Merge pull request #7 from MicrosoftDocs/master

Merge in changes from official master

windows/client-management/mdm/applocker-csp.md

@@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: lomayor
-ms.date: 07/25/2019
+ms.date: 11/19/2019
 ---
 
 # AppLocker CSP
@@ -21,10 +21,10 @@ The following diagram shows the AppLocker configuration service provider in tree
 
 ![applocker csp](images/provisioning-csp-applocker.png)
 
-<a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**
+<a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**  
 Defines the root node for the AppLocker configuration service provider.
 
-<a href="" id="applicationlaunchrestrictions"></a>**ApplicationLaunchRestrictions**
+<a href="" id="applocker-applicationlaunchrestrictions"></a>**AppLocker/ApplicationLaunchRestrictions**  
 Defines restrictions for applications.
 
 > [!NOTE]
@@ -40,7 +40,133 @@ Additional information:
 - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
 - [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.
 
-<a href="" id="enterprisedataprotection"></a>**EnterpriseDataProtection**
+<a href="" id="applocker-applicationlaunchrestrictions-grouping"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_**  
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE**  
+Defines restrictions for launching executable applications.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-exe-noninteractiveprocessenforcement"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement**  
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI**  
+Defines restrictions for executing Windows Installer files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-msi-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script**  
+Defines restrictions for running scripts.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-script-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps**  
+Defines restrictions for running apps from the Microsoft Store.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-storeapps-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL**  
+Defines restrictions for processing DLL files.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-enforcementmode"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**  
+The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
+
+The data type is a string.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-dll-noninteractiveprocessenforcement"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement**  
+The data type is a string.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-codeintegrity"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity**  
+This node is only supported on the desktop. 
+
+Supported operations are Get, Add, Delete, and Replace.
+
+<a href="" id="applocker-applicationlaunchrestrictions-grouping-codeintegrity-policy"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
+
+Data type is Base64.
+
+Supported operations are Get, Add, Delete, and Replace.
+
+> [!NOTE]
+> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
+
+<a href="" id="applocker-enterprisedataprotection"></a>**AppLocker/EnterpriseDataProtection**  
 Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
 
 In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
@@ -61,115 +187,35 @@ Additional information:
 
 - [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
 
-Each of the previously listed nodes contains a **Grouping** node.
+<a href="" id="applocker-enterprisedataprotection-grouping"></a>**AppLocker/EnterpriseDataProtection/_Grouping_**  
+Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
+Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
 
-<table>
-<colgroup>
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Grouping</strong></p></td>
-<td><p>Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.</p>
-<p>Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
+Supported operations are Get, Add, Delete, and Replace.
 
+<a href="" id="applocker-enterprisedataprotection-grouping-exe"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/EXE**  
+Defines restrictions for launching executable applications.
 
+Supported operations are Get, Add, Delete, and Replace.
 
-In addition, each **Grouping** node contains one or more of the following nodes:
+<a href="" id="applocker-enterprisedataprotection-grouping-exe-policy"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
 
-<table>
-<colgroup>
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>EXE</strong></p></td>
-<td><p>Defines restrictions for launching executable applications.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>MSI</strong></p></td>
-<td><p>Defines restrictions for executing Windows Installer files.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Script</strong></p></td>
-<td><p>Defines restrictions for running scripts.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>StoreApps</strong></p></td>
-<td><p>Defines restrictions for running apps from the Microsoft Store.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>DLL</strong></p></td>
-<td><p>Defines restrictions for processing DLL files.</p>
-<p>Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>CodeIntegrity</strong></p></td>
-<td><p>This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
+Data type is string. 
 
+Supported operations are Get, Add, Delete, and Replace.
 
+<a href="" id="applocker-enterprisedataprotection-grouping-storeapps"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps**  
+Defines restrictions for running apps from the Microsoft Store.
 
-Each of the previous nodes contains one or more of the following leaf nodes:
+Supported operations are Get, Add, Delete, and Replace.
 
-<table>
-<colgroup>
-<col width="20%" />
-<col width="80%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Policy</strong></p></td>
-<td><p>Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.</p>
-<p>For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace.</p>
-<p>For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace.</td>
-</tr>
-<tr class="even">
-<td><p><strong>EnforcementMode</strong></p></td>
-<td><p>The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).</p>
-<p>The data type is a string. Supported operations are Get, Add, Delete, and Replace.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>NonInteractiveProcessEnforcement</strong></p></td>
-<td><p>The data type is a string.</p>
-<p>Supported operations are Add, Delete, Get, and Replace.</p></td>
-</tr>
-</tbody>
-</table>
+<a href="" id="applocker-enterprisedataprotection-grouping-exe-storeapps"></a>**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy**  
+Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
 
-> [!NOTE]
-> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP.
+Data type is string.
 
+Supported operations are Get, Add, Delete, and Replace.
 
 ## <a href="" id="productname"></a>Find publisher and product name of apps
 
@@ -239,7 +285,6 @@ The following table show the mapping of information to the AppLocker publisher r
 </table>
 
 
-
 Here is an example AppLocker publisher rule:
 
 ``` syntax
@@ -319,7 +364,7 @@ Result
 <td><p>windowsPhoneLegacyId</p></td>
 <td><p>Same value maps to the ProductName and Publisher name</p>
 <p>This value will only be present if there is a XAP package associated with the app in the Store.</p>
-<p>If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and anothe one using the windowsPhoneLegacyId value.</p></td>
+<p>If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.</p></td>
 </tr>
 </tbody>
 </table>
@@ -668,12 +713,12 @@ The following list shows the apps that may be included in the inbox.
 <td>Microsoft.MSPodcast</td>
 </tr>
 <tr class="odd">
-<td>Posdcast downloads</td>
+<td>Podcast downloads</td>
 <td>063773e7-f26f-4a92-81f0-aa71a1161e30</td>
 <td></td>
 </tr>
 <tr class="even">
-<td>Powerpoint</td>
+<td>PowerPoint</td>
 <td>b50483c4-8046-4e1b-81ba-590b24935798</td>
 <td>Microsoft.Office.PowerPoint</td>
 </tr>

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -21,7 +21,7 @@ ms.date: 07/01/2019
 
 This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 
-For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). 
+For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). 
 
 - **What’s new in MDM for Windows 10 versions**
   - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909)
@@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
   - [What is dmwappushsvc?](#what-is-dmwappushsvc)
 
 - **Change history in MDM documentation**
+    - [November 2019](#november-2019)
     - [October 2019](#october-2019)
     - [September 2019](#september-2019)
     - [August 2019](#august-2019)
@@ -1934,6 +1935,13 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 
 ## Change history in MDM documentation
 
+### November 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
+|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
+
 ### October 2019
 
 |New or updated topic | Description|

windows/client-management/mdm/policy-csp-deliveryoptimization.md

@@ -780,7 +780,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix
+Added in Windows 10, version 1803. Set this policy to restrict peer selection to a specific source. Available options are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix, 5 = AAD.
 
 When set, the Group ID will be assigned automatically from the selected source.
 
@@ -790,6 +790,8 @@ The options set in this policy only apply to Group (2) download mode. If Group (
 
 For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.
 
+Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5.
+
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
@@ -807,6 +809,7 @@ The following list shows the supported values:
 -   2 - Authenticated domain SID
 -   3 - DHCP user option
 -   4 - DNS suffix
+-   5 - AAD
 
 <!--/SupportedValues-->
 <!--/Policy-->

windows/client-management/mdm/uefi-csp.md

@@ -20,7 +20,7 @@ The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmwa
 > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
 
 > [!NOTE]
-> The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface.  The specification for this interface and compatible firmware is not yet available.
+> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
 
 The following diagram shows the UEFI CSP in tree format.
 
@@ -70,7 +70,7 @@ Apply a permissions information package to UEFI. Input is the signed package in
 Value type is Base64. Supported operation is Replace.
 
 <a href="" id="permissions-result"></a>**Permissions/Result**  
-Retrieves the binary result package of the previous Permissions/Apply operation.  This binary package contains XML describing the action taken for each individual permission.
+Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission.
 
 Supported operation is Get.
 
@@ -109,17 +109,17 @@ Supported operation is Get.
 Node for settings permission operations. Alternate endpoint for sending a second permission package without an OS restart.
 
 <a href="" id="permissions2-apply"></a>**Permissions2/Apply**  
-Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format.  Alternate location for sending two permissions information packages in the same session.
+Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session.
 
 Value type is Base64. Supported operation is Replace.
 
 <a href="" id="permissions2-result"></a>**Permissions2/Result**  
-Retrieves the binary result package from the previous Permissions2/Apply operation.  This binary package contains XML describing the action taken for each individual permission.
+Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission.
 
 Supported operation is Get.
 
 <a href="" id="settings2"></a>**Settings2**  
-Nodefor device settings operations. Alternate endpoint for sending a second settings package without an OS restart.
+Node for device settings operations. Alternate endpoint for sending a second settings package without an OS restart.
 
 <a href="" id="settings2-apply"></a>**Settings2/Apply**  
 Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two settings information packages in the same session.