Merge branch 'main' into fr-remove-ts-usmt-bitlocker

windows/client-management/enable-admx-backed-policies-in-mdm.md

@@ -105,7 +105,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
    2. Find the variable names of the parameters in the ADMX file.
 
-      You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
+      You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2).
 
       ![Publishing server 2 policy description.](images/admx-appv-policy-description.png)
 

windows/client-management/mdm/enterprisedataprotection-csp.md

@@ -277,7 +277,7 @@ Specifies whether to allow Azure RMS encryption for Windows Information Protecti
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 
 <a href="" id="settings-smbautoencryptedfileextensions"></a>**Settings/SMBAutoEncryptedFileExtensions**
-Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list.
+Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-csp-networkisolation.md) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-csp-networkisolation.md). Use semicolon (;) delimiter in the list.
 When this policy isn't specified, the existing auto-encryption behavior is applied.  When this policy is configured, only files with the extensions in the list will be encrypted.
 Supported operations are Add, Get, Replace and Delete. Value type is string.
 

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -21,32 +21,32 @@ ms.date: 07/22/2020
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
 - [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
 - [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#cryptography-tlsciphersuites)
-- [Defender/AllowArchiveScanning](policy-csp-defender.md#defender-allowarchivescanning)
+- [Defender/AllowArchiveScanning](policy-csp-defender.md#allowarchivescanning)
-- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#defender-allowbehaviormonitoring)
+- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#allowbehaviormonitoring)
-- [Defender/AllowCloudProtection](policy-csp-defender.md#defender-allowcloudprotection)
+- [Defender/AllowCloudProtection](policy-csp-defender.md#allowcloudprotection)
-- [Defender/AllowEmailScanning](policy-csp-defender.md#defender-allowemailscanning)
+- [Defender/AllowEmailScanning](policy-csp-defender.md#allowemailscanning)
-- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
+- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#allowfullscanonmappednetworkdrives)
-- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
+- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#allowfullscanremovabledrivescanning)
-- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
+- [Defender/AllowIOAVProtection](policy-csp-defender.md#allowioavprotection)
-- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
+- [Defender/AllowOnAccessProtection](policy-csp-defender.md#allowonaccessprotection)
-- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
+- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#allowrealtimemonitoring)
-- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
+- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#allowscanningnetworkfiles)
-- [Defender/AllowScriptScanning](policy-csp-defender.md#defender-allowscriptscanning)
+- [Defender/AllowScriptScanning](policy-csp-defender.md#allowscriptscanning)
-- [Defender/AllowUserUIAccess](policy-csp-defender.md#defender-allowuseruiaccess)
+- [Defender/AllowUserUIAccess](policy-csp-defender.md#allowuseruiaccess)
-- [Defender/AvgCPULoadFactor](policy-csp-defender.md#defender-avgcpuloadfactor)
+- [Defender/AvgCPULoadFactor](policy-csp-defender.md#avgcpuloadfactor)
-- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#defender-daystoretaincleanedmalware)
+- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#daystoretaincleanedmalware)
-- [Defender/ExcludedExtensions](policy-csp-defender.md#defender-excludedextensions)
+- [Defender/ExcludedExtensions](policy-csp-defender.md#excludedextensions)
-- [Defender/ExcludedPaths](policy-csp-defender.md#defender-excludedpaths)
+- [Defender/ExcludedPaths](policy-csp-defender.md#excludedpaths)
-- [Defender/ExcludedProcesses](policy-csp-defender.md#defender-excludedprocesses)
+- [Defender/ExcludedProcesses](policy-csp-defender.md#excludedprocesses)
-- [Defender/PUAProtection](policy-csp-defender.md#defender-puaprotection)
+- [Defender/PUAProtection](policy-csp-defender.md#puaprotection)
-- [Defender/RealTimeScanDirection](policy-csp-defender.md#defender-realtimescandirection)
+- [Defender/RealTimeScanDirection](policy-csp-defender.md#realtimescandirection)
-- [Defender/ScanParameter](policy-csp-defender.md#defender-scanparameter)
+- [Defender/ScanParameter](policy-csp-defender.md#scanparameter)
-- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#defender-schedulequickscantime)
+- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#schedulequickscantime)
-- [Defender/ScheduleScanDay](policy-csp-defender.md#defender-schedulescanday)
+- [Defender/ScheduleScanDay](policy-csp-defender.md#schedulescanday)
-- [Defender/ScheduleScanTime](policy-csp-defender.md#defender-schedulescantime)
+- [Defender/ScheduleScanTime](policy-csp-defender.md#schedulescantime)
-- [Defender/SignatureUpdateInterval](policy-csp-defender.md#defender-signatureupdateinterval)
+- [Defender/SignatureUpdateInterval](policy-csp-defender.md#signatureupdateinterval)
-- [Defender/SubmitSamplesConsent](policy-csp-defender.md#defender-submitsamplesconsent)
+- [Defender/SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
-- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#defender-threatseveritydefaultaction)
+- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
 - [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
 - [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
 - [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)

windows/client-management/mdm/policy-csp-admx-mss-legacy.md

@@ -0,0 +1,812 @@
+---
+title: ADMX_MSS-legacy Policy CSP
+description: Learn more about the ADMX_MSS-legacy Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/29/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- ADMX_MSS-legacy-Begin -->
+# Policy CSP - ADMX_MSS-legacy
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!-- ADMX_MSS-legacy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ADMX_MSS-legacy-Editable-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Begin -->
+## Pol_MSS_AutoAdminLogon
+
+<!-- Pol_MSS_AutoAdminLogon-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoAdminLogon-Applicability-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoAdminLogon
+```
+<!-- Pol_MSS_AutoAdminLogon-OmaUri-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoAdminLogon-Description-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable Automatic Logon (not recommended).
+<!-- Pol_MSS_AutoAdminLogon-Editable-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoAdminLogon-DFProperties-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoAdminLogon-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoAdminLogon-Examples-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-End -->
+
+<!-- Pol_MSS_AutoReboot-Begin -->
+## Pol_MSS_AutoReboot
+
+<!-- Pol_MSS_AutoReboot-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoReboot-Applicability-End -->
+
+<!-- Pol_MSS_AutoReboot-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoReboot
+```
+<!-- Pol_MSS_AutoReboot-OmaUri-End -->
+
+<!-- Pol_MSS_AutoReboot-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoReboot-Description-End -->
+
+<!-- Pol_MSS_AutoReboot-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoReboot-Editable-End -->
+
+<!-- Pol_MSS_AutoReboot-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoReboot-DFProperties-End -->
+
+<!-- Pol_MSS_AutoReboot-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoReboot-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoReboot-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoReboot-Examples-End -->
+
+<!-- Pol_MSS_AutoReboot-End -->
+
+<!-- Pol_MSS_AutoShareServer-Begin -->
+## Pol_MSS_AutoShareServer
+
+<!-- Pol_MSS_AutoShareServer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoShareServer-Applicability-End -->
+
+<!-- Pol_MSS_AutoShareServer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareServer
+```
+<!-- Pol_MSS_AutoShareServer-OmaUri-End -->
+
+<!-- Pol_MSS_AutoShareServer-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoShareServer-Description-End -->
+
+<!-- Pol_MSS_AutoShareServer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable administrative shares on servers (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoShareServer-Editable-End -->
+
+<!-- Pol_MSS_AutoShareServer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoShareServer-DFProperties-End -->
+
+<!-- Pol_MSS_AutoShareServer-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoShareServer-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoShareServer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoShareServer-Examples-End -->
+
+<!-- Pol_MSS_AutoShareServer-End -->
+
+<!-- Pol_MSS_AutoShareWks-Begin -->
+## Pol_MSS_AutoShareWks
+
+<!-- Pol_MSS_AutoShareWks-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoShareWks-Applicability-End -->
+
+<!-- Pol_MSS_AutoShareWks-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareWks
+```
+<!-- Pol_MSS_AutoShareWks-OmaUri-End -->
+
+<!-- Pol_MSS_AutoShareWks-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoShareWks-Description-End -->
+
+<!-- Pol_MSS_AutoShareWks-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable administrative shares on workstations (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoShareWks-Editable-End -->
+
+<!-- Pol_MSS_AutoShareWks-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoShareWks-DFProperties-End -->
+
+<!-- Pol_MSS_AutoShareWks-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoShareWks-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoShareWks-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoShareWks-Examples-End -->
+
+<!-- Pol_MSS_AutoShareWks-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Begin -->
+## Pol_MSS_DisableSavePassword
+
+<!-- Pol_MSS_DisableSavePassword-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_DisableSavePassword-Applicability-End -->
+
+<!-- Pol_MSS_DisableSavePassword-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_DisableSavePassword
+```
+<!-- Pol_MSS_DisableSavePassword-OmaUri-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_DisableSavePassword-Description-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Pol_MSS_DisableSavePassword-Editable-End -->
+
+<!-- Pol_MSS_DisableSavePassword-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_DisableSavePassword-DFProperties-End -->
+
+<!-- Pol_MSS_DisableSavePassword-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_DisableSavePassword-AdmxBacked-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+Prevent the dial-up password from being saved (recommended).
+<!-- Pol_MSS_DisableSavePassword-Examples-End -->
+
+<!-- Pol_MSS_DisableSavePassword-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Begin -->
+## Pol_MSS_EnableDeadGWDetect
+
+<!-- Pol_MSS_EnableDeadGWDetect-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_EnableDeadGWDetect-Applicability-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_EnableDeadGWDetect
+```
+<!-- Pol_MSS_EnableDeadGWDetect-OmaUri-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_EnableDeadGWDetect-Description-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow automatic detection of dead network gateways (could lead to DoS).
+<!-- Pol_MSS_EnableDeadGWDetect-Editable-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_EnableDeadGWDetect-DFProperties-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_EnableDeadGWDetect-Examples-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Begin -->
+## Pol_MSS_HideFromBrowseList
+
+<!-- Pol_MSS_HideFromBrowseList-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_HideFromBrowseList-Applicability-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_HideFromBrowseList
+```
+<!-- Pol_MSS_HideFromBrowseList-OmaUri-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_HideFromBrowseList-Description-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Hide Computer From the Browse List (not recommended except for highly secure environments).
+<!-- Pol_MSS_HideFromBrowseList-Editable-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_HideFromBrowseList-DFProperties-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_HideFromBrowseList-AdmxBacked-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_HideFromBrowseList-Examples-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Begin -->
+## Pol_MSS_KeepAliveTime
+
+<!-- Pol_MSS_KeepAliveTime-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_KeepAliveTime-Applicability-End -->
+
+<!-- Pol_MSS_KeepAliveTime-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_KeepAliveTime
+```
+<!-- Pol_MSS_KeepAliveTime-OmaUri-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_KeepAliveTime-Description-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how often keep-alive packets are sent in milliseconds.
+<!-- Pol_MSS_KeepAliveTime-Editable-End -->
+
+<!-- Pol_MSS_KeepAliveTime-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_KeepAliveTime-DFProperties-End -->
+
+<!-- Pol_MSS_KeepAliveTime-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_KeepAliveTime-AdmxBacked-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_KeepAliveTime-Examples-End -->
+
+<!-- Pol_MSS_KeepAliveTime-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Begin -->
+## Pol_MSS_NoDefaultExempt
+
+<!-- Pol_MSS_NoDefaultExempt-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_NoDefaultExempt-Applicability-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NoDefaultExempt
+```
+<!-- Pol_MSS_NoDefaultExempt-OmaUri-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_NoDefaultExempt-Description-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Configure IPSec exemptions for various types of network traffic.
+<!-- Pol_MSS_NoDefaultExempt-Editable-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_NoDefaultExempt-DFProperties-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_NoDefaultExempt-AdmxBacked-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_NoDefaultExempt-Examples-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Begin -->
+## Pol_MSS_NtfsDisable8dot3NameCreation
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NtfsDisable8dot3NameCreation
+```
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable the computer to stop generating 8.3 style filenames.
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Begin -->
+## Pol_MSS_PerformRouterDiscovery
+
+<!-- Pol_MSS_PerformRouterDiscovery-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_PerformRouterDiscovery-Applicability-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_PerformRouterDiscovery
+```
+<!-- Pol_MSS_PerformRouterDiscovery-OmaUri-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_PerformRouterDiscovery-Description-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+ Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).
+<!-- Pol_MSS_PerformRouterDiscovery-Editable-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_PerformRouterDiscovery-DFProperties-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_PerformRouterDiscovery-Examples-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Begin -->
+## Pol_MSS_SafeDllSearchMode
+
+<!-- Pol_MSS_SafeDllSearchMode-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_SafeDllSearchMode-Applicability-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SafeDllSearchMode
+```
+<!-- Pol_MSS_SafeDllSearchMode-OmaUri-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_SafeDllSearchMode-Description-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable Safe DLL search mode (recommended).
+<!-- Pol_MSS_SafeDllSearchMode-Editable-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_SafeDllSearchMode-DFProperties-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_SafeDllSearchMode-Examples-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Begin -->
+## Pol_MSS_ScreenSaverGracePeriod
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_ScreenSaverGracePeriod
+```
+<!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-Description-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+he time in seconds before the screen saver grace period expires (0 recommended).
+<!-- Pol_MSS_ScreenSaverGracePeriod-Editable-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-Examples-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Begin -->
+## Pol_MSS_SynAttackProtect
+
+<!-- Pol_MSS_SynAttackProtect-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_SynAttackProtect-Applicability-End -->
+
+<!-- Pol_MSS_SynAttackProtect-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SynAttackProtect
+```
+<!-- Pol_MSS_SynAttackProtect-OmaUri-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_SynAttackProtect-Description-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Syn attack protection level (protects against DoS).
+<!-- Pol_MSS_SynAttackProtect-Editable-End -->
+
+<!-- Pol_MSS_SynAttackProtect-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_SynAttackProtect-DFProperties-End -->
+
+<!-- Pol_MSS_SynAttackProtect-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_SynAttackProtect-AdmxBacked-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_SynAttackProtect-Examples-End -->
+
+<!-- Pol_MSS_SynAttackProtect-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Begin -->
+## Pol_MSS_TcpMaxConnectResponseRetransmissions
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxConnectResponseRetransmissions
+```
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+SYN-ACK retransmissions when a connection request is not acknowledged.
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Begin -->
+## Pol_MSS_TcpMaxDataRetransmissions
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissions
+```
+<!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Description-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Begin -->
+## Pol_MSS_TcpMaxDataRetransmissionsIPv6
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissionsIPv6
+```
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-End -->
+
+<!-- Pol_MSS_WarningLevel-Begin -->
+## Pol_MSS_WarningLevel
+
+<!-- Pol_MSS_WarningLevel-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_WarningLevel-Applicability-End -->
+
+<!-- Pol_MSS_WarningLevel-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_WarningLevel
+```
+<!-- Pol_MSS_WarningLevel-OmaUri-End -->
+
+<!-- Pol_MSS_WarningLevel-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_WarningLevel-Description-End -->
+
+<!-- Pol_MSS_WarningLevel-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Percentage threshold for the security event log at which the system will generate a warning.
+<!-- Pol_MSS_WarningLevel-Editable-End -->
+
+<!-- Pol_MSS_WarningLevel-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_WarningLevel-DFProperties-End -->
+
+<!-- Pol_MSS_WarningLevel-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_WarningLevel-AdmxBacked-End -->
+
+<!-- Pol_MSS_WarningLevel-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_WarningLevel-Examples-End -->
+
+<!-- Pol_MSS_WarningLevel-End -->
+
+<!-- ADMX_MSS-legacy-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- ADMX_MSS-legacy-CspMoreInfo-End -->
+
+<!-- ADMX_MSS-legacy-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-admx-sam.md

@@ -0,0 +1,113 @@
+---
+title: ADMX_sam Policy CSP
+description: Learn more about the ADMX_sam Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/29/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- ADMX_sam-Begin -->
+# Policy CSP - ADMX_sam
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!-- ADMX_sam-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ADMX_sam-Editable-End -->
+
+<!-- SamNGCKeyROCAValidation-Begin -->
+## SamNGCKeyROCAValidation
+
+<!-- SamNGCKeyROCAValidation-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- SamNGCKeyROCAValidation-Applicability-End -->
+
+<!-- SamNGCKeyROCAValidation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_sam/SamNGCKeyROCAValidation
+```
+<!-- SamNGCKeyROCAValidation-OmaUri-End -->
+
+<!-- SamNGCKeyROCAValidation-Description-Begin -->
+This policy setting allows you to configure how domain controllers handle Windows Hello for Business (WHfB) keys that are vulnerable to the "Return of Coppersmith's attack" (ROCA) vulnerability.
+
+For more information on the ROCA vulnerability, please see:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361
+
+https://en.wikipedia.org/wiki/ROCA_vulnerability
+
+If you enable this policy setting the following options are supported:
+
+Ignore: during authentication the domain controller will not probe any WHfB keys for the ROCA vulnerability.
+
+Audit: during authentication the domain controller will emit audit events for WHfB keys that are subject to the ROCA vulnerability (authentications will still succeed).
+
+Block: during authentication the domain controller will block the use of WHfB keys that are subject to the ROCA vulnerability (authentications will fail).
+
+This setting only takes effect on domain controllers.
+
+If not configured, domain controllers will default to using their local configuration. The default local configuration is Audit.
+
+A reboot is not required for changes to this setting to take effect.
+
+Note: to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs.
+
+More information is available at https://go.microsoft.com/fwlink/?linkid=2116430.
+<!-- SamNGCKeyROCAValidation-Description-End -->
+
+<!-- SamNGCKeyROCAValidation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SamNGCKeyROCAValidation-Editable-End -->
+
+<!-- SamNGCKeyROCAValidation-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- SamNGCKeyROCAValidation-DFProperties-End -->
+
+<!-- SamNGCKeyROCAValidation-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SamNGCKeyROCAValidation |
+| Friendly Name | Configure validation of ROCA-vulnerable WHfB keys during authentication |
+| Location | Computer Configuration |
+| Path | System > Security Account Manager |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM |
+| ADMX File Name | sam.admx |
+<!-- SamNGCKeyROCAValidation-AdmxBacked-End -->
+
+<!-- SamNGCKeyROCAValidation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SamNGCKeyROCAValidation-Examples-End -->
+
+<!-- SamNGCKeyROCAValidation-End -->
+
+<!-- ADMX_sam-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- ADMX_sam-CspMoreInfo-End -->
+
+<!-- ADMX_sam-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-clouddesktop.md

@@ -0,0 +1,80 @@
+---
+title: CloudDesktop Policy CSP
+description: Learn more about the CloudDesktop Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/22/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- CloudDesktop-Begin -->
+# Policy CSP - CloudDesktop
+
+<!-- CloudDesktop-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CloudDesktop-Editable-End -->
+
+<!-- BootToCloudMode-Begin -->
+## BootToCloudMode
+
+<!-- BootToCloudMode-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- BootToCloudMode-Applicability-End -->
+
+<!-- BootToCloudMode-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/CloudDesktop/BootToCloudMode
+```
+<!-- BootToCloudMode-OmaUri-End -->
+
+<!-- BootToCloudMode-Description-Begin -->
+This policy is used by IT admin to set the configuration mode of cloud PC.
+<!-- BootToCloudMode-Description-End -->
+
+<!-- BootToCloudMode-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- BootToCloudMode-Editable-End -->
+
+<!-- BootToCloudMode-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+| Dependency [OverrideShellProgramDependencyGroup] | Dependency Type: `DependsOn` <br> Dependency URI: `Device/Vendor/MSFT/Policy/Config/WindowsLogon/OverrideShellProgram` <br> Dependency Allowed Value: `[1]` <br> Dependency Allowed Value Type: `Range` <br>  |
+<!-- BootToCloudMode-DFProperties-End -->
+
+<!-- BootToCloudMode-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not Configured |
+| 1 | Enable Boot to Cloud Desktop |
+<!-- BootToCloudMode-AllowedValues-End -->
+
+<!-- BootToCloudMode-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- BootToCloudMode-Examples-End -->
+
+<!-- BootToCloudMode-End -->
+
+<!-- CloudDesktop-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- CloudDesktop-CspMoreInfo-End -->
+
+<!-- CloudDesktop-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-cloudpc.md

@@ -0,0 +1,79 @@
+---
+title: CloudPC Policy CSP
+description: Learn more about the CloudPC Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/02/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- CloudPC-Begin -->
+# Policy CSP - CloudPC
+
+<!-- CloudPC-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CloudPC-Editable-End -->
+
+<!-- CloudPCConfiguration-Begin -->
+## CloudPCConfiguration
+
+<!-- CloudPCConfiguration-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :x: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- CloudPCConfiguration-Applicability-End -->
+
+<!-- CloudPCConfiguration-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/CloudPC/CloudPCConfiguration
+```
+<!-- CloudPCConfiguration-OmaUri-End -->
+
+<!-- CloudPCConfiguration-Description-Begin -->
+This policy is used by IT admin to set the configuration mode of cloud PC.
+<!-- CloudPCConfiguration-Description-End -->
+
+<!-- CloudPCConfiguration-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CloudPCConfiguration-Editable-End -->
+
+<!-- CloudPCConfiguration-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- CloudPCConfiguration-DFProperties-End -->
+
+<!-- CloudPCConfiguration-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Fast Switching Configuration. |
+| 1 | Boot to cloud PC Configuration. |
+<!-- CloudPCConfiguration-AllowedValues-End -->
+
+<!-- CloudPCConfiguration-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- CloudPCConfiguration-Examples-End -->
+
+<!-- CloudPCConfiguration-End -->
+
+<!-- CloudPC-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- CloudPC-CspMoreInfo-End -->
+
+<!-- CloudPC-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-msslegacy.md

@@ -1,211 +1,210 @@
 ---
-title: Policy CSP - MSSLegacy
+title: MSSLegacy Policy CSP
-description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
+description: Learn more about the MSSLegacy Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 11/29/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- MSSLegacy-Begin -->
 # Policy CSP - MSSLegacy
 
-<hr/>
-
-<!--Policies-->
-## MSSLegacy policies
-
-<dl>
-  <dd>
-    <a href="#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes">MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</a>
-  </dd>
-  <dd>
-    <a href="#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers">MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</a>
-  </dd>
-  <dd>
-    <a href="#msslegacy-ipsourceroutingprotectionlevel">MSSLegacy/IPSourceRoutingProtectionLevel</a>
-  </dd>
-  <dd>
-    <a href="#msslegacy-ipv6sourceroutingprotectionlevel">MSSLegacy/IPv6SourceRoutingProtectionLevel</a>
-  </dd>
-</dl>
-
 > [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<hr/>
+<!-- MSSLegacy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- MSSLegacy-Editable-End -->
 
-<!--Policy-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Begin -->
-<a href="" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes"></a>**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**
+## AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
 
-<!--SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|No|No|
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-End -->
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-Begin -->
-<hr/>
+<!-- Description-Not-Found -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-End -->
 
-<!--Scope-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow ICMP redirects to override OSPF generated routes.
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-End -->
 
-> [!div class = "checklist"]
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-Begin -->
-> * Device
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-End -->
 
-<!--/Scope-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-Begin -->
-<!--Description-->
+<!-- Unknown -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-End -->
 
-<!--/Description-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-End -->
 
-<!--ADMXBacked-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-End -->
-ADMX Info:
--   GP name: *Pol_MSS_EnableICMPRedirect*
--   GP ADMX file name: *mss-legacy.admx*
 
-<!--/ADMXBacked-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Begin -->
-<!--/Policy-->
+## AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
 
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-End -->
 
-<!--Policy-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-Begin -->
-<a href="" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers"></a>**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
+```
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-End -->
 
-<!--SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-Begin -->
-|--- |--- |--- |
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-|Home|No|No|
+Allow the computer to ignore NetBIOS name release requests except from WINS servers.
-|Pro|Yes|Yes|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-End -->
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-Begin -->
-<hr/>
+**Description framework properties**:
 
-<!--Scope-->
+| Property name | Property value |
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-End -->
 
-> [!div class = "checklist"]
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-Begin -->
-> * Device
+<!-- Unknown -->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-End -->
 
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-End -->
 
-<!--/Scope-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-End -->
-<!--Description-->
 
-<!--/Description-->
+<!-- IPSourceRoutingProtectionLevel-Begin -->
+## IPSourceRoutingProtectionLevel
 
+<!-- IPSourceRoutingProtectionLevel-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- IPSourceRoutingProtectionLevel-Applicability-End -->
 
-<!--ADMXBacked-->
+<!-- IPSourceRoutingProtectionLevel-OmaUri-Begin -->
-ADMX Info:
+```Device
--   GP name: *Pol_MSS_NoNameReleaseOnDemand*
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
--   GP ADMX file name: *mss-legacy.admx*
+```
+<!-- IPSourceRoutingProtectionLevel-OmaUri-End -->
 
-<!--/ADMXBacked-->
+<!-- IPSourceRoutingProtectionLevel-Description-Begin -->
-<!--/Policy-->
+<!-- Description-Not-Found -->
+<!-- IPSourceRoutingProtectionLevel-Description-End -->
 
-<hr/>
+<!-- IPSourceRoutingProtectionLevel-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+IP source routing protection level (protects against packet spoofing).
+<!-- IPSourceRoutingProtectionLevel-Editable-End -->
 
-<!--Policy-->
+<!-- IPSourceRoutingProtectionLevel-DFProperties-Begin -->
-<a href="" id="msslegacy-ipsourceroutingprotectionlevel"></a>**MSSLegacy/IPSourceRoutingProtectionLevel**
+**Description framework properties**:
 
-<!--SupportedSKUs-->
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- IPSourceRoutingProtectionLevel-DFProperties-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-Begin -->
-|--- |--- |--- |
+<!-- Unknown -->
-|Home|No|No|
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- IPSourceRoutingProtectionLevel-Examples-Begin -->
-<hr/>
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- IPSourceRoutingProtectionLevel-Examples-End -->
 
-<!--Scope-->
+<!-- IPSourceRoutingProtectionLevel-End -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
 
-> [!div class = "checklist"]
+<!-- IPv6SourceRoutingProtectionLevel-Begin -->
-> * Device
+## IPv6SourceRoutingProtectionLevel
 
-<hr/>
+<!-- IPv6SourceRoutingProtectionLevel-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- IPv6SourceRoutingProtectionLevel-Applicability-End -->
 
-<!--/Scope-->
+<!-- IPv6SourceRoutingProtectionLevel-OmaUri-Begin -->
-<!--Description-->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
+```
+<!-- IPv6SourceRoutingProtectionLevel-OmaUri-End -->
 
-<!--/Description-->
+<!-- IPv6SourceRoutingProtectionLevel-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- IPv6SourceRoutingProtectionLevel-Description-End -->
 
-<!--ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-Editable-Begin -->
-ADMX Info:
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
--   GP name: *Pol_MSS_DisableIPSourceRouting*
+IPv6 source routing protection level (protects against packet spoofing).
--   GP ADMX file name: *mss-legacy.admx*
+<!-- IPv6SourceRoutingProtectionLevel-Editable-End -->
 
-<!--/ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- IPv6SourceRoutingProtectionLevel-DFProperties-End -->
 
-<!--Policy-->
+<!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-Begin -->
-<a href="" id="msslegacy-ipv6sourceroutingprotectionlevel"></a>**MSSLegacy/IPv6SourceRoutingProtectionLevel**
+<!-- Unknown -->
+<!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-End -->
 
-<!--SupportedSKUs-->
+<!-- IPv6SourceRoutingProtectionLevel-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- IPv6SourceRoutingProtectionLevel-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- IPv6SourceRoutingProtectionLevel-End -->
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- MSSLegacy-CspMoreInfo-Begin -->
-<hr/>
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- MSSLegacy-CspMoreInfo-End -->
 
-<!--Scope-->
+<!-- MSSLegacy-End -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
 
-> [!div class = "checklist"]
+## Related articles
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-
-<!--/Description-->
-
-<!--ADMXBacked-->
-ADMX Info:
--   GP name: *Pol_MSS_DisableIPSourceRoutingIPv6*
--   GP ADMX file name: *mss-legacy.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-
-<!--/Policies-->
-
-## Related topics
 
 [Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-settingssync.md

@@ -0,0 +1,96 @@
+---
+title: SettingsSync Policy CSP
+description: Learn more about the SettingsSync Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/29/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- SettingsSync-Begin -->
+# Policy CSP - SettingsSync
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!-- SettingsSync-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SettingsSync-Editable-End -->
+
+<!-- DisableAccessibilitySettingSync-Begin -->
+## DisableAccessibilitySettingSync
+
+<!-- DisableAccessibilitySettingSync-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- DisableAccessibilitySettingSync-Applicability-End -->
+
+<!-- DisableAccessibilitySettingSync-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/SettingsSync/DisableAccessibilitySettingSync
+```
+<!-- DisableAccessibilitySettingSync-OmaUri-End -->
+
+<!-- DisableAccessibilitySettingSync-Description-Begin -->
+Prevent the "accessibility" group from syncing to and from this PC. This turns off and disables the "accessibility" group on the "Windows backup" settings page in PC settings.
+
+If you enable this policy setting, the "accessibility", group will not be synced.
+
+Use the option "Allow users to turn accessibility syncing on" so that syncing is turned off by default but not disabled.
+
+If you do not set or disable this setting, syncing of the "accessibility" group is on by default and configurable by the user.
+<!-- DisableAccessibilitySettingSync-Description-End -->
+
+<!-- DisableAccessibilitySettingSync-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableAccessibilitySettingSync-Editable-End -->
+
+<!-- DisableAccessibilitySettingSync-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DisableAccessibilitySettingSync-DFProperties-End -->
+
+<!-- DisableAccessibilitySettingSync-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableAccessibilitySettingSync |
+| Friendly Name | Do not sync accessibility settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Sync your settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
+| Registry Value Name | DisableAccessibilitySettingSync |
+| ADMX File Name | SettingSync.admx |
+<!-- DisableAccessibilitySettingSync-AdmxBacked-End -->
+
+<!-- DisableAccessibilitySettingSync-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableAccessibilitySettingSync-Examples-End -->
+
+<!-- DisableAccessibilitySettingSync-End -->
+
+<!-- SettingsSync-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- SettingsSync-CspMoreInfo-End -->
+
+<!-- SettingsSync-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-stickers.md

@@ -0,0 +1,79 @@
+---
+title: Stickers Policy CSP
+description: Learn more about the Stickers Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/02/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- Stickers-Begin -->
+# Policy CSP - Stickers
+
+<!-- Stickers-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Stickers-Editable-End -->
+
+<!-- EnableStickers-Begin -->
+## EnableStickers
+
+<!-- EnableStickers-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- EnableStickers-Applicability-End -->
+
+<!-- EnableStickers-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Stickers/EnableStickers
+```
+<!-- EnableStickers-OmaUri-End -->
+
+<!-- EnableStickers-Description-Begin -->
+This policy setting allows you to control whether you want to allow stickers to be edited and placed on Desktop
+<!-- EnableStickers-Description-End -->
+
+<!-- EnableStickers-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableStickers-Editable-End -->
+
+<!-- EnableStickers-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableStickers-DFProperties-End -->
+
+<!-- EnableStickers-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- EnableStickers-AllowedValues-End -->
+
+<!-- EnableStickers-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableStickers-Examples-End -->
+
+<!-- EnableStickers-End -->
+
+<!-- Stickers-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Stickers-CspMoreInfo-End -->
+
+<!-- Stickers-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md

@@ -0,0 +1,80 @@
+---
+title: TenantDefinedTelemetry Policy CSP
+description: Learn more about the TenantDefinedTelemetry Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/02/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- TenantDefinedTelemetry-Begin -->
+# Policy CSP - TenantDefinedTelemetry
+
+<!-- TenantDefinedTelemetry-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TenantDefinedTelemetry-Editable-End -->
+
+<!-- CustomTelemetryId-Begin -->
+## CustomTelemetryId
+
+<!-- CustomTelemetryId-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :x: Pro <br> :x: Enterprise <br> :x: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- CustomTelemetryId-Applicability-End -->
+
+<!-- CustomTelemetryId-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/TenantDefinedTelemetry/CustomTelemetryId
+```
+<!-- CustomTelemetryId-OmaUri-End -->
+
+<!-- CustomTelemetryId-Description-Begin -->
+This policy is used to let mission control what type of Edition we are currently in.
+<!-- CustomTelemetryId-Description-End -->
+
+<!-- CustomTelemetryId-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CustomTelemetryId-Editable-End -->
+
+<!-- CustomTelemetryId-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- CustomTelemetryId-DFProperties-End -->
+
+<!-- CustomTelemetryId-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Base |
+| 1 | Education |
+| 2 | Commercial |
+<!-- CustomTelemetryId-AllowedValues-End -->
+
+<!-- CustomTelemetryId-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- CustomTelemetryId-Examples-End -->
+
+<!-- CustomTelemetryId-End -->
+
+<!-- TenantDefinedTelemetry-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- TenantDefinedTelemetry-CspMoreInfo-End -->
+
+<!-- TenantDefinedTelemetry-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-tenantrestrictions.md

@@ -0,0 +1,98 @@
+---
+title: TenantRestrictions Policy CSP
+description: Learn more about the TenantRestrictions Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/29/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- TenantRestrictions-Begin -->
+# Policy CSP - TenantRestrictions
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!-- TenantRestrictions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TenantRestrictions-Editable-End -->
+
+<!-- ConfigureTenantRestrictions-Begin -->
+## ConfigureTenantRestrictions
+
+<!-- ConfigureTenantRestrictions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.320] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later <br> :heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- ConfigureTenantRestrictions-Applicability-End -->
+
+<!-- ConfigureTenantRestrictions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions
+```
+<!-- ConfigureTenantRestrictions-OmaUri-End -->
+
+<!-- ConfigureTenantRestrictions-Description-Begin -->
+This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.
+
+When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.
+
+Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.
+
+https://go.microsoft.com/fwlink/?linkid=2148762
+
+Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information.
+For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230
+<!-- ConfigureTenantRestrictions-Description-End -->
+
+<!-- ConfigureTenantRestrictions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureTenantRestrictions-Editable-End -->
+
+<!-- ConfigureTenantRestrictions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigureTenantRestrictions-DFProperties-End -->
+
+<!-- ConfigureTenantRestrictions-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | trv2_payload |
+| Friendly Name | Cloud Policy Details |
+| Location | Computer Configuration |
+| Path | Windows Components > Tenant Restrictions |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
+| ADMX File Name | TenantRestrictions.admx |
+<!-- ConfigureTenantRestrictions-AdmxBacked-End -->
+
+<!-- ConfigureTenantRestrictions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureTenantRestrictions-Examples-End -->
+
+<!-- ConfigureTenantRestrictions-End -->
+
+<!-- TenantRestrictions-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- TenantRestrictions-CspMoreInfo-End -->
+
+<!-- TenantRestrictions-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-windowslogon.md

@@ -1,267 +1,264 @@
 ---
-title: Policy CSP - WindowsLogon
+title: WindowsLogon Policy CSP
-description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
+description: Learn more about the WindowsLogon Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 11/29/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsLogon-Begin -->
 # Policy CSP - WindowsLogon
 
-<hr/>
-
-<!--Policies-->
-## WindowsLogon policies
-
-<dl>
-  <dd>
-    <a href="#windowslogon-allowautomaticrestartsignon">WindowsLogon/AllowAutomaticRestartSignOn</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-configautomaticrestartsignon">WindowsLogon/ConfigAutomaticRestartSignOn</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-enablefirstlogonanimation">WindowsLogon/EnableFirstLogonAnimation</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-enablemprnotifications">WindowsLogon/EnableMPRNotifications</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
-  </dd>
-  <dd>
-    <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
-  </dd>
-</dl>
-
 > [!TIP]
-> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<hr/>
+<!-- WindowsLogon-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsLogon-Editable-End -->
 
-<!--Policy-->
+<!-- AllowAutomaticRestartSignOn-Begin -->
-<a href="" id="windowslogon-allowautomaticrestartsignon"></a>**WindowsLogon/AllowAutomaticRestartSignOn**
+## AllowAutomaticRestartSignOn
 
-<!--SupportedSKUs-->
+<!-- AllowAutomaticRestartSignOn-Applicability-Begin -->
-The table below shows the applicability of Windows:
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- AllowAutomaticRestartSignOn-Applicability-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- AllowAutomaticRestartSignOn-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|Yes|Yes|
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- AllowAutomaticRestartSignOn-OmaUri-End -->
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- AllowAutomaticRestartSignOn-Description-Begin -->
-<hr/>
+This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
 
-<!--Scope-->
+This only occurs if the last interactive user didn’t sign out before the restart or shutdown.​
-[Scope](./policy-configuration-service-provider.md#policy-scope):
 
-> [!div class = "checklist"]
+If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.​
-> * Device
 
-<hr/>
+If you don’t configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​
 
-<!--/Scope-->
+After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​.
-<!--Description-->
-This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot.
 
-This scenario occurs only if the last interactive user didn't sign out before the restart or shutdown.​
+If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
+<!-- AllowAutomaticRestartSignOn-Description-End -->
 
-If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.​
+<!-- AllowAutomaticRestartSignOn-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowAutomaticRestartSignOn-Editable-End -->
 
-If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​
+<!-- AllowAutomaticRestartSignOn-DFProperties-Begin -->
+**Description framework properties**:
 
-After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- AllowAutomaticRestartSignOn-DFProperties-End -->
 
-If you disable this policy setting, the device doesn't configure automatic sign in. The user’s lock screen apps aren't restarted after the system restarts.
+<!-- AllowAutomaticRestartSignOn-AdmxBacked-Begin -->
+**ADMX mapping**:
 
-<!--/Description-->
+| Name | Value |
+|:--|:--|
+| Name | AutomaticRestartSignOnDescription |
+| Friendly Name | Sign-in and lock last interactive user automatically after a restart |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Logon Options |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| Registry Value Name | DisableAutomaticRestartSignOn |
+| ADMX File Name | WinLogon.admx |
+<!-- AllowAutomaticRestartSignOn-AdmxBacked-End -->
 
-<!--ADMXBacked-->
+<!-- AllowAutomaticRestartSignOn-Examples-Begin -->
-ADMX Info:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
--   GP Friendly name: *Sign-in and lock last interactive user automatically after a restart*
+<!-- AllowAutomaticRestartSignOn-Examples-End -->
--   GP name: *AutomaticRestartSignOn*
--   GP path: *Windows Components/Windows Logon Options*
--   GP ADMX file name: *WinLogon.admx*
 
-<!--/ADMXBacked-->
+<!-- AllowAutomaticRestartSignOn-End -->
-<!--SupportedValues-->
 
-<!--/SupportedValues-->
+<!-- ConfigAutomaticRestartSignOn-Begin -->
-<!--Example-->
+## ConfigAutomaticRestartSignOn
 
-<!--/Example-->
+<!-- ConfigAutomaticRestartSignOn-Applicability-Begin -->
-<!--Validation-->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- ConfigAutomaticRestartSignOn-Applicability-End -->
 
-<!--/Validation-->
+<!-- ConfigAutomaticRestartSignOn-OmaUri-Begin -->
-<!--/Policy-->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/ConfigAutomaticRestartSignOn
+```
+<!-- ConfigAutomaticRestartSignOn-OmaUri-End -->
 
-<hr/>
+<!-- ConfigAutomaticRestartSignOn-Description-Begin -->
-
+This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose “Disabled” in the “Sign-in and lock last interactive user automatically after a restart” policy, then automatic sign on will not occur and this policy does not need to be configured.
-<!--Policy-->
-<a href="" id="windowslogon-configautomaticrestartsignon"></a>**WindowsLogon/ConfigAutomaticRestartSignOn**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting controls the configuration under which an automatic restart, sign in, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign in doesn't occur and this policy need not be configured.
 
 If you enable this policy setting, you can choose one of the following two options:
 
-- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
+1. “Enabled if BitLocker is on and not suspended” specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
 BitLocker is suspended during updates if:
-    - The device doesn't have TPM 2.0 and PCR7
+- The device doesn’t have TPM 2.0 and PCR7, or
-    - The device doesn't use a TPM-only protector
+- The device doesn’t use a TPM-only protector
-- Always Enabled: Specifies that automatic sign in happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign in should only be run under this condition if you're confident that the configured device is in a secure physical location.
+2. “Always Enabled” specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
 
-If you disable or don't configure this setting, automatic sign in defaults to the “Enabled if BitLocker is on and not suspended” behavior.
+If you disable or don’t configure this setting, automatic sign on will default to the “Enabled if BitLocker is on and not suspended” behavior.
+<!-- ConfigAutomaticRestartSignOn-Description-End -->
 
-<!--/Description-->
+<!-- ConfigAutomaticRestartSignOn-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigAutomaticRestartSignOn-Editable-End -->
 
-<!--ADMXBacked-->
+<!-- ConfigAutomaticRestartSignOn-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
--   GP Friendly name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot*
--   GP name: *ConfigAutomaticRestartSignOn*
--   GP path: *Windows Components/Windows Logon Options*
--   GP ADMX file name: *WinLogon.admx*
 
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--SupportedValues-->
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigAutomaticRestartSignOn-DFProperties-End -->
 
-<!--/SupportedValues-->
+<!-- ConfigAutomaticRestartSignOn-AdmxBacked-Begin -->
-<!--Example-->
+**ADMX mapping**:
 
-<!--/Example-->
+| Name | Value |
-<!--Validation-->
+|:--|:--|
+| Name | ConfigAutomaticRestartSignOnDescription |
+| Friendly Name | Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Logon Options |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| ADMX File Name | WinLogon.admx |
+<!-- ConfigAutomaticRestartSignOn-AdmxBacked-End -->
 
-<!--/Validation-->
+<!-- ConfigAutomaticRestartSignOn-Examples-Begin -->
-<!--/Policy-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigAutomaticRestartSignOn-Examples-End -->
 
-<hr/>
+<!-- ConfigAutomaticRestartSignOn-End -->
 
-<!--Policy-->
+<!-- DisableLockScreenAppNotifications-Begin -->
-<a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**
+## DisableLockScreenAppNotifications
 
-<!--SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Applicability-Begin -->
-The table below shows the applicability of Windows:
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- DisableLockScreenAppNotifications-Applicability-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- DisableLockScreenAppNotifications-OmaUri-Begin -->
-|--- |--- |--- |
+```Device
-|Home|No|No|
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DisableLockScreenAppNotifications
-|Pro|Yes|Yes|
+```
-|Windows SE|No|Yes|
+<!-- DisableLockScreenAppNotifications-OmaUri-End -->
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Description-Begin -->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
 This policy setting allows you to prevent app notifications from appearing on the lock screen.
 
 If you enable this policy setting, no app notifications are displayed on the lock screen.
 
-If you disable or don't configure this policy setting, users can choose which apps display notifications on the lock screen.
+If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
+<!-- DisableLockScreenAppNotifications-Description-End -->
 
-<!--/Description-->
+<!-- DisableLockScreenAppNotifications-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableLockScreenAppNotifications-Editable-End -->
 
-<!--ADMXBacked-->
+<!-- DisableLockScreenAppNotifications-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
--   GP Friendly name: *Turn off app notifications on the lock screen*
--   GP name: *DisableLockScreenAppNotifications*
--   GP path: *System/Logon*
--   GP ADMX file name: *logon.admx*
 
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--/Policy-->
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DisableLockScreenAppNotifications-DFProperties-End -->
 
-<hr/>
+<!-- DisableLockScreenAppNotifications-AdmxBacked-Begin -->
+**ADMX mapping**:
 
-<!--Policy-->
+| Name | Value |
-<a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**
+|:--|:--|
+| Name | DisableLockScreenAppNotifications |
+| Friendly Name | Turn off app notifications on the lock screen |
+| Location | Computer Configuration |
+| Path | System > Logon |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | DisableLockScreenAppNotifications |
+| ADMX File Name | Logon.admx |
+<!-- DisableLockScreenAppNotifications-AdmxBacked-End -->
 
-<!--SupportedSKUs-->
+<!-- DisableLockScreenAppNotifications-Examples-Begin -->
-The table below shows the applicability of Windows:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableLockScreenAppNotifications-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- DisableLockScreenAppNotifications-End -->
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- DontDisplayNetworkSelectionUI-Begin -->
-<hr/>
+## DontDisplayNetworkSelectionUI
 
-<!--Scope-->
+<!-- DontDisplayNetworkSelectionUI-Applicability-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- DontDisplayNetworkSelectionUI-Applicability-End -->
 
-> [!div class = "checklist"]
+<!-- DontDisplayNetworkSelectionUI-OmaUri-Begin -->
-> * Device
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
+```
+<!-- DontDisplayNetworkSelectionUI-OmaUri-End -->
 
-<hr/>
+<!-- DontDisplayNetworkSelectionUI-Description-Begin -->
+This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
 
-<!--/Scope-->
+If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
-<!--Description-->
-This policy setting allows you to control whether anyone can interact with available networks UI on the sign-in screen.
-
-If you enable this policy setting, the PC's network connectivity state can't be changed without signing into Windows.
 
 If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
+<!-- DontDisplayNetworkSelectionUI-Description-End -->
+
+<!-- DontDisplayNetworkSelectionUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DontDisplayNetworkSelectionUI-Editable-End -->
+
+<!-- DontDisplayNetworkSelectionUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DontDisplayNetworkSelectionUI-DFProperties-End -->
+
+<!-- DontDisplayNetworkSelectionUI-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DontDisplayNetworkSelectionUI |
+| Friendly Name | Do not display network selection UI |
+| Location | Computer Configuration |
+| Path | System > Logon |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | DontDisplayNetworkSelectionUI |
+| ADMX File Name | Logon.admx |
+<!-- DontDisplayNetworkSelectionUI-AdmxBacked-End -->
+
+<!-- DontDisplayNetworkSelectionUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+**Example**:
 
 Here's an example to enable this policy:
 
@@ -287,236 +284,314 @@ Here's an example to enable this policy:
   </SyncBody>
 </SyncML>
 ```
+<!-- DontDisplayNetworkSelectionUI-Examples-End -->
 
-<!--/Description-->
+<!-- DontDisplayNetworkSelectionUI-End -->
 
-<!--ADMXBacked-->
+<!-- EnableFirstLogonAnimation-Begin -->
-ADMX Info:
+## EnableFirstLogonAnimation
--   GP Friendly name: *Do not display network selection UI*
--   GP name: *DontDisplayNetworkSelectionUI*
--   GP path: *System/Logon*
--   GP ADMX file name: *logon.admx*
 
-<!--/ADMXBacked-->
+<!-- EnableFirstLogonAnimation-Applicability-Begin -->
-<!--/Policy-->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- EnableFirstLogonAnimation-Applicability-End -->
 
-<hr/>
+<!-- EnableFirstLogonAnimation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnableFirstLogonAnimation
+```
+<!-- EnableFirstLogonAnimation-OmaUri-End -->
 
-<!--Policy-->
+<!-- EnableFirstLogonAnimation-Description-Begin -->
-<a href="" id="windowslogon-enablefirstlogonanimation"></a>**WindowsLogon/EnableFirstLogonAnimation**
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time.  This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later.  It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in.
 
-<!--SupportedSKUs-->
+If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation.
-The table below shows the applicability of Windows:
 
-|Edition|Windows 10|Windows 11|
+If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services.
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation.
-<hr/>
 
-<!--Scope-->
+Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- EnableFirstLogonAnimation-Description-End -->
 
-> [!div class = "checklist"]
+<!-- EnableFirstLogonAnimation-Editable-Begin -->
-> * Device
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableFirstLogonAnimation-Editable-End -->
 
-<hr/>
+<!-- EnableFirstLogonAnimation-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Scope-->
+| Property name | Property value |
-<!--Description-->
+|:--|:--|
-This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This view applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- EnableFirstLogonAnimation-DFProperties-End -->
 
-If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation.
+<!-- EnableFirstLogonAnimation-AllowedValues-Begin -->
+**Allowed values**:
 
-If you disable this policy setting, users don't see the animation and Microsoft account users don't see the opt-in prompt for services.
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+<!-- EnableFirstLogonAnimation-AllowedValues-End -->
 
-If you don't configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting isn't configured, users new to this computer don't see the animation.
+<!-- EnableFirstLogonAnimation-GpMapping-Begin -->
+**Group policy mapping**:
 
-> [!NOTE]
+| Name | Value |
-> The first sign-in animation isn't displayed on Server, so this policy has no effect.
+|:--|:--|
+| Name | EnableFirstLogonAnimation |
+| Friendly Name | Show first sign-in animation  |
+| Location | Computer Configuration |
+| Path | System > Logon |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| Registry Value Name | EnableFirstLogonAnimation |
+| ADMX File Name | Logon.admx |
+<!-- EnableFirstLogonAnimation-GpMapping-End -->
 
-<!--/Description-->
+<!-- EnableFirstLogonAnimation-Examples-Begin -->
-<!--ADMXMapped-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-ADMX Info:
+<!-- EnableFirstLogonAnimation-Examples-End -->
--   GP Friendly name: *Show first sign-in animation*
--   GP name: *EnableFirstLogonAnimation*
--   GP path: *System/Logon*
--   GP ADMX file name: *Logon.admx*
 
-<!--/ADMXMapped-->
+<!-- EnableFirstLogonAnimation-End -->
-<!--SupportedValues-->
-Supported values:
--   0 - disabled
--   1 - enabled
-<!--/SupportedValues-->
-<!--Example-->
 
-<!--/Example-->
+<!-- EnableMPRNotifications-Begin -->
-<!--Validation-->
+## EnableMPRNotifications
 
-<!--/Validation-->
+<!-- EnableMPRNotifications-Applicability-Begin -->
-<!--/Policy-->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- EnableMPRNotifications-Applicability-End -->
 
-<hr/>
+<!-- EnableMPRNotifications-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnableMPRNotifications
+```
+<!-- EnableMPRNotifications-OmaUri-End -->
 
-<!--Policy-->
+<!-- EnableMPRNotifications-Description-Begin -->
-<a href="" id="windowslogon-enablemprnotifications"></a>**WindowsLogon/EnableMPRNotifications**
+This policy controls the configuration under which winlogon sends MPR notifications in the system.
 
-<!--SupportedSKUs-->
+If you enable this setting or do not configure it, winlogon sends MPR notifications if a credential manager is configured.
-The table below shows the applicability of Windows:
 
-|Edition|Windows 10|Windows 11|
+If you disable this setting, winlogon does not send MPR notifications.
-|--- |--- |--- |
+<!-- EnableMPRNotifications-Description-End -->
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- EnableMPRNotifications-Editable-Begin -->
-<hr/>
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableMPRNotifications-Editable-End -->
 
-<!--Scope-->
+<!-- EnableMPRNotifications-DFProperties-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+**Description framework properties**:
 
-> [!div class = "checklist"]
+| Property name | Property value |
-> * Device
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- EnableMPRNotifications-DFProperties-End -->
 
-<hr/>
+<!-- EnableMPRNotifications-AdmxBacked-Begin -->
+**ADMX mapping**:
 
-<!--/Scope-->
+| Name | Value |
-<!--Description-->
+|:--|:--|
-This policy allows winlogon to send MPR notifications in the system if a credential manager is configured.
+| Name | EnableMPRNotifications |
+| Friendly Name | Enable MPR notifications for the system |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Logon Options |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| Registry Value Name | EnableMPR |
+| ADMX File Name | WinLogon.admx |
+<!-- EnableMPRNotifications-AdmxBacked-End -->
 
-If you disable (0), MPR notifications will not be sent by winlogon.
+<!-- EnableMPRNotifications-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableMPRNotifications-Examples-End -->
 
-If you enable (1) or do not configure this policy setting this policy, MPR notifications will be sent by winlogon.
+<!-- EnableMPRNotifications-End -->
 
-<!--/Description-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Begin -->
-<!--SupportedValues-->
+## EnumerateLocalUsersOnDomainJoinedComputers
-Supported values:
 
--   0 - disabled
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-Begin -->
--   1 (default)- enabled
+| Scope | Editions | Applicable OS |
-<!--/SupportedValues-->
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-End -->
 
-<!--/Policy-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
+```
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-End -->
 
-<hr/>
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Description-Begin -->
-
-<!--Policy-->
-<a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
 This policy setting allows local users to be enumerated on domain-joined computers.
 
 If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.
 
-If you disable or don't configure this policy setting, the Logon UI won't enumerate local users on domain-joined computers.
+If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Description-End -->
 
-<!--/Description-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Editable-End -->
 
-<!--ADMXBacked-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
--   GP Friendly name: *Enumerate local users on domain-joined computers*
--   GP name: *EnumerateLocalUsers*
--   GP path: *System/Logon*
--   GP ADMX file name: *logon.admx*
 
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--/Policy-->
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-DFProperties-End -->
 
-<hr/>
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-AdmxBacked-Begin -->
+**ADMX mapping**:
 
-<!--Policy-->
+| Name | Value |
-<a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**
+|:--|:--|
+| Name | EnumerateLocalUsers |
+| Friendly Name | Enumerate local users on domain-joined computers |
+| Location | Computer Configuration |
+| Path | System > Logon |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | EnumerateLocalUsers |
+| ADMX File Name | Logon.admx |
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-AdmxBacked-End -->
 
-<!--SupportedSKUs-->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Examples-Begin -->
-The table below shows the applicability of Windows:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- EnumerateLocalUsersOnDomainJoinedComputers-End -->
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- HideFastUserSwitching-Begin -->
-<hr/>
+## HideFastUserSwitching
 
-<!--Scope-->
+<!-- HideFastUserSwitching-Applicability-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- HideFastUserSwitching-Applicability-End -->
 
-> [!div class = "checklist"]
+<!-- HideFastUserSwitching-OmaUri-Begin -->
-> * Device
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/HideFastUserSwitching
+```
+<!-- HideFastUserSwitching-OmaUri-End -->
 
-<hr/>
+<!-- HideFastUserSwitching-Description-Begin -->
+This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager.
 
-<!--/Scope-->
+If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied.
-<!--Description-->
-This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or don't configure this policy setting, the Switch account button is accessible to the user in the three locations.
 
-<!--/Description-->
+The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager.
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide entry points for Fast User Switching*
--   GP name: *HideFastUserSwitching*
--   GP path: *System/Logon*
--   GP ADMX file name: *Logon.admx*
 
-<!--/ADMXMapped-->
+If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.
-<!--SupportedValues-->
+<!-- HideFastUserSwitching-Description-End -->
-The following list shows the supported values:
 
--   0 (default) - Disabled (visible).
+<!-- HideFastUserSwitching-Editable-Begin -->
--   1 - Enabled (hidden).
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideFastUserSwitching-Editable-End -->
 
-<!--/SupportedValues-->
+<!-- HideFastUserSwitching-DFProperties-Begin -->
-<!--Validation-->
+**Description framework properties**:
-To validate on Desktop, do the following steps:
 
-1.   Enable policy.
+| Property name | Property value |
-2.   Verify that the Switch account button in Start is hidden.
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideFastUserSwitching-DFProperties-End -->
 
-<!--/Validation-->
+<!-- HideFastUserSwitching-AllowedValues-Begin -->
-<!--/Policy-->
+**Allowed values**:
-<hr/>
 
-<!--/Policies-->
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled (visible). |
+| 1 | Enabled (hidden). |
+<!-- HideFastUserSwitching-AllowedValues-End -->
 
-## Related topics
+<!-- HideFastUserSwitching-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideFastUserSwitching |
+| Friendly Name | Hide entry points for Fast User Switching |
+| Location | Computer Configuration |
+| Path | System > Logon |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| Registry Value Name | HideFastUserSwitching |
+| ADMX File Name | Logon.admx |
+<!-- HideFastUserSwitching-GpMapping-End -->
+
+<!-- HideFastUserSwitching-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideFastUserSwitching-Examples-End -->
+
+<!-- HideFastUserSwitching-End -->
+
+<!-- OverrideShellProgram-Begin -->
+## OverrideShellProgram
+
+<!-- OverrideShellProgram-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- OverrideShellProgram-Applicability-End -->
+
+<!-- OverrideShellProgram-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsLogon/OverrideShellProgram
+```
+<!-- OverrideShellProgram-OmaUri-End -->
+
+<!-- OverrideShellProgram-Description-Begin -->
+This policy is used by IT admin to override the registry based shell program.
+<!-- OverrideShellProgram-Description-End -->
+
+<!-- OverrideShellProgram-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- OverrideShellProgram-Editable-End -->
+
+<!-- OverrideShellProgram-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- OverrideShellProgram-DFProperties-End -->
+
+<!-- OverrideShellProgram-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not Configured |
+| 1 | Apply Lightweight shell |
+<!-- OverrideShellProgram-AllowedValues-End -->
+
+<!-- OverrideShellProgram-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- OverrideShellProgram-Examples-End -->
+
+<!-- OverrideShellProgram-End -->
+
+<!-- WindowsLogon-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsLogon-CspMoreInfo-End -->
+
+<!-- WindowsLogon-End -->
+
+## Related articles
 
 [Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/toc.yml

@@ -128,8 +128,6 @@ items:
           href: policy-csp-admx-eaime.md
         - name: ADMX_EncryptFilesonMove
           href: policy-csp-admx-encryptfilesonmove.md
-            - name: ADMX_EventLogging
-              href: policy-csp-admx-eventlogging.md
         - name: ADMX_EnhancedStorage
           href: policy-csp-admx-enhancedstorage.md
         - name: ADMX_ErrorReporting
@@ -138,6 +136,8 @@ items:
           href: policy-csp-admx-eventforwarding.md
         - name: ADMX_EventLog
           href: policy-csp-admx-eventlog.md
+        - name: ADMX_EventLogging
+          href: policy-csp-admx-eventlogging.md
         - name: ADMX_EventViewer
           href: policy-csp-admx-eventviewer.md
         - name: ADMX_Explorer
@@ -210,6 +210,8 @@ items:
           href: policy-csp-admx-msi.md
         - name: ADMX_MsiFileRecovery
           href: policy-csp-admx-msifilerecovery.md
+        - name: ADMX_MSS-legacy
+          href: policy-csp-admx-mss-legacy.md
         - name: ADMX_nca
           href: policy-csp-admx-nca.md
         - name: ADMX_NCSI
@@ -240,6 +242,8 @@ items:
           href: policy-csp-admx-printing2.md
         - name: ADMX_Programs
           href: policy-csp-admx-programs.md
+        - name: ADMX_QOS
+          href: policy-csp-admx-qos.md
         - name: ADMX_Reliability
           href: policy-csp-admx-reliability.md
         - name: ADMX_RemoteAssistance
@@ -248,6 +252,8 @@ items:
           href: policy-csp-admx-removablestorage.md
         - name: ADMX_RPC
           href: policy-csp-admx-rpc.md
+        - name: ADMX_sam
+          href: policy-csp-admx-sam.md
         - name: ADMX_Scripts
           href: policy-csp-admx-scripts.md
         - name: ADMX_sdiageng
@@ -278,6 +284,8 @@ items:
           href: policy-csp-admx-startmenu.md
         - name: ADMX_SystemRestore
           href: policy-csp-admx-systemrestore.md
+        - name: ADMX_TabletPCInputPanel
+          href: policy-csp-admx-tabletpcinputpanel.md
         - name: ADMX_TabletShell
           href: policy-csp-admx-tabletshell.md
         - name: ADMX_Taskbar
@@ -320,8 +328,6 @@ items:
           href: policy-csp-admx-wininit.md
         - name: ADMX_WinLogon
           href: policy-csp-admx-winlogon.md
-            - name: ADMX-Winsrv
-              href: policy-csp-admx-winsrv.md
         - name: ADMX_wlansvc
           href: policy-csp-admx-wlansvc.md
         - name: ADMX_WordWheel
@@ -330,6 +336,8 @@ items:
           href: policy-csp-admx-workfoldersclient.md
         - name: ADMX_WPN
           href: policy-csp-admx-wpn.md
+        - name: ADMX-Winsrv
+          href: policy-csp-admx-winsrv.md
         - name: ApplicationDefaults
           href: policy-csp-applicationdefaults.md
         - name: ApplicationManagement
@@ -358,14 +366,18 @@ items:
           href: policy-csp-camera.md
         - name: Cellular
           href: policy-csp-cellular.md
+        - name: CloudDesktop
+          href: policy-csp-clouddesktop.md
+        - name: CloudPC
+          href: policy-csp-cloudpc.md
         - name: Connectivity
           href: policy-csp-connectivity.md
         - name: ControlPolicyConflict
           href: policy-csp-controlpolicyconflict.md
-            - name: CredentialsDelegation
-              href: policy-csp-credentialsdelegation.md
         - name: CredentialProviders
           href: policy-csp-credentialproviders.md
+        - name: CredentialsDelegation
+          href: policy-csp-credentialsdelegation.md
         - name: CredentialsUI
           href: policy-csp-credentialsui.md
         - name: Cryptography
@@ -488,10 +500,14 @@ items:
           href: policy-csp-servicecontrolmanager.md
         - name: Settings
           href: policy-csp-settings.md
+        - name: SettingsSync
+          href: policy-csp-settingssync.md
         - name: Speech
           href: policy-csp-speech.md
         - name: Start
           href: policy-csp-start.md
+        - name: Stickers
+          href: policy-csp-stickers.md
         - name: Storage
           href: policy-csp-storage.md
         - name: System
@@ -502,6 +518,10 @@ items:
           href: policy-csp-taskmanager.md
         - name: TaskScheduler
           href: policy-csp-taskscheduler.md
+        - name: TenantDefinedTelemetry
+          href: policy-csp-tenantdefinedtelemetry.md
+        - name: TenantRestrictions
+          href: policy-csp-tenantrestrictions.md
         - name: TextInput
           href: policy-csp-textinput.md
         - name: TimeLanguageSettings