TPMPolicy CSP, incorporated feedback from Shantanu

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -2047,6 +2047,34 @@ The following tables show the configuration service providers support in Windows
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[TPMPolicy CSP](tpmpolicy-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)  
 

windows/client-management/mdm/tpmpolicy-csp.md

@@ -13,7 +13,9 @@ author: nickbrower
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-The TPMPolicy configuration service provider (CSP) . The TPMPolicy CSP was added in Windows 10, version 1703.
+The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
+
+The TPMPolicy CSP was added in Windows 10, version 1703.
 
 The following diagram shows the TPMPolicy configuration service provider in tree format.
 
@@ -23,7 +25,14 @@ The following diagram shows the TPMPolicy configuration service provider in tree
 <p style="margin-left: 20px">Defines the root node.</p>
 
 <a href="" id="isactivezeroexhaust"></a>**IsActiveZeroExhaust**  
-<p style="margin-left: 20px">Boolean value</p>
+<p style="margin-left: 20px">Boolean value that indicates whether network traffic from the device to public IP addresses are not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:</p>
+
+<ul>
+<li>There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected. </li>
+<li>There should be no traffic during installation of Windows and first logon when local ID is used.</li>
+<li>Launching and using a local app (Notepad, Paint, etc.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, etc.) should not send any traffic.</li>
+<li>Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic, telemetry, etc.) to Microsoft.</li>
+</ul>
 
 Here is an example: