Add some other missing policy CSPs

windows/client-management/mdm/defender-csp.md

@@ -497,7 +497,7 @@ Supported operation is Get.
 <a href="" id="health-quickscanoverdue"></a>**Health/QuickScanOverdue**
 Indicates whether a Windows Defender quick scan is overdue for the device.
 
-A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#defender-disablecatchupquickscan) are disabled (default).
+A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#disablecatchupquickscan) are disabled (default).
 
 The data type is a Boolean.
 
@@ -506,7 +506,7 @@ Supported operation is Get.
 <a href="" id="health-fullscanoverdue"></a>**Health/FullScanOverdue**
 Indicates whether a Windows Defender full scan is overdue for the device.
 
-A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#defender-disablecatchupfullscan) are disabled (default).
+A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#disablecatchupfullscan) are disabled (default).
 
 The data type is a Boolean.
 

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -1,7 +1,7 @@
 ---
 title: Policies in Policy CSP supported by Microsoft Surface Hub
 description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@@ -21,32 +21,32 @@ ms.date: 07/22/2020
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
 - [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
 - [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#cryptography-tlsciphersuites)
-- [Defender/AllowArchiveScanning](policy-csp-defender.md#defender-allowarchivescanning)
+- [Defender/AllowArchiveScanning](policy-csp-defender.md#allowarchivescanning)
-- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#defender-allowbehaviormonitoring)
+- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#allowbehaviormonitoring)
-- [Defender/AllowCloudProtection](policy-csp-defender.md#defender-allowcloudprotection)
+- [Defender/AllowCloudProtection](policy-csp-defender.md#allowcloudprotection)
-- [Defender/AllowEmailScanning](policy-csp-defender.md#defender-allowemailscanning)
+- [Defender/AllowEmailScanning](policy-csp-defender.md#allowemailscanning)
-- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
+- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#allowfullscanonmappednetworkdrives)
-- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
+- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#allowfullscanremovabledrivescanning)
-- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
+- [Defender/AllowIOAVProtection](policy-csp-defender.md#allowioavprotection)
-- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
+- [Defender/AllowOnAccessProtection](policy-csp-defender.md#allowonaccessprotection)
-- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
+- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#allowrealtimemonitoring)
-- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
+- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#allowscanningnetworkfiles)
-- [Defender/AllowScriptScanning](policy-csp-defender.md#defender-allowscriptscanning)
+- [Defender/AllowScriptScanning](policy-csp-defender.md#allowscriptscanning)
-- [Defender/AllowUserUIAccess](policy-csp-defender.md#defender-allowuseruiaccess)
+- [Defender/AllowUserUIAccess](policy-csp-defender.md#allowuseruiaccess)
-- [Defender/AvgCPULoadFactor](policy-csp-defender.md#defender-avgcpuloadfactor)
+- [Defender/AvgCPULoadFactor](policy-csp-defender.md#avgcpuloadfactor)
-- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#defender-daystoretaincleanedmalware)
+- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#daystoretaincleanedmalware)
-- [Defender/ExcludedExtensions](policy-csp-defender.md#defender-excludedextensions)
+- [Defender/ExcludedExtensions](policy-csp-defender.md#excludedextensions)
-- [Defender/ExcludedPaths](policy-csp-defender.md#defender-excludedpaths)
+- [Defender/ExcludedPaths](policy-csp-defender.md#excludedpaths)
-- [Defender/ExcludedProcesses](policy-csp-defender.md#defender-excludedprocesses)
+- [Defender/ExcludedProcesses](policy-csp-defender.md#excludedprocesses)
-- [Defender/PUAProtection](policy-csp-defender.md#defender-puaprotection)
+- [Defender/PUAProtection](policy-csp-defender.md#puaprotection)
-- [Defender/RealTimeScanDirection](policy-csp-defender.md#defender-realtimescandirection)
+- [Defender/RealTimeScanDirection](policy-csp-defender.md#realtimescandirection)
-- [Defender/ScanParameter](policy-csp-defender.md#defender-scanparameter)
+- [Defender/ScanParameter](policy-csp-defender.md#scanparameter)
-- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#defender-schedulequickscantime)
+- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#schedulequickscantime)
-- [Defender/ScheduleScanDay](policy-csp-defender.md#defender-schedulescanday)
+- [Defender/ScheduleScanDay](policy-csp-defender.md#schedulescanday)
-- [Defender/ScheduleScanTime](policy-csp-defender.md#defender-schedulescantime)
+- [Defender/ScheduleScanTime](policy-csp-defender.md#schedulescantime)
-- [Defender/SignatureUpdateInterval](policy-csp-defender.md#defender-signatureupdateinterval)
+- [Defender/SignatureUpdateInterval](policy-csp-defender.md#signatureupdateinterval)
-- [Defender/SubmitSamplesConsent](policy-csp-defender.md#defender-submitsamplesconsent)
+- [Defender/SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
-- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#defender-threatseveritydefaultaction)
+- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
 - [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
 - [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
 - [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)

windows/client-management/mdm/policy-csp-admx-mss-legacy.md

@@ -0,0 +1,806 @@
+---
+title: ADMX_MSS-legacy Policy CSP
+description: Learn more about the ADMX_MSS-legacy CSP Policy
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/01/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.reviewer:
+ms.technology: itpro-manage
+ms.topic: article
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- ADMX_MSS-legacy-Begin -->
+# Policy CSP - ADMX_MSS-legacy
+
+<!-- ADMX_MSS-legacy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ADMX_MSS-legacy-Editable-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Begin -->
+## Pol_MSS_AutoAdminLogon
+
+<!-- Pol_MSS_AutoAdminLogon-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoAdminLogon-Applicability-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoAdminLogon
+```
+<!-- Pol_MSS_AutoAdminLogon-OmaUri-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoAdminLogon-Description-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable Automatic Logon (not recommended).
+<!-- Pol_MSS_AutoAdminLogon-Editable-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoAdminLogon-DFProperties-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoAdminLogon-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoAdminLogon-Examples-End -->
+
+<!-- Pol_MSS_AutoAdminLogon-End -->
+
+<!-- Pol_MSS_AutoReboot-Begin -->
+## Pol_MSS_AutoReboot
+
+<!-- Pol_MSS_AutoReboot-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoReboot-Applicability-End -->
+
+<!-- Pol_MSS_AutoReboot-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoReboot
+```
+<!-- Pol_MSS_AutoReboot-OmaUri-End -->
+
+<!-- Pol_MSS_AutoReboot-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoReboot-Description-End -->
+
+<!-- Pol_MSS_AutoReboot-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoReboot-Editable-End -->
+
+<!-- Pol_MSS_AutoReboot-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoReboot-DFProperties-End -->
+
+<!-- Pol_MSS_AutoReboot-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoReboot-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoReboot-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoReboot-Examples-End -->
+
+<!-- Pol_MSS_AutoReboot-End -->
+
+<!-- Pol_MSS_AutoShareServer-Begin -->
+## Pol_MSS_AutoShareServer
+
+<!-- Pol_MSS_AutoShareServer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoShareServer-Applicability-End -->
+
+<!-- Pol_MSS_AutoShareServer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareServer
+```
+<!-- Pol_MSS_AutoShareServer-OmaUri-End -->
+
+<!-- Pol_MSS_AutoShareServer-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoShareServer-Description-End -->
+
+<!-- Pol_MSS_AutoShareServer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable administrative shares on servers (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoShareServer-Editable-End -->
+
+<!-- Pol_MSS_AutoShareServer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoShareServer-DFProperties-End -->
+
+<!-- Pol_MSS_AutoShareServer-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoShareServer-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoShareServer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoShareServer-Examples-End -->
+
+<!-- Pol_MSS_AutoShareServer-End -->
+
+<!-- Pol_MSS_AutoShareWks-Begin -->
+## Pol_MSS_AutoShareWks
+
+<!-- Pol_MSS_AutoShareWks-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_AutoShareWks-Applicability-End -->
+
+<!-- Pol_MSS_AutoShareWks-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareWks
+```
+<!-- Pol_MSS_AutoShareWks-OmaUri-End -->
+
+<!-- Pol_MSS_AutoShareWks-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_AutoShareWks-Description-End -->
+
+<!-- Pol_MSS_AutoShareWks-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable administrative shares on workstations (recommended except for highly secure environments).
+<!-- Pol_MSS_AutoShareWks-Editable-End -->
+
+<!-- Pol_MSS_AutoShareWks-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_AutoShareWks-DFProperties-End -->
+
+<!-- Pol_MSS_AutoShareWks-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_AutoShareWks-AdmxBacked-End -->
+
+<!-- Pol_MSS_AutoShareWks-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_AutoShareWks-Examples-End -->
+
+<!-- Pol_MSS_AutoShareWks-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Begin -->
+## Pol_MSS_DisableSavePassword
+
+<!-- Pol_MSS_DisableSavePassword-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_DisableSavePassword-Applicability-End -->
+
+<!-- Pol_MSS_DisableSavePassword-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_DisableSavePassword
+```
+<!-- Pol_MSS_DisableSavePassword-OmaUri-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_DisableSavePassword-Description-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Pol_MSS_DisableSavePassword-Editable-End -->
+
+<!-- Pol_MSS_DisableSavePassword-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_DisableSavePassword-DFProperties-End -->
+
+<!-- Pol_MSS_DisableSavePassword-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_DisableSavePassword-AdmxBacked-End -->
+
+<!-- Pol_MSS_DisableSavePassword-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+Prevent the dial-up password from being saved (recommended).
+<!-- Pol_MSS_DisableSavePassword-Examples-End -->
+
+<!-- Pol_MSS_DisableSavePassword-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Begin -->
+## Pol_MSS_EnableDeadGWDetect
+
+<!-- Pol_MSS_EnableDeadGWDetect-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_EnableDeadGWDetect-Applicability-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_EnableDeadGWDetect
+```
+<!-- Pol_MSS_EnableDeadGWDetect-OmaUri-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_EnableDeadGWDetect-Description-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow automatic detection of dead network gateways (could lead to DoS).
+<!-- Pol_MSS_EnableDeadGWDetect-Editable-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_EnableDeadGWDetect-DFProperties-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_EnableDeadGWDetect-AdmxBacked-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_EnableDeadGWDetect-Examples-End -->
+
+<!-- Pol_MSS_EnableDeadGWDetect-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Begin -->
+## Pol_MSS_HideFromBrowseList
+
+<!-- Pol_MSS_HideFromBrowseList-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_HideFromBrowseList-Applicability-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_HideFromBrowseList
+```
+<!-- Pol_MSS_HideFromBrowseList-OmaUri-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_HideFromBrowseList-Description-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Hide Computer From the Browse List (not recommended except for highly secure environments).
+<!-- Pol_MSS_HideFromBrowseList-Editable-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_HideFromBrowseList-DFProperties-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_HideFromBrowseList-AdmxBacked-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_HideFromBrowseList-Examples-End -->
+
+<!-- Pol_MSS_HideFromBrowseList-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Begin -->
+## Pol_MSS_KeepAliveTime
+
+<!-- Pol_MSS_KeepAliveTime-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_KeepAliveTime-Applicability-End -->
+
+<!-- Pol_MSS_KeepAliveTime-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_KeepAliveTime
+```
+<!-- Pol_MSS_KeepAliveTime-OmaUri-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_KeepAliveTime-Description-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how often keep-alive packets are sent in milliseconds.
+<!-- Pol_MSS_KeepAliveTime-Editable-End -->
+
+<!-- Pol_MSS_KeepAliveTime-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_KeepAliveTime-DFProperties-End -->
+
+<!-- Pol_MSS_KeepAliveTime-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_KeepAliveTime-AdmxBacked-End -->
+
+<!-- Pol_MSS_KeepAliveTime-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_KeepAliveTime-Examples-End -->
+
+<!-- Pol_MSS_KeepAliveTime-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Begin -->
+## Pol_MSS_NoDefaultExempt
+
+<!-- Pol_MSS_NoDefaultExempt-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_NoDefaultExempt-Applicability-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NoDefaultExempt
+```
+<!-- Pol_MSS_NoDefaultExempt-OmaUri-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_NoDefaultExempt-Description-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Configure IPSec exemptions for various types of network traffic.
+<!-- Pol_MSS_NoDefaultExempt-Editable-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_NoDefaultExempt-DFProperties-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_NoDefaultExempt-AdmxBacked-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_NoDefaultExempt-Examples-End -->
+
+<!-- Pol_MSS_NoDefaultExempt-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Begin -->
+## Pol_MSS_NtfsDisable8dot3NameCreation
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NtfsDisable8dot3NameCreation
+```
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Description-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable the computer to stop generating 8.3 style filenames.
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Editable-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-DFProperties-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-AdmxBacked-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-Examples-End -->
+
+<!-- Pol_MSS_NtfsDisable8dot3NameCreation-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Begin -->
+## Pol_MSS_PerformRouterDiscovery
+
+<!-- Pol_MSS_PerformRouterDiscovery-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_PerformRouterDiscovery-Applicability-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_PerformRouterDiscovery
+```
+<!-- Pol_MSS_PerformRouterDiscovery-OmaUri-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_PerformRouterDiscovery-Description-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+ Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).
+<!-- Pol_MSS_PerformRouterDiscovery-Editable-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_PerformRouterDiscovery-DFProperties-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_PerformRouterDiscovery-AdmxBacked-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_PerformRouterDiscovery-Examples-End -->
+
+<!-- Pol_MSS_PerformRouterDiscovery-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Begin -->
+## Pol_MSS_SafeDllSearchMode
+
+<!-- Pol_MSS_SafeDllSearchMode-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_SafeDllSearchMode-Applicability-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SafeDllSearchMode
+```
+<!-- Pol_MSS_SafeDllSearchMode-OmaUri-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_SafeDllSearchMode-Description-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Enable Safe DLL search mode (recommended).
+<!-- Pol_MSS_SafeDllSearchMode-Editable-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_SafeDllSearchMode-DFProperties-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_SafeDllSearchMode-AdmxBacked-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_SafeDllSearchMode-Examples-End -->
+
+<!-- Pol_MSS_SafeDllSearchMode-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Begin -->
+## Pol_MSS_ScreenSaverGracePeriod
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_ScreenSaverGracePeriod
+```
+<!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-Description-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+he time in seconds before the screen saver grace period expires (0 recommended).
+<!-- Pol_MSS_ScreenSaverGracePeriod-Editable-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_ScreenSaverGracePeriod-DFProperties-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-AdmxBacked-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_ScreenSaverGracePeriod-Examples-End -->
+
+<!-- Pol_MSS_ScreenSaverGracePeriod-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Begin -->
+## Pol_MSS_SynAttackProtect
+
+<!-- Pol_MSS_SynAttackProtect-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_SynAttackProtect-Applicability-End -->
+
+<!-- Pol_MSS_SynAttackProtect-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SynAttackProtect
+```
+<!-- Pol_MSS_SynAttackProtect-OmaUri-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_SynAttackProtect-Description-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Syn attack protection level (protects against DoS).
+<!-- Pol_MSS_SynAttackProtect-Editable-End -->
+
+<!-- Pol_MSS_SynAttackProtect-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_SynAttackProtect-DFProperties-End -->
+
+<!-- Pol_MSS_SynAttackProtect-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_SynAttackProtect-AdmxBacked-End -->
+
+<!-- Pol_MSS_SynAttackProtect-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_SynAttackProtect-Examples-End -->
+
+<!-- Pol_MSS_SynAttackProtect-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Begin -->
+## Pol_MSS_TcpMaxConnectResponseRetransmissions
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxConnectResponseRetransmissions
+```
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Description-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+SYN-ACK retransmissions when a connection request is not acknowledged.
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Begin -->
+## Pol_MSS_TcpMaxDataRetransmissions
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissions
+```
+<!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Description-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxDataRetransmissions-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxDataRetransmissions-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissions-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Begin -->
+## Pol_MSS_TcpMaxDataRetransmissionsIPv6
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissionsIPv6
+```
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Description-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Editable-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-DFProperties-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-AdmxBacked-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Examples-End -->
+
+<!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-End -->
+
+<!-- Pol_MSS_WarningLevel-Begin -->
+## Pol_MSS_WarningLevel
+
+<!-- Pol_MSS_WarningLevel-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Pol_MSS_WarningLevel-Applicability-End -->
+
+<!-- Pol_MSS_WarningLevel-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_WarningLevel
+```
+<!-- Pol_MSS_WarningLevel-OmaUri-End -->
+
+<!-- Pol_MSS_WarningLevel-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- Pol_MSS_WarningLevel-Description-End -->
+
+<!-- Pol_MSS_WarningLevel-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Percentage threshold for the security event log at which the system will generate a warning.
+<!-- Pol_MSS_WarningLevel-Editable-End -->
+
+<!-- Pol_MSS_WarningLevel-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Pol_MSS_WarningLevel-DFProperties-End -->
+
+<!-- Pol_MSS_WarningLevel-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- Pol_MSS_WarningLevel-AdmxBacked-End -->
+
+<!-- Pol_MSS_WarningLevel-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Pol_MSS_WarningLevel-Examples-End -->
+
+<!-- Pol_MSS_WarningLevel-End -->
+
+<!-- ADMX_MSS-legacy-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- ADMX_MSS-legacy-CspMoreInfo-End -->
+
+<!-- ADMX_MSS-legacy-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-defender.md

@@ -898,7 +898,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- AttackSurfaceReductionOnlyExclusions-DFProperties-End -->
@@ -988,7 +988,7 @@ You can exclude folders or files in the ""Exclude files and paths from Attack Su
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- AttackSurfaceReductionRules-DFProperties-End -->
 
@@ -1305,7 +1305,7 @@ Default system folders are automatically guarded, but you can add folders in the
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- ControlledFolderAccessAllowedApplications-DFProperties-End -->
@@ -1377,7 +1377,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- ControlledFolderAccessProtectedFolders-DFProperties-End -->
@@ -1874,7 +1874,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- ExcludedExtensions-DFProperties-End -->
@@ -1928,7 +1928,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- ExcludedPaths-DFProperties-End -->
@@ -1982,7 +1982,7 @@ Allows an administrator to specify a list of files opened by processes to ignore
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- ExcludedProcesses-DFProperties-End -->
@@ -2461,7 +2461,7 @@ If you disable or do not configure this setting, security intelligence will be r
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- SecurityIntelligenceLocation-DFProperties-End -->
 
@@ -2519,7 +2519,7 @@ If you disable or do not configure this setting, security intelligence update so
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- SignatureUpdateFallbackOrder-DFProperties-End -->
@@ -2576,7 +2576,7 @@ If you disable or do not configure this setting, the list will remain empty by d
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `|`) |
 <!-- SignatureUpdateFileSharesSources-DFProperties-End -->
@@ -2759,7 +2759,7 @@ Allows an administrator to specify any valid threat severity levels and the corr
 
 | Property name | Property value |
 |:--|:--|
-| Format | chr |
+| Format | chr (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- ThreatSeverityDefaultAction-DFProperties-End -->
 

windows/client-management/mdm/policy-csp-msslegacy.md

@@ -1,211 +1,204 @@
 ---
-title: Policy CSP - MSSLegacy
+title: MSSLegacy Policy CSP
-description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
+description: Learn more about the MSSLegacy CSP Policy
-ms.author: vinpa
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
 manager: aaroncz
+ms.author: vinpa
+ms.date: 11/01/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.reviewer:
+ms.technology: itpro-manage
+ms.topic: article
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- MSSLegacy-Begin -->
 # Policy CSP - MSSLegacy
 
-<hr/>
+<!-- MSSLegacy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- MSSLegacy-Editable-End -->
 
-<!--Policies-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Begin -->
-## MSSLegacy policies
+## AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
 
-<dl>
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-Begin -->
-  <dd>
+| Scope | Editions | Applicable OS |
-    <a href="#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes">MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes</a>
+|:--|:--|:--|
-  </dd>
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
-  <dd>
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-End -->
-    <a href="#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers">MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers</a>
-  </dd>
-  <dd>
-    <a href="#msslegacy-ipsourceroutingprotectionlevel">MSSLegacy/IPSourceRoutingProtectionLevel</a>
-  </dd>
-  <dd>
-    <a href="#msslegacy-ipv6sourceroutingprotectionlevel">MSSLegacy/IPv6SourceRoutingProtectionLevel</a>
-  </dd>
-</dl>
 
-> [!TIP]
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-Begin -->
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+```Device
->
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+```
->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-End -->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<hr/>
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-Begin -->
+<!-- Description-Not-Found -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Description-End -->
 
-<!--Policy-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-Begin -->
-<a href="" id="msslegacy-allowicmpredirectstooverrideospfgeneratedroutes"></a>**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes**
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow ICMP redirects to override OSPF generated routes.
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Editable-End -->
 
-<!--SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-Begin -->
+**Description framework properties**:
 
-|Edition|Windows 10|Windows 11|
+| Property name | Property value |
-|--- |--- |--- |
+|:--|:--|
-|Home|No|No|
+| Format | chr (string) |
-|Pro|Yes|Yes|
+| Access Type | Add, Delete, Get, Replace |
-|Windows SE|No|Yes|
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-DFProperties-End -->
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-Begin -->
-<hr/>
+<!-- Unknown -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-AdmxBacked-End -->
 
-<!--Scope-->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Examples-End -->
 
-> [!div class = "checklist"]
+<!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-End -->
-> * Device
 
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Begin -->
+## AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
 
-<!--/Scope-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-Begin -->
-<!--Description-->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-End -->
 
-<!--/Description-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
+```
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-End -->
 
-<!--ADMXBacked-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-Begin -->
-ADMX Info:
+<!-- Description-Not-Found -->
--   GP name: *Pol_MSS_EnableICMPRedirect*
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Description-End -->
--   GP ADMX file name: *mss-legacy.admx*
 
-<!--/ADMXBacked-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-Begin -->
-<!--/Policy-->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+Allow the computer to ignore NetBIOS name release requests except from WINS servers.
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Editable-End -->
 
-<hr/>
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--Policy-->
+| Property name | Property value |
-<a href="" id="msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers"></a>**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers**
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-DFProperties-End -->
 
-<!--SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-AdmxBacked-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-End -->
-<hr/>
 
-<!--Scope-->
+<!-- IPSourceRoutingProtectionLevel-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## IPSourceRoutingProtectionLevel
 
-> [!div class = "checklist"]
+<!-- IPSourceRoutingProtectionLevel-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- IPSourceRoutingProtectionLevel-Applicability-End -->
 
-<hr/>
+<!-- IPSourceRoutingProtectionLevel-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
+```
+<!-- IPSourceRoutingProtectionLevel-OmaUri-End -->
 
-<!--/Scope-->
+<!-- IPSourceRoutingProtectionLevel-Description-Begin -->
-<!--Description-->
+<!-- Description-Not-Found -->
+<!-- IPSourceRoutingProtectionLevel-Description-End -->
 
-<!--/Description-->
+<!-- IPSourceRoutingProtectionLevel-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+IP source routing protection level (protects against packet spoofing).
+<!-- IPSourceRoutingProtectionLevel-Editable-End -->
 
+<!-- IPSourceRoutingProtectionLevel-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--ADMXBacked-->
+| Property name | Property value |
-ADMX Info:
+|:--|:--|
--   GP name: *Pol_MSS_NoNameReleaseOnDemand*
+| Format | chr (string) |
--   GP ADMX file name: *mss-legacy.admx*
+| Access Type | Add, Delete, Get, Replace |
+<!-- IPSourceRoutingProtectionLevel-DFProperties-End -->
 
-<!--/ADMXBacked-->
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-Begin -->
-<!--/Policy-->
+<!-- Unknown -->
+<!-- IPSourceRoutingProtectionLevel-AdmxBacked-End -->
 
-<hr/>
+<!-- IPSourceRoutingProtectionLevel-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- IPSourceRoutingProtectionLevel-Examples-End -->
 
-<!--Policy-->
+<!-- IPSourceRoutingProtectionLevel-End -->
-<a href="" id="msslegacy-ipsourceroutingprotectionlevel"></a>**MSSLegacy/IPSourceRoutingProtectionLevel**
 
-<!--SupportedSKUs-->
+<!-- IPv6SourceRoutingProtectionLevel-Begin -->
+## IPv6SourceRoutingProtectionLevel
 
-|Edition|Windows 10|Windows 11|
+<!-- IPv6SourceRoutingProtectionLevel-Applicability-Begin -->
-|--- |--- |--- |
+| Scope | Editions | Applicable OS |
-|Home|No|No|
+|:--|:--|:--|
-|Pro|Yes|Yes|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
-|Windows SE|No|Yes|
+<!-- IPv6SourceRoutingProtectionLevel-Applicability-End -->
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- IPv6SourceRoutingProtectionLevel-OmaUri-Begin -->
-<hr/>
+```Device
+./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
+```
+<!-- IPv6SourceRoutingProtectionLevel-OmaUri-End -->
 
-<!--Scope-->
+<!-- IPv6SourceRoutingProtectionLevel-Description-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Description-Not-Found -->
+<!-- IPv6SourceRoutingProtectionLevel-Description-End -->
 
-> [!div class = "checklist"]
+<!-- IPv6SourceRoutingProtectionLevel-Editable-Begin -->
-> * Device
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+IPv6 source routing protection level (protects against packet spoofing).
+<!-- IPv6SourceRoutingProtectionLevel-Editable-End -->
 
-<hr/>
+<!-- IPv6SourceRoutingProtectionLevel-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Scope-->
+| Property name | Property value |
-<!--Description-->
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- IPv6SourceRoutingProtectionLevel-DFProperties-End -->
 
-<!--/Description-->
+<!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-Begin -->
+<!-- Unknown -->
+<!-- IPv6SourceRoutingProtectionLevel-AdmxBacked-End -->
 
-<!--ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-Examples-Begin -->
-ADMX Info:
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
--   GP name: *Pol_MSS_DisableIPSourceRouting*
+<!-- IPv6SourceRoutingProtectionLevel-Examples-End -->
--   GP ADMX file name: *mss-legacy.admx*
 
-<!--/ADMXBacked-->
+<!-- IPv6SourceRoutingProtectionLevel-End -->
-<!--/Policy-->
 
-<hr/>
+<!-- MSSLegacy-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- MSSLegacy-CspMoreInfo-End -->
 
-<!--Policy-->
+<!-- MSSLegacy-End -->
-<a href="" id="msslegacy-ipv6sourceroutingprotectionlevel"></a>**MSSLegacy/IPv6SourceRoutingProtectionLevel**
 
-<!--SupportedSKUs-->
+## Related articles
 
-|Edition|Windows 10|Windows 11|
+[Policy configuration service provider](policy-configuration-service-provider.md)
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-
-<!--/Description-->
-
-<!--ADMXBacked-->
-ADMX Info:
--   GP name: *Pol_MSS_DisableIPSourceRoutingIPv6*
--   GP ADMX file name: *mss-legacy.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-
-<!--/Policies-->
-
-## Related topics
-
-[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-settingssync.md

@@ -0,0 +1,90 @@
+---
+title: SettingsSync Policy CSP
+description: Learn more about the SettingsSync CSP Policy
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/01/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.reviewer:
+ms.technology: itpro-manage
+ms.topic: article
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- SettingsSync-Begin -->
+# Policy CSP - SettingsSync
+
+<!-- SettingsSync-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SettingsSync-Editable-End -->
+
+<!-- DisableAccessibilitySettingSync-Begin -->
+## DisableAccessibilitySettingSync
+
+<!-- DisableAccessibilitySettingSync-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- DisableAccessibilitySettingSync-Applicability-End -->
+
+<!-- DisableAccessibilitySettingSync-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/SettingsSync/DisableAccessibilitySettingSync
+```
+<!-- DisableAccessibilitySettingSync-OmaUri-End -->
+
+<!-- DisableAccessibilitySettingSync-Description-Begin -->
+Prevent the "accessibility" group from syncing to and from this PC. This turns off and disables the "accessibility" group on the "Windows backup" settings page in PC settings.
+
+If you enable this policy setting, the "accessibility", group will not be synced.
+
+Use the option "Allow users to turn accessibility syncing on" so that syncing is turned off by default but not disabled.
+
+If you do not set or disable this setting, syncing of the "accessibility" group is on by default and configurable by the user.
+<!-- DisableAccessibilitySettingSync-Description-End -->
+
+<!-- DisableAccessibilitySettingSync-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableAccessibilitySettingSync-Editable-End -->
+
+<!-- DisableAccessibilitySettingSync-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DisableAccessibilitySettingSync-DFProperties-End -->
+
+<!-- DisableAccessibilitySettingSync-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableAccessibilitySettingSync |
+| Friendly Name | Do not sync accessibility settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Sync your settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
+| Registry Value Name | DisableAccessibilitySettingSync |
+| ADMX File Name | SettingSync.admx |
+<!-- DisableAccessibilitySettingSync-AdmxBacked-End -->
+
+<!-- DisableAccessibilitySettingSync-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableAccessibilitySettingSync-Examples-End -->
+
+<!-- DisableAccessibilitySettingSync-End -->
+
+<!-- SettingsSync-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- SettingsSync-CspMoreInfo-End -->
+
+<!-- SettingsSync-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-tenantrestrictions.md

@@ -0,0 +1,92 @@
+---
+title: TenantRestrictions Policy CSP
+description: Learn more about the TenantRestrictions CSP Policy
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 11/01/2022
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.reviewer:
+ms.technology: itpro-manage
+ms.topic: article
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- TenantRestrictions-Begin -->
+# Policy CSP - TenantRestrictions
+
+<!-- TenantRestrictions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TenantRestrictions-Editable-End -->
+
+<!-- ConfigureTenantRestrictions-Begin -->
+## ConfigureTenantRestrictions
+
+<!-- ConfigureTenantRestrictions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.320] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later <br> :heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- ConfigureTenantRestrictions-Applicability-End -->
+
+<!-- ConfigureTenantRestrictions-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions
+```
+<!-- ConfigureTenantRestrictions-OmaUri-End -->
+
+<!-- ConfigureTenantRestrictions-Description-Begin -->
+This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.
+
+When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.
+
+Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.
+
+https://go.microsoft.com/fwlink/?linkid=2148762
+
+Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information.
+For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230
+<!-- ConfigureTenantRestrictions-Description-End -->
+
+<!-- ConfigureTenantRestrictions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureTenantRestrictions-Editable-End -->
+
+<!-- ConfigureTenantRestrictions-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigureTenantRestrictions-DFProperties-End -->
+
+<!-- ConfigureTenantRestrictions-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | trv2_payload |
+| Friendly Name | Cloud Policy Details |
+| Location | Computer Configuration |
+| Path | Windows Components > Tenant Restrictions |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
+| ADMX File Name | TenantRestrictions.admx |
+<!-- ConfigureTenantRestrictions-AdmxBacked-End -->
+
+<!-- ConfigureTenantRestrictions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureTenantRestrictions-Examples-End -->
+
+<!-- ConfigureTenantRestrictions-End -->
+
+<!-- TenantRestrictions-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- TenantRestrictions-CspMoreInfo-End -->
+
+<!-- TenantRestrictions-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/toc.yml

@@ -210,6 +210,8 @@ items:
           href: policy-csp-admx-msi.md
         - name: ADMX_MsiFileRecovery
           href: policy-csp-admx-msifilerecovery.md
+        - name: ADMX_MSS-legacy
+          href: policy-csp-admx-mss-legacy.md
         - name: ADMX_nca
           href: policy-csp-admx-nca.md
         - name: ADMX_NCSI
@@ -240,6 +242,8 @@ items:
           href: policy-csp-admx-printing2.md
         - name: ADMX_Programs
           href: policy-csp-admx-programs.md
+        - name: ADMX_QOS
+          href: policy-csp-admx-qos.md
         - name: ADMX_Reliability
           href: policy-csp-admx-reliability.md
         - name: ADMX_RemoteAssistance
@@ -278,6 +282,8 @@ items:
           href: policy-csp-admx-startmenu.md
         - name: ADMX_SystemRestore
           href: policy-csp-admx-systemrestore.md
+        - name: ADMX_TabletPCInputPanel
+          href: policy-csp-admx-tabletpcinputpanel.md
         - name: ADMX_TabletShell
           href: policy-csp-admx-tabletshell.md
         - name: ADMX_Taskbar
@@ -488,6 +494,8 @@ items:
           href: policy-csp-servicecontrolmanager.md
         - name: Settings
           href: policy-csp-settings.md
+        - name: SettingsSync
+          href: policy-csp-settingssync.md
         - name: Speech
           href: policy-csp-speech.md
         - name: Start
@@ -502,6 +510,8 @@ items:
           href: policy-csp-taskmanager.md
         - name: TaskScheduler
           href: policy-csp-taskscheduler.md
+        - name: TenantRestrictions
+          href: policy-csp-tenantrestrictions.md
         - name: TextInput
           href: policy-csp-textinput.md
         - name: TimeLanguageSettings