diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md
index 2c9236f130..ed2878bc82 100644
--- a/browsers/edge/TOC.md
+++ b/browsers/edge/TOC.md
@@ -3,14 +3,14 @@
##[New Microsoft Edge Group Policies and MDM settings](new-policies.md)
##Group Policy configuration options
-###[Home button](group-policies/home-button-gp.md)
+###[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
+###[Home button settings](group-policies/home-button-gp.md)
###[Prelaunch Microsoft Edge and preload tabs](group-policies/prelaunch-preload-gp.md)
-###[Start pages](group-policies/start-pages-gp.md)
+###[Search engine customization](group-policies/search-engine-customization-gp.md)
+###[Start pages settings](group-policies/start-pages-gp.md)
###[Sync browser settings](group-policies/sync-browser-settings-gp.md)
-##[Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
-
##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index 68ac71f7c4..86776faa7a 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -3,7 +3,7 @@ title: Microsoft Edge - Home button configuration options
description: Microsoft Edge shows the home button and by clicking it the Start page loads by default.
ms.author: pashort
author: shortpatti
-ms.date: 07/20/2018
+ms.date: 07/23/2018
---
# Home button configuration options
diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md
index 398dde801e..1443c06e6a 100644
--- a/browsers/edge/group-policies/prelaunch-preload-gp.md
+++ b/browsers/edge/group-policies/prelaunch-preload-gp.md
@@ -1,9 +1,9 @@
---
title: Microsoft Edge - Prelaunch and tab preload configuration options
-description: Microsoft Edge shows the home button and by clicking it the Start page loads by default.
+description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.
ms.author: pashort
author: shortpatti
-ms.date: 07/20/2018
+ms.date: 07/23/2018
---
# Prelaunch Microsoft Edge and preload tabs in the background
diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md
new file mode 100644
index 0000000000..d4343d0362
--- /dev/null
+++ b/browsers/edge/group-policies/search-engine-customization-gp.md
@@ -0,0 +1,28 @@
+---
+title: Microsoft Edge - Search engine customization
+description: By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file.
+ms.author: pashort
+author: shortpatti
+ms.date: 07/23/2018
+---
+
+# Search engine customization
+
+By default, Microsoft Edge uses the default search engine specified in App settings, which lets users make changes to it. You can configure Microsoft Edge to use the policy-set search engine specified in the OpenSearch XML file. You can also prevent users from making changes to the search engine settings.
+
+
+## Policies
+
+- [Set default search engine](../available-policies.md#set-default-search-engine)
+
+- [Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page)
+
+- [Configure additional search engines](../available-policies.md#configure-additional-search-engines)
+
+
+## Configuration options
+
+
+
+
+
diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md
index 4a2e5b610b..8243c6af91 100644
--- a/browsers/edge/group-policies/start-pages-gp.md
+++ b/browsers/edge/group-policies/start-pages-gp.md
@@ -3,12 +3,12 @@ title: Start pages
description: Configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages.
ms.author: pashort
author: shortpatti
-ms.date: 07/20/2018
+ms.date: 07/23/2018
---
# Start pages
-Microsoft Edge loads the pages specified in App settings as the default Start pages. You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
+Microsoft Edge loads the pages specified in App settings as the default Start pages. You can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
## Policies
diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md
index 44b88e2105..77c702759c 100644
--- a/browsers/edge/group-policies/sync-browser-settings-gp.md
+++ b/browsers/edge/group-policies/sync-browser-settings-gp.md
@@ -3,7 +3,7 @@ title: Microsoft Edge - Sync browser settings
description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes.
ms.author: pashort
author: shortpatti
-ms.date: 07/20/2018
+ms.date: 07/23/2018
---
# Sync browser settings
diff --git a/browsers/edge/images/home-buttom-custom-url-v4-sm.png b/browsers/edge/images/home-buttom-custom-url-v4-sm.png
index 025d3d6d44..397b46c75b 100644
Binary files a/browsers/edge/images/home-buttom-custom-url-v4-sm.png and b/browsers/edge/images/home-buttom-custom-url-v4-sm.png differ
diff --git a/browsers/edge/images/home-buttom-custom-url-v4.png b/browsers/edge/images/home-buttom-custom-url-v4.png
index e7ed1b7414..db47a93117 100644
Binary files a/browsers/edge/images/home-buttom-custom-url-v4.png and b/browsers/edge/images/home-buttom-custom-url-v4.png differ
diff --git a/browsers/edge/images/home-button-hide-v4-sm.png b/browsers/edge/images/home-button-hide-v4-sm.png
index 2c7ade57d7..b8adce292b 100644
Binary files a/browsers/edge/images/home-button-hide-v4-sm.png and b/browsers/edge/images/home-button-hide-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-hide-v4.png b/browsers/edge/images/home-button-hide-v4.png
index fc5eae0fda..ef43ce6f77 100644
Binary files a/browsers/edge/images/home-button-hide-v4.png and b/browsers/edge/images/home-button-hide-v4.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png
index 9527c4516c..7b04f17b28 100644
Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png and b/browsers/edge/images/home-button-start-new-tab-page-v4-sm.png differ
diff --git a/browsers/edge/images/home-button-start-new-tab-page-v4.png b/browsers/edge/images/home-button-start-new-tab-page-v4.png
index d040f83bc6..599ebeb8df 100644
Binary files a/browsers/edge/images/home-button-start-new-tab-page-v4.png and b/browsers/edge/images/home-button-start-new-tab-page-v4.png differ
diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png
new file mode 100644
index 0000000000..eacac1b216
Binary files /dev/null and b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with-sm.png differ
diff --git a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png
index c66968f7b1..eacac1b216 100644
Binary files a/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png and b/browsers/edge/images/load-urls-defined-in-configure-open-edge-with.png differ
diff --git a/browsers/edge/images/set-default-search-engine-v4-sm.png b/browsers/edge/images/set-default-search-engine-v4-sm.png
index cfa960d227..44a5ae094a 100644
Binary files a/browsers/edge/images/set-default-search-engine-v4-sm.png and b/browsers/edge/images/set-default-search-engine-v4-sm.png differ
diff --git a/browsers/edge/images/set-default-search-engine-v4.png b/browsers/edge/images/set-default-search-engine-v4.png
index a79f0e7340..59528a3282 100644
Binary files a/browsers/edge/images/set-default-search-engine-v4.png and b/browsers/edge/images/set-default-search-engine-v4.png differ
diff --git a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png
index 6f658df3b9..8a9b11ff19 100644
Binary files a/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png and b/browsers/edge/images/use-enterprise-mode-with-microsoft-edge-sm.png differ
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md
index fadca685bc..1d4d274689 100644
--- a/browsers/edge/includes/allow-full-screen-include.md
+++ b/browsers/edge/includes/allow-full-screen-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled or not configured (Allowed)*
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md
index 332e38c172..840600bc3c 100644
--- a/browsers/edge/includes/allow-prelaunch-include.md
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@@ -1,6 +1,6 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md
index 2141c7b397..9d4a72c6eb 100644
--- a/browsers/edge/includes/allow-printing-include.md
+++ b/browsers/edge/includes/allow-printing-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md
index 6f51eb374f..568901972a 100644
--- a/browsers/edge/includes/allow-saving-history-include.md
+++ b/browsers/edge/includes/allow-saving-history-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled or not configured (Allowed)*
[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md
index b4b58ca9a5..70eb67b646 100644
--- a/browsers/edge/includes/allow-search-engine-customization-include.md
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@@ -12,21 +12,9 @@
|Enabled or not configured
**(default)** |1 |1 |Allowed | |
---
-
### Configuration options
-| **Set default search engine** | **Allow search engine customization** | **Configure additional search engines** | **Outcome** |
-| --- | --- | --- | --- |
-| Not configured (default) | Disabled | Disabled or not configured (default) | Default search engine specified in App settings. Users cannot make changes. |
-| Not configured (default) | Enabled or not configured (default) | Disabled or not configured (default) | Default search engine specified in App settings. Users can make changes to the default search engine at any time. |
-| Disabled | Disabled | Disabled or not configured (default) | Users cannot add, remove, or change any of the search engines, but they can set a default search engine. |
-| Disabled | Enabled or not configured (default) | Disabled or not configured (default) | Users can add new search engines or change the default search engine, in Settings. |
-| Enabled | Disabled | Disabled or not configured (default) | Set the default search engine preventing users from making changes. |
-| Enabled | Enabled or not configured (default) | Disabled or not configured (default) | Set the default search engine and allow users to add search engines or make changes. |
----
-
-
-
+For more details about configuring the search engine, see [Search engine customization](../group-policies/search-engine-customization-gp.md).
### ADMX info and settings
@@ -56,8 +44,9 @@
- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
### Related topics
-- [Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy): This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
-- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.
+- [!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
+
+- [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)]
\ No newline at end of file
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
index d471154b4d..5967adff78 100644
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled (Allowed)*
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index 8347bce439..97541bcdbc 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled (Default New tab page loads)*
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
index cb10ddbe0c..c83e7a6175 100644
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (No data collected or sent)*
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
index 173dd17f14..6bd419669a 100644
--- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: 5 minutes*
[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
index 87ee8a2534..1b14f42d96 100644
--- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@@ -1,6 +1,6 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Not configured*
[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md
index 8cd5996517..cb87605e7b 100644
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@@ -1,6 +1,6 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled (A specific page or pages)*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
index f73f2f2e3c..416002380a 100644
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Allowed/turned on)*
[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
index 84a87097de..ecafd230d4 100644
--- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Allowed/turned off)*
[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
index 1b8ba1c458..14bb5698dd 100644
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Allowed)*
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
index 050f872f55..56aba7900a 100644
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -1,6 +1,6 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Enabled or not configured (Prevented/turned off)*
[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
index 6ce76b770c..f48928783f 100644
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
index 2e3af87507..1a87c558b7 100644
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Blank)*
[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
index 08b970f686..45da5927a2 100644
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -1,5 +1,5 @@
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
-->
>*Default setting: Disabled or not configured (Home button is locked)*
[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
diff --git a/browsers/edge/new-policies.md b/browsers/edge/new-policies.md
index 4aa771743b..f289504471 100644
--- a/browsers/edge/new-policies.md
+++ b/browsers/edge/new-policies.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
title: New Microsoft Edge Group Policies and MDM settings
ms.localizationpriority:
-ms.date: 07/19/2018
+ms.date: 07/23/2018
---
# New Microsoft Edge Group Policies and MDM settings (Preview)
@@ -18,40 +18,40 @@ ms.date: 07/19/2018
The Microsoft Edge team introduces new Group Policies and MDM Settings for the Windows 10 Insider Preview Build 17713+. The new policies allow IT administrators to enable/disable full-screen mode, printing, favorites bar, saving history. You can also prevent certificate error overrides, and configure New tab page, Home button and startup options, as well as manage extensions.
-We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** in place of Configure Favorites.
+We are discontinuing the use of the **Configure Favorites** group policy. Use the **[Provision Favorites](available-policies.md#provision-favorites)** instead.
->You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
->
-> **_Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\_**
+>>You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor:
+>>
+>> **_Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\_**
| **Group Policy** | **New/update?** | **MDM Setting** | **New/update?** |
| --- | --- | --- | --- |
-| [Allow fullscreen mode](#allow-fullscreen-mode) | New | AllowFullscreen | New |
-| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | PreventTabPreloading | New |
-| [Allow Prelaunch](#allow-prelaunch) | New | AllowPrelaunch | New |
-| [Allow printing](#allow-printing) | New | AllowPrinting | New |
-| [Allow Saving History](#allow-saving-history) | New | AllowSavingHistory | New |
-| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | AllowSideloadingOfExtensions | New |
+| [Allow fullscreen mode](#allow-fullscreen-mode) | New | [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode) | New |
+| [Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | New | [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | New |
+| [Allow Prelaunch](#allow-prelaunch) | New | [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | New |
+| [Allow printing](#allow-printing) | New | [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | New |
+| [Allow Saving History](#allow-saving-history) | New | [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | New |
+| [Allow sideloading of Extensions](#allow-sideloading-of-extensions) | New | [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | New |
| [Allow web content on new tab page](available-policies.md#allow-web-content-on-new-tab-page) | -- | [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | New |
-| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | ConfigureTelemetryForMicrosoft365Analytics | New |
-| [Configure Favorites Bar](#configure-favorites-bar) | New | ConfigureFavoritesBar | New |
-| [Configure Home button](#configure-home-button) | New | ConfigureHomeButton | New |
-| [Configure kiosk mode](#configure-kiosk-mode) | New | ConfigureKioskMode | New |
-| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | ConfigureKioskResetAfterIdleTimeout | New |
-| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | ConfigureOpenMicrosoftEdgeWith | New |
+| [Configure collection of browsing data for Microsoft 365 Analytics](#configure-collection-of-browsing-data-for-microsoft-365-analytics) | New | [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | New |
+| [Configure Favorites Bar](#configure-favorites-bar) | New | [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | New |
+| [Configure Home button](#configure-home-button) | New | [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | New |
+| [Configure kiosk mode](#configure-kiosk-mode) | New | [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | New |
+| [Configure kiosk reset after idle timeout](#configure-kiosk-reset-after-idle-timeout) | New | [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | New |
+| [Configure Open Microsoft Edge With](#configure-open-microsoft-edge-with) | New | [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | New |
| [Do not sync browser settings](available-policies.md#do-not-sync-browser-settings) | -- | Experience/DoNotSyncBrowserSetting | New |
-| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | PreventCertErrorOverrides | New |
+| [Prevent certificate error overrides](#prevent-certificate-error-overrides) | New | [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | New |
| [Prevent users from turning on browser syncing](#preventusersfromturningonbrowsersyncing) | New | PreventUsersFromTurningOnBrowserSyncing | New |
| [Prevent turning off required extensions](#prevent-turning-off-required-extensions) | New | PreventTurningOffRequiredExtensions | New |
-| [Set Home button URL](#set-home-button-url) | New | SetHomeButtonURL | New |
-| [Set New Tab page URL](#set-new-tab-page-url) | New | SetNewTabPageURL | New |
-| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | ShowMessageWhenOpeningInteretExplorerSites | Updated |
-| [Unlock Home button](#unlock-home-button) | New | UnlockHomeButton | New |
+| [Set Home button URL](#set-home-button-url) | New | [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | New |
+| [Set New Tab page URL](#set-new-tab-page-url) | New | [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | New |
+| [Show message when opening sites in Internet Explorer](#showmessagewhenopeninginteretexplorersites) | Updated | [ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) | Updated |
+| [Unlock Home button](#unlock-home-button) | New | [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | New |
---
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 1de854c1a4..eb6af19adc 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -12,6 +12,8 @@ ms.date: 07/19/2018
# Defender CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
@@ -176,6 +178,57 @@ An interior node to group information about Windows Defender health status.
Supported operation is Get.
+**Health/ProductStatus**
+Added in Windows 10, next major version. Provide the current state of the product. This is a bitmask flag value that can represent one or multiple product states from below list.
+
+Data type is integer. Supported operation is Get.
+
+Supported product status values:
+- No status = 0
+- Service not running = 1 << 0
+- Service started without any malware protection engine = 1 << 1
+- Pending full scan due to threat action = 1 << 2
+- Pending reboot due to threat action = 1 << 3
+- ending manual steps due to threat action = 1 << 4
+- AV signatures out of date = 1 << 5
+- AS signatures out of date = 1 << 6
+- No quick scan has happened for a specified period = 1 << 7
+- No full scan has happened for a specified period = 1 << 8
+- System initiated scan in progress = 1 << 9
+- System initiated clean in progress = 1 << 10
+- There are samples pending submission = 1 << 11
+- Product running in evaluation mode = 1 << 12
+- Product running in non-genuine Windows mode = 1 << 13
+- Product expired = 1 << 14
+- Off-line scan required = 1 << 15
+- Service is shutting down as part of system shutdown = 1 << 16
+- Threat remediation failed critically = 1 << 17
+- Threat remediation failed non-critically = 1 << 18
+- No status flags set (well initialized state) = 1 << 19
+- Platform is out of date = 1 << 20
+- Platform update is in progress = 1 << 21
+- Platform is about to be outdated = 1 << 22
+- Signature or platform end of life is past or is impending = 1 << 23
+- Windows SMode signatures still in use on non-Win10S install = 1 << 24
+
+Example:
+
+``` syntax
+
+
+
+ 1
+ -
+
+ ./Vendor/MSFT/Defender/Health/ProductStatus
+
+
+
+
+
+
+```
+
**Health/ComputerState**
Provide the current state of the device.
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index c0f90952b5..afd02d79f2 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 01/29/20178
+ms.date: 07/12/2018
---
# Defender DDF file
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, next major version.
``` syntax
@@ -43,7 +43,7 @@ The XML below is the current version for this CSP.
- com.microsoft/1.1/MDM/Defender
+ com.microsoft/1.2/MDM/Defender
@@ -286,6 +286,26 @@ The XML below is the current version for this CSP.
+
+ ProductStatus
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
ComputerState
diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png
index 4d90f1b6f2..fa27e9baf2 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and b/windows/client-management/mdm/images/provisioning-csp-defender.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index b121ea214a..eb7feeca2d 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1638,6 +1638,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
+| [Defender CSP](defender-csp.md) |
+Added a new node Health/ProductStatus.
+ |
+
| [BitLocker CSP](bitlocker-csp.md) |
Added a new node AllowStandardUserEncryption.
|
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index d846bdfe33..aef2cd4bcd 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 07/03/2018
+ms.date: 07/23/2018
---
# Policy CSP
@@ -468,6 +468,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/AllowFlashClickToRun
+
+ Browser/AllowFullScreenMode
+
Browser/AllowInPrivate
@@ -480,15 +483,33 @@ The following diagram shows the Policy configuration service provider in tree fo
+
+ Browser/AllowPrelaunch
+
+
+ Browser/AllowPrinting
+
+
+ Browser/AllowSavingHistory
+
Browser/AllowSearchEngineCustomization
Browser/AllowSearchSuggestionsinAddressBar
+
+ Browser/AllowSideloadingOfExtensions
+
Browser/AllowSmartScreen
+
+ Browser/AllowTabPreloading
+
+
+ Browser/AllowWebContentOnNewTabPage
+
Browser/AlwaysEnableBooksLibrary
@@ -498,6 +519,24 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/ConfigureAdditionalSearchEngines
+
+ Browser/ConfigureFavoritesBar
+
+
+ Browser/ConfigureHomeButton
+
+
+ Browser/ConfigureKioskMode
+
+
+ Browser/ConfigureKioskResetAfterIdleTimeout
+
+
+ Browser/ConfigureOpenMicrosoftEdgeWith
+
+
+ Browser/ConfigureTelemetryForMicrosoft365Analytics
+
Browser/DisableLockdownOfStartPages
@@ -513,6 +552,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/FirstRunURL
+
+ Browser/ForceEnabledExtensions
+
Browser/HomePages
@@ -522,6 +564,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/PreventAccessToAboutFlagsInMicrosoftEdge
+
+ Browser/PreventCertErrorOverrides
+
Browser/PreventFirstRunPage
@@ -546,12 +591,21 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/SetDefaultSearchEngine
+
+ Browser/SetHomeButtonURL
+
+
+ Browser/SetNewTabPageURL
+
Browser/ShowMessageWhenOpeningSitesInInternetExplorer
Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
+
+ Browser/UnlockHomeButton
+
Browser/UseSharedFolderForBooks
@@ -939,6 +993,18 @@ The following diagram shows the Policy configuration service provider in tree fo
### DeviceInstallation policies
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
+
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+
+ -
+ DeviceInstallation/PreventDeviceMetadataFromNetwork
+
+ -
+ DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
+
-
DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
@@ -3502,6 +3568,9 @@ The following diagram shows the Policy configuration service provider in tree fo
-
WindowsDefenderSecurityCenter/DisableAppBrowserUI
+ -
+ WindowsDefenderSecurityCenter/DisableClearTpmButton
+
-
WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
@@ -3520,6 +3589,9 @@ The following diagram shows the Policy configuration service provider in tree fo
-
WindowsDefenderSecurityCenter/DisableNotifications
+ -
+ WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
+
-
WindowsDefenderSecurityCenter/DisableVirusUI
@@ -3544,6 +3616,9 @@ The following diagram shows the Policy configuration service provider in tree fo
-
WindowsDefenderSecurityCenter/HideTPMTroubleshooting
+ -
+ WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
+
-
WindowsDefenderSecurityCenter/Phone
@@ -3670,11 +3745,14 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
-- [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
@@ -4075,22 +4153,37 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
+- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
+- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
+- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
+- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
+- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
+- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
+- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
+- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
+- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
+- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
+- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
+- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
+- [Browser/ForceEnabledExtensions](./policy-csp-browser.md#browser-forceenabledextensions)
- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
+- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
@@ -4099,8 +4192,11 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
+- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
+- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
+- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
@@ -4122,7 +4218,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
-- [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
@@ -4189,6 +4284,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
@@ -4810,12 +4909,14 @@ The following diagram shows the Policy configuration service provider in tree fo
- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
+- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
+- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
@@ -4824,6 +4925,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
+- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 36c8742786..e9d7a78158 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -869,7 +869,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-fullscreen-mode-shortdesc](../../../browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md)]
@@ -1207,7 +1207,7 @@ To verify AllowPopups is set to 0 (not allowed):
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-prelaunch-shortdesc](../../../browsers/edge/shortdesc/allow-prelaunch-shortdesc.md)]
@@ -1274,7 +1274,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-printing-shortdesc](../../../browsers/edge/shortdesc/allow-printing-shortdesc.md)]
@@ -1342,7 +1342,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-saving-history-shortdesc](../../../browsers/edge/shortdesc/allow-saving-history-shortdesc.md)]
@@ -1538,7 +1538,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../../../browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
@@ -1677,7 +1677,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-tab-preloading-shortdesc](../../../browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md)]
@@ -1746,7 +1746,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../../../browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
@@ -1877,7 +1877,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../../../browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
@@ -2015,7 +2015,7 @@ Most restricted value: 0
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-favorites-bar-shortdesc](../../../browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md)]
@@ -2085,7 +2085,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-home-button-shortdesc](../../../browsers/edge/shortdesc/configure-home-button-shortdesc.md)]
@@ -2160,7 +2160,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-kiosk-mode-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md)]
@@ -2237,7 +2237,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
@@ -2307,7 +2307,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../../../browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
@@ -2390,7 +2390,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../../../browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
@@ -3015,7 +3015,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../../../browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
@@ -3596,7 +3596,7 @@ Most restricted value: 1
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [set-home-button-url-shortdesc](../../../browsers/edge/shortdesc/set-home-button-url-shortdesc.md)]
@@ -3665,7 +3665,7 @@ Supported values:
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [set-new-tab-url-shortdesc](../../../browsers/edge/shortdesc/set-new-tab-url-shortdesc.md)]
@@ -3873,7 +3873,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
->*Supported versions: Microsoft Edge on Windows 10, next major release*
+>*Supported versions: Microsoft Edge on Windows 10, next major update to Windows*
[!INCLUDE [unlock-home-button-shortdesc](../../../browsers/edge/shortdesc/unlock-home-button-shortdesc.md)]
@@ -3970,7 +3970,7 @@ Footnote:
- 2 - Supported versions, version 1703.
- 3 - Supported versions, version 1709.
- 4 - Supported versions, version 1803.
-- 5 - Added in the next major release of Windows 10.
+- 5 - Added in the next major update to Windows of Windows 10.
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 7fd6d96493..5dabbc96ab 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 03/12/2018
+ms.date: 07/23/2018
---
# Policy CSP - DeviceInstallation
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -19,6 +21,18 @@ ms.date: 03/12/2018
## DeviceInstallation policies
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
+
+ -
+ DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+
+ -
+ DeviceInstallation/PreventDeviceMetadataFromNetwork
+
+ -
+ DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
+
-
DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
@@ -28,6 +42,290 @@ ms.date: 03/12/2018
+
+
+
+**DeviceInstallation/AllowInstallationOfMatchingDeviceIDs**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+
+If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Allow installation of devices that match any of these device IDs*
+- GP name: *DeviceInstall_IDs_Allow*
+- GP path: *System/Device Installation/Device Installation Restrictions*
+- GP ADMX file name: *deviceinstallation.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+
+If you enable this policy setting, Windows is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Allow installation of devices using drivers that match these device setup classes*
+- GP name: *DeviceInstall_Classes_Allow*
+- GP path: *System/Device Installation/Device Installation Restrictions*
+- GP ADMX file name: *deviceinstallation.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**DeviceInstallation/PreventDeviceMetadataFromNetwork**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.
+
+If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).
+
+If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Prevent device metadata retrieval from the Internet*
+- GP name: *DeviceMetadata_PreventDeviceMetadataFromNetwork*
+- GP path: *System/Device Installation*
+- GP ADMX file name: *DeviceSetup.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.
+
+If you enable this policy setting, Windows is prevented from installing or updating the device driver for any device that is not described by either the "Allow installation of devices that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting.
+
+If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Prevent installation of devices not described by other policy settings*
+- GP name: *DeviceInstall_Unspecified_Deny*
+- GP path: *System/Device Installation/Device Installation Restrictions*
+- GP ADMX file name: *deviceinstallation.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -159,6 +457,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index b8322c4c8e..2f545af87b 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,11 +6,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 03/12/2018
+ms.date: 07/12/2018
---
# Policy CSP - WindowsDefenderSecurityCenter
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
@@ -27,6 +30,9 @@ ms.date: 03/12/2018
-
WindowsDefenderSecurityCenter/DisableAppBrowserUI
+ -
+ WindowsDefenderSecurityCenter/DisableClearTpmButton
+
-
WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
@@ -45,6 +51,9 @@ ms.date: 03/12/2018
-
WindowsDefenderSecurityCenter/DisableNotifications
+ -
+ WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
+
-
WindowsDefenderSecurityCenter/DisableVirusUI
@@ -69,6 +78,9 @@ ms.date: 03/12/2018
-
WindowsDefenderSecurityCenter/HideTPMTroubleshooting
+ -
+ WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
+
-
WindowsDefenderSecurityCenter/Phone
@@ -252,6 +264,80 @@ The following list shows the supported values:
+
+**WindowsDefenderSecurityCenter/DisableClearTpmButton**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Disable the Clear TPM button in Windows Security.
+
+Enabled:
+The Clear TPM button will be unavailable for use.
+
+Disabled:
+The Clear TPM button will be available for use on supported systems.
+
+Not configured:
+Same as Disabled.
+
+Supported values:
+
+- 0 - Disabled (default)
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP English name: *Disable the Clear TPM button*
+- GP name: *DeviceSecurity_DisableClearTpmButton*
+- GP path: *Windows Components/Windows Security/Device security*
+- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
@@ -613,6 +699,80 @@ The following list shows the supported values:
+
+**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
+
+Enabled:
+Users will not be shown a recommendation to update their TPM Firmware.
+
+Disabled:
+Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
+
+Not configured:
+Same as Disabled.
+
+Supported values:
+
+- 0 - Disabled (default)
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP English name: *Hide the TPM Firmware Update recommendation.*
+- GP name: *DeviceSecurity_DisableTpmFirmwareUpdateWarning*
+- GP path: *Windows Components/Windows Security/Device security*
+- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**WindowsDefenderSecurityCenter/DisableVirusUI**
@@ -1081,6 +1241,82 @@ Valid values:
+
+**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ | 5 |
+ 5 |
+ 5 |
+ 5 |
+ 5 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting hides the Windows Security notification area control.
+
+The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
+
+Enabled:
+Windows Security notification area control will be hidden.
+
+Disabled:
+Windows Security notification area control will be shown.
+
+Not configured:
+Same as Disabled.
+
+Supported values:
+
+- 0 - Disabled (default)
+- 1 - Enabled
+
+
+
+ADMX Info:
+- GP English name: *Hide Windows Security Systray*
+- GP name: *Systray_HideSystray*
+- GP path: *Windows Components/Windows Security/Systray*
+- GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**WindowsDefenderSecurityCenter/Phone**
@@ -1194,6 +1430,7 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
+- 5 - Added in the next major release of Windows 10.