diff --git a/windows/client-management/mdm/images/mdm-enrollment-disable-policy.png b/windows/client-management/mdm/images/mdm-enrollment-disable-policy.png
new file mode 100644
index 0000000000..0f9dc0d872
Binary files /dev/null and b/windows/client-management/mdm/images/mdm-enrollment-disable-policy.png differ
diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md
index 4a733d2da7..1dbb44551e 100644
--- a/windows/client-management/mdm/mobile-device-enrollment.md
+++ b/windows/client-management/mdm/mobile-device-enrollment.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 08/11/2017
 ---
 
 # Mobile device enrollment
@@ -59,26 +59,30 @@ The following topics describe the end-to-end enrollment process using various au
 > -   Any fixed URIs that are passed during enrollment
 > -   Specific formatting of any value unless otherwise noted, such as the format of the device ID.
 
+
+## Enrollment support for domain-joined devices
  
+Devices that are joined to an on-premise Active Directory can enroll into MDM via the Work access page in **Settings**. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
 
-## Prevent MDM enrollments
+## Disable MDM enrollments
 
 
-Starting in Windows 10, version 1607, to prevent MDM enrollments for domain-joined PCs, you can set the following Group Policy:
+Starting in Windows 10, version 1607, IT admin can disable MDM enrollments for domain-joined PCs using Group Policy. Using the GP editor, the path is **Computer configuration** > **Administrative Templates** > **Windows Components** > **MDM** > **Disable MDM Enrollment**.
+
+![Disable MDM enrollment policy in GP Editor](images/mdm-enrollment-disable-policy.png)
+
+Here is the corresponding registry key:
 
 Key: \\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\MDM
 
 Value: DisableRegistration
 
-Using the GP editor, the path is Computer configuration > Administrative Templates > Windows Components > MDM > Disable MDM Enrollment.
-
 ## Enrollment scenarios not supported
 
-
 The following scenarios do not allow MDM enrollments:
 
 -   Built-in administrator accounts on Windows desktop cannot enroll into MDM.
--   Standard users on Windows desktop cannot enroll into MDM via the Work access page in **Settings**. To enroll a standard user into MDM, we recommend using a provisioning package or joining the device to Azure AD from **Settings** -> **System** -> **About**.
+-   Prior to Windows 10, version 1709, standard users on Windows desktop cannot enroll into MDM via the Work access page in **Settings**. Only admin users can enroll. To enroll a standard user into MDM, we recommend using a provisioning package or joining the device to Azure AD from **Settings** -> **System** -> **About**. Starting in Windows 10, version 1709, standard users can enroll in MDM.
 -   Windows 8.1 devices enrolled into MDM via enroll-on-behalf-of (EOBO) can upgrade to Windows 10, but the enrollment is not supported. We recommend performing a server initiated unenroll to remove these enrollments and then enrolling after the upgrade to Windows 10 is completed.
 
 ## Enrollment migration
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index faf1bef99e..7d908c4910 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,11 +10,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/10/2017
+ms.date: 08/11/2017
 ---
 
 # What's new in MDM enrollment and management
 
+
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
@@ -1327,6 +1328,17 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </thead>
 <tbody>
 <tr class="odd">
+<td style="vertical-align:top">[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)</td>
+<td style="vertical-align:top"><p>Added new step-by-step guide to enable ADMX-backed policies.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Mobile device enrollment](mobile-device-enrollment.md)</td>
+<td style="vertical-align:top"><p>Added the following statement:</p>
+<ul>
+<li>Devices that are joined to an on-premise Active Directory can enroll into MDM via the Work access page in <strong>Settings</strong>. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.</li>
+</ul>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[CM\_CellularEntries CSP](cm-cellularentries-csp.md)</td>
 <td style="vertical-align:top"><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
 </td></tr>