
+
+A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.
+
+If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
+
+> [!NOTE]
+> - It is good practice to use a cryptic community name.
+> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify communities*
+-   GP name: *SNMP_Communities*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-permittedmanagers"></a>**ADMX_Snmp/SNMP_PermittedManagers**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.
+
+If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
+
+If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
+
+> [!NOTE]
+> This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify permitted managers*
+-   GP name: *SNMP_PermittedManagers*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-traps-public"></a>**ADMX_Snmp/SNMP_Traps_Public**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.
+
+If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
+
+> [!NOTE]
+> This setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify traps for public community*
+-   GP name: *SNMP_Traps_Public*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-thumbnails.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_Thumbnails
+description: Policy CSP - ADMX_Thumbnails
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Thumbnails
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Thumbnails policies  
+
+<dl>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
+  </dd>  
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
+  </dd>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnails"></a>**ADMX_Thumbnails/DisableThumbnails**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
+
+File Explorer displays thumbnail images by default. 
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons.*
+-   GP name: *DisableThumbnails*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnailsonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
+
+File Explorer displays thumbnail images on network folders by default.
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons on network folders*
+-   GP name: *DisableThumbnailsOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbsdbonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files.
+
+This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
+
+If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.
+
+If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files*
+-   GP name: *DisableThumbsDBOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-tpm.md

@@ -0,0 +1,803 @@
+---
+title: Policy CSP - ADMX_TPM
+description: Policy CSP - ADMX_TPM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TPM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_TPM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-blockedcommandslist-name"></a>**ADMX_TPM/BlockedCommandsList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+
+If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
+
+If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the list of blocked TPM commands*
+-   GP name: *BlockedCommandsList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-cleartpmifnotready-name"></a>**ADMX_TPM/ClearTPMIfNotReady_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP name: *ClearTPMIfNotReady_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignoredefaultlist-name"></a>**ADMX_TPM/IgnoreDefaultList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
+
+The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. 
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the default list of blocked TPM commands*
+-   GP name: *IgnoreDefaultList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignorelocallist-name"></a>**ADMX_TPM/IgnoreLocalList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+
+The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the local list of blocked TPM commands*
+-   GP name: *IgnoreLocalList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-osmanagedauth-name"></a>**ADMX_TPM/OSManagedAuth_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+
+You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
+
+If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
+
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
+
+Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
+
+Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.
+
+> [!NOTE]
+> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the level of TPM owner authorization information available to the operating system*
+-   GP name: *OSManagedAuth_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-optintodsha-name"></a>**ADMX_TPM/OptIntoDSHA_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Device Health Attestation Monitoring and Reporting*
+-   GP name: *OptIntoDSHA_Name*
+-   GP path: *System\Device Health Attestation Service*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureduration-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 480 minutes (8 hours) is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Lockout Duration*
+-   GP name: *StandardUserAuthorizationFailureDuration_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 4 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Individual Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 9 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Total Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-uselegacydap-name"></a>**ADMX_TPM/UseLegacyDAP_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
+-   GP name: *UseLegacyDAP_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-w32time.md

@@ -0,0 +1,429 @@
+---
+title: Policy CSP - ADMX_W32Time
+description: Policy CSP - ADMX_W32Time
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_W32Time
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_W32Time policies  
+
+<dl>
+  <dd>
+    <a href="#admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-config"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIG**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
+
+If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
+
+For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
+
+**FrequencyCorrectRate**
+This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
+
+**HoldPeriod**
+This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5
+
+**LargePhaseOffset**
+If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds.
+
+**MaxAllowedPhaseOffset**
+If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds.
+
+**MaxNegPhaseCorrection**
+If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**MaxPosPhaseCorrection**
+If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**PhaseCorrectRate**
+This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar).
+
+**PollAdjustFactor**
+This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar).
+
+**SpikeWatchPeriod**
+This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds.
+
+**UpdateInterval**
+This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second.
+
+General parameters:
+
+**AnnounceFlags**
+This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal
+
+**EventLogFlags**
+This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask.
+
+**LocalClockDispersion**
+This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
+
+**MaxPollInterval**
+This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
+
+**MinPollInterval**
+This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
+
+**ClockHoldoverPeriod**
+This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
+
+**RequireSecureTimeSyncRequests**
+This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
+
+**UtilizeSslTimeData**
+This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock.  Default: 1 (enabled) Boolean
+
+**ClockAdjustmentAuditLimit**
+This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
+
+RODC parameters:
+
+**ChainEntryTimeout**
+This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds.
+
+**ChainMaxEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
+
+**ChainMaxHostEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
+
+**ChainDisable**
+This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
+
+**ChainLoggingRate**
+This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Global Configuration Settings*
+-   GP name: *W32TIME_POLICY_CONFIG*
+-   GP path: *System\Windows Time Service*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-configure-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
+
+If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
+
+If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
+
+**NtpServer**
+The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings.  The default value is ""time.windows.com,0x09"". 
+
+**Type**
+This value controls the authentication that W32time uses. The default value is NT5DS.
+
+**CrossSiteSyncFlags**
+This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
+
+**ResolvePeerBackoffMinutes**
+This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
+
+**ResolvePeerBackoffMaxTimes**
+This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.
+
+**SpecialPollInterval**
+This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
+
+**EventLogFlags**
+This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure Windows NTP Client*
+-   GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled.
+
+Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
+
+If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
+
+If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Client*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpserver"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled.
+
+If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
+
+If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Server*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wcm.md

@@ -0,0 +1,272 @@
+---
+title: Policy CSP - ADMX_WCM
+description: Policy CSP - ADMX_WCM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WCM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WCM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wcm-wcm-disablepowermanagement">ADMX_WCM/WCM_DisablePowerManagement</a>
+  </dd>
+  <dd>
+    <a href="#admx-wcm-wcm-enablesoftdisconnect">ADMX_WCM/WCM_EnableSoftDisconnect</a>
+  </dd>
+  <dd>
+    <a href="#admx-wcm-wcm-minimizeconnections">ADMX_WCM/WCM_MinimizeConnections</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-disablepowermanagement"></a>**ADMX_WCM/WCM_DisablePowerManagement**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+
+If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
+
+If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable power management in connected standby mode*
+-   GP name: *WCM_DisablePowerManagement*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-enablesoftdisconnect"></a>**ADMX_WCM/WCM_EnableSoftDisconnect**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+
+If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
+
+If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.
+
+When soft disconnect is enabled:
+
+- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
+- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
+
+This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows to soft-disconnect a computer from a network*
+-   GP name: *WCM_EnableSoftDisconnect*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-minimizeconnections"></a>**ADMX_WCM/WCM_MinimizeConnections**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+
+If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
+
+If this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.
+
+This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
+-   GP name: *WCM_MinimizeConnections*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wincal.md

@@ -0,0 +1,192 @@
+---
+title: Policy CSP - ADMX_WinCal
+description: Policy CSP - ADMX_WinCal
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinCal
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinCal policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-1"></a>**ADMX_WinCal/TurnOffWinCal_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_1*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-2"></a>**ADMX_WinCal/TurnOffWinCal_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_2*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md

@@ -0,0 +1,115 @@
+---
+title: Policy CSP - ADMX_WindowsAnytimeUpgrade
+description: Policy CSP - ADMX_WindowsAnytimeUpgrade
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsAnytimeUpgrade
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsAnytimeUpgrade policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsanytimeupgrade-disabled"></a>**ADMX_WindowsAnytimeUpgrade/Disabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators. 
+
+If you enable this policy setting, the wizard will not run.
+
+If you disable this policy setting or set it to Not Configured, the wizard will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent the wizard from running.*
+-   GP name: *Disabled*
+-   GP path: *Windows Components\Add features to Windows 10*
+-   GP ADMX file name: *WindowsAnytimeUpgrade.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_WindowsConnectNow
+description: Policy CSP - ADMX_WindowsConnectNow
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsConnectNow
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsConnectNow policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-1"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_1*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-2"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_2*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-enableregistrar"></a>**ADMX_WindowsConnectNow/WCN_EnableRegistrar**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
+
+Additional options are available to allow discovery and configuration over a specific medium. 
+
+If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. 
+
+If you disable this policy setting, operations are disabled over all media. 
+
+If you do not configure this policy setting, operations are enabled over all media. 
+
+The default for this policy setting allows operations over all media.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configuration of wireless settings using Windows Connect Now*
+-   GP name: *WCN_EnableRegistrar*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md

@@ -0,0 +1,116 @@
+---
+title: Policy CSP - ADMX_WindowsMediaDRM
+description: Policy CSP - ADMX_WindowsMediaDRM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/13/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsMediaDRM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsMediaDRM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsmediadrm-disableonline"></a>**ADMX_WindowsMediaDRM/DisableOnline**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
+
+When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
+
+When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses.  Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.
+
+When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Windows Media DRM Internet Access*
+-   GP name: *DisableOnline*
+-   GP path: *Windows Components\Windows Media Digital Rights Management*
+-   GP ADMX file name: *WindowsMediaDRM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsstore.md

@@ -0,0 +1,409 @@
+---
+title: Policy CSP - ADMX_WindowsStore
+description: Policy CSP - ADMX_WindowsStore
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsStore
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsStore policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsstore-disableautodownloadwin8">ADMX_WindowsStore/DisableAutoDownloadWin8</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-disableosupgrade-1">ADMX_WindowsStore/DisableOSUpgrade_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-disableosupgrade-2">ADMX_WindowsStore/DisableOSUpgrade_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-removewindowsstore-1">ADMX_WindowsStore/RemoveWindowsStore_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-removewindowsstore-2">ADMX_WindowsStore/RemoveWindowsStore_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableautodownloadwin8"></a>**ADMX_WindowsStore/DisableAutoDownloadWin8**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+
+If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
+
+If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download of updates on Win8 machines*
+-   GP name: *DisableAutoDownloadWin8*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableosupgrade-1"></a>**ADMX_WindowsStore/DisableOSUpgrade_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableosupgrade-2"></a>**ADMX_WindowsStore/DisableOSUpgrade_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-removewindowsstore-1"></a>**ADMX_WindowsStore/RemoveWindowsStore_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-removewindowsstore-2"></a>**ADMX_WindowsStore/RemoveWindowsStore_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-wininit.md

@@ -0,0 +1,258 @@
+---
+title: Policy CSP - ADMX_WinInit
+description: Policy CSP - ADMX_WinInit
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinInit
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinInit policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-disablenamedpipeshutdownpolicydescription"></a>**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
+
+If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
+
+If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off legacy remote shutdown interface*
+-   GP name: *DisableNamedPipeShutdownPolicyDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-hiberboot"></a>**ADMX_WinInit/Hiberboot**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup.  
+
+If you enable this policy setting, the system requires hibernate to be enabled.
+
+If you disable or do not configure this policy setting, the local setting is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require use of fast startup*
+-   GP name: *Hiberboot*
+-   GP path: *System\Shutdown*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-shutdowntimeouthungsessionsdescription"></a>**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
+
+If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
+
+If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Timeout for hung logon sessions during shutdown*
+-   GP name: *ShutdownTimeoutHungSessionsDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wlansvc.md

@@ -0,0 +1,260 @@
+---
+title: Policy CSP - ADMX_wlansvc
+description: Policy CSP - ADMX_wlansvc
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_wlansvc
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_wlansvc policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wlansvc-setcost">ADMX_wlansvc/SetCost</a>
+  </dd>
+  <dd>
+    <a href="#admx-wlansvc-setpinenforced">ADMX_wlansvc/SetPINEnforced</a>
+  </dd>
+  <dd>
+    <a href="#admx-wlansvc-setpinpreferred">ADMX_wlansvc/SetPINPreferred</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setcost"></a>**ADMX_wlansvc/SetCost**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.  
+- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Cost*
+-   GP name: *IncludeCmdLine*
+-   GP path: *Network\WLAN Service\WLAN Media Cost*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setpinenforced"></a>**ADMX_wlansvc/SetPINEnforced**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+
+Conversely it means that Push Button is NOT allowed.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require PIN pairing*
+-   GP name: *SetPINEnforced*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setpinpreferred"></a>**ADMX_wlansvc/SetPINPreferred**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+
+When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prefer PIN pairing*
+-   GP name: *SetPINPreferred*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
 -  \<MSFT:GPRegistryMappedName\>    
 -  \<MSFT:GPDBMappedName\>  
 
-For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
+For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
 ](policy-csps-supported-by-group-policy.md).
 
 The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

windows/client-management/mdm/policy-csp-experience.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 11/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -73,6 +73,9 @@ manager: dansimp
   <dd>
     <a href="#experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
   </dd>
+  <dd>
+    <a href="#experience-disablecloudoptimizedcontent">Experience/DisableCloudOptimizedContent</a>
+  </dd>
   <dd>
     <a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
   </dd>
@@ -413,7 +416,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g., auto-enrolled), then disabling the MDM unenrollment has no effect.
 
 > [!NOTE]
 > The MDM server can always remotely delete the account.
@@ -507,7 +510,7 @@ Allows or disallows all Windows sync settings on the device. For information abo
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 – Sync settings is not allowed.
+-   0 – Sync settings are not allowed.
 -   1 (default) – Sync settings allowed.
 
 <!--/SupportedValues-->
@@ -566,7 +569,8 @@ Added in Windows 10, version 1703. This policy allows you to prevent Windows fro
 
 Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
 
-> **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
+> [!NOTE]
+> This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
 
 Most restricted value is 0.
 
@@ -1153,6 +1157,144 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 
+<!--Policy-->
+<a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -1500,6 +1642,7 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-localusersandgroups.md

@@ -0,0 +1,232 @@
+---
+title: Policy CSP - LocalUsersAndGroups
+description: Policy CSP - LocalUsersAndGroups
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/14/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - LocalUsersAndGroups
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## LocalUsersAndGroups policies  
+
+<dl>
+  <dd>
+    <a href="#localusersandgroups-configure">LocalUsersAndGroups/Configure</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="localusersandgroups-configure"></a>**LocalUsersAndGroups/Configure**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10, version 20H2. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
+
+> [!NOTE]
+> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
+>
+> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
+
+Here's an example of the policy definition XML for group configuration:
+
+```xml
+<GroupConfiguration>
+    <accessgroup desc = "">
+        <group action = ""/> 
+            <add member = ""/>
+            <remove member = ""/>
+    </accessgroup>
+</GroupConfiguration>
+```
+
+where:
+
+- `<accessgroup desc>`: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. 
+- `<group action>`: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: 
+    - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group.
+    - Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting.
+- `<add member>`: Specifies the SID or name of the member to configure.
+- `<remove member>`: Specifies the SID or name of the member to remove from the specified group.
+
+    > [!NOTE]
+    > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). This way, you can avoid getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. 
+
+See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
+
+> [!IMPORTANT]
+> - `<add member>` and `<remove member>` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. 
+> - When specifying a SID in the `<add member>` or `<remove member>`, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct.
+> - `<remove member>` is not valid for the R (Restrict) action and will be ignored if present.
+> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
+
+<!--/Description-->
+<!--SupportedValues-->
+<!--/SupportedValues-->
+<!--Example-->
+
+**Examples**
+
+Example 1: Update action for adding and removing group members.
+
+The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**). 
+
+```xml
+<GroupConfiguration> 
+    <accessgroup desc = "Backup Operators"> 
+        <group action = "U" /> 
+        <add member = "Contoso\ITAdmins"/>
+        <add member = "S-1-5-32-544"/>
+        <add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
+        <remove member = "Guest"/> 
+    </accessgroup> 
+</GroupConfiguration>
+```
+
+Example 2: Restrict action for replacing the group membership.
+
+The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**).
+
+```xml
+<GroupConfiguration>
+    <accessgroup desc = "Backup Operators">
+        <group action = "R" />
+        <add member = "S-1-5-32-544"/>
+        <add member = "Guest"/>
+    </accessgroup>
+</GroupConfiguration>
+```
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+## FAQs
+
+This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. 
+
+### What happens if I accidentally remove the built-in Administrator SID from the Administrators group?
+
+Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: 
+ 
+| Error Code  | Symbolic Name | Error Description | Header |
+|----------|----------|----------|----------|
+|  0x55b (Hex)  <br>  1371 (Dec)  |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.|  winerror.h  |
+
+When configuring the built-in Administrators group with the R (Restrict) action, specify the built-in Administrator account SID/Name in `<add member>` to avoid this error.
+
+### Can I add a member that already exists?
+
+Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error.
+
+### Can I remove a member if it isn't a member of the group?
+
+Yes, you can remove a member even if it isn't a member of the group. This will result in no changes to the group and no error.
+
+### How can I add a domain group as a member to a local group?
+
+To add a domain group as a member to a local group, specify the domain group in `<add member>` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. 
+
+### Can I apply more than one LocalUserAndGroups policy/XML to the same device?
+
+No, this is not allowed. Attempting to do so will result in a conflict in Intune.
+
+### What happens if I specify a group name that doesn't exist?
+
+Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully. 
+
+### What happens if I specify R and U in the same XML?
+
+If you specify both R and U in the same XML, the R (Restrict) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins.
+
+### How do I check the result of a policy that is applied on the client device?
+
+After a policy is applied on the client device, you can investigate the event log to review the result: 
+
+1. Open Event Viewer (**eventvwr.exe**).
+2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise-
+Diagnostics-Provider** > **Admin**.
+3. Search for the `LocalUsersAndGroups` string to review the relevant details.
+
+### How can I troubleshoot Name/SID lookup APIs?
+
+To troubleshoot Name/SID lookup APIs:
+
+1. Enable **lsp.log** on the client device by running the following commands:
+
+    ```cmd
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x800 -Type dword -Force
+
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgTraceOptions -Value 0x1 -Type dword -Force
+    ```
+
+    The **lsp.log** file (**C:\windows\debug\lsp.log**) will be displayed. This log file tracks the SID-Name resolution.
+
+2. Turn the logging off by running the following command:
+
+    ```cmd
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force
+    ```
+
+
+Footnotes:
+
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-mixedreality.md

@@ -0,0 +1,314 @@
+---
+title: Policy CSP - MixedReality
+description: Policy CSP - MixedReality
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/06/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - MixedReality
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## MixedReality policies  
+
+<dl>
+  <dd>
+    <a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-aadgroupmembershipcachevalidityindays"></a>**MixedReality/AADGroupMembershipCacheValidityInDays**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-brightnessbuttondisabled"></a>**MixedReality/BrightnessButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Disabled
+- 1 - Enabled for device owners
+- 2 - Enabled for all (Default)
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether microphone on HoloLens 2 is disabled or not.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-volumebuttondisabled"></a>**MixedReality/VolumeButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-multitasking.md

@@ -0,0 +1,131 @@
+---
+title: Policy CSP - Multitasking
+description: Policy CSP - Multitasking
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/30/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Multitasking
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Multitasking policies  
+
+<dl>
+  <dd>
+    <a href="#multitasking-browseralttabblowout">Multitasking/BrowserAltTabBlowout</a>
+  </dd>
+ </dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="multitasking-browseralttabblowout"></a>**Multitasking/BrowserAltTabBlowout**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+> [!Warning]
+> This policy is currently in preview mode only and will be supported in future releases. It may be used for testing purposes, but should not be used in a production environment at this time.
+
+This policy controls the inclusion of Edge tabs into Alt+Tab.
+
+Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the 5 most recent tabs, only the 3 most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. 
+
+This policy only applies to the Alt+Tab switcher. When the policy is not enabled, the feature respects the user's setting in the Settings app.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
+-   GP name: *BrowserAltTabBlowout*
+-   GP path: *Windows Components/Multitasking*
+-   GP ADMX file name: *Multitasking.admx*
+
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 1 - Open windows and all tabs in Edge.
+- 2 - Open windows and 5 most recent tabs in Edge.
+- 3 - Open windows and 3 most recent tabs in Edge.
+- 4 - Open windows only.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -14,6 +14,9 @@ manager: dansimp
 
 # Policy CSP - RestrictedGroups
 
+> [!IMPORTANT]
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
+
 
 <hr/>
 

windows/client-management/mdm/policy-csp-servicecontrolmanager.md

@@ -78,6 +78,9 @@ If you enable this policy setting, built-in system services hosted in svchost.ex
 
 This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.  
 
+> [!IMPORTANT]
+> Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
+
 If you disable or do not configure this policy setting, the stricter security settings will not be applied.
 
 <!--/Description-->
@@ -122,4 +125,3 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
-

windows/client-management/mdm/policy-csp-system.md

@@ -1,13 +1,13 @@
 ---
 title: Policy CSP - System
-description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update.
+description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/12/2020
+ms.date: 10/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -212,14 +212,13 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. 
+This policy setting opts the device into the Windows enterprise data pipeline. 
 
-If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
+If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
 
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
+If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
 
->[!Note]
+Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -234,8 +233,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 (default) - Do not use the Windows Commercial Data Pipeline
+-   0 (default) - Disabled.
--   1 - Use the Windows Commercial Data Pipeline
+-   1 - Enabled.
 
 <!--/SupportedValues-->
 <!--Example-->
@@ -245,7 +244,9 @@ The following list shows the supported values:
 
 <!--/Validation-->
 <!--/Policy-->
+
 <hr/>
+
 <!--Policy-->
 <a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**  
 
@@ -488,7 +489,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
+Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
 
 This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
 
@@ -509,7 +510,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
+-   0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
 -   1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
 
 <!--/SupportedValues-->
@@ -1605,7 +1606,7 @@ The following list shows the supported values:
 This policy setting, in combination with the System/AllowTelemetry 
  policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
-To enable this behavior you must complete two steps:
+To enable this behavior, you must complete two steps:
 <ul>
 <li>Enable this policy setting</li>
 <li>Set Allow Telemetry to level 2 (Enhanced)</li>

windows/client-management/mdm/policy-csp-update.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 02/10/2020
+ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -96,6 +96,9 @@ manager: dansimp
   <dd>
     <a href="#update-disabledualscan">Update/DisableDualScan</a>
   </dd>
+  <dd>
+    <a href="#update-disablewufbsafeguards">Update/DisableWUfBSafeguards</a>
+  </dd>
   <dd>
     <a href="#update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
   </dd>
@@ -458,11 +461,6 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 Supported operations are Get and Replace.
 
-
-> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
- 
-
 If the policy is not configured, end-users get the default behavior (Auto install and restart).
 
 <!--/Description-->
@@ -485,6 +483,11 @@ The following list shows the supported values:
 -   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
 -   5 – Turn off automatic updates.
 
+
+> [!IMPORTANT]
+> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+
+
 <!--/SupportedValues-->
 <!--/Policy-->
 
@@ -1110,8 +1113,8 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values:  
--   true - Enable
+-   0  - Disable (Default)
--   false - Disable (Default)
+-   1  - Enable
 <!--/SupportedValues-->
 <!--Example-->
 
@@ -2013,6 +2016,85 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-disablewufbsafeguards"></a>**Update/DisableWUfBSafeguards**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows Update for Business (WUfB) devices running Windows 10, version 1809 and above and installed with October 2020 security update. This policy setting specifies that a WUfB device should skip safeguards.
+
+Safeguard holds prevent a device with a known compatibility issue from being offered a new OS version. The offering will proceed once a fix is issued and is verified on a held device. The aim of safeguards is to protect the device and user from a failed or poor upgrade experience.
+
+The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update.
+
+IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the “Disable safeguards for Feature Updates” Group Policy. 
+
+> [!NOTE]
+> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied.
+>
+> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. 
+>
+> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Disable safeguards for Feature Updates*
+-   GP name: *DisableWUfBSafeguards*
+-   GP path: *Windows Components/Windows Update/Windows Update for Business*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
+- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**  
 
@@ -4525,4 +4607,3 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
-

windows/client-management/mdm/policy-csp-windowssandbox.md

@@ -0,0 +1,561 @@
+---
+title: Policy CSP - WindowsSandbox
+description: Policy CSP - WindowsSandbox
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/14/2020
+---
+
+# Policy CSP - WindowsSandbox
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## WindowsSandbox policies  
+
+<dl>
+  <dd>
+    <a href="#windowssandbox-allowaudioinput">WindowsSandbox/AllowAudioInput</a>
+  </dd>
+  <dd>
+    <a href="#windowssandbox-allowclipboardredirection">WindowsSandbox/AllowClipboardRedirection</a>
+  </dd>
+  <dd>
+    <a href="#windowssandbox-allownetworking">WindowsSandbox/AllowNetworking</a>
+  </dd>
+  <dd>
+    <a href="#windowssandbox-allowprinterredirection">WindowsSandbox/AllowPrinterRedirection</a>
+  </dd>
+  <dd>
+    <a href="#windowssandbox-allowvgpu">WindowsSandbox/AllowVGPU</a>
+  </dd>
+  <dd>
+    <a href="#windowssandbox-allowvideoinput">WindowsSandbox/AllowVideoInput</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowssandbox-allowaudioinput"></a>**WindowsSandbox/AllowAudioInput**
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable audio input to the Sandbox. 
+
+> [!NOTE]
+> There may be security implications of exposing host audio input to the container.
+
+If this policy is not configured, end-users get the default behavior (audio input enabled). 
+
+If audio input is disabled, a user will not be able to enable audio input from their own configuration file. 
+
+If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:
+
+- GP English Name: *Allow audio input in Windows Sandbox*
+- GP name: *AllowAudioInput*
+- GP path: *Windows Components/Windows Sandbox* 
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:  
+
+- 0 - Disabled
+- 1 (default) - Enabled
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+
+<!--Policy-->
+<a href="" id="windowssandbox-allowclipboardredirection"></a>**WindowsSandbox/AllowClipboardRedirection**  
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
+
+If this policy is not configured, end-users get the default behavior (clipboard redirection enabled. 
+
+If clipboard sharing is disabled, a user will not be able to enable clipboard sharing from their own configuration file. 
+
+If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:
+
+- GP English Name: *Allow clipboard sharing with Windows Sandbox*
+- GP name: *AllowClipboardRedirection*
+- GP path: *Windows Components/Windows Sandbox*
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:  
+
+- 0 - Disabled
+- 1 (default) - Enabled
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowssandbox-allownetworking"></a>**WindowsSandbox/AllowNetworking**  
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network.
+
+If this policy is not configured, end-users get the default behavior (networking enabled).
+
+If networking is disabled, a user will not be able to enable networking from their own configuration file.
+
+If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:
+
+- GP English Name: *Allow networking in Windows Sandbox*
+- GP name: *AllowNetworking*
+- GP path: *Windows Components/Windows Sandbox*
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:  
+- 0 - Disabled
+- 1 (default) - Enabled
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowssandbox-allowprinterredirection"></a>**WindowsSandbox/AllowPrinterRedirection**  
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. 
+
+If this policy is not configured, end-users get the default behavior (printer sharing disabled). 
+
+If printer sharing is disabled, a user will not be able to enable printer sharing from their own configuration file. 
+
+If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:
+
+- GP English Name: *Allow printer sharing with Windows Sandbox*
+- GP name: *AllowPrinterRedirection*
+- GP path: *Windows Components/Windows Sandbox* 
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:
+
+- 0 - Disabled
+- 1 (default) - Enabled
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowssandbox-allowvgpu"></a>**WindowsSandbox/AllowVGPU**  
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable virtualized GPU for Windows Sandbox.
+
+> [!NOTE]
+> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. 
+
+If this policy is not configured, end-users get the default behavior (vGPU is disabled). 
+
+If vGPU is disabled, a user will not be able to enable vGPU support from their own configuration file. 
+
+If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:
+
+- GP English Name: *Allow vGPU sharing for Windows Sandbox*
+- GP name: *AllowVGPU*
+- GP path: *Windows Components/Windows Sandbox*
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowssandbox-allowvideoinput"></a>**WindowsSandbox/AllowVideoInput**  
+
+Available in the latest Windows 10 insider preview build.
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows the IT admin to enable or disable video input to the Sandbox. 
+
+> [!NOTE]
+> There may be security implications of exposing host video input to the container.
+
+If this policy is not configured, users get the default behavior (video input disabled). 
+
+If video input is disabled, users will not be able to enable video input from their own configuration file. 
+
+If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure.
+
+> [!NOTE]
+> You must restart Windows Sandbox for any changes to this policy setting to take effect.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info: 
+- GP English Name: *Allow video input in Windows Sandbox*
+- GP name: *AllowVideoInput*
+- GP path: *Windows Components/Windows Sandbox*
+- GP ADMX file name: *WindowsSandbox.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following are the supported values:
+
+- 0 (default) - Disabled
+- 1 - Enabled
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--/Policies-->

windows/client-management/mdm/policy-ddf-file.md

@@ -10,7 +10,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 06/03/2020
+ms.date: 10/28/2020
 ---
 
 # Policy DDF file
@@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
 
 You can view various Policy DDF files by clicking the following links:
 
+- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
 - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
 - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
 - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
@@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links:
 
 You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, version 2004.
+The XML below is the DDF for Windows 10, version 20H2.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -8713,6 +8714,52 @@ Related policy:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Multitasking</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BrowserAltTabBlowout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Notifications</NodeName>
         <DFProperties>
@@ -18919,6 +18966,55 @@ Related policy:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>Multitasking</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>BrowserAltTabBlowout</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>1</DefaultValue>
+            <Description>Configures the inclusion of Edge tabs into Alt-Tab.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="1,2,3,4"></MSFT:SupportedValues>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ADMXMapped>multitasking.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>AltTabFilterDropdown</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>multitasking~AT~WindowsComponents~MULTITASKING</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>MultiTaskingAltTabFilter</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>Notifications</NodeName>
         <DFProperties>
@@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableCloudOptimizedContent</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DoNotShowFeedbackNotifications</NodeName>
           <DFProperties>
@@ -38353,6 +38473,60 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>LocalUsersAndGroups</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>Configure</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>LockDown</NodeName>
         <DFProperties>
@@ -38563,6 +38737,148 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>MixedReality</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BrightnessButtonDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>FallbackDiagnostics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrophoneDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>VolumeButtonDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>MSSecurityGuide</NodeName>
         <DFProperties>
@@ -47384,6 +47700,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableWUfBSafeguards</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartDeadline</NodeName>
           <DFProperties>
@@ -48152,6 +48492,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             </DFType>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>TargetReleaseVersion</NodeName>
           <DFProperties>
@@ -61298,6 +61662,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             <MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableCloudOptimizedContent</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description>This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.</Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>CloudContent.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXCategory>CloudContent~AT~WindowsComponents~CloudContent</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>DisableCloudOptimizedContent</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DoNotShowFeedbackNotifications</NodeName>
           <DFProperties>
@@ -70811,6 +71202,116 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>LocalUsersAndGroups</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>Configure</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue></DefaultValue>
+            <Description>This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the &apos;U&apos; action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the &apos;R&apos; action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.</Description>
+            <DFFormat>
+              <chr/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+            <MSFT:XMLSchema><![CDATA[<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
+                          <xs:simpleType name="name">
+                            <xs:restriction base="xs:string">
+                              <xs:maxLength value="255" />
+                            </xs:restriction>
+                          </xs:simpleType>
+                          <xs:element name="accessgroup">
+                            <xs:complexType>
+                                <xs:sequence>
+                                    <xs:element name="group" minOccurs="1" maxOccurs="1">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Configuration Action</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="action" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="add" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Member to Add</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="member" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="remove" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Member to Remove</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="member" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="property" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group property to configure</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="desc" type="name" use="required"/>
+                                        <xs:attribute name="value" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                  </xs:sequence>
+                              <xs:attribute name="desc" type="name" use="required"/>
+                            </xs:complexType>
+                          </xs:element>
+                          <xs:element name="GroupConfiguration">
+                            <xs:complexType>
+                              <xs:sequence>
+                                <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
+                                  <xs:annotation>
+                              <xs:documentation>Local Group Configuration</xs:documentation>
+                            </xs:annotation>
+                                </xs:element>
+                              </xs:sequence>
+                            </xs:complexType>
+                          </xs:element>
+                      </xs:schema]]></MSFT:XMLSchema>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>LockDown</NodeName>
         <DFProperties>
@@ -71027,6 +71528,146 @@ The options are:
           </DFProperties>
         </Node>
       </Node>
+      <Node>
+        <NodeName>MixedReality</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName></DDFName>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>AADGroupMembershipCacheValidityInDays</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="60"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>BrightnessButtonDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>FallbackDiagnostics</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>2</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>MicrophoneDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>VolumeButtonDisabled</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
+      </Node>
       <Node>
         <NodeName>MSSecurityGuide</NodeName>
         <DFProperties>
@@ -80733,6 +81374,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisableWUfBSafeguards</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues AllowedValues="0,1"></MSFT:SupportedValues>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>EngagedRestartDeadline</NodeName>
           <DFProperties>
@@ -81607,6 +82272,34 @@ If you disable or do not configure this policy setting, the wake setting as spec
             <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>SetProxyBehaviorForUpdateDetection</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DefaultValue>0</DefaultValue>
+            <Description></Description>
+            <DFFormat>
+              <int/>
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
+            <MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
+            <MSFT:ADMXMappedElement>SetProxyBehaviorForUpdateDetection</MSFT:ADMXMappedElement>
+            <MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
+            <MSFT:ADMXPolicyName>CorpWuURL</MSFT:ADMXPolicyName>
+            <MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>TargetReleaseVersion</NodeName>
           <DFProperties>

windows/client-management/mdm/surfacehub-csp.md

@@ -161,7 +161,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 <thead>
 <tr class="header">
 <th>ErrorContext value</th>
-<th>Stage where error occured</th>
+<th>Stage where error occurred</th>
 <th>Description and suggestions</th>
 </tr>
 </thead>
@@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 <p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
 
 <a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**  
-<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons).
+<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
 
 <p style="margin-left: 20px">The data type is string. Supported operation is Get and Replace.
 
@@ -474,6 +474,16 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
 
 <p style="margin-left: 20px">The data type is integer. Supported operation is Get and Replace.
 
+<a href="" id="properties-sleepmode"></a>**Properties/SleepMode**
+<p style="margin-left: 20px">Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
+
+<p style="margin-left: 20px">Valid values:
+
+-   0 - Connected Standby (default)
+-   1 - Hibernate
+
+<p style="margin-left: 20px">The data type is integer. Supported operation is Get and Replace.
+
 <a href="" id="properties-allowsessionresume"></a>**Properties/AllowSessionResume**  
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out. 
 

windows/client-management/mdm/vpnv2-csp.md

@@ -2,14 +2,14 @@
 title: VPNv2 CSP
 description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 11/01/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 CSP
@@ -30,8 +30,8 @@ Here are the requirements for this CSP:
 
 The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
 
--   C:\\Windows\\schemas\\EAPHost
+- `C:\\Windows\\schemas\\EAPHost`
--   C:\\Windows\\schemas\\EAPMethods
+- `C:\\Windows\\schemas\\EAPMethods`
 
 The following diagram shows the VPNv2 configuration service provider in tree format.
 
@@ -45,13 +45,14 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu
 
 Supported operations include Get, Add, and Delete.
 
-> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
+> [!NOTE]
+> If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
 <a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/**<em>ProfileName</em>**/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
 
 <a href="" id="vpnv2-profilename-apptriggerlist-apptriggerrowid"></a>**VPNv2/**<em>ProfileName</em>**/AppTriggerList/**<em>appTriggerRowId</em>  
-A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
+A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
 
 Supported operations include Get, Add, Replace, and Delete.
 
@@ -131,16 +132,15 @@ Returns the namespace type. This value can be one of the following:
 Value type is chr. Supported operation is Get.
 
 <a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-dnsservers"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/DnsServers**  
-List of comma separated DNS Server IP addresses to use for the namespace.
+List of comma-separated DNS Server IP addresses to use for the namespace.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-webproxyservers"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/WebProxyServers**  
 Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
 
-> **Note**  Currently only one web proxy server is supported.
+> [!NOTE]
-
+> Currently only one web proxy server is supported.
- 
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -166,9 +166,8 @@ Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-trafficfilterlist"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList**  
 An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
 
-> **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
+> [!NOTE]
-
+> Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
- 
 
 When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
 
@@ -203,30 +202,28 @@ Numeric value from 0-255 representing the IP protocol to allow. For example, TCP
 Value type is int. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalPortRanges**  
-A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
+A list of comma-separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
-
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemotePortRanges**  
-A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
+A list of comma-separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
-
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localaddressranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalAddressRanges**  
-A list of comma separated values specifying local IP address ranges to allow.
+A list of comma-separated values specifying local IP address ranges to allow.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteaddressranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemoteAddressRanges**  
-A list of comma separated values specifying remote IP address ranges to allow.
+A list of comma-separated values specifying remote IP address ranges to allow.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -240,6 +237,16 @@ This is only applicable for App ID based Traffic Filter rules.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-direction"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/Direction**  
+Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
+
+- Outbound - The rule applies to all outbound traffic
+- Inbound - The rule applies to all inbound traffic
+
+If no inbound filter is provided, then by default all unsolicited inbound traffic will be blocked.
+
+Value type is chr. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-edpmodeid"></a>**VPNv2/**<em>ProfileName</em>**/EdpModeId**  
 Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 
@@ -255,13 +262,14 @@ Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-alwayson"></a>**VPNv2/**<em>ProfileName</em>**/AlwaysOn**  
 An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
 
-> **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
+> [!NOTE]
+> Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
 Preserving user Always On preference
 
 Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
 Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
-Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
 Value: AutoTriggerDisabledProfilesList
 Type: REG_MULTI_SZ
 
@@ -319,7 +327,7 @@ Valid values:
 - True = Register the connection's addresses in DNS.
 
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**  
-Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -337,7 +345,10 @@ Added in Windows 10, version 1607. The XML schema for provisioning all the fiel
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-proxy"></a>**VPNv2/**<em>ProfileName</em>**/Proxy**  
-A collection of configuration objects to enable a post-connect proxy support for VPN. The proxy defined for this profile is applied when this profile is active and connected.
+A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected.
+
+> [!NOTE]
+> VPN proxy settings are used only on Force Tunnel connections. On Split Tunnel connections, the general proxy settings are used.
 
 <a href="" id="vpnv2-profilename-proxy-manual"></a>**VPNv2/**<em>ProfileName</em>**/Proxy/Manual**  
 Optional node containing the manual server settings.
@@ -428,7 +439,7 @@ Required for native profiles. Public or routable IP address or DNS name for the
 
 The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. 
 
-You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
+You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -450,7 +461,8 @@ Required for native profiles. Type of tunneling protocol used. This value can be
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
-> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
+> [!NOTE]
+> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
 
 <a href="" id="vpnv2-profilename-nativeprofile-authentication"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/Authentication**  
 Required node for native profile. It contains authentication information for the native VPN profile.
@@ -1308,8 +1320,7 @@ Servers
       </Add>
 ```
 
-## Related topics
+## See also
-
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
 
@@ -1321,4 +1332,3 @@ Servers
 
 
 
-

windows/client-management/mdm/vpnv2-ddf-file.md

@@ -2,14 +2,14 @@
 title: VPNv2 DDF file
 description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
 ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 12/05/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 DDF file
@@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **VPNv2**
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 2004.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -32,7 +32,7 @@ The XML below is for Windows 10, version 1709.
     <VerDTD>1.2</VerDTD>
     <Node>
         <NodeName>VPNv2</NodeName>
-        <Path>./Device/Vendor/MSFT</Path>
+        <Path>./Vendor/MSFT</Path>
         <DFProperties>
             <AccessType>
                 <Get />
@@ -830,6 +830,33 @@ The XML below is for Windows 10, version 1709.
                             </DFType>
                         </DFProperties>
                     </Node>
+                    <Node>
+                        <NodeName>Direction</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                                <Add />
+                                <Delete />
+                                <Replace />
+                            </AccessType>
+                            <Description>
+                                Outbound - The traffic filter allows traffic to reach destinations matching this rule. This is the default.
+                                Inbound - The traffic filter allows traffic coming from external locations matching this rule.
+                            </Description>
+                            <DFFormat>
+                                <chr />
+                            </DFFormat>
+                            <Occurrence>
+                                <ZeroOrOne />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
                 </Node>
             </Node>
             <Node>
@@ -1625,6 +1652,76 @@ The XML below is for Windows 10, version 1709.
                         </DFType>
                     </DFProperties>
                 </Node>
+                <Node>
+                    <NodeName>WebAuth</NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Add />
+                            <Get />
+                        </AccessType>
+                        <Description>Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.</Description>
+                        <DFFormat>
+                            <node />
+                        </DFFormat>
+                        <Occurrence>
+                            <ZeroOrOne />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFType>
+                            <DDFName></DDFName>
+                        </DFType>
+                    </DFProperties>
+                    <Node>
+                        <NodeName>Enabled</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Delete />
+                                <Get />
+                                <Replace />
+                            </AccessType>
+                            <Description>Enables the WebToken based authentication flow.</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>ClientId</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Delete />
+                                <Get />
+                                <Replace />
+                            </AccessType>
+                            <Description>The client ID to specify when communicating with the Web Account provider in retrieving the token.</Description>
+                            <DFFormat>
+                                <chr />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                </Node>
             </Node>
             <Node>
                 <NodeName>NativeProfile</NodeName>
@@ -2225,6 +2322,33 @@ The XML below is for Windows 10, version 1709.
                   </DFType>
                 </DFProperties>
               </Node>
+              <Node>
+                <NodeName>PlumbIKEv2TSAsRoutes</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Add />
+                        <Delete />
+                        <Get />
+                        <Replace />
+                    </AccessType>
+                    <Description>
+                        True: Plumb traffic selectors as routes onto VPN interface
+                        False: Do not plumb traffic selectors as routes
+                    </Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <ZeroOrOne />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
             </Node>
         </Node>
     </Node>
@@ -3718,6 +3842,76 @@ The XML below is for Windows 10, version 1709.
                         </DFType>
                     </DFProperties>
                 </Node>
+                <Node>
+                    <NodeName>WebAuth</NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Add />
+                            <Get />
+                        </AccessType>
+                        <Description>Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.</Description>
+                        <DFFormat>
+                            <node />
+                        </DFFormat>
+                        <Occurrence>
+                            <ZeroOrOne />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFType>
+                            <DDFName></DDFName>
+                        </DFType>
+                    </DFProperties>
+                    <Node>
+                        <NodeName>Enabled</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Delete />
+                                <Get />
+                                <Replace />
+                            </AccessType>
+                            <Description>Enables the WebToken based authentication flow.</Description>
+                            <DFFormat>
+                                <bool />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>ClientId</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Delete />
+                                <Get />
+                                <Replace />
+                            </AccessType>
+                            <Description>The client ID to specify when communicating with the Web Account provider in retrieving the token.</Description>
+                            <DFFormat>
+                                <chr />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                </Node>
             </Node>
             <Node>
                 <NodeName>NativeProfile</NodeName>
@@ -4318,6 +4512,33 @@ The XML below is for Windows 10, version 1709.
                   </DFType>
                 </DFProperties>
               </Node>
+              <Node>
+                <NodeName>PlumbIKEv2TSAsRoutes</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Add />
+                        <Delete />
+                        <Get />
+                        <Replace />
+                    </AccessType>
+                    <Description>
+                        True: Plumb traffic selectors as routes onto VPN interface
+                        False: Do not plumb traffic selectors as routes
+                    </Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <ZeroOrOne />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
             </Node>
         </Node>
     </Node>

windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

@@ -125,7 +125,7 @@ The following list shows the supported values:
 - 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
 
 > [!NOTE]
-> This policy setting is no longer supported in the new Microsoft Edge browser.
+> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. 
 
 <!--ADMXMapped-->
 ADMX Info:  

windows/client-management/troubleshoot-inaccessible-boot-device.md

@@ -1,6 +1,6 @@
 ---
 title: Advanced advice for Stop error 7B, Inaccessible_Boot_Device
-description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error may occur after some changes are made to the computer,
+description: Learn how to troubleshoot Stop error 7B or Inaccessible_Boot_Device. This error might occur after some changes are made to the computer,
 ms.prod: w10
 ms.mktglfcycl:
 ms.sitesec: library
@@ -15,11 +15,11 @@ manager: dansimp
 
 # Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device
 
-This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error may occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
+This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error might occur after some changes are made to the computer, or immediately after you deploy Windows on the computer.
 
 ## Causes of the  Inaccessible_Boot_Device  Stop error
 
-Any one of the following factors may cause the stop error:
+Any one of the following factors might cause the stop error:
 
 * Missing, corrupted, or misbehaving filter drivers that are related to the storage stack
 
@@ -33,9 +33,9 @@ Any one of the following factors may cause the stop error:
 
 * A faulty motherboard or storage controller, or faulty hardware 
 
-*	In unusual cases: the failure of the TrustedInstaller service to commit newly installed updates because of Component Based Store corruptions
+* In unusual cases, the failure of the TrustedInstaller service to commit newly installed updates is because of component-based store corruptions
 
-*	Corrupted files in the **Boot**  partition (for example, corruption in the volume that is labeled **SYSTEM**  when you run the `diskpart`  > `list vol`  command)
+* Corrupted files in the **Boot**  partition (for example, corruption in the volume that's labeled **SYSTEM**  when you run the `diskpart`  > `list vol`  command)
 
 ## Troubleshoot this error
 
@@ -55,7 +55,7 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com
 
 A list of the physical disks that are attached to the computer should be displayed and resemble the following display:
 
-```
+```console
   Disk ###  Status         Size     Free     Dyn  Gpt
 
   --------  -------------  -------  -------  ---  ---
@@ -65,7 +65,7 @@ A list of the physical disks that are attached to the computer should be display
 
 If the computer uses a Unified Extensible Firmware Interface (UEFI) startup interface, there will be an asterisk (<em>) in the **GPT</em>*  column.
 
-If the computer uses a basic input/output system (BIOS) interface, there will not be an asterisk in the **Dyn**  column.
+If the computer uses a basic input/output system (BIOS) interface, there won't be an asterisk in the **Dyn**  column.
 
 #### Step 2
 
@@ -73,7 +73,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
 
 `list vol` generates an output that resembles the following display:
 
-```
+```console
   Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
 
   ----------  ---  -----------  -----  ----------  -------  ---------  --------
@@ -86,7 +86,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm
 ```
 
 >[!NOTE]
->If the disk that contains the OS is not listed in the output, you will have to engage the OEM or virtualization manufacturer.
+>If the disk that contains the OS isn't listed in the output, you'll have to engage the OEM or virtualization manufacturer.
 
 ### Verify the integrity of Boot Configuration Database
 
@@ -96,55 +96,55 @@ To verify the BCD entries:
 
 1. Examine the **Windows Boot Manager** section that has the **{bootmgr}** identifier. Make sure that the **device** and **path**  entries point to the correct device and boot loader file.
  
-   An example output if the computer is UEFI-based:
+   If the computer is UEFI-based, here's example output:
     
-   ```
+   ```cmd
    device                  partition=\Device\HarddiskVolume2
    path                    \EFI\Microsoft\Boot\bootmgfw.efi
    ```
 
-   An example output if the machine is BIOS based:
+   If the machine is BIOS-based, here's example output:
-   ```
+   ```cmd
    Device                partition=C:
    ```
    >[!NOTE]
-   >This output may not contain a path.
+   >This output might not contain a path.
 
 2. In the **Windows Boot Loader** that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot**  point to the correct device or partition, winload file, OS partition or device, and OS folder.
  
    > [!NOTE]
-   > If the computer is UEFI-based, the filepath value specified in the **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension.
+   > If the computer is UEFI-based, the file path value that's specified in the **path** parameter of **{bootmgr}** and **{default}** contains an **.efi** extension.
 
    ![bcdedit](images/screenshot1.png)
 
-If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that is named **bcdbackup** . To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup** .
+If any of the information is wrong or missing, we recommend that you create a backup of the BCD store. To do this, run `bcdedit /export C:\temp\bcdbackup`. This command creates a backup in **C:\\temp\\** that's named **bcdbackup**. To restore the backup, run `bcdedit /import C:\temp\bcdbackup`. This command overwrites all BCD settings by using the settings in **bcdbackup**.
 
-After the backup is completed, run the following command to make the changes:
+After the backup completes, run the following command to make the changes:
 
 <pre>bcdedit /set *{identifier}* option value</pre>
 
-For example, if the device under {default} is wrong or missing, run the following command to set it: `bcdedit /set {default} device partition=C:`
+For example, if the device under {default} is wrong or missing, run this command to set it: `bcdedit /set {default} device partition=C:`
 
- If you want to re-create the BCD completely, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
+ If you want to completely re-create the BCD, or if you get a message that states that "**The boot configuration data store could not be opened. The system could not find the file specified,** " run `bootrec /rebuildbcd`.
 
-If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location per the path that is specified in the **bcdedit**  command. By default, **bootmgr**  in the BIOS partition will be in the root of the **SYSTEM**  partition. To see the file, run `Attrib -s -h -r`.
+If the BCD has the correct entries, check whether the **winload** and **bootmgr** entries exist in the correct location, which is in the specified path in the **bcdedit** command. By default, **bootmgr** in the BIOS partition is in the root of the **SYSTEM**  partition. To see the file, run `Attrib -s -h -r`.
 
 If the files are missing, and you want to rebuild the boot files, follow these steps:
 
-1. Copy all the contents under the **SYSTEM**  partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM**  volume, as follows:
+1. Copy all the contents under the **SYSTEM** partition to another location. Alternatively, you can use the command prompt to navigate to the OS drive, create a new folder, and then copy all the files and folders from the **SYSTEM**  volume, like shown here:
 
-```
+   ```cmd
    D:\> Mkdir  BootBackup
    R:\> Copy *.* D:\BootBackup 
    ```
 
-2. If you are using Windows 10, or if you are troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot**  command to re-create the boot files, as follows:
+2. If you're using Windows 10, or if you're troubleshooting by using a Windows 10 ISO at the Windows Pre-Installation Environment command prompt, you can use the **bcdboot** command to re-create the boot files, like shown here:
 
    ```cmd
    Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
    ```
 
-   For example: if we assign the `<System Drive>` (WinRE drive) the letter R and the `<OSdrive>` is the letter D, this command would be the following:
+   For example, if we assign the `<System Drive>` (WinRE drive) the letter R and the `<OSdrive>` is the letter D, the following is the command that we would use:
 
    ```cmd
    Bcdboot D:\windows /s R: /f ALL
@@ -153,13 +153,13 @@ R:\> Copy *.* D:\BootBackup
    >[!NOTE]
    >The **ALL** part of the **bcdboot** command writes all the boot files (both UEFI and BIOS) to their respective locations.
 
-If you do not have a Windows 10 ISO, you must format the partition and copy **bootmgr**  from another working computer that has a similar Windows build. To do this, follow these steps:
+If you don't have a Windows 10 ISO, format the partition and copy **bootmgr** from another working computer that has a similar Windows build. To do this, follow these steps:
 
 1. Start **Notepad**.
 
 2. Press Ctrl+O.
 
-3. Navigate to the system partition (in this example, it is R).
+3. Navigate to the system partition (in this example, it's R).
 
 4. Right-click the partition, and then format it.
 
@@ -171,7 +171,7 @@ Run the following command to verify the Windows update installation and dates:
 Dism /Image:<Specify the OS drive>: /Get-packages
 ```
 
-After you run this command, you will see the **Install pending** and **Uninstall Pending** packages:
+After you run this command, you'll see the **Install pending** and **Uninstall Pending** packages:
 
 ![Dism output](images/pendingupdate.png)
 
@@ -185,7 +185,7 @@ After you run this command, you will see the **Install pending** and **Uninstall
 
 4. Select **HKEY_LOCAL_MACHINE**, and then go to **File**  > **Load Hive**.
 
-5. Navigate to **OSdriveLetter:\Windows\System32\config**, select the file that is named **COMPONENT** (with no extension), and then select **Open**. When you are prompted, enter the name **OfflineComponentHive** for the new hive
+5. Navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **COMPONENT** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineComponentHive** for the new hive.
     
     ![Load Hive](images/loadhive.png)
 
@@ -195,11 +195,11 @@ After you run this command, you will see the **Install pending** and **Uninstall
 
     ![Unload Hive](images/unloadhive.png)![Unload Hive](images/unloadhive1.png)
 
-8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter* :\Windows\System32\config**, select the file that is named **SYSTEM** (with no extension), and then select **Open** . When you are prompted, enter the name **OfflineSystemHive** for the new hive.
+8. Select **HKEY_LOCAL_MACHINE**, go to **File** > **Load Hive**, navigate to ***OSdriveLetter*:\Windows\System32\config**, select the file that's named **SYSTEM** (with no extension), and then select **Open**. When you're prompted, enter the name **OfflineSystemHive** for the new hive.
 
 9. Expand **HKEY_LOCAL_MACHINE\OfflineSystemHive**, and then select the **Select** key. Check the data for the **Default** value.
 
-10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default**  is **1** , expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it is **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
+10. If the data in **HKEY_LOCAL_MACHINE\OfflineSystemHive\Select\Default**  is **1**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001**. If it's **2**, expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet002**, and so on.
 
 11.	 Expand **Control\Session Manager**. Check whether the **PendingFileRenameOperations** key exists. If it does, back up the **SessionManager** key, and then delete the **PendingFileRenameOperations** key.
 
@@ -207,7 +207,7 @@ After you run this command, you will see the **Install pending** and **Uninstall
 
 #### Check services	
 
-1.	 Follow steps 1-10 in the "Troubleshooting if this issue occurs after an Windows Update installation" section. (Step 11 does not apply to this procedure.)
+1. Follow steps 1-10 in the "Troubleshooting if this issue occurs after a Windows Update installation" section. (Step 11 doesn't apply to this procedure.)
 
 2. Expand **Services**.
 
@@ -225,9 +225,9 @@ After you run this command, you will see the **Install pending** and **Uninstall
     
     *	VOLUME
 
-If these keys exist, check each one to make sure that it has a value that is named **Start** and that it is set to **0**. If not, set the value to **0**.
+If these keys exist, check each one to make sure that it has a value that's named **Start**, and that it's set to **0**. If it's not, set the value to **0**.
 
-If any of these keys do not exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this, run the following commands:
+If any of these keys don't exist, you can try to replace the current registry hive by using the hive from **RegBack**. To do this, run the following commands:
 
 ```cmd
 cd OSdrive:\Windows\System32\config
@@ -237,7 +237,7 @@ copy OSdrive:\Windows\System32\config\RegBack\SYSTEM OSdrive:\Windows\System32\c
 
 #### Check upper and lower filter drivers
 
-Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they do not exist on another, similar working computer. if they do exist, remove the upper and lower filter drivers:
+Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they don't exist on another, similar working computer. If they do exist, remove the upper and lower filter drivers:
 
 1. Expand **HKEY_LOCAL_MACHINE\OfflineHive\ControlSet001\Control**.
 
@@ -246,7 +246,7 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
    >[!NOTE]
    >These filters are mainly related to storage. After you expand the **Control** key in the registry, you can search for **UpperFilters** and **LowerFilters**.
    
-   The following are some of the different registry entries in which you may find these filter drivers. These entries are located under **ControlSet**  and are designated as **Default** :
+   You might find these filter drivers in some of the following registry entries. These entries are under **ControlSet**  and are designated as **Default**:
 
 \Control\Class\\{4D36E96A-E325-11CE-BFC1-08002BE10318} 
 
@@ -258,19 +258,19 @@ Check whether there are any non-Microsoft upper and lower filter drivers on the
 
 ![Registry](images/controlset.png) 
 
-If an **UpperFilters**  or **LowerFilters**  entry is non-standard (for example, it is not a Windows default filter driver, such as PartMgr), remove the entry by double-clicking it in the right pane, and then deleting only that value.
+If an **UpperFilters**  or **LowerFilters**  entry is non-standard (for example, it's not a Windows default filter driver, such as PartMgr), remove the entry. To remove it, double-click it in the right pane, and then delete only that value.
 
 >[!NOTE]
 >There could be multiple entries.
 
-The reason that these entries may affect us is because there may be an entry in the **Services** branch that has a START type set to 0 or 1 (indicating that it is loaded at the Boot or Automatic part of the boot process). Also, either the file that is referred to is missing or corrupted, or it may be named differently than what is listed in the entry. 
+These entries might affect us because there might be an entry in the **Services** branch that has a START type set to 0 or 1, which means that it's loaded at the Boot or Automatic part of the boot process. Also, either the file that's referred to is missing or corrupted, or it might be named differently than what's listed in the entry. 
 
 >[!NOTE]
->If there actually is a service that is set to **0** or **1** that corresponds to an **UpperFilters** or **LowerFilters** entry, setting the service to disabled in the **Services** registry (as discussed in steps 2 and 3 of the Check services section) without removing the **Filter Driver** entry causes the computer to crash and generate a 0x7b Stop error.
+>If there's a service that's set to **0** or **1** that corresponds to an **UpperFilters** or **LowerFilters** entry, setting the service to disabled in the **Services** registry (as discussed in steps 2 and 3 of the Check services section) without removing the **Filter Driver** entry causes the computer to crash and generate a 0x7b Stop error.
 
 ### Running SFC and Chkdsk
 
- If the computer still does not start, you can try to run a **chkdisk**  process on the system drive, and also run System File Checker. To do this, run the following commands at a WinRE command prompt:
+ If the computer still doesn't start, you can try to run a **chkdisk**  process on the system drive, and then also run System File Checker. To do this, run the following commands at a WinRE command prompt:
 
 *	`chkdsk /f /r OsDrive:`
 

windows/client-management/troubleshoot-stop-errors.md

@@ -43,7 +43,9 @@ To troubleshoot Stop error messages, follow these general steps:
 2. As a best practice, we recommend that you do the following:
 
     a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
-    
+   - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
+   - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
+   - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
    - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
    - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
    - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)

windows/client-management/troubleshoot-tcpip-connectivity.md

@@ -14,27 +14,33 @@ manager: dansimp
 
 # Troubleshoot TCP/IP connectivity
 
-You might come across connectivity errors on the application end or timeout errors. Most common scenarios would include application connectivity to a database server, SQL timeout errors, BizTalk application timeout errors, Remote Desktop Protocol (RDP) failures, file share access failures, or general connectivity.  
+You might come across connectivity errors on the application end or timeout errors. The following are the most common scenarios:
+- Application connectivity to a database server
+- SQL timeout errors
+- BizTalk application timeout errors
+- Remote Desktop Protocol (RDP) failures
+- File share access failures
+- General connectivity
  
-When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture which could indicate a network issue.  
+When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture that could indicate a network issue.  
  
-* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures this is through the handshake process. Establishing a TCP session would begin with a 3-way handshake, followed by data transfer, and then a 4-way closure. The 4-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the 4-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this is the TIME_WAIT state. Once the TIME_WAIT state is done, all the resources allocated for this connection are released.  
+* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures reliability is through the handshake process. Establishing a TCP session would begin with a three-way handshake, followed by data transfer, and then a four-way closure. The four-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the 4-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this is the TIME_WAIT state. After the TIME_WAIT state completes, all the resources allocated for this connection are released.  
  
-* TCP reset is an abrupt closure of the session which causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.  
+* TCP reset is an abrupt closure of the session; it causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.  
  
 * TCP reset is identified by the RESET flag in the TCP header set to `1`.  
  
-A network trace on the source and the destination which will help you determine the flow of the traffic and see at what point the failure is observed.  
+A network trace on the source and the destination helps you to determine the flow of the traffic and see at what point the failure is observed.  
  
 The following sections describe some of the scenarios when you will see a RESET. 
  
 ## Packet drops
  
-When one TCP peer is sending out TCP packets for which there is no response received from the other end, the TCP peer would end up re-transmitting the data and when there is no response received, it would end the session by sending an ACK RESET( meaning, application acknowledges whatever data exchanged so far, but due to packet drop closing the connection).  
+When one TCP peer is sending out TCP packets for which there is no response received from the other end, the TCP peer would end up retransmitting the data and when there is no response received, it would end the session by sending an ACK RESET (this means that the application acknowledges whatever data is exchanged so far, but because of packet drop, the connection is closed).  
  
 The simultaneous network traces on source and destination will help you verify this behavior where on the source side you would see the packets being retransmitted and on the destination none of these packets are seen. This would mean, the network device between the source and destination is dropping the packets. 
  
-If the initial TCP handshake is failing because of packet drops then you would see that the TCP SYN packet is retransmitted only 3 times. 
+If the initial TCP handshake is failing because of packet drops, then you would see that the TCP SYN packet is retransmitted only three times. 
     
 Source side connecting on port 445:
 
@@ -44,7 +50,7 @@ Destination side: applying the same filter, you do not see any packets.
 
 ![Screenshot of frame summary with filter in Network Monitor](images/tcp-ts-7.png)
 
-For the rest of the data, TCP will retransmit the packets 5 times.
+For the rest of the data, TCP will retransmit the packets five times.
 
 **Source 192.168.1.62 side trace:**
 
@@ -58,16 +64,16 @@ If you are seeing that the SYN packets are reaching the destination, but the des
  
 ## Incorrect parameter in the TCP header
  
-You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being re-played by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you will be able to notice if there is a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
+You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being replayed by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you will be able to notice if there is a change in the packets itself or if any new packets are reaching the destination on behalf of the source.  
  
-In this case, you will again need help from the network team to identify any such device which is modifying packets or re-playing packets to the destination. The most common ones are RiverBed devices or WAN accelerators. 
+In this case, you'll again need help from the network team to identify any device that's modifying packets or replaying packets to the destination. The most common ones are RiverBed devices or WAN accelerators. 
  
      
 ## Application side reset
  
 When you have identified that the resets are not due to retransmits or incorrect parameter or packets being modified with the help of network trace, then you have narrowed it down to application level reset.
     
-The application resets are the ones where you see the Acknowledgement flag set to `1` along with the reset flag. This would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This is when the application that received the packet did not like something it received.  
+The application resets are the ones where you see the Acknowledgment flag set to `1` along with the reset flag. This would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This is when the application that received the packet did not like something it received.  
  
 In the below screenshots, you see that the packets seen on the source and the destination are the same without any modification or any drops, but you see an explicit reset sent by the destination to the source.
     
@@ -83,7 +89,7 @@ You also see an ACK+RST flag packet in a case when the TCP establishment packet
 
 ![Screenshot of packet flag](images/tcp-ts-11.png)
 
-The application which is causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection. 
+The application that's causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection. 
  
 >[!Note]
 >The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You would not see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you have the UDP packet sent out on a port and the destination does not have port listed, you will see the destination sending out  **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
@@ -96,7 +102,7 @@ The application which is causing the reset (identified by port numbers) should b
 ```
  
  
-During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. You should enable firewall auditing on the machine to understand if the local firewall is dropping the packet.
+During the course of troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but does not respond to. In such cases, there could be a drop at the server level. To understand whether the local firewall is dropping the packet, enable the firewall auditing on the machine.
  
 ```
 auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
@@ -106,6 +112,6 @@ You can then review the Security event logs to see for a packet drop on a partic
 
 ![Screenshot of Event Properties](images/tcp-ts-12.png)
 
-Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. Once you open this file and filter for the ID you find in the above event (2944008), you will be able to see a firewall rule name associated with this ID which is blocking the connection.
+Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. After you open this file and filter for the ID that you find in the above event (2944008), you'll be able to see a firewall rule name that's associated with this ID that's blocking the connection.
 
 ![Screenshot of wfpstate.xml file](images/tcp-ts-13.png)

windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md

@@ -20,7 +20,7 @@ manager: dansimp
 
 Cortana will respond with the information from Bing.
 
-:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderbad":::
+:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
 
 >[!NOTE]
 >This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](https://docs.microsoft.com/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10#set-up-and-configure-the-bing-answers-feature).

windows/configuration/docfx.json

@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",

windows/configuration/kiosk-mdm-bridge.md

@@ -22,9 +22,9 @@ ms.topic: article
 
 -   Windows 10 Pro, Enterprise, and Education
 
-Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. See [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) for more details about using a PowerShell script to configure AssignedAccess. 
+Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). 
 
-Here’s an example to set AssignedAccess configuration:
+Here's an example to set AssignedAccess configuration:
 
 1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).  
 2. Run `psexec.exe -i -s cmd.exe`.

windows/configuration/kiosk-xml.md

@@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## [Preview] Global Profile Sample XML
-Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
 
 This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
 ```xml
@@ -309,7 +309,7 @@ This sample demonstrates that only a global profile is used, no active user conf
 </AssignedAccessConfiguration>
 ```
 
-Below sample shows dedicated profile and global profile mixed usage, aauser would use one profile, everyone else that's non-admin will use another profile.
+Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile.
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration
@@ -396,7 +396,7 @@ Below sample shows dedicated profile and global profile mixed usage, aauser woul
 ## [Preview] Folder Access sample xml
 In Windows 10, version 1809, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granulatity and easier use, and is available in Windows 10 Insider Preview (19H2, 20H1 builds).
 
-IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Note that Downloads and Removable Drives can be allowed at the same time.
+IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Downloads and Removable Drives can be allowed at the same time.
 
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
@@ -889,7 +889,7 @@ Schema for Windows 10 Insider Preview (19H2, 20H1 builds)
 </xs:schema>
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature which is added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
 ```xml
 <AssignedAccessConfiguration
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"

windows/configuration/start-layout-troubleshoot.md

@@ -12,41 +12,41 @@ manager: dansimp
 ms.topic: troubleshooting
 ---
 
-# Troubleshoot Start Menu errors
+# Troubleshoot Start menu errors
 
 Start failures can be organized into these categories:
 
 - **Deployment/Install issues** - Easiest to identify but difficult to recover. This failure is consistent and usually permanent. Reset, restore from backup, or rollback to recover.
 - **Performance issues** - More common with older hardware, low-powered machines. Symptoms include: High CPU utilization, disk contention, memory resources. This makes Start very slow to respond. Behavior is intermittent depending on available resources.
 - **Crashes** - Also easy to identify. Crashes in Shell Experience Host or related can be found in System or Application event logs. This can be a code defect or related to missing or altered permissions to files or registry keys by a program or incorrect security tightening configurations. Determining permissions issues can be time consuming but a [SysInternals tool called Procmon](https://docs.microsoft.com/sysinternals/downloads/procmon) will show **Access Denied**. The other option is to get a dump of the process when it crashes and depending on comfort level, review the dump in the debugger, or have support review the data.
-- **Hangs** in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
+- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
 - **Other issues** - Customization, domain policies, deployment issues.
 
 ## Basic troubleshooting
 	
-When troubleshooting basic Start issues (and for the most part, all other Windows apps), there are a few things to check if they are not working as expected. When experiencing issues where the Start Menu or sub-component are not working, there are some quick tests to narrow down where the issue may reside.
+When troubleshooting basic Start issues (and for the most part, all other Windows apps), there are a few things to check if they are not working as expected. For issues where the Start menu or subcomponent isn't working, you can do some quick tests to narrow down where the issue may reside.
 
 ### Check the OS and update version
 
 - Is the system running the latest Feature and Cumulative Monthly update?
 - Did the issue start immediately after an update? Ways to check:
-  - Powershell:[System.Environment]::OSVersion.Version
+  - PowerShell:[System.Environment]::OSVersion.Version
   - WinVer from CMD.exe
 
 ### Check if Start is installed
 
 - If Start fails immediately after a feature update, on thing to check is if the App package failed to install successfully.
 
-- If Start was working and just fails intermittently, it's likely that Start is installed correctly, but the issue occurs downstream. The way to check for this is to look for output from these two PS commands:
+- If Start was working and just fails intermittently, it's likely that Start is installed correctly, but the issue occurs downstream. The way to check for this problem is to look for output from these two PS commands:
 
   - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost`
   - `get-AppXPackage -Name Microsoft.Windows.Cortana`
 
     ![Example of output from cmdlets](images/start-ts-1.png)
 
-    Failure messages will appear if they are not installed
+    Failure messages will appear if they aren't installed
 
-- If Start is not installed the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. There is no supported method to install Start Appx files. The results are often problematic and unreliable.
+- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable.
 
 ### Check if Start is running
 
@@ -54,7 +54,7 @@ If either component is failing to start on boot, reviewing the event logs for er
 - `get-process -name shellexperiencehost`
 - `get-process -name searchui`
 
-If it is installed but not running, test booting into safe mode or use MSCONFIG to eliminate 3rd party or additional drivers and applications.
+If it is installed but not running, test booting into safe mode or use MSCONFIG to eliminate third-party or additional drivers and applications.
 
 ### Check whether the system a clean install or upgrade
 
@@ -76,9 +76,9 @@ If these events are found, Start is not activated correctly. Each event will hav
 
 ### Other things to consider
 
-When did this start?
+When did the problem start?
 
-- Top issues for Start Menu failure are triggered
+- Top issues for Start menu failure are triggered
   - After an update
   - After installation of an application
   - After joining a domain or applying a domain policy
@@ -87,7 +87,7 @@ When did this start?
   - Start or related component crashes or hangs
   - Customization failure
 
-To narrow this down further, it's good to note:
+To narrow down the problem further, it's good to note:
 
 - What is the install background?
   - Was this a deployment, install from media, other
@@ -103,7 +103,7 @@ To narrow this down further, it's good to note:
   - Some Group Policies intended for Windows 7 or older have been known to cause issues with Start
   - Untested Start Menu customizations can cause unexpected behavior by typically not complete Start failures. 
   
-- Is this a virtualized environment? 
+- Is the environment virtualized? 
   - VMware
   - Citrix
   - Other
@@ -123,13 +123,13 @@ To narrow this down further, it's good to note:
 - Microsoft-Windows-CloudStore*
 
 
-- Check for crashes that may be related to Start (explorer.exe, taskbar, etc)
+- Check for crashes that may be related to Start (explorer.exe, taskbar, and so on)
   - Application log event 1000, 1001
   - Check WER reports
     - C:\ProgramData\Microsoft\Windows\WER\ReportArchive\
     - C:\ProgramData\Micrt\Windowsosof\WER\ReportQueue\
     
-If there is a component of Start that is consistently crashing, capture a dump which can be reviewed by Microsoft Support.
+If there is a component of Start that is consistently crashing, capture a dump that can be reviewed by Microsoft Support.
 
 ## Common errors and mitigation
 
@@ -169,7 +169,8 @@ The PDC registry key is:
 **Type**=dword:00000001
 
 In addition to the listed dependencies for the service, Background Tasks Infrastructure Service requires the Power Dependency Coordinator Driver to be loaded. If the PDC does not load at boot, Background Tasks Infrastructure Service will fail and affect Start Menu.
-Events for both PDC and Background Tasks Infrastructure Service will be recorded in the event logs. PDC should not be disabled or deleted. BrokerInfrastructure is an automatic service. This Service is required for all these operating Systems as running to have a stable Start Menu.
+
+Events for both PDC and Background Tasks Infrastructure Service will be recorded in the event logs. PDC shouldn't be disabled or deleted. BrokerInfrastructure is an automatic service. This Service is required for all these operating Systems as running to have a stable Start Menu.
 
 >[!NOTE]
 >You cannot stop this automatic service when machine is running (C:\windows\system32\svchost.exe -k DcomLaunch -p).
@@ -179,17 +180,17 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 **Cause**: There was a change in the All Apps list between Windows 10, versions 1511 and 1607. These changes mean the original Group Policy and corresponding registry key no longer apply.
 
-**Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates.
+**Resolution**: This issue was resolved in the June 2017 updates. Update Windows 10, version 1607, to the latest cumulative or feature updates.
 
 >[!NOTE]
 >When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**.
 
 
-### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start Menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
+### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
 
 ![Screenshots that show download icons on app tiles and missing app tiles](images/start-ts-2.png)
 
-**Cause**: This is a known issue where the first-time logon experience is not detected and does not trigger the install of some Apps.
+**Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps.
 
 **Resolution**: This issue has been fixed for Windows 10, version 1709 in [KB 4089848](https://support.microsoft.com/help/4089848) March 22, 2018—KB4089848 (OS Build 16299.334)
 
@@ -202,7 +203,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
   - Event ID 22 is logged when the xml is malformed, meaning the specified file simply isn’t valid xml.
   - When editing the xml file, it should be saved in UTF-8 format.
 
-- Unexpected information: This occurs when possibly trying to add a tile via unexpected or undocumented method.
+- Unexpected information: This occurs when possibly trying to add a tile via an unexpected or undocumented method.
   - **Event ID: 64** is logged when the xml is valid but has unexpected values.
   - For example: The following error occurred while parsing a layout xml file: The attribute 'LayoutCustomizationRestrictiontype' on the element '{http://schemas.microsoft.com/Start/2014/LayoutModification}DefaultLayoutOverride' is not defined in the DTD/Schema.
 
@@ -210,9 +211,9 @@ XML files can and should be tested locally on a Hyper-V or other virtual machine
 
 ### Symptom: Start menu no longer works after a PC is refreshed using F12 during startup 
 
-**Description**: If a user is having problems with a PC, is can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at start up. Refreshing the PC finishes, but Start Menu is not accessible.
+**Description**: If a user is having problems with a PC, it can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at startup. Refreshing the PC finishes, but Start Menu is not accessible.
 
-**Cause**: This is a known issue and has been resolved in a cumulative update released August 30th 2018. 
+**Cause**: This issue is known and was resolved in a cumulative update released August 30, 2018. 
 
 **Resolution**: Install corrective updates; a fix is included in the [September 11, 2018-KB4457142 release](https://support.microsoft.com/help/4457142).
 
@@ -232,7 +233,7 @@ Specifically, behaviors include
 - Applications (apps or icons) pinned to the start menu are missing.
 - Entire tile window disappears.
 - The start button fails to respond.
-- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
+- If a new roaming user is created, the first sign-in appears normal, but on subsequent sign-ins, tiles are missing.
 
 
 ![Example of a working layout](images/start-ts-3.png)
@@ -261,12 +262,12 @@ After the upgrade the user pinned tiles are missing:
 
   ![Example of Start screen with previously pinned tiles missing](images/start-ts-6.png)
  
-Additionally, users may see blank tiles if logon was attempted without network connectivity.
+Additionally, users may see blank tiles if sign-in was attempted without network connectivity.
 
   ![Example of blank tiles](images/start-ts-7.png)
  
 
-**Resolution**: This is fixed in [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
+**Resolution**: This issue was fixed in the [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
 
 ### Symptom: Tiles are missing after upgrade from Windows 10, version 1607 to version 1709 for users with Roaming User Profiles (RUP) enabled and managed Start Menu layout with partial lockdown
 
@@ -278,13 +279,13 @@ Additionally, users may see blank tiles if logon was attempted without network c
 
 ### Symptom: Start Menu issues with Tile Data Layer corruption 
 
-**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)). 
+**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) 
 
 **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed.
 
-1. The App or Apps work fine when you click on the tiles.
+1. The App or Apps work fine when you select the tiles.
 2. The tiles are blank, have a generic placeholder icon, have the wrong or strange title information.
-3. The app is missing, but listed as installed via Powershell and works if you launch via URI.
+3. The app is missing, but listed as installed via PowerShell and works if you launch via URI.
    - Example: `windows-feedback://`
 4. In some cases, Start can be blank, and Action Center and Cortana do not launch.
 
@@ -301,9 +302,9 @@ Although a reboot is not required, it may help clear up any residual issues afte
 
 ### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed
 
-**Description** Start Menu, Search and Apps do not start after you upgrade a Windows 7-based computer that has Symantec Endpoint Protection installed to Windows 10 version 1809.
+**Description**: Start menu, Search, and Apps do not start after you upgrade a computer running Windows 7 that has Symantec Endpoint Protection installed to Windows 10 version 1809.
 
-**Cause** This occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
+**Cause**: This problem occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
 
 **Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168).
 
@@ -321,7 +322,7 @@ If you have already encountered this issue, use one of the following two options
 
 4. Confirm that **All Application Packages** group is missing.
 
-5. Click **Edit**, and then click **Add** to add the group.
+5. Select **Edit**, and then select **Add** to add the group.
 
 6. Test Start and other Apps.
 

windows/configuration/stop-employees-from-using-microsoft-store.md

@@ -32,7 +32,6 @@ IT pros can configure access to Microsoft Store for client computers in their or
 
 ## Options to configure access to Microsoft Store
 
-
 You can use these tools to configure access to Microsoft Store: AppLocker or Group Policy. For Windows 10, this is only supported on Windows 10 Enterprise edition.
 
 ## <a href="" id="block-store-applocker"></a>Block Microsoft Store using AppLocker
@@ -64,6 +63,20 @@ For more information on AppLocker, see [What is AppLocker?](/windows/device-secu
 
 8.  Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Click **Next**.
 
+## <a href="" id="block-store-csp"></a>Block Microsoft Store using configuration service provider
+
+Applies to: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
+
+If you have Windows 10 devices in your organization that are managed using a mobile device management (MDM) system, such as Microsoft Intune, you can block access to Microsoft Store app using the following configuration service providers (CSPs):
+
+- [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
+- [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp)
+
+For more information, see [Configure an MDM provider](https://docs.microsoft.com/microsoft-store/configure-mdm-provider-microsoft-store-for-business).
+
+For more information on the rules available via AppLocker on the different supported operating systems, see [Operating system requirements](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker#operating-system-requirements).
+
+
 ## <a href="" id="block-store-group-policy"></a>Block Microsoft Store using Group Policy
 
 
@@ -87,12 +100,12 @@ You can also use Group Policy to manage access to Microsoft Store.
 > [!Important]
 > Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.  
 
-## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
+## <a href="" id="block-store-mobile"></a>Block Microsoft Store on Windows 10 Mobile
 
 
 Applies to: Windows 10 Mobile
 
-If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 configuration service providers (CSP) with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
+If you have mobile devices in your organization that you upgraded from earlier versions of Windows Phone 8 to Windows 10 Mobile, existing policies created using the Windows Phone 8.1 CSPs with your MDM tool will continue to work on Windows 10 Mobile. If you are starting with Windows 10 Mobile, we recommend using [AppLocker](#block-store-applocker) to manage access to Microsoft Store app.
 
 When your MDM tool supports Microsoft Store for Business, the MDM can use these CSPs to block Microsoft Store app:
 

windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md

@@ -24,7 +24,7 @@ As an administrator of User Experience Virtualization (UE-V), you can restore ap
 ## Restore Settings in UE-V when a User Adopts a New Device
 
 
-To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
+To restore settings when a user adopts a new device, you can put a settings location template in a **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This setup lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To back up settings for a template, use the following cmdlet in Windows PowerShell:
 
 ```powershell
 Set-UevTemplateProfile -ID <TemplateID> -Profile <backup>
@@ -50,7 +50,7 @@ As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to t
 
 ### How to Backup/Restore Templates with UE-V
 
-These are the key backup and restore components of UE-V:
+Here are the key backup and restore components of UE-V:
 
 -   Template profiles
 
@@ -74,7 +74,7 @@ All templates are included in the roaming profile when registered unless otherwi
 
 Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location.
 
-Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
+Templates designated BackupOnly include settings specific to that device that shouldn't be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
 
 **Settings packages location within the Settings Storage Location template**
 
@@ -90,10 +90,10 @@ Restoring a user’s device restores the currently registered Template’s setti
 
 -   **Automatic restore**
 
-    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device.
+    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user signs in to a new device for the first time and these criteria are met, the settings data is applied to that device.
 
     **Note**  
-    Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied.
+    Accessibility and Windows Desktop settings require the user to sign in again to Windows to be applied.
 
 
 
@@ -104,7 +104,7 @@ Restoring a user’s device restores the currently registered Template’s setti
 ## Restore Application and Windows Settings to Original State
 
 
-WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system.
+WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user signs in to the operating system.
 
 **To restore application settings and Windows settings with Windows PowerShell for UE-V**
 

windows/configuration/ue-v/uev-release-notes-1607.md

@@ -37,7 +37,7 @@ Administrators can still define which user-customized application settings can s
 
 ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
 
-Version 1.0 of UE-V used Offline Files (Client Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
+Version 1.0 of UE-V used Offline Files (Client-Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
 
 WORKAROUND: Remove the UE-V 1.0 sync folder from the Offline Files configuration and then upgrade to the in-box version of UE-V for Windows, version 1607 release.
 
@@ -55,13 +55,13 @@ WORKAROUND: To resolve this problem, run the application by selecting one of the
 
 ### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
 
-When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
 
 WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
 
-### Uninstall and re-install of Windows 8 applications reverts settings to initial state
+### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
 
-While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gather the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
 
 WORKAROUND: None.
 
@@ -85,7 +85,7 @@ WORKAROUND: Use folder redirection or some other technology to ensure that any f
 
 ### Long Settings Storage Paths could cause an error
 
-Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
+Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + "settingspackages" + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
 
 \[boost::filesystem::copy\_file: The system cannot find the path specified\]
 
@@ -95,7 +95,7 @@ WORKAROUND: None.
 
 ### Some operating system settings only roam between like operating system versions
 
-Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
 
 WORKAROUND: None
 

windows/configuration/wcd/wcd-accounts.md

@@ -45,7 +45,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
 | --- | --- | --- |
 | Account | string  | Account to use to join computer to domain  |
 | AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com.  | Name of organizational unit for the computer account  |
-| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer less than 15 digits long, or using %SERIAL% characters in the name.</br></br>ComputerName is a string with a maximum length of 15 bytes of content:</br></br>- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.</br></br>- ComputerName cannot use spaces or any of the following characters: \{ &#124; \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.</br></br>- ComputerName cannot use some non-standard characters, such as emoji.</br></br>Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
+| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer that includes fewer than 15 digits, or using %SERIAL% characters in the name.</br></br>ComputerName is a string with a maximum length of 15 bytes of content:</br></br>- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.</br></br>- ComputerName cannot use spaces or any of the following characters: \{ &#124; \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.</br></br>- ComputerName cannot use some non-standard characters, such as emoji.</br></br> Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
 | DomainName | string (cannot be empty) | Specify the name of the domain that the device will join  |
 | Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain.  |
 
@@ -56,6 +56,6 @@ Use these settings to add local user accounts to the device.
 | Setting | Value | Description |
 | --- | --- | --- |
 | UserName | string (cannot be empty)  | Specify a name for the local user account  |
-| HomeDir | string (cannot be ampty) | Specify the path of the home directory for the user |
+| HomeDir | string (cannot be empty) | Specify the path of the home directory for the user |
 | Password | string (cannot be empty)  | Specify the password for the user account |
 | UserGroup | string (cannot be empty) | Specify the local user group for the user |

windows/configuration/wcd/wcd-maps.md

@@ -27,7 +27,7 @@ Use for settings related to Maps.
 
 ## ChinaVariantWin10
 
-Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used, which are obtained from a server located in China.
+Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used. These maps are obtained from a server located in China.
 
 This customization may result in different maps, servers, or other configuration changes on the device.
 
@@ -38,7 +38,7 @@ Use to store map data on an SD card.
 
 Map data is used by the Maps application and the map control for third-party applications. This data can be store on an SD card, which provides the advantage of saving internal memory space for user data and allows the user to download more offline map data. Microsoft recommends enabling the **UseExternalStorage** setting on devices that have less than 8 GB of user storage and an SD card slot.
 
-You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If an SD card is not present, users can still view and cache maps, but they will not be able to download a region of offline maps until an SD card is inserted.
+You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If no SD card is present, users can view and cache maps, but they can't download a region of offline maps until an SD card is inserted.
 
 If set to **False**, map data will always be stored on the internal data partition of the device.
 
@@ -47,4 +47,4 @@ If set to **False**, map data will always be stored on the internal data partiti
 
 ## UseSmallerCache
 
-Do not use.
+Don't use this setting.

windows/configuration/wcd/wcd-personalization.md

@@ -27,20 +27,20 @@ Use to configure settings to personalize a PC.
 
 ## DeployDesktopImage
 
-Deploy a jpg, jpeg or png image to the device to be used as desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
 
 When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different. 
 
 ## DeployLockScreenImage
 
-Deploy a jpg, jpeg or png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
 
 When using [DeployDesktopImage](#deploydesktopimage) and **DeployLockScreenImageFile**, the file names need to be different.
 
 ## DesktopImageUrl
 
-Specify a jpg, jpeg or png image to be used as desktop image. This setting can take a http or https url to a remote image to be downloaded or a file url to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
+Specify a .jpg, .jpeg, or .png image to be used as desktop image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
 
 ## LockScreenImageUrl
 
-Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).
+Specify a .jpg, .jpeg, or .png image to be used as Lock Screen Image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).

windows/deployment/TOC.yml

@@ -144,6 +144,8 @@
               href: update/media-dynamic-update.md
             - name: Migrating and acquiring optional Windows content
               href: update/optional-content.md
+            - name: Safeguard holds
+              href: update/safeguard-holds.md
             - name: Manage the Windows 10 update experience
               items:              
                 - name: Manage device restarts after updates
@@ -237,6 +239,8 @@
               items:
                 - name: How to troubleshoot Windows Update
                   href: update/windows-update-troubleshooting.md
+                - name: Opt out of safeguard holds
+                  href: update/safeguard-opt-out.md
                 - name: Determine the source of Windows Updates
                   href: update/windows-update-sources.md
                 - name: Common Windows Update errors

windows/deployment/add-store-apps-to-image.md

@@ -1,6 +1,6 @@
 ---
 title: Add Microsoft Store for Business applications to a Windows 10 image
-description: This topic describes how to add Microsoft Store for Business applications to a Windows 10 image.
+description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
 keywords: upgrade, update, windows, windows 10, deploy, store, image, wim
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -13,6 +13,7 @@ ms.author: greglin
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Add Microsoft Store for Business applications to a Windows 10 image

windows/deployment/configure-a-pxe-server-to-load-windows-pe.md

@@ -13,6 +13,7 @@ ms.reviewer:
 manager: laurawi
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -21,8 +22,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites

windows/deployment/deploy-m365.md

@@ -14,6 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.topic: article
 ms.collection: M365-modern-desktop
+ms.custom: seo-marvel-apr2020
 ---
 
 # Deploy Windows 10 with Microsoft 365

windows/deployment/deploy-whats-new.md

@@ -13,6 +13,7 @@ ms.pagetype: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # What's new in Windows 10 deployment
@@ -83,7 +84,7 @@ The following Delivery Optimization policies are removed in the Windows 10, vers
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
 - **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. 
-- **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
+- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
 - **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
 - **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
 

windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Add a Windows 10 operating system image using Configuration Manager (Windows 10)
+title: Add a Windows 10 operating system image using Configuration Manager
 description: Operating system images are typically the production image used for deployment throughout the organization.
 ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
 ms.reviewer: 
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Add a Windows 10 operating system image using Configuration Manager

windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
@@ -51,10 +52,10 @@ On **CM01**:
 6. In the popup window that appears, click **Yes** to automatically update the distribution point.
 7. Click **Next**, wait for the image to be updated, and then click **Close**.
 
-  ![Add drivers to Windows PE](../images/fig21-add-drivers1.png "Add drivers to Windows PE")<br>
+  ![Add drivers to Windows PE step 1](../images/fig21-add-drivers1.png)<br>
-  ![Add drivers to Windows PE](../images/fig21-add-drivers2.png "Add drivers to Windows PE")<br>
+  ![Add drivers to Windows PE step 2](../images/fig21-add-drivers2.png)<br>
-  ![Add drivers to Windows PE](../images/fig21-add-drivers3.png "Add drivers to Windows PE")<br>
+  ![Add drivers to Windows PE step 3](../images/fig21-add-drivers3.png)<br>
-  ![Add drivers to Windows PE](../images/fig21-add-drivers4.png "Add drivers to Windows PE")
+  ![Add drivers to Windows PE step 4](../images/fig21-add-drivers4.png)
 
   Add drivers to Windows PE
 
@@ -64,7 +65,7 @@ This section illustrates how to add drivers for Windows 10 using the HP EliteBoo
 
 For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
 
-![Drivers](../images/cm01-drivers-windows.png)
+![Drivers in Windows](../images/cm01-drivers-windows.png)
 
 Driver folder structure on CM01
 

windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
@@ -71,8 +72,8 @@ On **CM01**:
 8.  In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
 9.  Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
 
-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus1.png "Content status for the Zero Touch WinPE x64 boot image")<br>
+    ![Content status for the Zero Touch WinPE x64 boot image step 1](../images/fig16-contentstatus1.png)<br>
-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus2.png "Content status for the Zero Touch WinPE x64 boot image")
+    ![Content status for the Zero Touch WinPE x64 boot image step 2](../images/fig16-contentstatus2.png)
 
     Content status for the Zero Touch WinPE x64 boot image
 
@@ -81,8 +82,8 @@ On **CM01**:
 12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
 13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
 
-    ![PS100009-1](../images/ps100009-1.png)<br>
+    ![PS100009 step 1](../images/ps100009-1.png)<br>
-    ![PS100009-2](../images/ps100009-2.png)
+    ![PS100009 step 2](../images/ps100009-2.png)
 
 >Note: Depending on your infrastructure and the number of packages and boot images present, the Image ID might be a different number than PS100009.
 

windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Finalize operating system configuration for Windows 10 deployment
-description: Follow this walk-through to finalize the configuration of your Windows 10 operating deployment.
+description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Finalize the operating system configuration for Windows 10 deployment with Configuration Manager

windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
+title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
 description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
 ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
 ms.reviewer: 
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
@@ -240,7 +241,7 @@ On **CM01**:
 2.  Right-click **PS1 - Primary Site 1**, point to **Configure Site Components**, and then select **Software Distribution**.
 3.  On the **Network Access Account** tab, select **Specify the account that accesses network locations** and add the *New Account* **CONTOSO\\CM\_NAA** as the Network Access account (password: pass@word1). Use the new **Verify** option to verify that the account can connect to the **\\\\DC01\\sysvol** network share.
 
-![figure 12](../images/mdt-06-fig12.png)
+![figure 11](../images/mdt-06-fig12.png)
 
 Test the connection for the Network Access account.
 

windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
+title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
 description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
 ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
 ms.reviewer: 
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
@@ -57,9 +58,9 @@ On **PC0003**:
 
 1. Open the Configuration Manager control panel (control smscfgrc).
 2. On the **Site** tab, click **Configure Settings**, then click **Find Site**.
-3. Verify that Configuration Manager has successfullyl found a site to manage this client is displayed. See the following example.
+3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
 
-![pc0003a](../images/pc0003a.png)
+![Found a site to manage this client](../images/pc0003a.png)
 
 ## Create a device collection and add the PC0003 computer
 
@@ -123,16 +124,16 @@ On **PC0003**:
 2.  In the **Software Center** warning dialog box, click **Install Operating System**. 
 3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
 
-![pc0003b](../images/pc0003b.png)<br>
+![Task sequence example 1](../images/pc0003b.png)<br>
-![pc0003c](../images/pc0003c.png)<br>
+![Task sequence example 2](../images/pc0003c.png)<br>
-![pc0003d](../images/pc0003d.png)<br>
+![Task sequence example 3](../images/pc0003d.png)<br>
-![pc0003e](../images/pc0003e.png)<br>
+![Task sequence example 4](../images/pc0003e.png)<br>
-![pc0003f](../images/pc0003f.png)<br>
+![Task sequence example 5](../images/pc0003f.png)<br>
-![pc0003g](../images/pc0003g.png)<br>
+![Task sequence example 6](../images/pc0003g.png)<br>
-![pc0003h](../images/pc0003h.png)<br>
+![Task sequence example 7](../images/pc0003h.png)<br>
-![pc0003i](../images/pc0003i.png)<br>
+![Task sequence example 8](../images/pc0003i.png)<br>
-![pc0003j](../images/pc0003j.png)<br>
+![Task sequence example 9](../images/pc0003j.png)<br>
-![pc0003k](../images/pc0003k.png)
+![Task sequence example 10](../images/pc0003k.png)
 
 Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 

windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md

@@ -1,5 +1,5 @@
 ---
-title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
+title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
 description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
 ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
 ms.reviewer: 
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
@@ -159,7 +160,7 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
 
-![pc0004b](../images/pc0004b.png)
+![Task sequence example](../images/pc0004b.png)
 
 Capturing the user state
 
@@ -190,15 +191,15 @@ On **PC0006**:
 
 When the process is complete, you will have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
 
-![pc0006a](../images/pc0006a.png)<br>
+![User data and setting restored example 1](../images/pc0006a.png)<br>
-![pc0006b](../images/pc0006b.png)<br>
+![User data and setting restored example 2](../images/pc0006b.png)<br>
-![pc0006c](../images/pc0006c.png)<br>
+![User data and setting restored example 3](../images/pc0006c.png)<br>
-![pc0006d](../images/pc0006d.png)<br>
+![User data and setting restored example 4](../images/pc0006d.png)<br>
-![pc0006e](../images/pc0006e.png)<br>
+![User data and setting restored example 5](../images/pc0006e.png)<br>
-![pc0006f](../images/pc0006f.png)<br>
+![User data and setting restored example 6](../images/pc0006f.png)<br>
-![pc0006g](../images/pc0006g.png)<br>
+![User data and setting restored example 7](../images/pc0006g.png)<br>
-![pc0006h](../images/pc0006h.png)<br>
+![User data and setting restored example 8](../images/pc0006h.png)<br>
-![pc0006i](../images/pc0006i.png)
+![User data and setting restored example 9](../images/pc0006i.png)
 
 Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuraton-manager.md).
 

windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
@@ -126,13 +127,13 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
 
-![pc0004-a](../images/pc0004-a.png)<br>
+![Upgrade task sequence example 1](../images/pc0004-a.png)<br>
-![pc0004-b](../images/pc0004-b.png)<br>
+![Upgrade task sequence example 2](../images/pc0004-b.png)<br>
-![pc0004-c](../images/pc0004-c.png)<br>
+![Upgrade task sequence example 3](../images/pc0004-c.png)<br>
-![pc0004-d](../images/pc0004-d.png)<br>
+![Upgrade task sequence example 4](../images/pc0004-d.png)<br>
-![pc0004-e](../images/pc0004-e.png)<br>
+![Upgrade task sequence example 5](../images/pc0004-e.png)<br>
-![pc0004-f](../images/pc0004-f.png)<br>
+![Upgrade task sequence example 6](../images/pc0004-f.png)<br>
-![pc0004-g](../images/pc0004-g.png)
+![Upgrade task sequence example 7](../images/pc0004-g.png)
 
 In-place upgrade with Configuration Manager