Merge branch 'main' into vp-csp-auto2

windows/application-management/apps-in-windows-10.md

@@ -83,6 +83,10 @@ For more information, see:
 
 When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
 
+> [!NOTE]
+> Microsoft Store for Business and Microsoft Store for Education will be retired on March 31, 2023. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
+>Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
+
 - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
 
   If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -18,6 +18,7 @@ ms.date: 08/01/2022
 - [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#allowalltrustedapps)
 - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#allowappstoreautoupdate)
 - [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#allowdeveloperunlock)
+- [ApplicationManagement/RequirePrivateStoreOnly](policy-csp-applicationmanagement.md#requireprivatestoreonly) <sup>11</sup>
 - [Authentication/AllowFastReconnect](policy-csp-authentication.md#allowfastreconnect)
 - [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#preferredaadtenantdomainname)
 - [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#allowdiscoverablemode)

windows/deployment/update/waas-wu-settings.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.collection: highpri
 date: 09/22/2022
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 01/06/2023
 ---
 
 # Manage additional Windows Update settings
@@ -156,7 +156,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 #### Configuring Automatic Updates by using Group Policy
 
-Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the four options:
+Under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Updates**, you must select one of the following options:
 
 **2 - Notify for download and auto install** -  When Windows finds updates that apply to this device, users will be notified that updates are ready to be downloaded. After going to **Settings > Update & security > Windows Update**, users can download and install any available updates.
 
@@ -164,11 +164,13 @@ Under **Computer Configuration\Administrative Templates\Windows Components\Windo
 
 **4 - Auto download and schedule the install** - Specify the schedule using the options in the Group Policy Setting. For more information about this setting, see [Schedule update installation](waas-restart.md#schedule-update-installation).
 
-**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates.
+**5 - Allow local admin to choose setting** - With this option, local administrators will be allowed to use the settings app to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. This option is not available in any Windows 10 or later versions. 
 
-If this setting is set to *Disabled*, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+**7 - Notify for install and notify for restart** (Windows Server 2016 and later only) - With this option, when Windows finds updates that apply to this device, they will be downloaded, then users will be notified that updates are ready to be installed. Once updates are installed, a notification will be displayed to users to restart the device. 
 
-If this setting is set to *Not Configured*, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
+If this setting is set to **Disabled**, any updates that are available on Windows Update must be downloaded and installed manually. To do this, users must go to **Settings > Update & security > Windows Update**.
+
+If this setting is set to **Not Configured**, an administrator can still configure Automatic Updates through the settings app, under **Settings > Update & security > Windows Update > Advanced options**.
 
 #### Configuring Automatic Updates by editing the registry
 
@@ -205,6 +207,10 @@ To do this, follow these steps:
 
      * **4**: Automatically download and scheduled installation.
 
+     * **5**: Allow local admin to select the configuration mode. This option is not available for Windows 10 or later versions.
+
+     * **7**:  Notify for install and notify for restart. (Windows Server 2016 and later only)
+
    * ScheduledInstallDay (REG_DWORD):
 
      * **0**: Every day.

windows/deployment/windows-autopatch/TOC.yml

@@ -103,5 +103,7 @@
     - name: What's new
       href:
       items: 
+        - name: What's new 2023
+          href: whats-new/windows-autopatch-whats-new-2023.md
         - name: What's new 2022
           href: whats-new/windows-autopatch-whats-new-2022.md

windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md

@@ -1,7 +1,7 @@
 ---
 title: Submit a support request
 description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
-ms.date: 05/30/2022
+ms.date: 01/06/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -19,6 +19,20 @@ msreviewer: hathind
 
 You can submit support tickets to Microsoft using the Windows Autopatch admin center. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team.
 
+## Premier and Unified support options
+
+As a customer with a **Premier** or **Unified** support contract, you can specify the severity of your issue, and schedule a support callback for a specific day and time. These options are available when you open or submit a new issue and when you edit an active support case.
+
+Depending on your support contract, the following severity options are available:
+
+| Support contract | Severity options |
+| ----- | ----- |
+| Premier | Severity A, B or C |
+| Unified | Critical or non-critical |
+
+> [!NOTE]
+> Selecting either severity **A** or **Critical** issue limits you to a phone support case. This is the fastest support option.
+
 ## Submit a new support request  
 
 Support requests are triaged and responded to as they're received.

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md

@@ -1,10 +1,10 @@
 ---
-title: What's new
+title: What's new 2022
-description: This article lists the new feature releases and any corresponding Message center post numbers.
+description: This article lists the 2022 feature releases and any corresponding Message center post numbers.
 ms.date: 12/09/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
-ms.topic: how-to
+ms.topic: whats-new
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -0,0 +1,33 @@
+---
+title: What's new 2023
+description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
+ms.date: 01/09/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: whats-new
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# What's new 2023
+
+This article lists new and updated feature releases, and service releases, with their corresponding Message center post numbers (if applicable).
+
+Minor corrections such as typos, style, or formatting issues aren't listed.
+
+## January 2023
+
+### January feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section |
+
+### January service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC494386](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 (2023.01 B) Windows quality update deployment |

windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Devices: Restrict floppy access to locally logged-on user only
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Devices: Restrict floppy access to locally logged-on user only** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally encrypt or sign secure channel data (always)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt or sign secure channel data (always)** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally encrypt secure channel data (when possible)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally encrypt secure channel data (when possible)** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Digitally sign secure channel data (when possible)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Digitally sign secure channel data (when possible)** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Disable machine account password changes
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Disable machine account password changes** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Domain member: Maximum machine account password age
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Maximum machine account password age** security policy setting.

windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md

@@ -20,7 +20,8 @@ ms.technology: itpro-security
 # Domain member: Require strong (Windows 2000 or later) session key
 
 **Applies to**
--   Windows 10
+-   Windows 11
+-   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting.
 

windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Display user information when the session is locked
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md

@@ -19,7 +19,8 @@ ms.technology: itpro-security
 # Interactive logon: Don't display last signed-in
 
 **Applies to**
--   Windows 10
+-   Windows 11
+-   Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting. Before Windows 10 version 1703, this policy setting was named **Interactive logon:Do not display last user name.**
 

windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md

@@ -19,6 +19,7 @@ ms.technology: itpro-security
 # Interactive logon: Do not require CTRL+ALT+DEL
 
 **Applies to**
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md

@@ -20,7 +20,9 @@ ms.technology: itpro-security
 # Interactive logon: Don't display username at sign-in
 
 **Applies to**
-- Windows 10, Windows Server 2019
+- Windows 11
+- Windows 10
+- Windows Server 2019
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
 

windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Machine account lockout threshold
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md

@@ -22,6 +22,7 @@ ms.technology: itpro-security
 # Interactive logon: Machine inactivity limit
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md

@@ -21,6 +21,7 @@ ms.technology: itpro-security
 
 **Applies to:**
 
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Message text for users attempting to log on** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md

@@ -21,6 +21,7 @@ ms.technology: itpro-security
 
 **Applies to**
 
+- Windows 11
 - Windows 10
 
 Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Message title for users attempting to log on** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Number of previous logons to cache (in case domain controller is not available)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Number of previous logons to cache (in case domain controller is not available)** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive log on: Prompt the user to change passwords before expiration
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 This article describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Prompt user to change password before expiration** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Require Domain Controller authentication to unlock workstation
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require Domain Controller authentication to unlock workstation** security policy setting.

windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md

@@ -20,6 +20,7 @@ ms.technology: itpro-security
 # Interactive logon: Smart card removal behavior
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 
 Describes the recommended practices, location, values, policy management, and security considerations for the **Interactive logon: Smart card removal behavior** security policy setting.

windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md

@@ -19,6 +19,7 @@ ms.topic: conceptual
 # Microsoft network client: Digitally sign communications (always)
 
 **Applies to**
+-   Windows 11
 -   Windows 10
 -   Windows Server
 

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md

@@ -31,7 +31,7 @@ Before you deploy your WDAC policies, you must first convert the XML to its bina
 
    ```powershell
     ## Update the path to your WDAC policy XML
-    $WDACPolicyXMLFile = $env:USERPROFILE"\Desktop\MyWDACPolicy.xml"
+    $WDACPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyWDACPolicy.xml"
     [xml]$WDACPolicy = Get-Content -Path $WDACPolicyXMLFile
     if (($WDACPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022)
     {

windows/whats-new/deprecated-features.md

@@ -23,10 +23,12 @@ Each version of Windows client adds new features and functionality. Occasionally
 
 For more information about features in Windows 11, see [Feature deprecations and removals](https://www.microsoft.com/windows/windows-11-specifications#table3).
 
-To understand the distinction between _deprecation_ and _removal_, see [Windows client features lifecycle](feature-lifecycle.md).
+To understand the distinction between *deprecation* and *removal*, see [Windows client features lifecycle](feature-lifecycle.md).
 
 The features in this article are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources.
 
+## Deprecated features
+
 **The following list is subject to change and might not include every affected feature or functionality.**
 
 > [!NOTE]
@@ -34,6 +36,7 @@ The features in this article are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Deprecation announced |
 | ----------- | --------------------- | ---- |
+| Universal Windows Platform (UWP) Applications for 32-bit Arm <!--7116112-->| This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.</br> </br> Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
 | Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
 | Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
 | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |