diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 636f40127c..04fc71aad2 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -1,140 +1,158 @@
---
-title: Policy CSP - ADMX_WindowsRemoteManagement
-description: Policy CSP - ADMX_WindowsRemoteManagement
+title: ADMX_WindowsRemoteManagement Policy CSP
+description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 12/21/2022
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/16/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_WindowsRemoteManagement
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
-
+
+## DisallowKerberos_1
-
-## ADMX_WindowsRemoteManagement policies
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
- -
- ADMX_WindowsRemoteManagement/DisallowKerberos_1
-
- -
- ADMX_WindowsRemoteManagement/DisallowKerberos_2
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_1
+```
+
-
-
-
-
-**ADMX_WindowsRemoteManagement/DisallowKerberos_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Disallow Kerberos authentication*
-- GP name: *DisallowKerberos_1*
-- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service*
-- GP ADMX file name: *WindowsRemoteManagement.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**ADMX_WindowsRemoteManagement/DisallowKerberos_2**
+| Name | Value |
+|:--|:--|
+| Name | DisallowKerberos |
+| Friendly Name | Disallow Kerberos authentication |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Service |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service |
+| Registry Value Name | AllowKerberos |
+| ADMX File Name | WindowsRemoteManagement.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+## DisallowKerberos_2
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsRemoteManagement/DisallowKerberos_2
+```
+
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Disallow Kerberos authentication*
-- GP name: *DisallowKerberos_2*
-- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client*
-- GP ADMX file name: *WindowsRemoteManagement.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | DisallowKerberos |
+| Friendly Name | Disallow Kerberos authentication |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Remote Management (WinRM) > WinRM Client |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Client |
+| Registry Value Name | AllowKerberos |
+| ADMX File Name | WindowsRemoteManagement.admx |
+
-
\ No newline at end of file
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)