Merge branch 'main' into privacy-update-vb

2025-05-12 13:27:23 +00:00 · 2023-02-22 13:23:06 -08:00 · 2023-02-22 13:23:06 -08:00 · 021b30d2f4
commit 021b30d2f4
parent cd6a8d69f7 e9f91ba2e0
781 changed files with 5223 additions and 5475 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -19463,7 +19463,7 @@
    {
      "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
      "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware",
-      "redirect_document_id": false  
+      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
@ -20114,7 +20114,7 @@
      "source_path": "windows/deployment/update/update-compliance-v2-enable.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-enable",
      "redirect_document_id": false
-    },	
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-help.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-help",
@ -20124,22 +20124,22 @@
      "source_path": "windows/deployment/update/update-compliance-v2-overview.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
      "redirect_document_id": false
-    },		
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-prerequisites.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-prerequisites",
      "redirect_document_id": false
-    },	
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclient.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclient",
      "redirect_document_id": false
-    },	
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus",
      "redirect_document_id": false
-    },		
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus",
@ -20149,17 +20149,17 @@
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucdevicealert",
      "redirect_document_id": false
-    },		
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus",
      "redirect_document_id": false
-    },		
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucupdatealert",
      "redirect_document_id": false
-    },	
+    },
    {
      "source_path": "windows/deployment/update/update-compliance-v2-schema.md",
      "redirect_url": "/windows/deployment/update/wufb-reports-schema",
@ -20194,7 +20194,7 @@
      "source_path": "windows/deployment/planning/features-lifecycle.md",
      "redirect_url": "/windows/whats-new/feature-lifecycle",
      "redirect_document_id": false
-    }, 
+    },
    {
      "source_path": "windows/deployment/planning/windows-10-deprecated-features.md",
      "redirect_url": "/windows/whats-new/deprecated-features",
@ -20205,7 +20205,7 @@
      "redirect_url": "/windows/whats-new/removed-features",
      "redirect_document_id": false
    },
-    {               
+    {
      "source_path": "windows/deployment/usmt/usmt-common-issues.md",
      "redirect_url": "/troubleshoot/windows-client/deployment/usmt-common-issues",
      "redirect_document_id": false
@ -20514,6 +20514,86 @@
      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md",
      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies",
      "redirect_document_id": true
    },
    {
      "source_path": "windows/client-management/mdm/policy-ddf-file.md",
      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
      "redirect_document_id": true
    },
    {
      "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
      "redirect_document_id": true
    },
    {
      "source_path": "windows/security/information-protection/tpm/change-the-tpm-owner-password.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/get-support-for-security-baselines.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/information-protection/tpm/manage-tpm-commands.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/information-protection/tpm/manage-tpm-lockout.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/whats-new/windows-10-insider-preview.md",
      "redirect_url": "/windows/whats-new",
      "redirect_document_id": false
    },    
    {
      "source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
      "redirect_url": "/windows/security",
      "redirect_document_id": false
    }
  ]
 }
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@ -28,6 +28,9 @@
    ],
    "globalMetadata": {
      "recommendations": true,
      "ms.collection": [
        "tier3"
      ],
      "breadcrumb_path": "/microsoft-edge/breadcrumbs/toc.json",
      "ROBOTS": "INDEX, FOLLOW",
      "ms.technology": "microsoft-edge",
--- a/browsers/edge/microsoft-edge-faq.yml
+++ b/browsers/edge/microsoft-edge-faq.yml
@ -2,6 +2,7 @@
 metadata:
  title: Microsoft Edge - Frequently Asked Questions (FAQ) for IT Pros
  ms.reviewer: 
  ms.date: 12/14/2020
  audience: itpro
  manager: dansimp
  description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ b/browsers/enterprise-mode/enterprise-mode.md
@ -11,7 +11,7 @@ ms.reviewer:
 manager: dansimp
 title: Enterprise Mode for Microsoft Edge
 ms.sitesec: library
-ms.date: ''
+ms.date: 07/17/2018
 ---
 # Enterprise Mode for Microsoft Edge
@ -55,5 +55,3 @@ You can build and manage your Enterprise Mode Site List is by using any generic
 ### Add multiple sites to the site list
--- a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
@ -1,3 +1,6 @@
 ---
 ms.date: 07/17/2018
 ---
 Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
 centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 won’t look for an updated list again until you restart the browser.
--- a/browsers/enterprise-mode/what-is-enterprise-mode-include.md
+++ b/browsers/enterprise-mode/what-is-enterprise-mode-include.md
@ -1,4 +1,7 @@
 ---
 ms.date: 07/17/2018
 ---
 ## What is Enterprise Mode?
 Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
+Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@ -24,6 +24,9 @@
    ],
    "globalMetadata": {
      "recommendations": true,
      "ms.collection": [
        "tier3"
      ],
      "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
      "ROBOTS": "INDEX, FOLLOW",
      "ms.topic": "article",
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@ -9,6 +9,7 @@ title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Expl
 ms.sitesec: library
 ms.localizationpriority: medium
 manager: dansimp
 ms.date: 02/24/2016
 ---
@ -62,4 +63,4 @@ IE11 offers differing experiences in Windows 8.1:
 ## Related topics
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
+- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@ -6,6 +6,7 @@ author: dansimp
 ms.prod: ie11
 ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
 ms.reviewer: 
 ms.date: 03/15/2016
 audience: itpro
 manager: dansimp
 ms.author: dansimp
@ -60,8 +61,3 @@ You can also click **Select All** to add, or **Clear All** to remove, all of the
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@ -9,6 +9,7 @@ title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
 ms.sitesec: library
 ms.localizationpriority: medium
 manager: dansimp
 ms.date: 03/15/2016
 ---
@ -49,4 +50,4 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
 - [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.yml)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
+- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@ -1,16 +1,12 @@
 ---
 author: aczechowski
 ms.author: aaroncz
-ms.date: 12/16/2022
+ms.date: 02/14/2023
 ms.reviewer: cathask
 manager: aaroncz
 ms.prod: ie11
 ms.topic: include
 ---
-> [!WARNING]
+> [!CAUTION]
-> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023.
+> **Update:** The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
 >
 > We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption.
 >
 > For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
--- a/education/docfx.json
+++ b/education/docfx.json
@ -29,7 +29,10 @@
    "globalMetadata": {
      "recommendations": true,
      "ms.topic": "article",
-      "ms.collection": "education",
+      "ms.collection": [
        "education",
        "tier2"
      ],
      "ms.prod": "windows-client",
      "ms.technology": "itpro-edu",
      "author": "paolomatarazzo",
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@ -1,3 +1,6 @@
 ---
 ms.date: 10/24/2020
 ---
 <!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
--- a/education/index.yml
+++ b/education/index.yml
@ -45,7 +45,7 @@ productDirectory:
          text: Azure information protection deployment acceleration guide
        - url: /defender-cloud-apps/get-started
          text: Microsoft Defender for Cloud Apps
-        - url: /microsoft-365/compliance/create-test-tune-dlp-policy
+        - url: /microsoft-365/compliance/information-protection#prevent-data-loss
          text: Data loss prevention
        - url: /microsoft-365/compliance/
          text: Microsoft Purview compliance
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@ -7,6 +7,7 @@ appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ms.collection:
  - highpri
  - tier2
  - education
 ---
--- a/education/windows/change-home-to-edu.md
+++ b/education/windows/change-home-to-edu.md
@ -7,6 +7,9 @@ author: scottbreenmsft
 ms.author: scbree
 ms.reviewer: paoloma
 manager: jeffbu
 ms.collection:
  - tier3
  - education
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@ -7,6 +7,7 @@ appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ms.collection:
  - highpri
  - tier2
  - education
 ---
@ -147,7 +148,7 @@ Existing Azure AD domain joined devices will be changed to Windows 10 Pro Educat
 ### For new devices that are not Azure AD joined
 Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
-#### Step 1: Join users’ devices to Azure AD
+#### Step 1: Join users' devices to Azure AD
 Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607 or higher, version 1703.
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@ -1,7 +1,7 @@
 ---
 title: Configure federation between Google Workspace and Azure AD
 description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
-ms.date: 01/17/2023
+ms.date: 02/10/2023
 ms.topic: how-to
 ---
@ -42,7 +42,7 @@ To test federation, the following prerequisites must be met:
 1. On the *Service provider details* page
      - Select the option **Signed response**
      - Verify that the Name ID format is set to **PERSISTENT**
-      - Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping. For more information, see (article to write).\
+      - Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\
        If using Google auto-provisioning, select **Basic Information > Primary email**
      - Select **Continue**
 1. On the *Attribute mapping* page, map the Google attributes to the Azure AD attributes
--- a/education/windows/edu-stickers.md
+++ b/education/windows/edu-stickers.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier2
 ---
 # Configure Stickers for Windows 11 SE
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@ -5,6 +5,10 @@ ms.date: 01/12/2023
 ms.topic: how-to
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
  - highpri
  - tier1
  - education
 ---
 <!-- MAXADO-6286399 -->
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier2
 ---
 # Get Minecraft: Education Edition
--- a/education/windows/images/suspcs/2023-02-16_13-02-37.png
+++ b/education/windows/images/suspcs/2023-02-16_13-02-37.png
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier2
 ---
 # For IT administrators - get Minecraft: Education Edition
@ -34,7 +35,7 @@ If you turn off this setting after students have been using Minecraft: Education
 Users in a Microsoft verified academic institution account will have access to the free trial limited logins for Minecraft: Education Edition. This grants faculty accounts 25 free logins and student accounts 10 free logins. To purchase direct licenses, see [Minecraft: Education Edition - direct purchase](#individual-copies). 
-If you’ve been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license). 
+If you've been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license). 
 ### <a href="" id="individual-copies"></a>Minecraft: Education Edition - direct purchase
@ -48,7 +49,7 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
 5. Select the quantity of licenses you would like to purchase and select **Place Order**.
-6. After you’ve purchased licenses, you’ll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
+6. After you've purchased licenses, you'll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
 If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses).
@ -57,7 +58,7 @@ If you need additional licenses for **Minecraft: Education Edition**, see [Buy o
 Qualified education institutions can purchase Minecraft: Education Edition licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions (EES) volume licensing program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this: 
 - Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the licenses will be available in your [Microsoft Store for Education](https://www.microsoft.com/business-store) inventory. 
- You’ll receive an email with a link to Microsoft Store for Education. 
+- You'll receive an email with a link to Microsoft Store for Education. 
 - Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
 ## Minecraft: Education Edition payment options
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier2
 ---
 # For teachers - get Minecraft: Education Edition
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier2
 ---
 # Test Windows 10 in S mode on existing Windows 10 education devices
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@ -8,6 +8,7 @@ appliesto:
 ms.collection:
  - highpri
  - education
  - tier1
 ---
 # Windows 11 SE Overview
@ -93,6 +94,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Class Policy`                            | 114.0.0           | Win32    | `Class Policy`                            |
 | `Classroom.cloud`                         | 1.40.0004         | Win32    | `NetSupport`                              |
 | `CoGat Secure Browser`                    | 11.0.0.19         | Win32    | `Riverside Insights`                      |
 | `ColorVeil`                               | 4.0.0.175         | Win32    | `East-Tec`                                | 
 | `ContentKeeper Cloud`                     | 9.01.45           | Win32    | `ContentKeeper Technologies`              |
 | `Dragon Professional Individual`          | 15.00.100         | Win32    | `Nuance Communications`                   |
 | `DRC INSIGHT Online Assessments`          | 12.0.0.0          | `Store`  | `Data recognition Corporation`            |
 | `Duo from Cisco`                          | 3.0.0             | Win32    | `Cisco`                                   |
@ -104,7 +107,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Free NaturalReader`                      | 16.1.2            | Win32    | `Natural Soft`                            |
 | `Ghotit Real Writer & Reader`             | 10.14.2.3         | Win32    | `Ghotit Ltd`                              |
 | `GoGuardian`                              | 1.4.4             | Win32    | `GoGuardian`                              |
-| `Google Chrome`                           | 102.0.5005.115    | Win32    | `Google`                                  |
+| `Google Chrome`                           | 109.0.5414.75     | Win32    | `Google`                                  |
 | `GuideConnect`                            | 1.23              | Win32    | `Dolphin Computer Access`                 |
 | `Illuminate Lockdown Browser`             | 2.0.5             | Win32    | `Illuminate Education`                    |
 | `Immunet`                                 | 7.5.8.21178       | Win32    | `Immunet`                                 |
 | `Impero Backdrop Client`                  | 4.4.86            | Win32    | `Impero Software`                         |
@ -137,10 +141,10 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Respondus Lockdown Browser`              | 2.0.9.03          | Win32    | `Respondus`                               |
 | `Safe Exam Browser`                       | 3.4.1.505         | Win32    | `Safe Exam Browser`                       |
 | `Senso.Cloud`                             | 2021.11.15.0      | Win32    | `Senso.Cloud`                             |
-| `Smoothwall Monitor`                      | 2.8.0             | Win32    | `Smoothwall Ltd`                          |
+| `Smoothwall Monitor`                      | 2.9.2             | Win32    | `Smoothwall Ltd`                          |
 | `SuperNova Magnifier & Screen Reader`     | 21.02             | Win32    | `Dolphin Computer Access`                 |
 | `SuperNova Magnifier & Speech`            | 21.02             | Win32    | `Dolphin Computer Access`                 |
-|`TX Secure Browser`                        | 15.0.0            | Win32    | `Cambium Development`
+|`TX Secure Browser`                        | 15.0.0            | Win32    | `Cambium Development`                     |
 | `VitalSourceBookShelf`                    | 10.2.26.0         | Win32    | `VitalSource Technologies Inc`            |
 | `Winbird`                                 | 19                | Win32    | `Winbird Co., Ltd.`                       |
 | `WordQ`                                   | 5.4.23            | Win32    | `Mathetmots`                              |
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@ -5,6 +5,9 @@ ms.topic: article
 ms.date: 09/12/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
  - education
  - tier1
 ---
 # Windows 11 SE for Education settings list
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@ -32,6 +32,9 @@
    "externalReference": [],
    "globalMetadata": {
      "recommendations": true,
      "ms.collection": [
        "tier2"
      ],
      "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
      "ms.author": "trudyha",
      "audience": "ITPro",
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@ -1,3 +1,6 @@
 ---
 ms.date: 10/31/2020
 ---
 <!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@ -35,6 +35,9 @@
    "globalMetadata": {
      "recommendations": true,
      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
      "ms.collection": [
        "tier2"
      ],
      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "itpro-apps",
      "ms.topic": "article",
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@ -43,314 +43,314 @@ The following information lists the system apps on some Windows Enterprise OS ve
 - File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - InputApp
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ |  | | ✔️ |
+  | | ❌ | ❌ |  | | ✔️ |
  ---
 - Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.AccountsControl | Package name: Microsoft.AccountsControl
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Hello setup UI | Package name: Microsoft.BioEnrollment
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.CredDialogHost
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.ECApp
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.LockApp
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft Edge | Package name: Microsoft.MicrosoftEdge
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.MicrosoftEdgeDevToolsClient
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.PPIProjection
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ |  | | ✔️ |
+  | | ❌ | ❌ |  | | ✔️ |
  ---
 - Microsoft.Win32WebViewHost
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.Apprep.ChxApp
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.AssignedAccessLockApp
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.CapturePicker
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.CloudExperienceHost
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.ContentDeliveryManager
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Cortana | Package name: Microsoft.Windows.Cortana
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ |  | | ✔️ |
+  | | ❌ | ❌ |  | | ✔️ |
  ---
 - Microsoft.Windows.OOBENetworkCaptivePort
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.OOBENetworkConnectionFlow
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.ParentalControls
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - People Hub | Package name: Microsoft.Windows.PeopleExperienceHost
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.PinningConfirmationDialog
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.SecHealthUI
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.Windows.SecureAssessmentBrowser
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Start | Package name: Microsoft.Windows.ShellExperienceHost
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Microsoft.XboxGameCallableUI
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Windows.CBSPreview
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Settings | Package name: Windows.immersivecontrolpanel
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
 - Print 3D | Package name: Windows.Print3D
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ✔️ |  | | ✔️ |
+  | | ✔️ | ✔️ |  | | ✔️ |
  ---
 - Print UI | Package name: Windows.PrintDialog
  ---
-  | Uninstall through UI? | 21H1 | 20H2 | 1809 |
+  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- |
+  | --- | --- | --- | --- | --- | --- |
-  | ❌ | ✔️ | ✔️| ✔️ |
+  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
  ---
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@ -8,7 +8,9 @@ manager: aaroncz
 ms.localizationpriority: medium
 ms.date: 03/28/2022
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@ -1,14 +1,16 @@
 ---
 title: Azure Active Directory integration with MDM
 description: Azure Active Directory is the world's largest enterprise cloud identity management service.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.date: 12/31/2017
 ---
@ -46,7 +48,7 @@ Azure AD Join also enables company owned devices to be automatically enrolled in
 > [!IMPORTANT]
 > Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](/previous-versions/azure/dn499825(v=azure.100)) license.
- 
+
 ### BYOD scenario
 Windows 10 also introduces a simpler way to configure personal devices to access work apps and resources. Users can add their Microsoft work account to Windows and enjoy simpler and safer access to the apps and resources of the organization. During this process, Azure AD detects if the organization has configured an MDM. If that’s the case, Windows attempts to enroll the device in MDM as part of the “add account” flow. In the BYOD case, users can reject the MDM Terms of Use. The device isn't enrolled in MDM and access to organization resources is typically restricted.
@ -70,7 +72,7 @@ Once a user has an Azure AD account added to Windows and enrolled in MDM, the en
 > [!NOTE]
 > Users can't remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
- 
+
 ### MDM endpoints involved in Azure AD–integrated enrollment
 Azure AD MDM enrollment is a two-step process:
@ -187,7 +189,7 @@ The following image show how MDM applications show up in the Azure app gallery.
 ### Add cloud-based MDM to the app gallery
 > [!NOTE]
-> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application 
+> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application
 The following table shows the required information to create an entry in the Azure AD app gallery.
@ -200,7 +202,7 @@ The following table shows the required information to create an entry in the Azu
 |**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215|
- 
+
 ### Add on-premises MDM to the app gallery
 There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrators to add an app to their tenant.
@ -232,7 +234,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
 |--- |--- |--- |--- |--- |
 |FRX|OOBE|Dark theme + blue background color|Filename: Ui-dark.css|Filename: oobe-dekstop.css|
 |MOSET|Settings/Post OOBE|Light theme|Filename: Ui-light.css|Filename: settings-desktop.css|
- 
+
 ## Terms of Use protocol semantics
 The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
@ -332,7 +334,7 @@ The following table shows the error codes.
 |Azure AD token validation failed|302|unauthorized_client|unauthorized_client|
 |internal service error|302|server_error|internal service error|
- 
+
 ## Enrollment protocol with Azure AD
 With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
--- a/windows/client-management/change-history-for-mdm-documentation.md
+++ b/windows/client-management/change-history-for-mdm-documentation.md
@ -185,7 +185,7 @@ As of November 2020 This page will no longer be updated. This article lists new
 |[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
 |[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
 |[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
-|[Policy DDF file](mdm/policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
+|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
 |[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:<li>Browser/AllowFullScreenMode<li>Browser/AllowPrelaunch<li>Browser/AllowPrinting<li>Browser/AllowSavingHistory<li>Browser/AllowSideloadingOfExtensions<li>Browser/AllowTabPreloading<li>Browser/AllowWebContentOnNewTabPage<li>Browser/ConfigureFavoritesBar<li>Browser/ConfigureHomeButton<li>Browser/ConfigureKioskMode<li>Browser/ConfigureKioskResetAfterIdleTimeout<li>Browser/ConfigureOpenMicrosoftEdgeWith<li>Browser/ConfigureTelemetryForMicrosoft365Analytics<li>Browser/PreventCertErrorOverrides<li>Browser/SetHomeButtonURL<li>Browser/SetNewTabPageURL<li>Browser/UnlockHomeButton<li>Experience/DoNotSyncBrowserSettings<li>Experience/PreventUsersFromTurningOnBrowserSyncing<li>Kerberos/UPNNameHints<li>Privacy/AllowCrossDeviceClipboard<li>Privacy<li>DisablePrivacyExperience<li>Privacy/UploadUserActivities<li>System/AllowDeviceNameInDiagnosticData<li>System/ConfigureMicrosoft365UploadEndpoint<li>System/DisableDeviceDelete<li>System/DisableDiagnosticDataViewer<li>Storage/RemovableDiskDenyWriteAccess<li>Update/UpdateNotificationLevel<br/><br/>Start/DisableContextMenus - added in Windows 10, version 1803.<br/><br/>RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
 ## July 2018
@ -217,7 +217,7 @@ As of November 2020 This page will no longer be updated. This article lists new
 |New or updated article|Description|
 |--- |--- |
-|[Policy DDF file](mdm/policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
+|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
 ## April 2018
@ -281,7 +281,7 @@ As of November 2020 This page will no longer be updated. This article lists new
 | New or updated article | Description |
 | --- | --- |
-| [Policy DDF file](mdm/policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
+| [Policy DDF file](mdm/configuration-service-provider-ddf.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
 | [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:<br/><br/>- Defender/ControlledFolderAccessAllowedApplications - string separator is `|`  <br/>- Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
 | [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
 | [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
@ -313,5 +313,5 @@ As of November 2020 This page will no longer be updated. This article lists new
 |[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:<li>Installation/CurrentStatus|
 |[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
 |[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:<li>Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.<li>Changed some data types from integer to bool.<li>Updated the list of supported operations for some settings.<li>Added default values.|
-|[Policy DDF file](mdm/policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
+|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
 |[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:<li>Browser/ProvisionFavorites<li>Browser/LockdownFavorites<li>ExploitGuard/ExploitProtectionSettings<li>Games/AllowAdvancedGamingServices<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations<li>Privacy/EnableActivityFeed<li>Privacy/PublishUserActivities<li>Update/DisableDualScan<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork<br/><br/>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.<br/><br/>Changed the names of the following policies:<li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications<li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess<br/><br/>Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).<br/><br/>There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:<li>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts<li>Start/HideAppList|
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@ -6,10 +6,12 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.author: vinpa
 ms.date: 01/18/2022
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
@ -29,23 +31,23 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 ## Set up
 - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported. 
+- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop. 
+- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
 Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
 - On the PC you want to connect to:
  1. Open system properties for the remote PC.
-  
+
  2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
     ![Allow remote connections to this computer.](images/allow-rdp.png)
  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
-     
+
      - Adding users manually
-   
+
        You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
        ```powershell
        net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
@ -62,7 +64,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
         > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
      - Adding users using policy
-     
+
         Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
         > [!TIP]
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@ -1,7 +1,7 @@
 ---
 title: Mobile device management MDM for device updates
 description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/15/2017
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile device management (MDM) for device updates
--- a/windows/client-management/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/diagnose-mdm-failures-in-windows-10.md
@ -1,7 +1,7 @@
 ---
 title: Diagnose MDM failures in Windows 10
 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/25/2018
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Diagnose MDM failures in Windows 10
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@ -34,6 +34,9 @@
    "externalReference": [],
    "globalMetadata": {
      "recommendations": true,
      "ms.collection": [
        "tier2"
      ],
      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "itpro-manage",
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -7,9 +7,11 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 04/30/2022
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Enroll a Windows 10 device automatically using Group Policy
@ -188,19 +190,19 @@ Requirements:
   - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
   - 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591)
-   
+
   - 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
-   
+
   - 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
   - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
-   
+
   - 22H2 --> [Administrative Templates (.admx) for Windows 10 October 2022 Update (22H2)](https://www.microsoft.com/download/104677)
   - 22H2 --> [Administrative Templates (.admx) for Windows 11 2022 September Update (22H2)](https://www.microsoft.com/download/details.aspx?id=104593)
-   
+
 2. Install the package on the Domain Controller.
 3. Navigate, depending on the version to the folder:
@ -214,13 +216,13 @@ Requirements:
   - 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
   - 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
-   
+
   - 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)**
   - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update V2 (21H2)**
-    
+
   - 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2022 Update (22H2)**
   - 22H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 11 September 2022 Update (22H2)**
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.technology: itpro-manage
  ms.collection:
    - highpri
    - tier1
  author: aczechowski
  ms.author: aaroncz
  manager: dougeby
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@ -5,10 +5,12 @@ ms.prod: windows-client
 author: vinaypamnani-msft
 ms.author: vinpa
 ms.date: 09/14/2021
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.technology: itpro-manage
 ---
@ -51,7 +53,7 @@ First, you create a default user profile with the customizations that you want,
 1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
   > [!NOTE]
-   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders.
 1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on.
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@ -1,17 +1,19 @@
 ---
 title: MDM enrollment of Windows 10-based devices
 description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
-MS-HAID: 
+MS-HAID:
  - 'p\_phdevicemgmt.enrollment\_ui'
  - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ms.date: 12/31/2017
 ---
@ -35,7 +37,7 @@ Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Educatio
 > [!NOTE]
 > Mobile devices can't be connected to an Active Directory domain.
-### Out-of-box-experience 
+### Out-of-box-experience
 Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) isn't supported. To join a domain:
@ -90,7 +92,7 @@ There are a few instances where your device can't be connected to an Active Dire
 | You're logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                    |
 | Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Active Directory domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
- 
+
 ### Connect your device to an Azure AD domain (join Azure AD)
@ -167,9 +169,9 @@ There are a few instances where your device can't be connected to an Azure AD do
 | Your device is already managed by MDM.                          | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
 | Your device is running Windows 10 Home.                         | This feature isn't available on Windows 10 Home, so you'll be unable to connect to an Azure AD domain. You'll need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue.          |
-## Connect personally owned devices 
+
 ## Connect personally owned devices
 Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 doesn't require a personal Microsoft account on devices to connect to work or school.
@ -247,7 +249,7 @@ To create a local account and connect the device:
   ![screen to set up your device](images/unifiedenrollment-rs1-33-b.png)
   After you complete the flow, your device will be connected to your organization’s MDM.
-   
+
 ### Help with connecting personally owned devices
 There are a few instances where your device may not be able to connect to work.
@ -260,7 +262,7 @@ There are a few instances where your device may not be able to connect to work.
 | You don’t have the right privileges to perform this operation. Talk to your admin.                                                                                                  | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
 | We couldn’t auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
- 
+
 ## Connect your Windows 10-based device to work using a deep link
@ -283,13 +285,13 @@ The deep link used for connecting your device to work will always use the follow
 | ownership | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
 > [!NOTE]
-> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later. 
+> AWA and Azure Active Directory-joined values for mode are only supported on Windows 10, version 1709 and later.
 ### Connect to MDM using a deep link
 > [!NOTE]
 > Deep links only work with Internet Explorer or Microsoft Edge browsers. Examples of URI's that may be used to connect to MDM using a deep link:
-> 
+>
 > - **ms-device-enrollment:?mode=mdm**
 > - **ms-device-enrollment:?mode=mdm&username=`someone@example.com`&servername=`https://example.server.com`**
@ -342,7 +344,7 @@ Starting in Windows 10, version 1709, selecting the **Info** button will show a
 ![work or school info.](images/unifiedenrollment-rs1-35-b.png)
 > [!NOTE]
-> Starting in Windows 10, version 1709, the **Manage** button is no longer available. 
+> Starting in Windows 10, version 1709, the **Manage** button is no longer available.
 ### Disconnect
@ -363,7 +365,7 @@ Starting in Windows 10, version 1709, you can get the advanced diagnostic report
 ![collecting enrollment management log files.](images/unifiedenrollment-rs1-37-c.png)
- 
+
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@ -9,7 +9,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile Device Management overview
--- a/windows/client-management/mdm/configuration-service-provider-ddf.md
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service provider DDF files
 description: Learn more about the OMA DM device description framework (DDF) for various configuration service providers
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,14 +9,578 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Configuration service provider DDF files
-This topic shows the OMA DM device description framework (DDF) for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
+This article lists the OMA DM device description framework (DDF) files for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
-You can download the DDF files for various CSPs from the links below:
+As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
 - [DDF v2 Files, December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
 ## DDF v2 schema
 DDF v2 XML schema definition is listed below along with the schema definition for the referenced `MSFT` namespace.
 - Schema definition for DDF v2:
    ```xml
    <?xml version="1.0" encoding="Windows-1252"?>
    <xs:schema xmlns="http://tempuri.org/DM_DDF-V1_2" elementFormDefault="qualified" targetNamespace="http://tempuri.org/DM_DDF-V1_2"
               xmlns:xs="http://www.w3.org/2001/XMLSchema"
               xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
      <xs:import schemaLocation="DDFv2Msft.xsd" namespace="http://schemas.microsoft.com/MobileDevice/DM" />
      <xs:element name="MgmtTree">
        <xs:annotation>
          <xs:documentation>Starting point for DDF</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element ref="VerDTD" />
            <xs:element minOccurs="1" ref="MSFT:Diagnostics" />
            <xs:element minOccurs="1" maxOccurs="unbounded" ref="Node" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="VerDTD" type="xs:string" />
      <xs:element name="Node">
        <xs:annotation>
          <xs:documentation>Main Recurring XML tag describing nodes of the CSP</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element ref="NodeName" />
            <xs:element minOccurs="0" maxOccurs="1" ref="Path" />
            <xs:element minOccurs="1" maxOccurs="1" ref="DFProperties" />
            <xs:choice>
              <xs:element minOccurs="0" maxOccurs="unbounded" ref="Node" />
            </xs:choice>
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="NodeName" type="xs:anyURI" />
      <xs:element name="Path" type="xs:anyURI" />
      <xs:element name="MIME" type="xs:string" />
      <xs:element name="DDFName" type="xs:string" />
      <xs:element name="DFProperties">
        <xs:complexType>
          <xs:sequence>
            <xs:element ref="AccessType" />
            <xs:element minOccurs="0" maxOccurs="1" ref="DefaultValue" />
            <xs:element minOccurs="0" maxOccurs="1" ref="Description" />
            <xs:element ref="DFFormat" />
            <xs:element minOccurs="0" maxOccurs="1" ref="Occurrence" />
            <xs:element minOccurs="0" maxOccurs="1" ref="Scope" />
            <xs:element minOccurs="0" maxOccurs="1" ref="DFTitle" />
            <xs:element ref="DFType" />
            <xs:element minOccurs="0" maxOccurs="1" ref="CaseSense" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Applicability" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DynamicNodeNaming" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AllowedValues" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ReplaceBehavior" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:RebootBehavior" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:GpMapping" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:CommonErrorResults" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Deprecated" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DependencyBehavior" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ConflictResolution" />
            <xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AtomicRequired" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="AccessType">
        <xs:complexType>
          <xs:sequence>
            <xs:element minOccurs="0" maxOccurs="1" name="Add" />
            <xs:element minOccurs="0" maxOccurs="1" name="Copy" />
            <xs:element minOccurs="0" maxOccurs="1" name="Delete" />
            <xs:element minOccurs="0" maxOccurs="1" name="Exec" />
            <xs:element minOccurs="0" maxOccurs="1" name="Get" />
            <xs:element minOccurs="0" maxOccurs="1" name="Replace" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="DefaultValue" type="xs:string" />
      <xs:element name="Description" type="xs:string" />
      <xs:element name="DFFormat">
        <xs:complexType>
          <xs:choice>
            <xs:element name="b64" />
            <xs:element name="bin" />
            <xs:element name="bool" />
            <xs:element name="chr" />
            <xs:element name="int" />
            <xs:element name="node" />
            <xs:element name="null" />
            <xs:element name="xml" />
            <xs:element name="date" />
            <xs:element name="time" />
            <xs:element name="float" />
          </xs:choice>
        </xs:complexType>
      </xs:element>
      <xs:element name="Occurrence">
        <xs:complexType>
          <xs:choice>
            <xs:element name="One" />
            <xs:element name="ZeroOrOne" />
            <xs:element name="ZeroOrMore" />
            <xs:element name="OneOrMore" />
            <xs:element name="ZeroOrN" type="xs:integer" />
            <xs:element name="OneOrN" type="xs:integer" />
          </xs:choice>
        </xs:complexType>
      </xs:element>
      <xs:element name="Scope">
        <xs:complexType>
          <xs:choice>
            <xs:element name="Permanent" />
            <xs:element name="Dynamic" />
          </xs:choice>
        </xs:complexType>
      </xs:element>
      <xs:element name="DFTitle" type="xs:string" />
      <xs:element name="DFType">
        <xs:complexType>
          <xs:choice>
            <xs:element minOccurs="1" maxOccurs="unbounded" ref="MIME" />
            <xs:element ref="DDFName" />
          </xs:choice>
        </xs:complexType>
      </xs:element>
      <xs:element name="CaseSense">
        <xs:complexType>
          <xs:choice>
            <xs:element name="CS" />
            <xs:element name="CIS" />
          </xs:choice>
        </xs:complexType>
      </xs:element>
    </xs:schema>
    ```
 - Schema definition for the `MSFT` namespace:
    ```xml
    <?xml version="1.0" encoding="utf-8"?>
    <xs:schema elementFormDefault="qualified" xmlns="http://schemas.microsoft.com/MobileDevice/DM" targetNamespace="http://schemas.microsoft.com/MobileDevice/DM" xmlns:xs="http://www.w3.org/2001/XMLSchema">
      <xs:element name="Diagnostics" type="xs:string">
        <xs:annotation>
          <xs:documentation>This node contains an XML blob that can be used as an argument to the DiagnosticsLogCSP to pull diagnostics for a feature.</xs:documentation>
        </xs:annotation>
      </xs:element>
      <xs:element name="Deprecated">
        <xs:annotation>
          <xs:documentation>This node marks that a feature is deprecated.  If included, OsBuildDeprecated gives the OS Build version that the node is no longer recommended to be set.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:attribute name="OsBuildDeprecated" type="xs:string" />
        </xs:complexType>
      </xs:element>
      <xs:element name="DynamicNodeNaming">
        <xs:annotation>
          <xs:documentation>This node contains information on how to dynamically name the node such that the name is valid.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:choice>
            <xs:element name="ServerGeneratedUniqueIdentifier">
              <xs:annotation>
                <xs:documentation>This indicates that the server should generate a unique identifier for the node.</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element name="ClientInventory">
              <xs:annotation>
                <xs:documentation>This indicates that the client will generate the name of the node based on the device state (such as inventorying apps).</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element name="UniqueName" type="xs:string">
              <xs:annotation>
                <xs:documentation>This indicates that the server should name the node, and the value listed gives a regex to define what is allowed.</xs:documentation>
              </xs:annotation>
            </xs:element>
          </xs:choice>
        </xs:complexType>
      </xs:element>
      <xs:element name="ConflictResolution" default="NoMerge">
        <xs:simpleType>
          <xs:annotation>
            <xs:documentation>The type of the conflict resolution.</xs:documentation>
          </xs:annotation>
          <xs:restriction base="xs:string">
            <xs:enumeration value="NoMerge">
              <xs:annotation>
                <xs:documentation>No policy merge.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LowestValueMostSecure">
              <xs:annotation>
                <xs:documentation>The lowest value is the most secure policy value.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="HighestValueMostSecure">
              <xs:annotation>
                <xs:documentation>The highest value is the most secure policy value.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LastWrite">
              <xs:annotation>
                <xs:documentation>The last written value is current value</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="LowestValueMostSecureZeroHasNoLimits">
              <xs:annotation>
                <xs:documentation>The lowest value is the most secure policy value unless the value is zero.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="HighestValueMostSecureZeroHasNoLimits">
              <xs:annotation>
                <xs:documentation>The highest value is the most secure policy value unless the value is zero.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
          </xs:restriction>
        </xs:simpleType>
      </xs:element>
      <xs:element name="Applicability">
        <xs:annotation>
          <xs:documentation>These tags indicate what are required on the device for the node to be applicable to configured.  These tags can be inherited by children nodes.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element minOccurs="0" maxOccurs="1" name="OsBuildVersion" type="xs:string">
              <xs:annotation>
                <xs:documentation>This tag describes the first build that a feature is released to.  If the feature was backported, multiple OS versions will be listed, such that the OS build version without a minor number is the first "major release."</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element minOccurs="0" maxOccurs="1" name="CspVersion" type="xs:decimal">
              <xs:annotation>
                <xs:documentation>This tag describes the lowest CSP Version that the node was released to.</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element minOccurs="0" maxOccurs="1" name="EditionAllowList" type="xs:string">
              <xs:annotation>
                <xs:documentation>This tag describes the list of Edition IDs that the features is allowed on.  0x88* refers to Windows Holographic for Business.</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element minOccurs="0" maxOccurs="1" name="RequiresAzureAd">
              <xs:annotation>
                <xs:documentation>This tag indicates that the node requires the device to be Azure Active Directory Joined to be applicable.</xs:documentation>
              </xs:annotation>
            </xs:element>
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="AllowedValues">
        <xs:annotation>
          <xs:documentation>These tags describe what values are allowed to be set for this particular node.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:group ref="AllowedValuesGroup" />
          <xs:attributeGroup ref="AllowedValuesAttributeGroup" />
        </xs:complexType>
      </xs:element>
      <xs:attributeGroup name="AllowedValuesAttributeGroup">
        <xs:attribute name="ValueType" use="required">
          <xs:annotation>
            <xs:documentation>This attribute describes what kind of Allowed Values tag this is.</xs:documentation>
          </xs:annotation>
          <xs:simpleType>
            <xs:restriction base="xs:string">
              <xs:enumeration value="XSD">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the Value tag contains an XSD for the node.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="RegEx">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the Value tag contains a RegEx for the node.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="ADMX">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the node can be described by an external ADMX file.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="JSON">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the node can be described by a JSON schema.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="ENUM">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the allowed values are an enumeration.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="Flag">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the allowed values can be combined into a bitwise flag.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="Range">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the allowed values are a numerical range.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="SDDL">
                <xs:annotation>
                  <xs:documentation>This attribute indicates that the allowed values are a string in the SDDL format.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
              <xs:enumeration value="None">
                <xs:annotation>
                  <xs:documentation>This attribute indicates there is no data-driven way to define the allowed values of the node.  This potentially means that all string values are valid values.</xs:documentation>
                </xs:annotation>
              </xs:enumeration>
            </xs:restriction>
          </xs:simpleType>
        </xs:attribute>
      </xs:attributeGroup>
      <xs:group name="AllowedValuesGroup">
        <xs:sequence>
          <xs:group minOccurs="0" maxOccurs="1" ref="AllowedValueGroupedNodes" />
          <xs:element minOccurs="0" maxOccurs="1" name="List">
            <xs:annotation>
              <xs:documentation>This tag indicates that the node input can contain multiple, delimited values.</xs:documentation>
            </xs:annotation>
            <xs:complexType>
              <xs:attribute name="Delimiter" type="xs:string" use="required">
                <xs:annotation>
                  <xs:documentation>This attribute details the delimeter used for the list of values.</xs:documentation>
                </xs:annotation>
              </xs:attribute>
            </xs:complexType>
          </xs:element>
        </xs:sequence>
      </xs:group>
      <xs:group name="ValueAndDescriptionGroup">
        <xs:sequence>
          <xs:element name="Value" type="xs:string">
            <xs:annotation>
              <xs:documentation>This tag indicates an allowed value.</xs:documentation>
            </xs:annotation>
          </xs:element>
          <xs:element minOccurs="0" maxOccurs="1" name="ValueDescription" type="xs:string">
            <xs:annotation>
              <xs:documentation>This tag gives further description to an allowed value, such as for an enumeration.</xs:documentation>
            </xs:annotation>
          </xs:element>
        </xs:sequence>
      </xs:group>
      <xs:group name="AllowedValueGroupedNodes">
        <xs:choice>
          <xs:element ref="Enum" maxOccurs="unbounded" />
          <xs:group ref="ValueAndDescriptionGroup" />
          <xs:element ref="AdmxBacked" />
        </xs:choice>
      </xs:group>
      <xs:element name="Enum">
        <xs:annotation>
          <xs:documentation>This tag gives details for one particular enumeration of the allowed values.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:group ref="ValueAndDescriptionGroup" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="AdmxBacked">
        <xs:annotation>
          <xs:documentation>This tag indicates the relevent details for the corresponding ADMX policy for this node.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:attribute name="Area" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute gives the area path of the ADMX policy.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
          <xs:attribute name="Name" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute gives the name of the ADMX policy.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
          <xs:attribute name="File" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute gives the filename for the ADMX policy.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
        </xs:complexType>
      </xs:element>
      <xs:element name="ReplaceBehavior" default="Replace">
        <xs:annotation>
          <xs:documentation>This tag details the replace behavior of the node.</xs:documentation>
        </xs:annotation>
        <xs:simpleType>
          <xs:restriction base="xs:string">
            <xs:enumeration value="Append">
              <xs:annotation>
                <xs:documentation>When performing a replace operation on this node, the value is appending to the existing node data.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="Replace">
              <xs:annotation>
                <xs:documentation>When performing a replace operation on this node, the existing node data is removed before new data is added.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
          </xs:restriction>
        </xs:simpleType>
      </xs:element>
      <xs:element name="RebootBehavior" default="None">
        <xs:annotation>
          <xs:documentation>This tag describes the reboot behavior of the node.</xs:documentation>
        </xs:annotation>
        <xs:simpleType>
          <xs:restriction base="xs:string">
            <xs:enumeration value="None">
              <xs:annotation>
                <xs:documentation>No reboot is required for this node.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="Automatic">
              <xs:annotation>
                <xs:documentation>This node will automatically perform a reboot to take effect.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
            <xs:enumeration value="ServerInitiated">
              <xs:annotation>
                <xs:documentation>This node needs a reboot initiated from an external source to take effect.</xs:documentation>
              </xs:annotation>
            </xs:enumeration>
          </xs:restriction>
        </xs:simpleType>
      </xs:element>
      <xs:element name="GpMapping">
        <xs:annotation>
          <xs:documentation>This tag details the information necessary to map this node to an existing group policy.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:attribute name="GpEnglishName" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute details the English name of the GP.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
          <xs:attribute name="GpAreaPath" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute details the area path of the GP.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
          <xs:attribute name="GpElement" type="xs:string">
            <xs:annotation>
              <xs:documentation>This attribute details a particular element of a GP that the CSP node maps to.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
        </xs:complexType>
      </xs:element>
      <xs:element name="CommonErrorResults">
        <xs:annotation>
          <xs:documentation>This tag lists out common error HRESULTS reported by the CSP and English text to associate with them.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element name="CommonErrorOne" type="xs:string" />
            <xs:element name="CommonErrorTwo" type="xs:string" />
            <xs:element name="CommonErrorThree" type="xs:string" />
            <xs:element name="CommonErrorFour" type="xs:string" />
            <xs:element name="CommonErrorFive" type="xs:string" />
            <xs:element name="CommonErrorSix" type="xs:string" />
            <xs:element name="CommonErrorSeven" type="xs:string" />
            <xs:element name="CommonErrorEight" type="xs:string" />
            <xs:element name="CommonErrorNine" type="xs:string" />
            <xs:element name="CommonErrorTen" type="xs:string" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="AtomicRequired">
        <xs:annotation>
          <xs:documentation>This tag indicates that this node and all children nodes should be enclosed by an Atomic tag when being sent to the client.</xs:documentation>
        </xs:annotation>
      </xs:element>
      <xs:element name="DependencyBehavior">
        <xs:annotation>
          <xs:documentation>These tags detail potential dependencies that the current CSP node has on other nodes in the same CSP.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element ref="DependencyGroup" maxOccurs="unbounded" />
          </xs:sequence>
        </xs:complexType>
      </xs:element>
      <xs:element name="Dependency">
        <xs:annotation>
          <xs:documentation>This tag describes a dependency that the current CSP node has on another nodes in the same CSP.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element name="DependencyUri" type="xs:anyURI">
              <xs:annotation>
                <xs:documentation>The URI that the current CSP node has a dependency on.</xs:documentation>
              </xs:annotation>
            </xs:element>
            <xs:element ref="DependencyAllowedValue" />
          </xs:sequence>
          <xs:attribute name="Type" use="required">
            <xs:annotation>
              <xs:documentation>This tag details the kind of dependency.</xs:documentation>
            </xs:annotation>
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:enumeration value="DependsOn">
                  <xs:annotation>
                    <xs:documentation>The current node depends on the dependency holding a certain value.</xs:documentation>
                  </xs:annotation>
                </xs:enumeration>
                <xs:enumeration value="Not">
                  <xs:annotation>
                    <xs:documentation>The current node depends on the dependency not holding a certain value.</xs:documentation>
                  </xs:annotation>
                </xs:enumeration>
              </xs:restriction>
            </xs:simpleType>
          </xs:attribute>
        </xs:complexType>
      </xs:element>
      <xs:element name="DependencyGroup">
        <xs:annotation>
          <xs:documentation>This tag details one specific dependency.  A node might have multiple different dependencies.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:sequence>
            <xs:element minOccurs="0" maxOccurs="1" ref="DependencyChangedAllowedValues" />
            <xs:element ref="Dependency" maxOccurs="unbounded" />
          </xs:sequence>
          <xs:attribute name="FriendlyId" type="xs:string" use="required">
            <xs:annotation>
              <xs:documentation>This attribute gives a friendly ID to the dependency, to differentiate it from other dependencies.</xs:documentation>
            </xs:annotation>
          </xs:attribute>
        </xs:complexType>
      </xs:element>
      <xs:element name="DependencyAllowedValue">
        <xs:annotation>
          <xs:documentation>This tag details the values that the dependency must be set to for the dependency to be satisfied.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:group ref="AllowedValuesGroup" />
          <xs:attributeGroup ref="AllowedValuesAttributeGroup" />
        </xs:complexType>
      </xs:element>
      <xs:element name="DependencyChangedAllowedValues">
        <xs:annotation>
          <xs:documentation>This tag details a change to the current node's allowed values if the dependency is satisfied.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
          <xs:group ref="AllowedValuesGroup" />
          <xs:attributeGroup ref="AllowedValuesAttributeGroup" />
        </xs:complexType>
      </xs:element>
    </xs:schema>
    ```
 ## Older DDF files
 You can download the older DDF files for various CSPs from the links below:
 - [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
@ -26,4 +590,15 @@ You can download the DDF files for various CSPs from the links below:
 - [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
-You can download DDF file for Policy CSP from [Policy DDF file](policy-ddf-file.md).
+You can download the older Policy area DDF files by clicking the following links:
 - [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
 - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
 - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
 - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
 - [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
 - [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
 - [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service provider support
 description: Learn more about configuration service provider (CSP) supported scenarios.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Configuration service provider support
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@ -7,9 +7,11 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # DynamicManagement CSP
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.prod: windows-client
  ms.collection:
    - highpri
    - tier1
  ms.custom: intro-hub-or-landing
  author: vinaypamnani-msft
  ms.author: vinpa
@ -47,7 +48,7 @@ landingContent:
          - text: Policy CSP
            url: policy-configuration-service-provider.md
          - text: Policy DDF file
-            url: policy-ddf-file.md
+            url: configuration-service-provider-ddf.md
          - text: Policy CSP - Start
            url: policy-csp-start.md
          - text: Policy CSP - Update
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/30/2023
+ms.date: 02/03/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -814,6 +814,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [SetPolicyDrivenUpdateSourceForOtherUpdates](policy-csp-update.md)
 - [SetEDURestart](policy-csp-update.md)
 - [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md)
 - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md)
 - [SetDisableUXWUAccess](policy-csp-update.md)
 - [SetDisablePauseUXAccess](policy-csp-update.md)
 - [UpdateNotificationLevel](policy-csp-update.md)
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -4538,7 +4538,7 @@ The first several links will also be pinned to the Start menu. A total of four l
 <!-- TryHarderPinnedOpenSearch-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, <https://www.example.com/results.aspx?q=>{searchTerms}).
+This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, `https://www.example.com/results.aspx?q={searchTerms}`).
 You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -343,7 +343,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditGroupMembership-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy allows you to audit the group memberhsip information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event.
+This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event.
 <!-- AccountLogonLogoff_AuditGroupMembership-Description-End -->
 <!-- AccountLogonLogoff_AuditGroupMembership-Editable-Begin -->
@ -836,7 +836,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditSpecialLogon-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (<https://go.microsoft.com/fwlink/?LinkId=121697)>.
+This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](<https://go.microsoft.com/fwlink/?LinkId=121697>).
 <!-- AccountLogonLogoff_AuditSpecialLogon-Description-End -->
 <!-- AccountLogonLogoff_AuditSpecialLogon-Editable-Begin -->
@ -1083,7 +1083,7 @@ Volume: Low.
 <!-- AccountManagement_AuditDistributionGroupManagement-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by changes to distribution groups such as the following Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a distribution group changes
+- If you do not configure this policy setting, no audit event is generated when a distribution group changes.
 > [!NOTE]
 > Events in this subcategory are logged only on domain controllers.
@ -1120,7 +1120,7 @@ Volume: Low.
 | Name | Value |
 |:--|:--|
-| Name | Audit Distributio Group Management |
+| Name | Audit Distribution Group Management |
 | Path | Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Account Management |
 <!-- AccountManagement_AuditDistributionGroupManagement-GpMapping-End -->
@ -1332,7 +1332,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditDPAPIActivity-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see <https://go.microsoft.com/fwlink/?LinkId=121720>. If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
+This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
 - If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
 <!-- DetailedTracking_AuditDPAPIActivity-Description-End -->
@ -1825,7 +1825,7 @@ Volume: High on domain controllers. None on client computers.
 <!-- DSAccess_AuditDirectoryServiceChanges-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged
+This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
 > [!NOTE]
 > Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
@ -2135,7 +2135,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
 <!-- ObjectAccess_AuditDetailedFileShare-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures
+This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
 > [!NOTE]
 > There are no system access control lists (SACLs) for shared folders.
@ -2201,7 +2201,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileShare-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder.
- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures
+- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
 > [!NOTE]
 > There are no system access control lists (SACLs) for shared folders.
@ -2267,7 +2267,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileSystem-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see <https//go.microsoft.com/fwlink/?LinkId=122083>. If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL
+- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
 > [!NOTE]
 > You can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
@ -2455,7 +2455,7 @@ Volume: High.
 <!-- ObjectAccess_AuditHandleManipulation-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a handle is manipulated
+- If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
 > [!NOTE]
 > Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.
@ -2519,7 +2519,7 @@ Volume: Depends on how SACLs are configured.
 <!-- ObjectAccess_AuditKernelObject-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events
+This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events.
 > [!NOTE]
 > The Audit Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@ -2645,7 +2645,7 @@ Volume: Low.
 <!-- ObjectAccess_AuditRegistry-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL
+- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
 > [!NOTE]
 > You can set a SACL on a registry object using the Permissions dialog box.
@ -2771,10 +2771,10 @@ This policy setting allows you to audit user attempts to access file system obje
 <!-- ObjectAccess_AuditSAM-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made
+- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
 > [!NOTE]
-> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (<https//go.microsoft.com/fwlink/?LinkId=121698)>.
+> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
 <!-- ObjectAccess_AuditSAM-Description-End -->
 <!-- ObjectAccess_AuditSAM-Editable-Begin -->
@ -2836,7 +2836,7 @@ Volume: High on domain controllers. For more information about reducing the numb
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to audit events generated by changes to the authentication policy such as the following Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed
+- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
 > [!NOTE]
 > The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.
@ -3147,7 +3147,7 @@ Volume: Low.
 <!-- PolicyChange_AuditPolicyChange-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list
+This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list.
 > [!NOTE]
 > System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change.
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -1484,7 +1484,7 @@ Supported versions: Microsoft Edge on Windows 10, version 1809
 Default setting: Disabled or not configured
 Related policies:
 - Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
- Allow all trusted apps to install 
+- Allow all trusted apps to install
 <!-- AllowSideloadingOfExtensions-Description-End -->
 <!-- AllowSideloadingOfExtensions-Editable-Begin -->
@ -3248,7 +3248,7 @@ Related Documents:
 - [Find a package family name (PFN) for per-app VPN](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
- [Assign apps to groups with Microsoft Intune](/mem/intune/apps-deploy)
+- [Assign apps to groups with Microsoft Intune](/mem/intune/apps/apps-deploy)
 - [Manage apps from the Microsoft Store for Business and Education with Configuration Manager](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
 <!-- PreventTurningOffRequiredExtensions-Editable-End -->
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@ -58,7 +58,7 @@ This ensures that:
 -  The current Policy Manager policies are refreshed from what MDM has set
 -  Any values set by scripts/user outside of GP that conflict with MDM are removed
-The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the policies with equivalent GP:
+The [Policy DDF](configuration-service-provider-ddf.md) contains the following tags to identify the policies with equivalent GP:
 -  \<MSFT:ADMXBacked\>
 -  \<MSFT:ADMXMapped\>
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 02/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -1164,7 +1164,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated
 <!-- CloudBlockLevel-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus documentation site
+This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see [Specify the cloud protection level](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus).
 > [!NOTE]
 > This feature requires the Join Microsoft MAPS setting enabled in order to function.
@ -1232,7 +1232,7 @@ This policy setting determines how aggressive Windows Defender Antivirus will be
 <!-- CloudExtendedTimeout-Description-Begin -->
 <!-- Description-Source-DDF -->
-This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds
+This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
 > [!NOTE]
 > This feature depends on three other MAPS settings the must all be enabled- Configure the 'Block at First Sight' feature; Join Microsoft MAPS; Send file samples when further analysis is required.
@ -1980,7 +1980,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 <!-- ExcludedProcesses-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows an administrator to specify a list of files opened by processes to ignore during a scan
+Allows an administrator to specify a list of files opened by processes to ignore during a scan.
 > [!IMPORTANT]
 > The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C\Example. exe|C\Example1.exe.
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -19,7 +19,7 @@ ms.topic: reference
 <!-- LocalPoliciesSecurityOptions-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md).
+> To find data formats (and other policy-related details), see [Policy DDF file](./configuration-service-provider-ddf.md).
 <!-- LocalPoliciesSecurityOptions-Editable-End -->
 <!-- Accounts_BlockMicrosoftAccounts-Begin -->
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@ -150,7 +150,7 @@ Descriptions of the properties:
 **Policy timeline**:
-The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup dec>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
+The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup desc>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
 The following table describes how this policy setting behaves in different Windows 10 versions:
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/18/2023
+ms.date: 02/03/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -16,6 +16,9 @@ ms.topic: reference
 <!-- Update-Begin -->
 # Policy CSP - Update
 > [!IMPORTANT]
 > This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
 <!-- Update-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Update-Editable-End -->
@ -23,6 +26,7 @@ ms.topic: reference
 Update CSP policies are listed below based on the group policy area:
 - [Windows Insider Preview](#windows-insider-preview)
  - [AllowTemporaryEnterpriseFeatureControl](#allowtemporaryenterprisefeaturecontrol)
  - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
  - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
 - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
@ -103,6 +107,75 @@ Update CSP policies are listed below based on the group policy area:
 ## Windows Insider Preview
 <!-- AllowTemporaryEnterpriseFeatureControl-Begin -->
 ### AllowTemporaryEnterpriseFeatureControl
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/AllowTemporaryEnterpriseFeatureControl
 ```
 <!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-Description-Begin -->
 <!-- Description-Source-ADMX -->
 Features introduced via servicing (outside of the annual feature update) are off by default for devices that have their Windows updates managed*.
 - If this policy is configured to "Enabled", then all features available in the latest monthly quality update installed will be on.
 - If this policy is set to "Not Configured" or "Disabled" then features that are shipped via a monthly quality update (servicing) will remain off until the feature update that includes these features is installed.
 *Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS).
 <!-- AllowTemporaryEnterpriseFeatureControl-Description-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AllowTemporaryEnterpriseFeatureControl-Editable-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | int |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Not allowed. |
 | 1 | Allowed. |
 <!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | AllowTemporaryEnterpriseFeatureControl |
 | Friendly Name | Enable features introduced via servicing that are off by default |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
 | Registry Value Name | AllowTemporaryEnterpriseFeatureControl |
 | ADMX File Name | WindowsUpdate.admx |
 <!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AllowTemporaryEnterpriseFeatureControl-Examples-End -->
 <!-- AllowTemporaryEnterpriseFeatureControl-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
 ### ConfigureDeadlineNoAutoRebootForFeatureUpdates
@ -2589,7 +2662,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
 <!-- ScheduledInstallDay-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enables the IT admin to schedule the day of the update installation. The data type is a integer.
+Enables the IT admin to schedule the day of the update installation. The data type is an integer.
 <!-- ScheduledInstallDay-Description-End -->
 <!-- ScheduledInstallDay-Editable-Begin -->
@ -2660,7 +2733,7 @@ Enables the IT admin to schedule the day of the update installation. The data ty
 <!-- ScheduledInstallEveryWeek-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enables the IT admin to schedule the update installation on the every week. Value type is integer.
+Enables the IT admin to schedule the update installation every week. Value type is integer.
 <!-- ScheduledInstallEveryWeek-Description-End -->
 <!-- ScheduledInstallEveryWeek-Editable-Begin -->
@ -2985,7 +3058,7 @@ Enables the IT admin to schedule the update installation on the third week of th
 <!-- ScheduledInstallTime-Description-Begin -->
 <!-- Description-Source-DDF -->
- the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
+ the IT admin to schedule the time of the update installation. The data type is an integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
 <!-- ScheduledInstallTime-Description-End -->
 <!-- ScheduledInstallTime-Editable-Begin -->
@ -3044,7 +3117,7 @@ Enables the IT admin to schedule the update installation on the third week of th
 <!-- SetDisablePauseUXAccess-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This setting allows to remove access to "Pause updates" feature.
+This setting allows removing access to "Pause updates" feature.
 Once enabled user access to pause updates is removed.
 <!-- SetDisablePauseUXAccess-Description-End -->
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@ -1,32 +0,0 @@
 ---
 title: Policy DDF file
 description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 10/28/2020
 ---
 # Policy DDF file
 This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 You can view various Policy DDF files by clicking the following links:
 - [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
 - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
 - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
 - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
 - [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
 - [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
 - [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
 - [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
 You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-ddf.md).
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -34,7 +34,7 @@ items:
      href: policy-configuration-service-provider.md
      items:
      - name: Policy CSP DDF file
-        href: policy-ddf-file.md
+        href: configuration-service-provider-ddf.md
      - name: Policy CSP support scenarios
        items:
        - name: ADMX policies in Policy CSP
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@ -7,7 +7,7 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/02/2018
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ---
@ -31,7 +31,7 @@ The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmwa
 > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
 > [!NOTE]
-> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
+> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_feature_dfci/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
 The following shows the UEFI CSP in tree format.
 ```
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@ -40,6 +40,7 @@ WindowsAdvancedThreatProtection
 ----Configuration
 --------SampleSharing
 --------TelemetryReportingFrequency
 --------AadDdeviceId
 ----Offboarding
 ----DeviceTagging
 --------Group
@ -48,34 +49,34 @@ WindowsAdvancedThreatProtection
 The following list describes the characteristics and parameters.
-<a href="" id="--device-vendor-msft-windowsadvancedthreatprotection"></a>**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
+**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
 The root node for the Windows Defender Advanced Threat Protection configuration service provider.
 Supported operation is Get.
-<a href="" id="onboarding"></a>**Onboarding**
+**Onboarding**
 Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
 The data type is a string.
 Supported operations are Get and Replace.
-<a href="" id="healthstate"></a>**HealthState**
+**HealthState**
 Node that represents the Windows Defender Advanced Threat Protection health state.
-<a href="" id="healthstate-lastconnected"></a>**HealthState/LastConnected**
+**HealthState/LastConnected**
 Contains the timestamp of the last successful connection.
 Supported operation is Get.
-<a href="" id="healthstate-senseisrunning"></a>**HealthState/SenseIsRunning**
+**HealthState/SenseIsRunning**
 Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
 The default value is false.
 Supported operation is Get.
-<a href="" id="healthstate-onboardingstate"></a>**HealthState/OnboardingState**
+**HealthState/OnboardingState**
 Represents the onboarding state.
 Supported operation is Get.
@ -85,15 +86,15 @@ The following list shows the supported values:
 - 0 (default) – Not onboarded
 - 1 – Onboarded
-<a href="" id="healthstate-orgid"></a>**HealthState/OrgId**
+**HealthState/OrgId**
 String that represents the OrgID.
 Supported operation is Get.
-<a href="" id="configuration"></a>**Configuration**
+**Configuration**
 Represents Windows Defender Advanced Threat Protection configuration.
-<a href="" id="configuration-samplesharing"></a>**Configuration/SampleSharing**
+**Configuration/SampleSharing**
 Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
 The following list shows the supported values:
@ -103,7 +104,7 @@ The following list shows the supported values:
 Supported operations are Get and Replace.
-<a href="" id="configuration-telemetryreportingfrequency"></a>**Configuration/TelemetryReportingFrequency**
+**Configuration/TelemetryReportingFrequency**
 Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
 The following list shows the supported values:
@ -113,26 +114,31 @@ The following list shows the supported values:
 Supported operations are Get and Replace.
-<a href="" id="offboarding"></a>**Offboarding**
+**Configuration/AadDeviceId**
 Returns or sets the Intune's reported known AadDeviceId for the machine
 Supported operations are Get and Replace.
 **Offboarding**
 Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
 The data type is a string.
 Supported operations are Get and Replace.
-<a href="" id="devicetagging"></a>**DeviceTagging**
+**DeviceTagging**
 Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
 Supported operation is Get.
-<a href="" id="group"></a>**DeviceTagging/Group**
+**DeviceTagging/Group**
 Added in Windows 10, version 1709. Device group identifiers.
 The data type is a string.
 Supported operations are Get and Replace.
-<a href="" id="criticality"></a>**DeviceTagging/Criticality**
+**DeviceTagging/Criticality**
 Added in Windows 10, version 1709. Asset criticality value. Supported values:
 - 0 - Normal
@ -217,6 +223,16 @@ Supported operations are Get and Replace.
        </Target>
      </Item>
    </Get>
    <Get>
      <CmdID>7</CmdID>
      <Item>
        <Target>
          <LocURI>
            ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/AadDeviceId
          </LocURI>
        </Target>
      </Item>
    </Get>
    <Get>
      <CmdID>11</CmdID>
      <Item>
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@ -1,7 +1,7 @@
 ---
 title: Mobile device enrollment
 description: Learn how  mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/11/2017
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier2
 ---
 # Mobile device enrollment
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@ -9,7 +9,9 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.reviewer: pmadrigal
-ms.collection: highpri
+ms.collection:
  - highpri
  - tier1
 ms.date: 08/26/2022
 ---
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@ -1,10 +1,7 @@
 ---
-title: Configure Windows 10 taskbar (Windows 10)
+title: Configure Windows 10 taskbar
 description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
 keywords: [taskbar layout, pin apps]
 ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
@ -12,9 +9,12 @@ ms.localizationpriority: medium
 ms.date: 01/18/2018
 ms.reviewer: 
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ---
 # Configure Windows 10 taskbar
 Starting in Windows 10, version 1607, administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a `<TaskbarLayout>` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@ -2,6 +2,7 @@
 title: Send feedback about Cortana at work back to Microsoft
 description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@ -2,6 +2,7 @@
 title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
 description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
 ms.prod: windows-client
 ms.collection: tier3
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: aczechowski
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@ -4,6 +4,7 @@ ms.reviewer:
 manager: dougeby
 description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@ -2,6 +2,7 @@
 title: Configure Cortana with Group Policy and MDM settings (Windows)
 description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@ -2,6 +2,7 @@
 title: Sign into Azure AD, enable the wake word, and try a voice query
 description: A test scenario walking you through signing in and managing the notebook.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@ -2,6 +2,7 @@
 title: Perform a quick search with Cortana at work (Windows)
 description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@ -2,6 +2,7 @@
 title: Set a reminder for a location with Cortana at work (Windows)
 description: A test scenario about how to set a location-based reminder using Cortana at work.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@ -2,6 +2,7 @@
 title: Use Cortana at work to find your upcoming meetings (Windows)
 description: A test scenario on how to use Cortana at work to find your upcoming meetings.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@ -2,6 +2,7 @@
 title: Use Cortana to send email to a co-worker (Windows)
 description: A test scenario about how to use Cortana at work to send email to a co-worker.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@ -2,6 +2,7 @@
 title: Review a reminder suggested by Cortana (Windows)
 description: A test scenario on how to use Cortana with the Suggested reminders feature.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@ -2,6 +2,7 @@
 title: Help protect data with Cortana and WIP (Windows)
 description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@ -2,6 +2,7 @@
 title: Cortana at work testing scenarios
 description: Suggested testing scenarios that you can use to test Cortana in your organization.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@ -2,6 +2,7 @@
 title: Set up and test custom voice commands in Cortana for your organization (Windows)
 description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@ -4,6 +4,7 @@ ms.reviewer:
 manager: dougeby
 description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@ -2,6 +2,7 @@
 title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
 description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@ -2,6 +2,7 @@
 title: Test scenario 2 - Perform a quick search with Cortana at work
 description: A test scenario about how to perform a quick search with Cortana at work.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@ -2,6 +2,7 @@
 title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
 description: A test scenario about how to set up, review, and edit a reminder based on a location.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@ -2,6 +2,7 @@
 title: Use Cortana to find your upcoming meetings at work (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@ -2,6 +2,7 @@
 title: Use Cortana to send an email to co-worker (Windows)
 description: A test scenario on how to use Cortana at work to send email to a co-worker.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@ -2,6 +2,7 @@
 title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
 description: A test scenario about how to use Cortana with the Suggested reminders feature.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@ -2,6 +2,7 @@
 title: Testing scenarios using Cortana in your business or organization
 description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@ -1,5 +1,5 @@
 ---
-title: Customize and export Start layout (Windows 10)
+title: Customize and export Start layout
 description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
 ms.reviewer: 
 manager: aaroncz
@ -9,20 +9,21 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/18/2018
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier1
 ms.technology: itpro-configure
 ---
 # Customize and export Start layout
 **Applies to**
-   Windows 10
+- Windows 10
 >**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
-The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
+The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
 After you export the layout, decide whether you want to apply a *full* Start layout or a *partial* Start layout.
@ -31,7 +32,7 @@ When a full Start layout is applied, the users cannot pin, unpin, or uninstall a
 When [a partial Start layout](#configure-a-partial-start-layout) is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.
 >[!NOTE]
->Partial Start layout is only supported on Windows 10, version 1511 and later.
+>Partial Start layout is only supported on Windows 10, version 1511 and later.
@ -49,7 +50,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
 **To prepare a test computer**
-1.  Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users’ computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
+1.  Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users' computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
 2.  Create a new user account that you will use to customize the Start layout.
@ -63,7 +64,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
        To view all apps, click **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start.
-    -   **Unpin apps** that you don’t want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
+    -   **Unpin apps** that you don't want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
    -   **Drag tiles** on Start to reorder or group apps.
@ -89,7 +90,7 @@ When you have the Start layout that you want your users to see, use the [Export-
 2.  On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
-    `Export-StartLayout –path <path><file name>.xml`
+    `Export-StartLayout -path <path><file name>.xml`
    On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@ -7,7 +7,9 @@ ms.author: lizlong
 ms.reviewer: ericpapa
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier1
 ms.technology: itpro-configure
 ms.date: 01/10/2023
 ms.topic: article
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@ -1,5 +1,5 @@
 ---
-title: Configure and customize Windows 11 taskbar | Microsoft Docs
+title: Configure and customize Windows 11 taskbar
 description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
 manager: aaroncz
 ms.author: lizlong
@ -7,7 +7,9 @@ ms.reviewer: chataylo
 ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier1
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ms.topic: article
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@ -1,5 +1,5 @@
 ---
-title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
+title: Customize Windows 10 Start and taskbar with group policy
 description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.reviewer: 
 manager: aaroncz
@ -8,7 +8,9 @@ author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@ -34,6 +34,9 @@
    "externalReference": [],
    "globalMetadata": {
      "recommendations": true,
      "ms.collection": [
        "tier2"
      ],
      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "itpro-configure",
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@ -8,7 +8,9 @@ ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.prod: windows-client
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
@ -41,7 +43,7 @@ foreach ($app in $installedapps)
 $aumidList
 ```
-You can add the –user &lt;username&gt; or the –allusers parameters to the get-AppxPackage cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the –user or –allusers parameters.
+You can add the `-user <username>` or the `-allusers` parameters to the **Get-AppxPackage** cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the `-user` or -`allusers` parameters.
 ## To find the AUMID by using File Explorer
@ -63,7 +65,7 @@ At a command prompt, type the following command:
 `reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"`
-## Example
+### Example to get AUMIDs of the installed apps for the specified user
 The following code sample creates a function in Windows PowerShell that returns an array of AUMIDs of the installed apps for the specified user.
@ -105,14 +107,14 @@ The following Windows PowerShell commands demonstrate how you can call the listA
 # Get a list of AUMIDs for the current account:
 listAumids
-# Get a list of AUMIDs for an account named “CustomerAccount”:
+# Get a list of AUMIDs for an account named "CustomerAccount":
 listAumids("CustomerAccount")
 # Get a list of AUMIDs for all accounts on the device:
 listAumids("allusers")
 ```
-## Example
+### Example to get the AUMID of any application in the Start menu
 The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
@ -148,4 +150,3 @@ Get-AppAUMID -AppName Word
 # List all apps and their AUMID in the Start menu
 Get-AppAUMID
 ```
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@ -1,17 +1,16 @@
 ---
-title: Guidelines for choosing an app for assigned access (Windows 10/11)
+title: Guidelines for choosing an app for assigned access
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: [kiosk, lockdown, assigned access]
 ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
 ms.reviewer: sybruckm
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
@ -50,7 +49,7 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
 Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
-In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. 
+In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website. 
 >[!NOTE]
 >Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@ -155,7 +154,7 @@ You can create your own web browser Windows app by using the WebView class. Lear
 ## Secure your information
-Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
+Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
 ## App configuration
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@ -1,7 +1,7 @@
 ### YamlMime:Landing
 title: Configure Windows client # < 60 chars
-summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides many features and methods to help you configure or lock down specific parts of Windows client.  # < 160 chars
+summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of Windows client.  # < 160 chars
 metadata:
  title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
@ -10,6 +10,7 @@ metadata:
  ms.prod: windows-client
  ms.collection:
    - highpri
    - tier1
  author: aczechowski
  ms.author: aaroncz
  manager: dougeby
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@ -1,6 +1,6 @@
 ---
-title: Set up a single-app kiosk on Windows 10/11
+title: Set up a single-app kiosk on Windows
-description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
+description: A single-use device is easy to set up in Windows Pro, Enterprise, and Education editions.
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
@ -8,7 +8,9 @@ ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier1
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@ -9,7 +9,9 @@ manager: aaroncz
 ms.reviewer: sybruckm
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.date: 12/31/2017
 ---
@ -247,7 +249,7 @@ A few things to note here:
 - The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
 - Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
 - There are no apps pinned on the taskbar in the multi-app mode, and it's not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
+- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesn't have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
 The following example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start:
@ -284,7 +286,7 @@ The following example pins Groove Music, Movies & TV, Photos, Weather, Calculato
 ##### Taskbar
-Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
+Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
 The following example exposes the taskbar to the end user:
@ -607,7 +609,7 @@ Lock the Taskbar     |  Enabled
 Prevent users from adding or removing toolbars |        Enabled
 Prevent users from resizing the taskbar  |  Enabled
 Remove frequent programs list from the Start Menu |     Enabled
-Remove ‘Map Network Drive’ and ‘Disconnect Network Drive’ | Enabled
+Remove 'Map Network Drive' and 'Disconnect Network Drive' | Enabled
 Remove the Security and Maintenance icon     |  Enabled
 Turn off all balloon notifications |        Enabled
 Turn off feature advertisement balloon notifications     |  Enabled
@ -615,7 +617,7 @@ Turn off toast notifications |      Enabled
 Remove Task Manager |       Enabled
 Remove Change Password option in Security Options UI |      Enabled
 Remove Sign Out option in Security Options UI    |  Enabled
-Remove All Programs list from the Start Menu     |  Enabled – Remove and disable setting
+Remove All Programs list from the Start Menu     |  Enabled - Remove and disable setting
 Prevent access to drives from My Computer    |  Enabled - Restrict all drivers
 >[!NOTE]
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@ -1,14 +1,16 @@
 ---
-title: Install Windows Configuration Designer (Windows 10/11)
+title: Install Windows Configuration Designer
 description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
 ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
-ms.reviewer: gkomatsu
+ms.reviewer: kevinsheehan
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@ -1,14 +1,16 @@
 ---
-title: Provisioning packages overview on Windows 10/11
+title: Provisioning packages overview
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
-ms.reviewer: gkomatsu
+ms.reviewer: kevinsheehan
 manager: aaroncz
 ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@ -10,7 +10,7 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: 
 manager: aaroncz
-ms.collection: 
+ms.collection: tier2
 appliesto: 
  - ✅ <b>Windows 10</b>
  - ✅ <b>Windows 11</b>
--- a/windows/configuration/shared-devices-concepts.md
+++ b/windows/configuration/shared-devices-concepts.md
@ -10,7 +10,7 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: 
 manager: aaroncz
-ms.collection: 
+ms.collection: tier2
 appliesto: 
  - ✅ <b>Windows 10</b>
  - ✅ <b>Windows 11</b>
--- a/windows/configuration/shared-pc-technical.md
+++ b/windows/configuration/shared-pc-technical.md
@ -10,7 +10,7 @@ author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer: 
 manager: aaroncz
-ms.collection: 
+ms.collection: tier2
 appliesto: 
  - ✅ <b>Windows 10</b>
  - ✅ <b>Windows 11</b>
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@ -1,5 +1,5 @@
 ---
-title: Configure access to Microsoft Store (Windows 10)
+title: Configure access to Microsoft Store
 description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
 ms.reviewer: 
 manager: aaroncz
@ -9,7 +9,9 @@ ms.author: lizlong
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 11/29/2022
-ms.collection: highpri
+ms.collection:
 - highpri
 - tier2
 ms.technology: itpro-configure
 ---
--- a/Show More
+++ b/Show More