Merge branch 'public' into patch-112

.openpublishing.publish.config.json

@@ -390,7 +390,7 @@
     "elizapo@microsoft.com"
   ],
   "sync_notification_subscribers": [
-    "daniha@microsoft.com"
+    "dstrome@microsoft.com"
   ],
   "branches_to_filter": [
     ""
@@ -431,9 +431,9 @@
       "template_folder": "_themes.pdf"
     }
   },
-  "need_generate_pdf": false,
-  "need_generate_intellisense": false,
   "docs_build_engine": {
     "name": "docfx_v3"
-  }
+  },
+  "need_generate_pdf": false,
+  "need_generate_intellisense": false
 }

.openpublishing.redirection.json

@@ -1534,6 +1534,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list",
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md",
@@ -15105,6 +15110,11 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis",
@@ -16509,6 +16519,11 @@
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": true
     }
   ]
 }

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "cSpell.words": [
+        "emie"
+    ]
+}

browsers/edge/TOC.md

@@ -28,6 +28,6 @@
 
 ## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
 
-## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md)
+## [Microsoft Edge Frequently Asked Questions (FAQ)](microsoft-edge-faq.yml)
 
 

browsers/edge/change-history-for-microsoft-edge.md

@@ -60,7 +60,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi
 
 |New or changed topic | Description |
 |---------------------|-------------|
-|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New |
+|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.yml) | New |
 
 ## February 2017
 

browsers/edge/group-policies/sync-browser-settings-gp.md

@@ -38,7 +38,7 @@ You can find the Microsoft Edge Group Policy settings in the following location
 To verify the settings:
 1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\).
 2. Click **Settings**.
-3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
+3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.png)
 
 
 ## Do not sync browser settings

browsers/edge/includes/configure-windows-defender-smartscreen-include.md

@@ -27,7 +27,7 @@ ms.topic: include
 
 To verify Windows Defender SmartScreen is turned off (disabled):
 1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2.  Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
+2.  Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.png)
 
 
 ### ADMX info and settings

browsers/edge/microsoft-edge-faq.md

@@ -1,58 +0,0 @@
----
-title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros
-ms.reviewer: 
-audience: itpro
-manager: dansimp
-description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
-author: dansimp
-ms.author: dansimp
-ms.prod: edge
-ms.topic: article
-ms.mktglfcycl: general
-ms.sitesec: library
-ms.localizationpriority: medium
----
-
-# Frequently Asked Questions (FAQs) for IT Pros
-
->Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
-
-> [!NOTE]
-> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
-
-## How can I get the next major version of Microsoft Edge, based on Chromium?
-In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/).
-
-## What’s the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?
-Microsoft Edge is the default browser for all Windows 10 devices. It’s built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](emie-to-improve-compatibility.md) to automatically send users to Internet Explorer 11.
-
-For more information on how Internet Explorer and Microsoft Edge work together to support your legacy web apps, while still defaulting to the higher security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97).
-
-## Does Microsoft Edge work with Enterprise Mode?
-[Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) helps you run many legacy web applications with better backward compatibility. You can configure both Microsoft Edge and Internet Explorer to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
-
-## How do I customize Microsoft Edge and related settings for my organization?
-You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals.  
-
-## Is Adobe Flash supported in Microsoft Edge?
-Adobe Flash is currently supported as a built-in feature of Microsoft Edge on PCs running Windows 10. In July 2017, Adobe announced that Flash support will end after 2020. With this change to Adobe support, we’ve started to phase Flash out of  Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting group policy](https://docs.microsoft.com/microsoft-edge/deploy/available-policies#configure-the-adobe-flash-click-to-run-setting) - this lets you control which websites can run Adobe Flash content.
-
-To learn more about Microsoft’s plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
-
-## Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?
-No. Microsoft Edge doesn’t support ActiveX controls and BHOs like Silverlight or Java. If you’re running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and standards support.
-
-## How often will Microsoft Edge be updated?
-In Windows 10, we’re delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence.
-
-## How can I provide feedback on Microsoft Edge?
-Microsoft Edge is an evergreen browser - we’ll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. 
-
-## Will Internet Explorer 11 continue to receive updates?
-We’re committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it’s installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
-
-## How do I find out what version of Microsoft Edge I have?
-In the upper right corner of Microsoft Edge, click the ellipses icon (**...**), and then click **Settings**. Look in the **About Microsoft Edge** section to find your version.
-
-## What is Microsoft EdgeHTML?
-Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform. (As opposed to *Microsoft Edge, based on Chromium*.)

browsers/edge/microsoft-edge-faq.yml

@@ -0,0 +1,74 @@
+### YamlMime:FAQ
+metadata:
+  title: Microsoft Edge - Frequently Asked Questions (FAQ) for IT Pros
+  ms.reviewer: 
+  audience: itpro
+  manager: dansimp
+  description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
+  author: dansimp
+  ms.author: dansimp
+  ms.prod: edge
+  ms.topic: article
+  ms.mktglfcycl: general
+  ms.sitesec: library
+  ms.localizationpriority: medium
+    
+title: Frequently Asked Questions (FAQ) for IT Pros
+summary: |
+  Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
+  
+  > [!NOTE]
+  > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+  
+
+sections:
+  - name: Ignored
+    questions:
+      - question: How can I get the next major version of Microsoft Edge, based on Chromium?
+        answer: |
+          In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/).
+          
+      - question: What's the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?
+        answer: |
+          Microsoft Edge is the default browser for all Windows 10 devices. It's built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](emie-to-improve-compatibility.md) to automatically send users to Internet Explorer 11.
+          
+          For more information on how Internet Explorer and Microsoft Edge work together to support your legacy web apps, while still defaulting to the higher security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97).
+          
+      - question: Does Microsoft Edge work with Enterprise Mode?
+        answer: |
+          [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) helps you run many legacy web applications with better backward compatibility. You can configure both Microsoft Edge and Internet Explorer to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
+          
+      - question: How do I customize Microsoft Edge and related settings for my organization?
+        answer: |
+          You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals.  
+          
+      - question: Is Adobe Flash supported in Microsoft Edge?
+        answer: |
+          Adobe Flash is currently supported as a built-in feature of Microsoft Edge on PCs running Windows 10. In July 2017, Adobe announced that Flash support will end after 2020. With this change to Adobe support, we've started to phase Flash out of  Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting group policy](https://docs.microsoft.com/microsoft-edge/deploy/available-policies#configure-the-adobe-flash-click-to-run-setting) - this lets you control which websites can run Adobe Flash content.
+          
+          To learn more about Microsoft's plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
+          
+      - question: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?
+        answer: |
+          No, Microsoft Edge doesn't support ActiveX controls and Browser Helper Objects (BHOs) like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support.
+
+      - question: How often will Microsoft Edge be updated?
+        answer: |
+          In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence.
+
+      - question: How can I provide feedback on Microsoft Edge?
+        answer: |
+          Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. 
+
+      - question: Will Internet Explorer 11 continue to receive updates?
+        answer: |
+          We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
+          
+      - question: How do I find out which version of Microsoft Edge I have?
+        answer: |
+          In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version.
+
+      - question: What is Microsoft EdgeHTML?
+        answer: |
+          Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*).
+

browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md

@@ -68,7 +68,7 @@ Additional information on Internet Explorer 11, including a Readiness Toolkit, t
 
 ## Availability of Internet Explorer 11
 
-Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Configuration Manager and WSUS.
+Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Manager and WSUS.
 
 ## Prevent automatic installation of Internet Explorer 11 with WSUS
 

education/includes/education-content-updates.md

@@ -2,9 +2,10 @@
 
 
 
-## Week of November 30, 2020
+## Week of January 11, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 12/4/2020 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 1/14/2021 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 1/14/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |

education/windows/chromebook-migration-guide.md

@@ -457,7 +457,7 @@ Table 5. Select on-premises AD DS, Azure AD, or hybrid
 <td align="left">X</td>
 </tr>
 <tr class="odd">
-<td align="left">Use Microsoft Endpoint Configuration Manager for management</td>
+<td align="left">Use Microsoft Endpoint Manager for management</td>
 <td align="left">X</td>
 <td align="left"></td>
 <td align="left">X</td>

education/windows/deploy-windows-10-in-a-school-district.md

@@ -202,7 +202,7 @@ Before you select the deployment and management methods, you need to review the
 |Scenario feature |Cloud-centric|On-premises and cloud|
 |---|---|---|
 |Identity management | Azure AD (stand-alone or integrated with on-premises AD DS)  |  AD DS integrated with Azure AD |
-|Windows 10 deployment   | MDT only  |  Microsoft Endpoint Configuration Manager with MDT |
+|Windows 10 deployment   | MDT only  |  Microsoft Endpoint Manager with MDT |
 |Configuration setting management  | Intune  |  Group Policy<br/><br/>Intune|
 |App and update management |  Intune |Microsoft Endpoint Configuration Manager<br/><br/>Intune|
 
@@ -216,14 +216,14 @@ These scenarios assume the need to support:
 Some constraints exist in these scenarios. As you select the deployment and management methods for your device, keep the following constraints in mind:
 
 * You can use Group Policy or Intune to manage configuration settings on a device but not both.
-* You can use Microsoft Endpoint Configuration Manager or Intune to manage apps and updates on a device but not both.
+* You can use Microsoft Endpoint Manager or Intune to manage apps and updates on a device but not both.
 * You cannot manage multiple users on a device with Intune if the device is AD DS domain joined.
 
 Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
 
 ### Select the deployment methods
 
-To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
+To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
 
 <table>
 <colgroup>
@@ -291,7 +291,7 @@ Select this method when you:</p>
 </ul>
 <p>The disadvantages of this method are that it:</p>
 <ul>
-<li>Carries an additional cost for Microsoft Endpoint Configuration Manager server licenses (if the institution does not have Configuration Manager already).</li>
+<li>Carries an additional cost for Microsoft Endpoint Manager server licenses (if the institution does not have Configuration Manager already).</li>
 <li>Can deploy Windows 10 only to domain-joined (institution-owned devices).</li>
 <li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
 </ul>
@@ -307,7 +307,7 @@ Record the deployment methods you selected in Table 3.
 |Selection | Deployment method|
 |--------- | -----------------|
 |   |MDT by itself |
-|   |Microsoft Endpoint Configuration Manager and MDT|
+|   |Microsoft Endpoint Manager and MDT|
 
 *Table 3. Deployment methods selected*
 
@@ -483,12 +483,12 @@ Select this method when you:</p>
 </tr>
 
 <tr>
-<td valign="top">Microsoft Endpoint Configuration Manager and Intune (hybrid)</td>
+<td valign="top">Microsoft Endpoint Manager and Intune (hybrid)</td>
 <td><p>Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.<br/><br/>
 Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.<br/><br/>
 Select this method when you:</p>
 <ul>
-<li>Selected Microsoft Endpoint Configuration Manager to deploy Windows 10.</li>
+<li>Selected Microsoft Endpoint Manager to deploy Windows 10.</li>
 <li>Want to manage institution-owned and personal devices (does not require that the device be domain joined).</li>
 <li>Want to manage domain-joined devices.</li>
 <li>Want to manage Azure AD domain-joined devices.</li>
@@ -525,9 +525,9 @@ Record the app and update management methods that you selected in Table 7.
 
 |Selection | Management method|
 |----------|------------------|
-|   |Microsoft Endpoint Configuration Manager by itself|
+|   |Microsoft Endpoint Manager by itself|
 |   |Intune by itself|
-|   |Microsoft Endpoint Configuration Manager and Intune (hybrid mode)|
+|   |Microsoft Endpoint Manager and Intune (hybrid mode)|
 
 *Table 7. App and update management methods selected*
 
@@ -570,11 +570,11 @@ For more information about how to create a deployment share, see [Step 3-1: Crea
 ### Install the Configuration Manager console
 
 > [!NOTE]
-> If you selected Microsoft Endpoint Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
+> If you selected Microsoft Endpoint Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
 
 You can use Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install Configuration Manager primary site servers.
 
-For more information about how to install the Configuration Manager console, see [Install Microsoft Endpoint Configuration Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
+For more information about how to install the Configuration Manager console, see [Install Microsoft Endpoint Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
 
 ### Configure MDT integration with the Configuration Manager console
 
@@ -733,7 +733,7 @@ The following Azure AD Premium features are not in Azure AD Basic:
 
 * Allow designated users to manage group membership
 * Dynamic group membership based on user metadata
-* Azure AD Multi-Factor Authentication authentication (MFA; see [What is Azure AD Multi-Factor Authentication Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
+* Azure AD Multi-Factor Authentication (MFA; see [What is Azure AD Multi-Factor Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
 * Identify cloud apps that your users run
 * Self-service recovery of BitLocker
 * Add local administrator accounts to Windows 10 devices
@@ -1148,7 +1148,7 @@ At the end of this section, you should know the Windows 10 editions and processo
 
 ## Prepare for deployment
 
-Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Endpoint Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
+Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Endpoint Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
 
 ### Configure the MDT deployment share
 
@@ -1245,7 +1245,7 @@ For more information about how to update a deployment share, see <a href="https:
 ### Configure Microsoft Endpoint Configuration Manager
 
 > [!NOTE]
-> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
+> If you have already configured your Microsoft Endpoint Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
 
 Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you don’t have an existing Configuration Manager infrastructure, you will need to deploy a new infrastructure.
 
@@ -1255,7 +1255,7 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
 * [Start using Configuration Manager](https://technet.microsoft.com/library/mt608544.aspx)
 
 
-#### To configure an existing Microsoft Endpoint Configuration Manager infrastructure for operating system deployment
+#### To configure an existing Microsoft Endpoint Manager infrastructure for operating system deployment
 
 1. Perform any necessary infrastructure remediation.
 
@@ -1264,12 +1264,12 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
 
     You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
 
-    You can add this content by using Microsoft Endpoint Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
+    You can add this content by using Microsoft Endpoint Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
 3. Add device drivers.
 
     You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
 
-    Create a Microsoft Endpoint Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
+    Create a Microsoft Endpoint Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
 4. Add Windows apps.
 
     Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
@@ -1301,7 +1301,7 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 ### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
 
 > [!NOTE]
-> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
+> If you have already configured your Microsoft Endpoint Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
 
 You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
 
@@ -1328,7 +1328,7 @@ You can use Windows Deployment Services in conjunction with Configuration Manage
 
 #### Summary
 
-Your MDT deployment share and Microsoft Endpoint Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, you’re ready to capture the reference images for the different devices you have in your district.
+Your MDT deployment share and Microsoft Endpoint Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, you’re ready to capture the reference images for the different devices you have in your district.
 
 ## Capture the reference image
 
@@ -1575,7 +1575,7 @@ For more information about Intune, see [Microsoft Intune Documentation](https://
 
 ### Deploy and manage apps by using Intune
 
-If you selected to deploy and manage apps by using Microsoft Endpoint Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
+If you selected to deploy and manage apps by using Microsoft Endpoint Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
 
 You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or that another solution manages.
 
@@ -1589,7 +1589,7 @@ For more information about how to configure Intune to manage your apps, see the
 
 ### Deploy and manage apps by using Microsoft Endpoint Configuration Manager
 
-You can use  Microsoft Endpoint Configuration Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
+You can use  Microsoft Endpoint Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
 
 For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
 
@@ -1627,7 +1627,7 @@ For more information about how to configure Configuration Manager to manage Wind
 
 #### Summary
 
-In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Endpoint Configuration Manager to manage your apps. Finally, you configured Intune or Microsoft Endpoint Configuration Manager to manage software updates for Windows 10 and your apps.
+In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Endpoint Manager to manage your apps. Finally, you configured Intune or Microsoft Endpoint Manager to manage software updates for Windows 10 and your apps.
 
 ## Deploy Windows 10 to devices
 

store-for-business/add-unsigned-app-to-code-integrity-policy.md

@@ -62,7 +62,7 @@ Before you get started, be sure to review these best practices and requirements:
 
 **Best practices**
 
-- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
+- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
 - **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
 
 Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
@@ -117,4 +117,4 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr
      When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
 
 6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
-7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
+7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).

store-for-business/includes/store-for-business-content-updates.md

@@ -2,20 +2,9 @@
 
 
 
-## Week of November 23, 2020
+## Week of January 11, 2021
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 11/23/2020 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
+| 1/14/2021 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
-| 11/23/2020 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
-
-
-## Week of October 26, 2020
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 10/27/2020 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
-| 10/27/2020 | [Device Guard signing (Windows 10)](/microsoft-store/device-guard-signing-portal) | modified |
-| 10/27/2020 | [Sign code integrity policy with Device Guard signing (Windows 10)](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing) | modified |

windows/application-management/app-v/appv-connect-to-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to connect to the Management Console (Windows 10)
 description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-connection-group-virtual-environment.md

@@ -1,7 +1,7 @@
 ---
 title: About the connection group virtual environment (Windows 10)
 description: Learn how the connection group virtual environment works and how package priority is determined.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md

@@ -1,7 +1,7 @@
 ---
 title: How to convert a package created in a previous version of App-V (Windows 10)
 description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a connection croup with user-published and globally published packages (Windows 10)
 description: How to create a connection croup with user-published and globally published packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-connection-group.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a connection group (Windows 10)
 description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
 description: How to create a custom configuration file by using the App-V Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator by using Windows PowerShell (Windows 10)
 description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-package-accelerator.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator (Windows 10)
 description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md

@@ -1,7 +1,7 @@
 ---
 title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
 description: How to create a virtual application package using an App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-create-and-use-a-project-template.md

@@ -1,7 +1,7 @@
 ---
 title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
 description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md

@@ -1,7 +1,7 @@
 ---
 title: Creating and managing App-V virtualized applications (Windows 10)
 description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
 description: How to customize virtual application extensions for a specific AD group by using the Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-delete-a-connection-group.md

@@ -1,7 +1,7 @@
 ---
 title: How to delete a connection group (Windows 10)
 description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to delete a package in the Management Console (Windows 10)
 description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
 description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: How to deploy App-V packages using electronic software distribution (Windows 10)
 description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
 description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploy-the-appv-server.md

@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
 description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V (Windows 10)
 description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
 description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V packages by using electronic software distribution (ESD)
 description: Deploying App-V packages by using electronic software distribution (ESD)
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Sequencer and configuring the client (Windows 10)
 description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deploying-the-appv-server.md

@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Server (Windows 10)
 description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-deployment-checklist.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Deployment Checklist (Windows 10)
 description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-dynamic-configuration.md

@@ -1,7 +1,7 @@
 ---
 title: About App-V Dynamic Configuration (Windows 10)
 description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
 description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md

@@ -1,7 +1,7 @@
 ---
 title: Enable the App-V in-box client (Windows 10)
 description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-evaluating-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Evaluating App-V (Windows 10)
 description: Learn how to evaluate App-V for Windows 10 in a lab environment before deploying into a production environment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-for-windows.md

@@ -1,7 +1,7 @@
 ---
 title: Application Virtualization (App-V) (Windows 10)
 description: See various topics that can help you administer Application Virtualization (App-V) and its components.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-getting-started.md

@@ -1,7 +1,7 @@
 ---
 title: Getting Started with App-V (Windows 10)
 description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-high-level-architecture.md

@@ -1,7 +1,7 @@
 ---
 title: High-level architecture for App-V (Windows 10)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md

@@ -1,7 +1,7 @@
 ---
 title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md

@@ -1,7 +1,7 @@
 ---
 title: Install the Publishing Server on a Remote Computer (Windows 10)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-install-the-sequencer.md

@@ -1,7 +1,7 @@
 ---
 title: Install the App-V Sequencer (Windows 10)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md

@@ -1,7 +1,7 @@
 ---
 title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-maintaining-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Maintaining App-V (Windows 10)
 description: After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-managing-connection-groups.md

@@ -1,7 +1,7 @@
 ---
 title: Managing Connection Groups (Windows 10)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md

@@ -1,7 +1,7 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
 description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md

@@ -1,7 +1,7 @@
 ---
 title: How to Modify an Existing Virtual Application Package (Windows 10)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md

@@ -1,7 +1,7 @@
 ---
 title: How to Move the App-V Server to Another Computer (Windows 10)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-operations.md

@@ -1,7 +1,7 @@
 ---
 title: Operations for App-V (Windows 10)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-performance-guidance.md

@@ -1,7 +1,7 @@
 ---
 title: Performance Guidance for Application Virtualization (Windows 10)
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-checklist.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Planning Checklist (Windows 10)
 description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Use Folder Redirection with App-V (Windows 10)
 description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-appv-server-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
 description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for App-V (Windows 10)
 description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for High Availability with App-V Server
 description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
 description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-for-using-appv-with-office.md

@@ -1,7 +1,7 @@
 ---
 title: Planning for Deploying App-V with Office (Windows 10)
 description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-planning-to-deploy-appv.md

@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V (Windows 10)
 description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md

@@ -44,7 +44,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
 
 To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
 
-There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
+There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Manager or another electronic software distribution (ESD) system, or manually edit the registry.
 
 Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
 

windows/client-management/TOC.md

@@ -1,5 +1,6 @@
 # [Manage clients in Windows 10](index.md)
 ## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)
+### [Use Quick Assist to help users](quick-assist.md)
 ## [Create mandatory user profiles](mandatory-user-profile.md)
 ## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
 ## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)

windows/client-management/connect-to-remote-aadj-pc.md

@@ -22,14 +22,15 @@ ms.topic: article
 
 - Windows 10
 
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
+From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 
 ![Remote Desktop Connection client](images/rdp.png)
 
 ## Set up
 
 - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
-- Your local PC (where you are connecting from) must be either Azure AD joined or Hybrid Azure AD joined if using Windows 10 version 1607 and above, or Azure AD registered if using Windows 10 version 2004 and above. Remote connections to an Azure AD joined PC from an unjoined device or a non-Windows 10 device are not supported. 
+- Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. 
+- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. 
 
 Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
 
@@ -41,57 +42,45 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
 
      ![Allow remote connections to this computer](images/allow-rdp.png)
 
-  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
+  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
+     
+      - Adding users manually
+   
+        You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
+        ```powershell
+        net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
+        ```
+        where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
+
+        This command only works for AADJ device users already added to any of the local groups (administrators).
+        Otherwise this command throws the below error. For example:
+        - for cloud only user: "There is no such global user or group : *name*"
+        - for synced user: "There is no such global user or group : *name*" </br>
 
          > [!NOTE]
-     > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
+         > For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
-     > ```powershell
-     > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
-     > ```
-     > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
          >
-     > This command only works for AADJ device users already added to any of the local groups (administrators).
+         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
-     > Otherwise this command throws the below error. For example:
-     > - for cloud only user: "There is no such global user or group : *name*"
-     > - for synced user: "There is no such global user or group : *name*" </br>
 
-     > [!NOTE]
+      - Adding users using policy
-     > In Windows 10, version 1709, the user does not have to sign in to the remote device first.
-     >
-     > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
      
-  4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
+         Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](https://docs.microsoft.com/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
 
          > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+         > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
 
-     > [!Note]
+         > [!NOTE]
-     > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
+         > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
 
 ## Supported configurations
 
-In organizations using integrated Active Directory and Azure AD, you can connect from a Hybrid-joined PC to an Azure AD-joined PC by using any of the following:
+The table below lists the supported configurations for remotely connecting to an Azure AD-joined PC:
 
-- Password
+| Criteria | RDP from Azure AD registered device| RDP from Azure AD joined device| RDP from hybrid Azure AD joined device |
-- Smartcards
+| - | - | - | - |
-- Windows Hello for Business, if the domain is managed by Microsoft Endpoint Configuration Manager.
+| **Client operating systems**| Windows 10, version 2004 and above| Windows 10, version 1607 and above | Windows 10, version 1607 and above |
+| **Supported credentials**| Password, smartcard| Password, smartcard, Windows Hello for Business certificate trust | Password, smartcard, Windows Hello for Business certificate trust |
 
-In organizations using integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to an AD-joined PC when the Azure AD-joined PC is on the corporate network by using any of the following:
-
-- Password
-- Smartcards
-- Windows Hello for Business, if the organization has a mobile device management (MDM) subscription.
-
-In organizations using integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC by using any of the following:
-
-- Password
-- Smartcards
-- Windows Hello for Business, with or without an MDM subscription.
-
-In organizations using only Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC by using any of the following:
-
-- Password
-- Windows Hello for Business, with or without an MDM subscription.
 
 > [!NOTE]
 > If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).

windows/client-management/mdm/TOC.md

@@ -186,24 +186,44 @@
 #### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
 #### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md)
+#### [ADMX_CredSsp](policy-csp-admx-credssp.md)
 #### [ADMX_CredUI](policy-csp-admx-credui.md)
 #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md)
+#### [ADMX_DataCollection](policy-csp-admx-datacollection.md)
+#### [ADMX_Desktop](policy-csp-admx-desktop.md)
+#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md)
+#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md)
 #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md)
 #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md)
 #### [ADMX_DWM](policy-csp-admx-dwm.md)
+#### [ADMX_EAIME](policy-csp-admx-eaime.md)
 #### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md)
+#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md)
+#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md)
 #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
+#### [ADMX_EventLog](policy-csp-admx-eventlog.md)
+#### [ADMX_Explorer](policy-csp-admx-explorer.md)
 #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md)
 #### [ADMX_FileSys](policy-csp-admx-filesys.md)
 #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md)
+#### [ADMX_Globalization](policy-csp-admx-globalization.md)
+#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md)
 #### [ADMX_Help](policy-csp-admx-help.md)
 #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md)
+#### [ADMX_ICM](policy-csp-admx-icm.md)
 #### [ADMX_kdc](policy-csp-admx-kdc.md)
+#### [ADMX_Kerberos](policy-csp-admx-kerberos.md)
 #### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md)
+#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md)
 #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md)
+#### [ADMX_Logon](policy-csp-admx-logon.md)
+#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md)
 #### [ADMX_MMC](policy-csp-admx-mmc.md)
 #### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md)
 #### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md)
+#### [ADMX_msched](policy-csp-admx-msched.md)
+#### [ADMX_MSDT](policy-csp-admx-msdt.md)
+#### [ADMX_MSI](policy-csp-admx-msi.md)
 #### [ADMX_nca](policy-csp-admx-nca.md)
 #### [ADMX_NCSI](policy-csp-admx-ncsi.md)
 #### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
@@ -211,19 +231,29 @@
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_Power](policy-csp-admx-power.md)
 #### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
+#### [ADMX_Printing](policy-csp-admx-printing.md)
+#### [ADMX_Printing2](policy-csp-admx-printing2.md)
+#### [ADMX_Programs](policy-csp-admx-programs.md)
 #### [ADMX_Reliability](policy-csp-admx-reliability.md)
+#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md)
+#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md)
+#### [ADMX_RPC](policy-csp-admx-rpc.md)
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
 #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
 #### [ADMX_Sensors](policy-csp-admx-sensors.md)
 #### [ADMX_Servicing](policy-csp-admx-servicing.md)
+#### [ADMX_SettingSync](policy-csp-admx-settingsync.md)
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
 #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
+#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md)
 #### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
 #### [ADMX_Snmp](policy-csp-admx-snmp.md)
 #### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md)
 #### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
 #### [ADMX_tcpip](policy-csp-admx-tcpip.md)
 #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
@@ -238,10 +268,12 @@
 #### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
 #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md)
 #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
 #### [ADMX_WinInit](policy-csp-admx-wininit.md)
 #### [ADMX_WinLogon](policy-csp-admx-winlogon.md)
 #### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
+#### [ADMX_WPN](policy-csp-admx-wpn.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)

windows/client-management/mdm/appv-deploy-and-config.md

@@ -1,6 +1,6 @@
 ---
 title: Deploy and configure App-V apps using MDM
-description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Configuration Manager or App-V server.
+description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 
 ## Executive summary
 
-<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Configuration Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
+<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
 
 <p>MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.</p>
 

windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md

@@ -1,24 +1,29 @@
 ---
 title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
-description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
+description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: lomayor
-ms.date: 01/17/2018
+ms.date: 12/18/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal 
 
-Go to your Azure AD Blade, select the Mobility (MDM and MAM) and there should be the Microsoft Intune "App" Visible, select the Microsoft Intune and configure the Blade 
+> [!NOTE]
+> Microsoft Intune portal can be accessed at the following link: [https://endpoint.microsoft.com](https://endpoint.microsoft.com).   
+
+1. Go to your Azure AD Blade.
+2. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
+3. Select **Microsoft Intune** and configure the blade. 
 
 ![How to get to the Blade](images/azure-mdm-intune.png) 
 
-Configure the Blade                                                                      
+Configure the blade                                                                      
 
 ![Configure the Blade](images/azure-intune-configure-scope.png) 
 
-Select all for allow all users to enroll a Device and make it Intune ready, or Some, then you can add a Group of Users. 
+You can specify settings to allow all users to enroll a device and make it Intune ready, or choose to allow some users (and then add a group of users). 

windows/client-management/mdm/bitlocker-csp.md

@@ -300,6 +300,10 @@ If you disable or do not configure this setting, users can configure only basic
 > [!NOTE]
 > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
 
+> [!NOTE] 
+> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern 
+> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN.
+
 Sample value for this node to enable this policy is:
 
 ```xml
@@ -1126,12 +1130,12 @@ Supported values:
 |-----|------------|
 | 0 |The BitLocker policy requires user consent to launch the BitLocker Drive Encryption Wizard to start encryption of the OS volume but the user didn't consent.|
 | 1 |The encryption method of the OS volume doesn't match the BitLocker policy.|
-| 2 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.|
+| 2 |The OS volume is unprotected.|
 | 3 |The BitLocker policy requires a TPM-only protector for the OS volume, but TPM protection isn't used.|
 | 4 |The BitLocker policy requires TPM+PIN protection for the OS volume, but a TPM+PIN protector isn't used.|
 | 5 |The BitLocker policy requires TPM+startup key protection for the OS volume, but a TPM+startup key protector isn't used.|
 | 6 |The BitLocker policy requires TPM+PIN+startup key protection for the OS volume, but a TPM+PIN+startup key protector isn't used.|
-| 7 |The OS volume is unprotected.|
+| 7 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.|
 | 8 |Recovery key backup failed.|
 | 9 |A fixed drive is unprotected.|
 | 10 |The encryption method of the fixed drive doesn't match the BitLocker policy.|

windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md

@@ -35,7 +35,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
 > [!NOTE]
 > -   Bulk-join is not supported in Azure Active Directory Join.
 > -   Bulk enrollment does not work in Intune standalone environment.
-> -   Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
+> -   Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console.
 > -   To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
 
 ## What you need

windows/client-management/mdm/defender-csp.md

@@ -390,6 +390,26 @@ Intune tamper protection setting UX supports three states:
 
 When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
 
+<a href="" id="configuration-disablelocaladminmerge"></a>**Configuration/DisableLocalAdminMerge**<br>
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
+
+If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings.
+
+If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator.
+
+> [!NOTE]
+> Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
+
+Supported OS versions:  Windows 10
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:  
+- 1 – Enable.
+- 0 (default) – Disable.
+
 <a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**  
 Enables or disables file hash computation feature.
 When this feature is enabled Windows defender will compute hashes for files it scans.

windows/client-management/mdm/diagnosticlog-csp.md

@@ -199,8 +199,111 @@ A Get to the above URI will return the results of the data gathering for the las
 
 Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
 
-The zip file which is created also contains a results.xml file whose contents align to the Data section in the SyncML for ArchiveResults. Accordingly, an IT admin using the zip file for troubleshooting can determine the order and success of each directive without needing a permanent record of the SyncML value for DiagnosticArchive/ArchiveResults.
+### Making use of the uploaded data
+The zip archive which is created and uploaded by the CSP contains a folder structure like the following:
 
+```powershell
+PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z
+
+    Directory: C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z
+
+Mode                 LastWriteTime         Length Name
+----                 -------------         ------ ----
+la---            1/4/2021  2:45 PM                1
+la---            1/4/2021  2:45 PM                2
+la---           12/2/2020  6:27 PM           2701 results.xml
+```
+Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was <RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey> then folder `1` will contain the corresponding `export.reg` file.
+
+The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.
+
+```xml
+<Collection HRESULT="0">
+    <ID>268b3056-8c15-47c6-a1bd-4bc257aef7b2</ID>
+    <RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey>
+    <Command HRESULT="-2147024895">%windir%\system32\netsh.exe wlan show profiles</Command>
+</Collection>
+```
+
+Administrators can apply automation to 'results.xml' to create their own preferred views of the data. For example, the following PowerShell one-liner extracts from the XML an ordered list of the directives with status code and details.
+```powershell
+Select-XML -Path results.xml -XPath '//RegistryKey | //Command | //Events | //FoldersFiles' | Foreach-Object -Begin {$i=1} -Process { [pscustomobject]@{DirectiveNumber=$i; DirectiveHRESULT=$_.Node.HRESULT; DirectiveInput=$_.Node.('#text')} ; $i++}
+```
+This example produces output similar to the following:
+```
+DirectiveNumber DirectiveHRESULT DirectiveInput
+--------------- ---------------- --------------
+              1 0                HKLM\Software\Policies
+              2 0                HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
+              3 0                HKLM\Software\Microsoft\IntuneManagementExtension
+              4 0                HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
+              5 0                %windir%\system32\ipconfig.exe /all
+              6 0                %windir%\system32\netsh.exe advfirewall show allprofiles
+              7 0                %windir%\system32\netsh.exe advfirewall show global
+              8 -2147024895      %windir%\system32\netsh.exe wlan show profiles
+```
+
+The next example extracts the zip archive into a customized flattened file structure. Each file name includes the directive number, HRESULT, and so on. This example could be customized to make different choices about what information to include in the file names and what formatting choices to make for special characters.
+
+```powershell
+param( $DiagnosticArchiveZipPath = "C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z.zip" )
+
+#region Formatting Choices
+$flatFileNameTemplate = '({0:D2}) ({3}) (0x{2:X8})'
+$maxLengthForInputTextPassedToOutput = 80
+#endregion
+
+#region Create Output Folders and Expand Zip
+$diagnosticArchiveTempUnzippedPath = $DiagnosticArchiveZipPath + "_expanded"
+if(-not (Test-Path $diagnosticArchiveTempUnzippedPath)){mkdir $diagnosticArchiveTempUnzippedPath}
+$reformattedArchivePath = $DiagnosticArchiveZipPath + "_formatted"
+if(-not (Test-Path $reformattedArchivePath)){mkdir $reformattedArchivePath}
+Expand-Archive -Path $DiagnosticArchiveZipPath -DestinationPath $diagnosticArchiveTempUnzippedPath
+#endregion
+
+#region Discover and Move/rename Files
+$resultElements = ([xml](Get-Content -Path (Join-Path -Path $diagnosticArchiveTempUnzippedPath -ChildPath "results.xml"))).Collection.ChildNodes | Foreach-Object{ $_ }
+$n = 0
+foreach( $element in $resultElements )
+{
+    $directiveNumber = $n
+    $n++
+    if($element.Name -eq 'ID'){ continue }
+    $directiveType = $element.Name
+    $directiveStatus = [int]$element.Attributes.ItemOf('HRESULT').psbase.Value
+    $directiveUserInputRaw = $element.InnerText
+    $directiveUserInputFileNameCompatible = $directiveUserInputRaw -replace '[\\|/\[\]<>\:"\?\*%\.\s]','_'
+    $directiveUserInputTrimmed = $directiveUserInputFileNameCompatible.substring(0, [System.Math]::Min($maxLengthForInputTextPassedToOutput, $directiveUserInputFileNameCompatible.Length))
+    $directiveSummaryString = $flatFileNameTemplate -f $directiveNumber,$directiveType,$directiveStatus,$directiveUserInputTrimmed
+    $directiveOutputFolder = Join-Path -Path $diagnosticArchiveTempUnzippedPath -ChildPath $directiveNumber
+    $directiveOutputFiles = Get-ChildItem -Path $directiveOutputFolder -File
+    foreach( $file in $directiveOutputFiles)
+    {
+        $leafSummaryString = $directiveSummaryString,$file.Name -join ' '
+        Copy-Item $file.FullName -Destination (Join-Path -Path $reformattedArchivePath -ChildPath $leafSummaryString)
+    }
+}
+#endregion 
+Remove-Item -Path $diagnosticArchiveTempUnzippedPath -Force -Recurse
+```
+That example script produces a set of files similar to the following, which can be a useful view for an administrator interactively browsing the results without needing to navigate any sub-folders or refer to `results.xml` repeatedly:
+
+```powershell
+PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z.zip_formatted | format-table Length,Name
+
+  Length Name
+  ------ ----
+   46640 (01) (HKLM_Software_Policies) (0x00000000) export.reg
+  203792 (02) (HKLM_Software_Microsoft_Windows_CurrentVersion_Uninstall) (0x00000000) export.reg
+  214902 (03) (HKLM_Software_Microsoft_IntuneManagementExtension) (0x00000000) export.reg
+  212278 (04) (HKLM_SOFTWARE_WOW6432Node_Microsoft_Windows_CurrentVersion_Uninstall) (0x00000000) export.reg
+    2400 (05) (_windir__system32_ipconfig_exe__all) (0x00000000) output.log
+    2147 (06) (_windir__system32_netsh_exe_advfirewall_show_allprofiles) (0x00000000) output.log
+    1043 (07) (_windir__system32_netsh_exe_advfirewall_show_global) (0x00000000) output.log
+      59 (08) (_windir__system32_netsh_exe_wlan_show_profiles) (0x80070001) output.log
+    1591 (09) (_windir__system32_ping_exe_-n_50_localhost) (0x00000000) output.log
+    5192 (10) (_windir__system32_Dsregcmd_exe__status) (0x00000000) output.log
+```
 
 ## Policy area
 

windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md

@@ -44,7 +44,8 @@ In Windows, after the user confirms the account deletion command and before the
 
 This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
 
-> **Note**  The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
+> [!NOTE]
+> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
  
 The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**.
@@ -157,4 +158,3 @@ When the disconnection is completed, the user is notified that the device has be
 
 
 
-

windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md

@@ -138,10 +138,11 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
 2.  Set a baseline for this configuration item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
 
     The dummy value is not set; it is only used for comparison.
-3.  After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
+3.  After the report XML is sent to the device, Microsoft Endpoint Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
 4.  Parse this log for the report XML content.
 
-For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
+For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-manager-logs).
+
 
 **Post-GDR1: Retrieve the report xml file using an SD card**
 
@@ -460,7 +461,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
 ```
 
 <a href="" id="how-to-retrieve"></a>
-## Retrieve a device update report using Microsoft Endpoint Configuration Manager logs
+## Retrieve a device update report using Microsoft Endpoint Manager logs
 
 **For pre-GDR1 devices**
 Use this procedure for pre-GDR1 devices:

windows/client-management/mdm/get-product-package.md

@@ -1,6 +1,6 @@
 ---
 title: Get product package
-description: The Get product package operation retrieves the information about a specific application in the Micosoft Store for Business.
+description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business.
 ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F
 ms.reviewer: 
 manager: dansimp
@@ -14,7 +14,7 @@ ms.date: 09/18/2017
 
 # Get product package
 
-The **Get product package** operation retrieves the information about a specific application in the Micosoft Store for Business.
+The **Get product package** operation retrieves the information about a specific application in the Microsoft Store for Business.
 
 ## Request
 

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -103,12 +103,63 @@ ms.date: 10/08/2020
 - [ADMX_CredentialProviders/AllowDomainDelayLock](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-allowdomaindelaylock)
 - [ADMX_CredentialProviders/DefaultCredentialProvider](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-defaultcredentialprovider)
 - [ADMX_CredentialProviders/ExcludedCredentialProviders](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-excludedcredentialproviders)
+- [ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowdefcredentialswhenntlmonly)
+- [ADMX_CredSsp/AllowDefaultCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowdefaultcredentials)
+- [ADMX_CredSsp/AllowEncryptionOracle](./policy-csp-admx-credssp.md#admx-credssp-allowencryptionoracle)
+- [ADMX_CredSsp/AllowFreshCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowfreshcredentials)
+- [ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowfreshcredentialswhenntlmonly)
+- [ADMX_CredSsp/AllowSavedCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowsavedcredentials)
+- [ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowsavedcredentialswhenntlmonly)
+- [ADMX_CredSsp/DenyDefaultCredentials](./policy-csp-admx-credssp.md#admx-credssp-denydefaultcredentials)
+- [ADMX_CredSsp/DenyFreshCredentials](./policy-csp-admx-credssp.md#admx-credssp-denyfreshcredentials)
+- [ADMX_CredSsp/DenySavedCredentials](./policy-csp-admx-credssp.md#admx-credssp-denysavedcredentials)
+- [ADMX_CredSsp/RestrictedRemoteAdministration](./policy-csp-admx-credssp.md#admx-credssp-restrictedremoteadministration)
 - [ADMX_CredUI/EnableSecureCredentialPrompting](./policy-csp-admx-credui.md#admx-credui-enablesecurecredentialprompting)
 - [ADMX_CredUI/NoLocalPasswordResetQuestions](./policy-csp-admx-credui.md#admx-credui-nolocalpasswordresetquestions)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
 - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
+- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
+- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
+- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
+- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
+- [ADMX_Desktop/ForceActiveDesktopOn](./policy-csp-admx-desktop.md#admx-desktop-forceactivedesktopon)
+- [ADMX_Desktop/NoActiveDesktop](./policy-csp-admx-desktop.md#admx-desktop-noactivedesktop)
+- [ADMX_Desktop/NoActiveDesktopChanges](./policy-csp-admx-desktop.md#admx-desktop-noactivedesktopchanges)
+- [ADMX_Desktop/NoDesktop](./policy-csp-admx-desktop.md#admx-desktop-nodesktop)
+- [ADMX_Desktop/NoDesktopCleanupWizard](./policy-csp-admx-desktop.md#admx-desktop-nodesktopcleanupwizard)
+- [ADMX_Desktop/NoInternetIcon](./policy-csp-admx-desktop.md#admx-desktop-nointerneticon)
+- [ADMX_Desktop/NoMyComputerIcon](./policy-csp-admx-desktop.md#admx-desktop-nomycomputericon)
+- [ADMX_Desktop/NoMyDocumentsIcon](./policy-csp-admx-desktop.md#admx-desktop-nomydocumentsicon)
+- [ADMX_Desktop/NoNetHood](./policy-csp-admx-desktop.md#admx-desktop-nonethood)
+- [ADMX_Desktop/NoPropertiesMyComputer](./policy-csp-admx-desktop.md#admx-desktop-nopropertiesmycomputer)
+- [ADMX_Desktop/NoPropertiesMyDocuments](./policy-csp-admx-desktop.md#admx-desktop-nopropertiesmydocuments)
+- [ADMX_Desktop/NoRecentDocsNetHood](./policy-csp-admx-desktop.md#admx-desktop-norecentdocsnethood)
+- [ADMX_Desktop/NoRecycleBinIcon](./policy-csp-admx-desktop.md#admx-desktop-norecyclebinicon)
+- [ADMX_Desktop/NoRecycleBinProperties](./policy-csp-admx-desktop.md#admx-desktop-norecyclebinproperties)
+- [ADMX_Desktop/NoSaveSettings](./policy-csp-admx-desktop.md#admx-desktop-nosavesettings)
+- [ADMX_Desktop/NoWindowMinimizingShortcuts](./policy-csp-admx-desktop.md#admx-desktop-nowindowminimizingshortcuts)
+- [ADMX_Desktop/Wallpaper](./policy-csp-admx-desktop.md#admx-desktop-wallpaper)
+- [ADMX_Desktop/sz_ATC_DisableAdd](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableadd)
+- [ADMX_Desktop/sz_ATC_DisableClose](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableclose)
+- [ADMX_Desktop/sz_ATC_DisableDel](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disabledel)
+- [ADMX_Desktop/sz_ATC_DisableEdit](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableedit)
+- [ADMX_Desktop/sz_ATC_NoComponents](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-nocomponents)
+- [ADMX_Desktop/sz_AdminComponents_Title](./policy-csp-admx-desktop.md#admx-desktop-sz-admincomponents-title)
+- [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose)
+- [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving)
+- [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper)
+- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall)
+- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext)
+- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext)
+- [ADMX_DeviceInstallation/DeviceInstall_InstallTimeout](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-installtimeout)
+- [ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-policy-reboottime)
+- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny)
+- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore)
+- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser)
+- [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips)
+- [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
 - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2)
 - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries)
@@ -139,9 +190,82 @@ ms.date: 10/08/2020
 - [ADMX_DWM/DwmDisallowAnimations_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-2)
 - [ADMX_DWM/DwmDisallowColorizationColorChanges_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-1)
 - [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2)
+- [ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList](./policy-csp-admx-eaime.md#admx-eaime-l-donotincludenonpublishingstandardglyphinthecandidatelist)
+- [ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion](./policy-csp-admx-eaime.md#admx-eaime-l-restrictcharactercoderangeofconversion)
+- [ADMX_EAIME/L_TurnOffCustomDictionary](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffcustomdictionary)
+- [ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffhistorybasedpredictiveinput)
+- [ADMX_EAIME/L_TurnOffInternetSearchIntegration](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffinternetsearchintegration)
+- [ADMX_EAIME/L_TurnOffOpenExtendedDictionary](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffopenextendeddictionary)
+- [ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffsavingautotuningdatatofile)
+- [ADMX_EAIME/L_TurnOnCloudCandidate](./policy-csp-admx-eaime.md#admx-eaime-l-turnoncloudcandidate)
+- [ADMX_EAIME/L_TurnOnCloudCandidateCHS](./policy-csp-admx-eaime.md#admx-eaime-l-turnoncloudcandidatechs)
+- [ADMX_EAIME/L_TurnOnLexiconUpdate](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlexiconupdate)
+- [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers)
+- [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport)
 - [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove)
+- [ADMX_EnhancedStorage/ApprovedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedenstordevices)
+- [ADMX_EnhancedStorage/ApprovedSilos](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedsilos)
+- [ADMX_EnhancedStorage/DisablePasswordAuthentication](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-disablepasswordauthentication)
+- [ADMX_EnhancedStorage/DisallowLegacyDiskDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-disallowlegacydiskdevices)
+- [ADMX_EnhancedStorage/LockDeviceOnMachineLock](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-lockdeviceonmachinelock)
+- [ADMX_EnhancedStorage/RootHubConnectedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-roothubconnectedenstordevices)
+- [ADMX_ErrorReporting/PCH_AllOrNoneDef](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornonedef)
+- [ADMX_ErrorReporting/PCH_AllOrNoneEx](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornoneex)
+- [ADMX_ErrorReporting/PCH_AllOrNoneInc](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornoneinc)
+- [ADMX_ErrorReporting/PCH_ConfigureReport](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-configurereport)
+- [ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-reportoperatingsystemfaults)
+- [ADMX_ErrorReporting/WerArchive_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werarchive-1)
+- [ADMX_ErrorReporting/WerArchive_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werarchive-2)
+- [ADMX_ErrorReporting/WerAutoApproveOSDumps_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werautoapproveosdumps-1)
+- [ADMX_ErrorReporting/WerAutoApproveOSDumps_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werautoapproveosdumps-2)
+- [ADMX_ErrorReporting/WerBypassDataThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassdatathrottling-1)
+- [ADMX_ErrorReporting/WerBypassDataThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassdatathrottling-2)
+- [ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassnetworkcostthrottling-1)
+- [ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassnetworkcostthrottling-2)
+- [ADMX_ErrorReporting/WerBypassPowerThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypasspowerthrottling-1)
+- [ADMX_ErrorReporting/WerBypassPowerThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypasspowerthrottling-2)
+- [ADMX_ErrorReporting/WerCER](./policy-csp-admx-errorreporting.md#admx-errorreporting-wercer)
+- [ADMX_ErrorReporting/WerConsentCustomize_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentcustomize-1)
+- [ADMX_ErrorReporting/WerConsentOverride_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentoverride-1)
+- [ADMX_ErrorReporting/WerConsentOverride_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentoverride-2)
+- [ADMX_ErrorReporting/WerDefaultConsent_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdefaultconsent-1)
+- [ADMX_ErrorReporting/WerDefaultConsent_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdefaultconsent-2)
+- [ADMX_ErrorReporting/WerDisable_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdisable-1)
+- [ADMX_ErrorReporting/WerExlusion_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werexlusion-1)
+- [ADMX_ErrorReporting/WerExlusion_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werexlusion-2)
+- [ADMX_ErrorReporting/WerNoLogging_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernologging-1)
+- [ADMX_ErrorReporting/WerNoLogging_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernologging-2)
+- [ADMX_ErrorReporting/WerNoSecondLevelData_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernosecondleveldata-1)
+- [ADMX_ErrorReporting/WerQueue_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werqueue-1)
+- [ADMX_ErrorReporting/WerQueue_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werqueue-2)
 - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage)
 - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager)
+- [ADMX_EventLog/Channel_LogEnabled](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logenabled)
+- [ADMX_EventLog/Channel_LogFilePath_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-1)
+- [ADMX_EventLog/Channel_LogFilePath_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-2)
+- [ADMX_EventLog/Channel_LogFilePath_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-3)
+- [ADMX_EventLog/Channel_LogFilePath_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-4)
+- [ADMX_EventLog/Channel_LogMaxSize_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logmaxsize-3)
+- [ADMX_EventLog/Channel_Log_AutoBackup_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-1)
+- [ADMX_EventLog/Channel_Log_AutoBackup_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-2)
+- [ADMX_EventLog/Channel_Log_AutoBackup_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-3)
+- [ADMX_EventLog/Channel_Log_AutoBackup_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-4)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-1)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-2)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-3)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-4)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_5](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-5)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_6](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-6)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_7](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-7)
+- [ADMX_EventLog/Channel_Log_FileLogAccess_8](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-8)
+- [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2)
+- [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3)
+- [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
+- [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
+- [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
+- [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
+- [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
+- [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
 - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
 - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification)
@@ -158,6 +282,73 @@ ms.date: 10/08/2020
 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1)
 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
+- [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
+- [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
+- [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
+- [ADMX_Globalization/HideAdminOptions](./policy-csp-admx-globalization.md#admx-globalization-hideadminoptions)
+- [ADMX_Globalization/HideCurrentLocation](./policy-csp-admx-globalization.md#admx-globalization-hidecurrentlocation)
+- [ADMX_Globalization/HideLanguageSelection](./policy-csp-admx-globalization.md#admx-globalization-hidelanguageselection)
+- [ADMX_Globalization/HideLocaleSelectAndCustomize](./policy-csp-admx-globalization.md#admx-globalization-hidelocaleselectandcustomize)
+- [ADMX_Globalization/ImplicitDataCollectionOff_1](./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-1)
+- [ADMX_Globalization/ImplicitDataCollectionOff_2](./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-2)
+- [ADMX_Globalization/LocaleSystemRestrict](./policy-csp-admx-globalization.md#admx-globalization-localesystemrestrict)
+- [ADMX_Globalization/LocaleUserRestrict_1](./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-1)
+- [ADMX_Globalization/LocaleUserRestrict_2](./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-2)
+- [ADMX_Globalization/LockMachineUILanguage](./policy-csp-admx-globalization.md#admx-globalization-lockmachineuilanguage)
+- [ADMX_Globalization/LockUserUILanguage](./policy-csp-admx-globalization.md#admx-globalization-lockuseruilanguage)
+- [ADMX_Globalization/PreventGeoIdChange_1](./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-1)
+- [ADMX_Globalization/PreventGeoIdChange_2](./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-2)
+- [ADMX_Globalization/PreventUserOverrides_1](./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-1)
+- [ADMX_Globalization/PreventUserOverrides_2](./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-2)
+- [ADMX_Globalization/RestrictUILangSelect](./policy-csp-admx-globalization.md#admx-globalization-restrictuilangselect)
+- [ADMX_Globalization/TurnOffAutocorrectMisspelledWords](./policy-csp-admx-globalization.md#admx-globalization-turnoffautocorrectmisspelledwords)
+- [ADMX_Globalization/TurnOffHighlightMisspelledWords](./policy-csp-admx-globalization.md#admx-globalization-turnoffhighlightmisspelledwords)
+- [ADMX_Globalization/TurnOffInsertSpace](./policy-csp-admx-globalization.md#admx-globalization-turnoffinsertspace)
+- [ADMX_Globalization/TurnOffOfferTextPredictions](./policy-csp-admx-globalization.md#admx-globalization-turnoffoffertextpredictions)
+- [ADMX_Globalization/Y2K](./policy-csp-admx-globalization.md#admx-globalization-y2k)
+- [ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-allowx-forestpolicy-and-rup)
+- [ADMX_GroupPolicy/CSE_AppMgmt](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-appmgmt)
+- [ADMX_GroupPolicy/CSE_DiskQuota](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-diskquota)
+- [ADMX_GroupPolicy/CSE_EFSRecovery](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-efsrecovery)
+- [ADMX_GroupPolicy/CSE_FolderRedirection](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-folderredirection)
+- [ADMX_GroupPolicy/CSE_IEM](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-iem)
+- [ADMX_GroupPolicy/CSE_IPSecurity](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-ipsecurity)
+- [ADMX_GroupPolicy/CSE_Registry](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-registry)
+- [ADMX_GroupPolicy/CSE_Scripts](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-scripts)
+- [ADMX_GroupPolicy/CSE_Security](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-security)
+- [ADMX_GroupPolicy/CSE_Wired](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wired)
+- [ADMX_GroupPolicy/CSE_Wireless](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wireless)
+- [ADMX_GroupPolicy/CorpConnSyncWaitTime](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-corpconnsyncwaittime)
+- [ADMX_GroupPolicy/DenyRsopToInteractiveUser_1](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-1)
+- [ADMX_GroupPolicy/DenyRsopToInteractiveUser_2](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-2)
+- [ADMX_GroupPolicy/DisableAOACProcessing](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableaoacprocessing)
+- [ADMX_GroupPolicy/DisableAutoADMUpdate](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableautoadmupdate)
+- [ADMX_GroupPolicy/DisableBackgroundPolicy](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablebackgroundpolicy)
+- [ADMX_GroupPolicy/DisableLGPOProcessing](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablelgpoprocessing)
+- [ADMX_GroupPolicy/DisableUsersFromMachGP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableusersfrommachgp)
+- [ADMX_GroupPolicy/EnableCDP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablecdp)
+- [ADMX_GroupPolicy/EnableLogonOptimization](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimization)
+- [ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimizationonserversku)
+- [ADMX_GroupPolicy/EnableMMX](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablemmx)
+- [ADMX_GroupPolicy/EnforcePoliciesOnly](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enforcepoliciesonly)
+- [ADMX_GroupPolicy/FontMitigation](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-fontmitigation)
+- [ADMX_GroupPolicy/GPDCOptions](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gpdcoptions)
+- [ADMX_GroupPolicy/GPTransferRate_1](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-1)
+- [ADMX_GroupPolicy/GPTransferRate_2](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-2)
+- [ADMX_GroupPolicy/GroupPolicyRefreshRate](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrate)
+- [ADMX_GroupPolicy/GroupPolicyRefreshRateDC](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshratedc)
+- [ADMX_GroupPolicy/GroupPolicyRefreshRateUser](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrateuser)
+- [ADMX_GroupPolicy/LogonScriptDelay](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-logonscriptdelay)
+- [ADMX_GroupPolicy/NewGPODisplayName](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpodisplayname)
+- [ADMX_GroupPolicy/NewGPOLinksDisabled](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpolinksdisabled)
+- [ADMX_GroupPolicy/OnlyUseLocalAdminFiles](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-onlyuselocaladminfiles)
+- [ADMX_GroupPolicy/ProcessMitigationOptions](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-processmitigationoptions)
+- [ADMX_GroupPolicy/RSoPLogging](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-rsoplogging)
+- [ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-resetdfsclientinfoduringrefreshpolicy)
+- [ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaultfordirectaccess)
+- [ADMX_GroupPolicy/SlowlinkDefaultToAsync](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaulttoasync)
+- [ADMX_GroupPolicy/SyncWaitTime](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-syncwaittime)
+- [ADMX_GroupPolicy/UserPolicyMode](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-userpolicymode)
 - [ADMX_Help/DisableHHDEP](./policy-csp-admx-help.md#admx-help-disablehhdep)
 - [ADMX_Help/HelpQualifiedRootDir_Comp](./policy-csp-admx-help.md#admx-help-helpqualifiedrootdir-comp)
 - [ADMX_Help/RestrictRunFromHelp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp)
@@ -166,18 +357,163 @@ ms.date: 10/08/2020
 - [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback)
 - [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback)
 - [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance)
+- [ADMX_ICM/CEIPEnable](./policy-csp-admx-icm.md#admx-icm-ceipenable)
+- [ADMX_ICM/CertMgr_DisableAutoRootUpdates](./policy-csp-admx-icm.md#admx-icm-certmgr-disableautorootupdates)
+- [ADMX_ICM/DisableHTTPPrinting_1](./policy-csp-admx-icm.md#admx-icm-disablehttpprinting-1)
+- [ADMX_ICM/DisableWebPnPDownload_1](./policy-csp-admx-icm.md#admx-icm-disablewebpnpdownload-1)
+- [ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate](./policy-csp-admx-icm.md#admx-icm-driversearchplaces-dontsearchwindowsupdate)
+- [ADMX_ICM/EventViewer_DisableLinks](./policy-csp-admx-icm.md#admx-icm-eventviewer-disablelinks)
+- [ADMX_ICM/HSS_HeadlinesPolicy](./policy-csp-admx-icm.md#admx-icm-hss-headlinespolicy)
+- [ADMX_ICM/HSS_KBSearchPolicy](./policy-csp-admx-icm.md#admx-icm-hss-kbsearchpolicy)
+- [ADMX_ICM/InternetManagement_RestrictCommunication_1](./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-1)
+- [ADMX_ICM/InternetManagement_RestrictCommunication_2](./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-2)
+- [ADMX_ICM/NC_ExitOnISP](./policy-csp-admx-icm.md#admx-icm-nc-exitonisp)
+- [ADMX_ICM/NC_NoRegistration](./policy-csp-admx-icm.md#admx-icm-nc-noregistration)
+- [ADMX_ICM/PCH_DoNotReport](./policy-csp-admx-icm.md#admx-icm-pch-donotreport)
+- [ADMX_ICM/RemoveWindowsUpdate_ICM](./policy-csp-admx-icm.md#admx-icm-removewindowsupdate-icm)
+- [ADMX_ICM/SearchCompanion_DisableFileUpdates](./policy-csp-admx-icm.md#admx-icm-searchcompanion-disablefileupdates)
+- [ADMX_ICM/ShellNoUseInternetOpenWith_1](./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-1)
+- [ADMX_ICM/ShellNoUseInternetOpenWith_2](./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-2)
+- [ADMX_ICM/ShellNoUseStoreOpenWith_1](./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-1)
+- [ADMX_ICM/ShellNoUseStoreOpenWith_2](./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-2)
+- [ADMX_ICM/ShellPreventWPWDownload_1](./policy-csp-admx-icm.md#admx-icm-shellpreventwpwdownload-1)
+- [ADMX_ICM/ShellRemoveOrderPrints_1](./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-1)
+- [ADMX_ICM/ShellRemoveOrderPrints_2](./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-2)
+- [ADMX_ICM/ShellRemovePublishToWeb_1](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-1)
+- [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2)
+- [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1)
+- [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2)
 - [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor)
 - [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch)
 - [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness)
 - [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid)
 - [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold)
 - [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili)
+- [ADMX_Kerberos/AlwaysSendCompoundId](./policy-csp-admx-kerberos.md#admx-kerberos-alwayssendcompoundid)
+- [ADMX_Kerberos/DevicePKInitEnabled](./policy-csp-admx-kerberos.md#admx-kerberos-devicepkinitenabled)
+- [ADMX_Kerberos/HostToRealm](./policy-csp-admx-kerberos.md#admx-kerberos-hosttorealm)
+- [ADMX_Kerberos/KdcProxyDisableServerRevocationCheck](./policy-csp-admx-kerberos.md#admx-kerberos-kdcproxydisableserverrevocationcheck)
+- [ADMX_Kerberos/KdcProxyServer](./policy-csp-admx-kerberos.md#admx-kerberos-kdcproxyserver)
+- [ADMX_Kerberos/MitRealms](./policy-csp-admx-kerberos.md#admx-kerberos-mitrealms)
+- [ADMX_Kerberos/ServerAcceptsCompound](./policy-csp-admx-kerberos.md#admx-kerberos-serveracceptscompound)
+- [ADMX_Kerberos/StrictTarget](./policy-csp-admx-kerberos.md#admx-kerberos-stricttarget)
 - [ADMX_LanmanServer/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-ciphersuiteorder)
 - [ADMX_LanmanServer/Pol_HashPublication](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashpublication)
 - [ADMX_LanmanServer/Pol_HashSupportVersion](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashsupportversion)
 - [ADMX_LanmanServer/Pol_HonorCipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-honorciphersuiteorder)
+- [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder)
+- [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles)
+- [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
+- [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
+- [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
+- [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
+- [ADMX_Logon/DisableExplorerRunLegacy_2](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-2)
+- [ADMX_Logon/DisableExplorerRunOnceLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-1)
+- [ADMX_Logon/DisableExplorerRunOnceLegacy_2](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-2)
+- [ADMX_Logon/DisableStatusMessages](./policy-csp-admx-logon.md#admx-logon-disablestatusmessages)
+- [ADMX_Logon/DontEnumerateConnectedUsers](./policy-csp-admx-logon.md#admx-logon-dontenumerateconnectedusers)
+- [ADMX_Logon/NoWelcomeTips_1](./policy-csp-admx-logon.md#admx-logon-nowelcometips-1)
+- [ADMX_Logon/NoWelcomeTips_2](./policy-csp-admx-logon.md#admx-logon-nowelcometips-2)
+- [ADMX_Logon/Run_1](./policy-csp-admx-logon.md#admx-logon-run-1)
+- [ADMX_Logon/Run_2](./policy-csp-admx-logon.md#admx-logon-run-2)
+- [ADMX_Logon/SyncForegroundPolicy](./policy-csp-admx-logon.md#admx-logon-syncforegroundpolicy)
+- [ADMX_Logon/UseOEMBackground](./policy-csp-admx-logon.md#admx-logon-useoembackground)
+- [ADMX_Logon/VerboseStatus](./policy-csp-admx-logon.md#admx-logon-verbosestatus)
+- [ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-allowfastservicestartup)
+- [ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableantispywaredefender)
+- [ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableautoexclusions)
+- [ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableblockatfirstseen)
+- [ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disablelocaladminmerge)
+- [ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disablerealtimemonitoring)
+- [ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableroutinelytakingaction)
+- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-extensions)
+- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-paths)
+- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-processes)
+- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-asr-asronlyexclusions)
+- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-asr-rules)
+- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-controlledfolderaccess-allowedapplications)
+- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-controlledfolderaccess-protectedfolders)
+- [ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-mpengine-enablefilehashcomputation)
+- [ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-consumers-ips-disablesignatureretirement)
+- [ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-consumers-ips-sku-differentiation-signature-set-guid)
+- [ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-disableprotocolrecognition)
+- [ADMX_MicrosoftDefenderAntivirus/ProxyBypass](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxybypass)
+- [ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxypacurl)
+- [ADMX_MicrosoftDefenderAntivirus/ProxyServer](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxyserver)
+- [ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-quarantine-localsettingoverridepurgeitemsafterdelay)
+- [ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-quarantine-purgeitemsafterdelay)
+- [ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-randomizescheduletasktimes)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablebehaviormonitoring)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disableioavprotection)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disableonaccessprotection)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablerawwritenotification)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablescanonrealtimeenable)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-ioavmaxsize)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisablebehaviormonitoring)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisableioavprotection)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisableonaccessprotection)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisablerealtimemonitoring)
+- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverriderealtimescandirection)
+- [ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-localsettingoverridescan-scheduletime)
+- [ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-scan-scheduleday)
+- [ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-scan-scheduletime)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-additionalactiontimeout)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-criticalfailuretimeout)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-disableenhancednotifications)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-disablegenericreports)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-noncriticaltimeout)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-recentlycleanedtimeout)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-wpptracingcomponents)
+- [ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-wpptracinglevel)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-allowpause)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-archivemaxdepth)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-archivemaxsize)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablearchivescanning)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableemailscanning)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableheuristics)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablepackedexescanning)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableremovabledrivescanning)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablereparsepointscanning)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablerestorepoint)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablescanningmappednetworkdrivesforfullscan)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablescanningnetworkfiles)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverrideavgcpuloadfactor)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescanparameters)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescheduleday)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverrideschedulequickscantime)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescheduletime)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-lowcpupriority)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-missedscheduledscancountbeforecatchup)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-purgeitemsafterdelay)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-quickscaninterval)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scanonlyifidle)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scheduleday)
+- [ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scheduletime)
+- [ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-servicekeepalive)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-assignaturedue)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-avsignaturedue)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-definitionupdatefilesharessources)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disablescanonupdate)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disablescheduledsignatureupdateonbattery)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disableupdateonstartupwithoutengine)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-fallbackorder)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-forceupdatefrommu)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-realtimesignaturedelivery)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-scheduleday)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-scheduletime)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-sharedsignatureslocation)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-signaturedisablenotification)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-signatureupdatecatchupinterval)
+- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-updateonstartup)
+- [ADMX_MicrosoftDefenderAntivirus/SpynetReporting](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-spynetreporting)
+- [ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-spynet-localsettingoverridespynetreporting)
+- [ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-threats-threatiddefaultaction)
+- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-customdefaultactiontoaststring)
+- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-notification-suppress)
+- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-suppressrebootnotification)
+- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-uilockdown)
 - [ADMX_MMC/MMC_ActiveXControl](./policy-csp-admx-mmc.md#admx-mmc-mmc-activexcontrol)
 - [ADMX_MMC/MMC_ExtendView](./policy-csp-admx-mmc.md#admx-mmc-mmc-extendview)
 - [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb)
@@ -288,6 +624,35 @@ ms.date: 10/08/2020
 - [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
 - [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
 - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
+- [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy)
+- [ADMX_msched/RandomDelayPolicy](./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy)
+- [ADMX_MSDT/MsdtSupportProvider](./policy-csp-admx-msdt.md#admx-msdt-msdtsupportprovider)
+- [ADMX_MSDT/MsdtToolDownloadPolicy](./policy-csp-admx-msdt.md#admx-msdt-msdttooldownloadpolicy)
+- [ADMX_MSDT/WdiScenarioExecutionPolicy](./policy-csp-admx-msdt.md#admx-msdt-wdiscenarioexecutionpolicy)
+- [ADMX_MSI/AllowLockdownBrowse](./policy-csp-admx-msi.md#admx-msi-allowlockdownbrowse)
+- [ADMX_MSI/AllowLockdownMedia](./policy-csp-admx-msi.md#admx-msi-allowlockdownmedia)
+- [ADMX_MSI/AllowLockdownPatch](./policy-csp-admx-msi.md#admx-msi-allowlockdownpatch)
+- [ADMX_MSI/DisableAutomaticApplicationShutdown](./policy-csp-admx-msi.md#admx-msi-disableautomaticapplicationshutdown)
+- [ADMX_MSI/DisableBrowse](./policy-csp-admx-msi.md#admx-msi-disablebrowse)
+- [ADMX_MSI/DisableFlyweightPatching](./policy-csp-admx-msi.md#admx-msi-disableflyweightpatching)
+- [ADMX_MSI/DisableLoggingFromPackage](./policy-csp-admx-msi.md#admx-msi-disableloggingfrompackage)
+- [ADMX_MSI/DisableMSI](./policy-csp-admx-msi.md#admx-msi-disablemsi)
+- [ADMX_MSI/DisableMedia](./policy-csp-admx-msi.md#admx-msi-disablemedia)
+- [ADMX_MSI/DisablePatch](./policy-csp-admx-msi.md#admx-msi-disablepatch)
+- [ADMX_MSI/DisableRollback_1](./policy-csp-admx-msi.md#admx-msi-disablerollback-1)
+- [ADMX_MSI/DisableRollback_2](./policy-csp-admx-msi.md#admx-msi-disablerollback-2)
+- [ADMX_MSI/DisableSharedComponent](./policy-csp-admx-msi.md#admx-msi-disablesharedcomponent)
+- [ADMX_MSI/MSILogging](./policy-csp-admx-msi.md#admx-msi-msilogging)
+- [ADMX_MSI/MSI_DisableLUAPatching](./policy-csp-admx-msi.md#admx-msi-msi-disableluapatching)
+- [ADMX_MSI/MSI_DisablePatchUninstall](./policy-csp-admx-msi.md#admx-msi-msi-disablepatchuninstall)
+- [ADMX_MSI/MSI_DisableSRCheckPoints](./policy-csp-admx-msi.md#admx-msi-msi-disablesrcheckpoints)
+- [ADMX_MSI/MSI_DisableUserInstalls](./policy-csp-admx-msi.md#admx-msi-msi-disableuserinstalls)
+- [ADMX_MSI/MSI_EnforceUpgradeComponentRules](./policy-csp-admx-msi.md#admx-msi-msi-enforceupgradecomponentrules)
+- [ADMX_MSI/MSI_MaxPatchCacheSize](./policy-csp-admx-msi.md#admx-msi-msi-maxpatchcachesize)
+- [ADMX_MSI/MsiDisableEmbeddedUI](./policy-csp-admx-msi.md#admx-msi-msidisableembeddedui)
+- [ADMX_MSI/SafeForScripting](./policy-csp-admx-msi.md#admx-msi-safeforscripting)
+- [ADMX_MSI/SearchOrder](./policy-csp-admx-msi.md#admx-msi-searchorder)
+- [ADMX_MSI/TransformsSecure](./policy-csp-admx-msi.md#admx-msi-transformssecure)
 - [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
 - [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
 - [ADMX_nca/DTEs](./policy-csp-admx-nca.md#admx-nca-dtes)
@@ -424,14 +789,120 @@ ms.date: 10/08/2020
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
+- [ADMX_Power/ACConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-acconnectivityinstandby-2)
+- [ADMX_Power/ACCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-accriticalsleeptransitionsdisable-2)
+- [ADMX_Power/ACStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-acstartmenubuttonaction-2)
+- [ADMX_Power/AllowSystemPowerRequestAC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestac)
+- [ADMX_Power/AllowSystemPowerRequestDC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestdc)
+- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopenac)
+- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopendc)
+- [ADMX_Power/CustomActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-customactiveschemeoverride-2)
+- [ADMX_Power/DCBatteryDischargeAction0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction0-2)
+- [ADMX_Power/DCBatteryDischargeAction1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction1-2)
+- [ADMX_Power/DCBatteryDischargeLevel0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel0-2)
+- [ADMX_Power/DCBatteryDischargeLevel1UINotification_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1uinotification-2)
+- [ADMX_Power/DCBatteryDischargeLevel1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1-2)
+- [ADMX_Power/DCConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-dcconnectivityinstandby-2)
+- [ADMX_Power/DCCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-dccriticalsleeptransitionsdisable-2)
+- [ADMX_Power/DCStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-dcstartmenubuttonaction-2)
+- [ADMX_Power/DiskACPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskacpowerdowntimeout-2)
+- [ADMX_Power/DiskDCPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskdcpowerdowntimeout-2)
+- [ADMX_Power/Dont_PowerOff_AfterShutdown](./policy-csp-admx-power.md#admx-power-dont-poweroff-aftershutdown)
+- [ADMX_Power/EnableDesktopSlideShowAC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowac)
+- [ADMX_Power/EnableDesktopSlideShowDC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowdc)
+- [ADMX_Power/InboxActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-inboxactiveschemeoverride-2)
+- [ADMX_Power/PW_PromptPasswordOnResume](./policy-csp-admx-power.md#admx-power-pw-promptpasswordonresume)
+- [ADMX_Power/PowerThrottlingTurnOff](./policy-csp-admx-power.md#admx-power-powerthrottlingturnoff)
+- [ADMX_Power/ReserveBatteryNotificationLevel](./policy-csp-admx-power.md#admx-power-reservebatterynotificationlevel)
 - [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
 - [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
 - [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
 - [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
+- [ADMX_Printing/AllowWebPrinting](./policy-csp-admx-printing.md#admx-printing-allowwebprinting)
+- [ADMX_Printing/ApplicationDriverIsolation](./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation)
+- [ADMX_Printing/CustomizedSupportUrl](./policy-csp-admx-printing.md#admx-printing-customizedsupporturl)
+- [ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate](./policy-csp-admx-printing.md#admx-printing-donotinstallcompatibledriverfromwindowsupdate)
+- [ADMX_Printing/DomainPrinters](./policy-csp-admx-printing.md#admx-printing-domainprinters)
+- [ADMX_Printing/DownlevelBrowse](./policy-csp-admx-printing.md#admx-printing-downlevelbrowse)
+- [ADMX_Printing/EMFDespooling](./policy-csp-admx-printing.md#admx-printing-emfdespooling)
+- [ADMX_Printing/ForceSoftwareRasterization](./policy-csp-admx-printing.md#admx-printing-forcesoftwarerasterization)
+- [ADMX_Printing/IntranetPrintersUrl](./policy-csp-admx-printing.md#admx-printing-intranetprintersurl)
+- [ADMX_Printing/KMPrintersAreBlocked](./policy-csp-admx-printing.md#admx-printing-kmprintersareblocked)
+- [ADMX_Printing/LegacyDefaultPrinterMode](./policy-csp-admx-printing.md#admx-printing-legacydefaultprintermode)
+- [ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS](./policy-csp-admx-printing.md#admx-printing-mxdwuselegacyoutputformatmsxps)
+- [ADMX_Printing/NoDeletePrinter](./policy-csp-admx-printing.md#admx-printing-nodeleteprinter)
+- [ADMX_Printing/NonDomainPrinters](./policy-csp-admx-printing.md#admx-printing-nondomainprinters)
+- [ADMX_Printing/PackagePointAndPrintOnly](./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly)
+- [ADMX_Printing/PackagePointAndPrintOnly_Win7](./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly-win7)
+- [ADMX_Printing/PackagePointAndPrintServerList](./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist)
+- [ADMX_Printing/PackagePointAndPrintServerList_Win7](./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist-win7)
+- [ADMX_Printing/PhysicalLocation](./policy-csp-admx-printing.md#admx-printing-physicallocation)
+- [ADMX_Printing/PhysicalLocationSupport](./policy-csp-admx-printing.md#admx-printing-physicallocationsupport)
+- [ADMX_Printing/PrintDriverIsolationExecutionPolicy](./policy-csp-admx-printing.md#admx-printing-printdriverisolationexecutionpolicy
+)
+- [ADMX_Printing/PrintDriverIsolationOverrideCompat](./policy-csp-admx-printing.md#admx-printing-printdriverisolationoverridecompat)
+- [ADMX_Printing/PrinterDirectorySearchScope](./policy-csp-admx-printing.md#admx-printing-printerdirectorysearchscope)
+- [ADMX_Printing/PrinterServerThread](./policy-csp-admx-printing.md#admx-printing-printerserverthread)
+- [ADMX_Printing/ShowJobTitleInEventLogs](./policy-csp-admx-printing.md#admx-printing-showjobtitleineventlogs)
+- [ADMX_Printing/V4DriverDisallowPrinterExtension](./policy-csp-admx-printing.md#admx-printing-v4driverdisallowprinterextension)
+- [ADMX_Printing2/AutoPublishing](./policy-csp-admx-printing2.md#admx-printing2-autopublishing)
+- [ADMX_Printing2/ImmortalPrintQueue](./policy-csp-admx-printing2.md#admx-printing2-immortalprintqueue)
+- [ADMX_Printing2/PruneDownlevel](./policy-csp-admx-printing2.md#admx-printing2-prunedownlevel)
+- [ADMX_Printing2/PruningInterval](./policy-csp-admx-printing2.md#admx-printing2-pruninginterval)
+- [ADMX_Printing2/PruningPriority](./policy-csp-admx-printing2.md#admx-printing2-pruningpriority)
+- [ADMX_Printing2/PruningRetries](./policy-csp-admx-printing2.md#admx-printing2-pruningretries)
+- [ADMX_Printing2/PruningRetryLog](./policy-csp-admx-printing2.md#admx-printing2-pruningretrylog)
+- [ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint](./policy-csp-admx-printing2.md#admx-printing2-registerspoolerremoterpcendpoint)
+- [ADMX_Printing2/VerifyPublishedState](./policy-csp-admx-printing2.md#admx-printing2-verifypublishedstate)
+- [ADMX_Programs/NoDefaultPrograms](./policy-csp-admx-programs.md#admx-programs-nodefaultprograms)
+- [ADMX_Programs/NoGetPrograms](./policy-csp-admx-programs.md#admx-programs-nogetprograms)
+- [ADMX_Programs/NoInstalledUpdates](./policy-csp-admx-programs.md#admx-programs-noinstalledupdates)
+- [ADMX_Programs/NoProgramsAndFeatures](./policy-csp-admx-programs.md#admx-programs-noprogramsandfeatures)
+- [ADMX_Programs/NoProgramsCPL](./policy-csp-admx-programs.md#admx-programs-noprogramscpl)
+- [ADMX_Programs/NoWindowsFeatures](./policy-csp-admx-programs.md#admx-programs-nowindowsfeatures)
+- [ADMX_Programs/NoWindowsMarketplace](./policy-csp-admx-programs.md#admx-programs-nowindowsmarketplace)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
 - [ADMX_Reliability/ShutdownReason](./policy-csp-admx-reliability.md#admx-reliability-shutdownreason)
+- [ADMX_RemoteAssistance/RA_EncryptedTicketOnly](./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-encryptedticketonly)
+- [ADMX_RemoteAssistance/RA_Optimize_Bandwidth](./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-optimize-bandwidth)
+- [ADMX_RemovableStorage/AccessRights_RebootTime_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-1)
+- [ADMX_RemovableStorage/AccessRights_RebootTime_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-2)
+- [ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyexecute-access-2)
+- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-1)
+- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-2)
+- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-1)
+- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-2)
+- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-1)
+- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-2)
+- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-1)
+- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-2)
+- [ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyexecute-access-2)
+- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-1)
+- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-2)
+- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-1)
+- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-2)
+- [ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyexecute-access-2)
+- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-1)
+- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-2)
+- [ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denywrite-access-1)
+- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-1)
+- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-2)
+- [ADMX_RemovableStorage/Removable_Remote_Allow_Access](./policy-csp-admx-removablestorage.md#admx-removablestorage-removable-remote-allow-access)
+- [ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyexecute-access-2)
+- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-1)
+- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-2)
+- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-1)
+- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-2)
+- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-1)
+- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-2)
+- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-1)
+- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-2)
+- [ADMX_RPC/RpcExtendedErrorInformation](./policy-csp-admx-rpc.md#admx-rpc-rpcextendederrorinformation)
+- [ADMX_RPC/RpcIgnoreDelegationFailure](./policy-csp-admx-rpc.md#admx-rpc-rpcignoredelegationfailure)
+- [ADMX_RPC/RpcMinimumHttpConnectionTimeout](./policy-csp-admx-rpc.md#admx-rpc-rpcminimumhttpconnectiontimeout)
+- [ADMX_RPC/RpcStateInformation](./policy-csp-admx-rpc.md#admx-rpc-rpcstateinformation)
 - [ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled](./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled)
 - [ADMX_Scripts/MaxGPOScriptWaitPolicy](./policy-csp-admx-scripts.md#admx-scripts-maxgposcriptwaitpolicy)
 - [ADMX_Scripts/Run_Computer_PS_Scripts_First](./policy-csp-admx-scripts.md#admx-scripts-run-computer-ps-scripts-first)
@@ -454,6 +925,15 @@ ms.date: 10/08/2020
 - [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
 - [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
+- [ADMX_SettingSync/DisableAppSyncSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableappsyncsettingsync)
+- [ADMX_SettingSync/DisableApplicationSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableapplicationsettingsync)
+- [ADMX_SettingSync/DisableCredentialsSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablecredentialssettingsync)
+- [ADMX_SettingSync/DisableDesktopThemeSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disabledesktopthemesettingsync)
+- [ADMX_SettingSync/DisablePersonalizationSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablepersonalizationsettingsync)
+- [ADMX_SettingSync/DisableSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablesettingsync)
+- [ADMX_SettingSync/DisableStartLayoutSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablestartlayoutsettingsync)
+- [ADMX_SettingSync/DisableSyncOnPaidNetwork](./policy-csp-admx-settingsync.md#admx-settingsync-disablesynconpaidnetwork)
+- [ADMX_SettingSync/DisableWindowsSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablewindowssettingsync)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
 - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing)
@@ -461,6 +941,7 @@ ms.date: 10/08/2020
 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
 - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
 - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
+- [ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn](./policy-csp-admx-skydrive.md#admx-skydrive-preventnetworktrafficpreusersignin)
 - [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
 - [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
 - [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
@@ -547,6 +1028,7 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
+- [ADMX_SystemRestore/SR_DisableConfig](./policy-csp-admx-systemrestore.md#admx-systemrestore-sr-disableconfig)
 - [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
 - [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
 - [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
@@ -835,6 +1317,8 @@ ms.date: 10/08/2020
 - [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
 - [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
 - [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WindowsRemoteManagement/DisallowKerberos_1](./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-1)
+- [ADMX_WindowsRemoteManagement/DisallowKerberos_2](./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-2)
 - [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
 - [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
 - [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
@@ -852,6 +1336,12 @@ ms.date: 10/08/2020
 - [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
 - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
 - [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred)
+- [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours)
+- [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification)
+- [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours)
+- [ADMX_WPN/NoToastNotification](./policy-csp-admx-wpn.md#admx-wpn-notoastnotification)
+- [ADMX_WPN/QuietHoursDailyBeginMinute](./policy-csp-admx-wpn.md#admx-wpn-quiethoursdailybeginminute)
+- [ADMX_WPN/QuietHoursDailyEndMinute](./policy-csp-admx-wpn.md#admx-wpn-quiethoursdailyendminute)
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

windows/client-management/mdm/policy-csp-admx-addremoveprograms.md

@@ -106,7 +106,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
+Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. 
 
 To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
 
@@ -189,7 +189,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
 
 If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
 
@@ -270,7 +270,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
 
 If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
 
@@ -351,7 +351,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. 
 
 If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. 
 
@@ -433,7 +433,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
 
 If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
 
@@ -511,7 +511,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. 
 
 If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
 
@@ -589,7 +589,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. 
 
 If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
 
@@ -668,7 +668,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
 
 If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
 
@@ -746,7 +746,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
 
 If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
 
@@ -827,7 +827,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
 
 If you disable this setting or do not configure it, the Support Info hyperlink appears.
 
@@ -908,7 +908,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
 
 If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 

windows/client-management/mdm/policy-csp-admx-appcompat.md

@@ -108,7 +108,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
 
 You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
 
@@ -185,7 +185,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
 
 The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
 
@@ -256,7 +256,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Application Telemetry engine in the system.
+Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system.
 
 Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
 
@@ -331,7 +331,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Switchback compatibility engine in the system.
+Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system.
 
 Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
 
@@ -407,7 +407,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the application compatibility engine in the system.
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system.
 
 The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
 
@@ -485,7 +485,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
+Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
 
 <!--/Description-->
 
@@ -552,7 +552,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
 
 If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
 
@@ -626,7 +626,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder.
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder.
 
 Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots.  Steps Recorder includes an option to turn on and off data collection.
 
@@ -699,7 +699,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Inventory Collector. 
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector. 
 
 The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
 

windows/client-management/mdm/policy-csp-admx-auditsettings.md

@@ -74,7 +74,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
 
 If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
 

windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md

@@ -78,7 +78,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
 
 If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
 
@@ -151,7 +151,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
 
 If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
 

windows/client-management/mdm/policy-csp-admx-com.md

@@ -78,7 +78,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
 Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
 
@@ -153,7 +153,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
 
 Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
 

windows/client-management/mdm/policy-csp-admx-cpls.md

@@ -74,7 +74,7 @@ manager: dansimp
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
 
 > [!NOTE] 
 > The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.

windows/client-management/mdm/policy-csp-admx-credssp.md

@@ -0,0 +1,969 @@
+---
+title: Policy CSP - ADMX_CredSsp
+description: Policy CSP - ADMX_CredSsp
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 11/12/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_CredSsp
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_CredSsp policies  
+
+<dl>
+  <dd>
+    <a href="#admx-credssp-allowdefcredentialswhenntlmonly">ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowdefaultcredentials">ADMX_CredSsp/AllowDefaultCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowencryptionoracle">ADMX_CredSsp/AllowEncryptionOracle</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowfreshcredentials">ADMX_CredSsp/AllowFreshCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowfreshcredentialswhenntlmonly">ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowsavedcredentials">ADMX_CredSsp/AllowSavedCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-allowsavedcredentialswhenntlmonly">ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-denydefaultcredentials">ADMX_CredSsp/DenyDefaultCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-denyfreshcredentials">ADMX_CredSsp/DenyFreshCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-denysavedcredentials">ADMX_CredSsp/DenySavedCredentials</a>
+  </dd>
+  <dd>
+    <a href="#admx-credssp-restrictedremoteadministration">ADMX_CredSsp/RestrictedRemoteAdministration</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowdefcredentialswhenntlmonly"></a>**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved via NTLM.
+
+If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
+
+If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.
+
+> [!NOTE]
+> The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated.  The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating default credentials with NTLM-only server authentication*
+-   GP name: *AllowDefCredentialsWhenNTLMOnly*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowdefaultcredentials"></a>**ADMX_CredSsp/AllowDefaultCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.
+
+If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
+
+The policy becomes effective the next time the user signs on to a computer running Windows.
+
+If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
+
+FWlink for KB:
+https://go.microsoft.com/fwlink/?LinkId=301508
+
+> [!NOTE]
+> The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating default credentials*
+-   GP name: *AllowDefaultCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowencryptionoracle"></a>**ADMX_CredSsp/AllowEncryptionOracle**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
+
+Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client.  This policy controls compatibility with vulnerable clients and servers.  This policy allows you to set the level of protection desired for the encryption oracle vulnerability.
+
+If you enable this policy setting, CredSSP version support will be selected based on the following options:
+
+- Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. 
+
+    > [!NOTE]
+    > This setting should not be deployed until all remote hosts support the newest version.
+
+- Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
+
+- Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
+
+For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Encryption Oracle Remediation*
+-   GP name: *AllowEncryptionOracle*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowfreshcredentials"></a>**ADMX_CredSsp/AllowFreshCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
+
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
+
+If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+
+If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+
+> [!NOTE]
+> The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating fresh credentials*
+-   GP name: *AllowFreshCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowfreshcredentialswhenntlmonly"></a>**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved via NTLM.
+
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
+
+If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+
+If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
+
+> [!NOTE]
+> The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating fresh credentials with NTLM-only server authentication*
+-   GP name: *AllowFreshCredentialsWhenNTLMOnly*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowsavedcredentials"></a>**ADMX_CredSsp/AllowSavedCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
+
+If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+
+If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+
+If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
+
+> [!NOTE]
+> The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating saved credentials*
+-   GP name: *AllowSavedCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-allowsavedcredentialswhenntlmonly"></a>**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+This policy setting applies when server authentication was achieved via NTLM.
+
+If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+
+If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.
+
+If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
+
+> [!NOTE]
+> The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow delegating saved credentials with NTLM-only server authentication*
+-   GP name: *AllowSavedCredentialsWhenNTLMOnly*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-denydefaultcredentials"></a>**ADMX_CredSsp/DenyDefaultCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).
+
+If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+
+> [!NOTE]
+> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Deny delegating default credentials*
+-   GP name: *DenyDefaultCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-denyfreshcredentials"></a>**ADMX_CredSsp/DenyFreshCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
+
+If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+
+> [!NOTE]
+> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Deny delegating fresh credentials*
+-   GP name: *DenyFreshCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-denysavedcredentials"></a>**ADMX_CredSsp/DenySavedCredentials**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+
+If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
+
+If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+
+> [!NOTE]
+> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
+>
+> For Example:
+>
+> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
+> - TERMSRV/* Remote Desktop Session Host running on all machines.
+> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+
+This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Deny delegating saved credentials*
+-   GP name: *DenySavedCredentials*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credssp-restrictedremoteadministration"></a>**ADMX_CredSsp/RestrictedRemoteAdministration**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
+
+Participating apps:
+Remote Desktop Client
+
+If you enable this policy setting, the following options are supported:
+
+- Restrict credential delegation: Participating applications must use Restricted Admin or Remote Credential Guard to connect to remote hosts.
+- Require Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts.
+- Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts.
+
+If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices.
+
+> [!NOTE]
+> To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation).
+>
+> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Restrict delegation of credentials to remote servers*
+-   GP name: *RestrictedRemoteAdministration*
+-   GP path: *System\Credentials Delegation*
+-   GP ADMX file name: *CredSsp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+