Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into do_docs

education/index.yml

@@ -8,7 +8,7 @@ metadata:
   title: Microsoft 365 Education Documentation
   description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
   ms.topic: hub-page
-  ms.date: 11/06/2023
+  ms.date: 07/22/2024
 
 productDirectory:
   title: For IT admins

education/windows/index.yml

@@ -12,16 +12,16 @@ metadata:
   author: paolomatarazzo
   ms.author: paoloma
   manager: aaroncz
-  ms.date: 10/30/2023
+  ms.date: 07/22/2024
 
 highlightedContent:
   items:
   - title: Get started with Windows 11 SE
     itemType: get-started
     url: windows-11-se-overview.md
-  - title: Windows 11, version 22H2
+  - title: Windows 11, version 23H2
     itemType: whats-new
-    url: /windows/whats-new/whats-new-windows-11-version-22H2
+    url: /windows/whats-new/whats-new-windows-11-version-23h2
   - title: Explore all Windows trainings and learning paths for IT pros
     itemType: learn
     url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator

windows/configuration/start/includes/hide-entry-points-for-fast-user-switching.md

@@ -0,0 +1,20 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 07/11/2024
+ms.topic: include
+---
+
+### Hide entry points for Fast User Switching
+
+With this policy setting you can prevent multiple users to sign in at the same time, using the Fast User Switching feature.
+
+- If enabled, only one user can sign in at a time. The Fast User Switching entry points are hidden from the sign-in screen, the Start menu, and the Task Manager. If multiple users want to sign in, the current user must sign out first
+- If disabled or not configured, multiple users can sign in at the same time. The Fast User Switching entry points are available from the sign-in screen, the Start menu, and the Task Manager. The current user doesn't have to sign out to allow another user to sign in
+
+|  | Path |
+|--|--|
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/WindowsLogon/`[HideFastUserSwitching](/windows/client-management/mdm/policy-csp-windowslogon#hidefastuserswitching) |
+| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **Logon** > **Hide entry points for Fast User Switching** |
+
+To learn more, see [Fast User Switching](/windows/win32/shell/fast-user-switching).

windows/configuration/start/includes/hide-lock.md

@@ -9,5 +9,5 @@ ms.topic: include
 
 |  | Path |
 |--|--|
-| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideSignOut](/windows/client-management/mdm/policy-csp-start#hidelock) |
+| **CSP** | `./Device/Vendor/MSFT/Policy/Config/Start/`[HideLock](/windows/client-management/mdm/policy-csp-start#hidelock) |
 | **GPO** | Not available. |

windows/configuration/start/includes/hide-switch-user.md

@@ -5,7 +5,12 @@ ms.date: 04/10/2024
 ms.topic: include
 ---
 
-### Hide Switch account
+### Hide Switch user
+
+With this policy setting you can hide the **Switch user** option from the user tile in the start menu:
+
+- If enabled, the **Switch user** option is hidden
+- If disabled or not configured, the **Switch user** option is available
 
 |  | Path |
 |--|--|

windows/configuration/start/policy-settings.md

@@ -2,7 +2,7 @@
 title: Start policy settings
 description: Learn about the policy settings to configure the Windows Start menu.
 ms.topic: reference
-ms.date: 04/10/2024
+ms.date: 07/10/2024
 appliesto:
 zone_pivot_groups: windows-versions-11-10
 ---
@@ -132,19 +132,37 @@ Select one of the tabs to see the list of available settings:
 
 #### [:::image type="icon" source="../images/icons/user.svg"::: **Account options**](#tab/user)
 
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
+|[Hide **Sign out**](#hide-sign-out)|✅|✅|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
+|[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
+
+::: zone pivot="windows-10"
 |Policy name| CSP | GPO |
 |-|-|-|
 |[Hide **Change account settings**](#hide-change-account-settings)|✅|❌|
 |[Hide **Lock**](#hide-lock)|✅|❌|
 |[Hide **Sign out**](#hide-sign-out)|✅|✅|
-|[Hide **Switch account**](#hide-switch-account)|✅|❌|
+|[Hide **Switch user**](#hide-switch-user)|✅|❌|
+|[Hide entry points for Fast User Switching](#hide-entry-points-for-fast-user-switching)|✅|✅|
 |[Hide user tile](#hide-user-tile)|✅|❌|
+::: zone-end
 
 [!INCLUDE [hide-change-account-settings](includes/hide-change-account-settings.md)]
+
+::: zone pivot="windows-10"
 [!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
+
 [!INCLUDE [hide-signout](includes/hide-signout.md)]
-[!INCLUDE [hide-switch-user](includes/hide-switch-account.md)]
-[!INCLUDE [hide-switch-user](includes/hide-user-tile.md)]
+[!INCLUDE [hide-switch-user](includes/hide-switch-user.md)]
+[!INCLUDE [hide-lock](includes/hide-entry-points-for-fast-user-switching.md)]
+[!INCLUDE [hide-user-tile](includes/hide-user-tile.md)]
 
 #### [:::image type="icon" source="../images/icons/folder.svg"::: **Pinned folders**](#tab/folders)
 
@@ -174,6 +192,21 @@ Select one of the tabs to see the list of available settings:
 
 #### [:::image type="icon" source="../images/icons/power.svg"::: **Power options**](#tab/power)
 
+
+::: zone pivot="windows-11"
+|Policy name| CSP | GPO |
+|-|-|-|
+|[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
+|[Hide **Lock**](#hide-lock)|✅|❌|
+|[Hide **Power** button](#hide-power-button)|✅|❌|
+|[Hide **Restart**](#hide-restart)|✅|❌|
+|[Hide **Shut down**](#hide-shut-down)|✅|❌|
+|[Hide **Sleep**](#hide-sleep)|✅|❌|
+|[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
+::: zone-end
+
+::: zone pivot="windows-10"
+
 |Policy name| CSP | GPO |
 |-|-|-|
 |[Hide **Hibernate** ](#hide-hibernate)|✅|❌|
@@ -183,7 +216,12 @@ Select one of the tabs to see the list of available settings:
 |[Hide **Sleep**](#hide-sleep)|✅|❌|
 |[Remove and prevent access to the shut down restart sleep and hibernate commands](#remove-and-prevent-access-to-the-shut-down-restart-sleep-and-hibernate-commands)|❌|✅|
 
+::: zone-end
+
 [!INCLUDE [hide-hibernate](includes/hide-hibernate.md)]
+::: zone pivot="windows-11"
+[!INCLUDE [hide-lock](includes/hide-lock.md)]
+::: zone-end
 [!INCLUDE [hide-power-button](includes/hide-power-button.md)]
 [!INCLUDE [hide-restart](includes/hide-restart.md)]
 [!INCLUDE [hide-shut-down](includes/hide-shut-down.md)]

windows/security/book/cloud-services-protect-your-work-information.md

@@ -232,7 +232,7 @@ Universal Print has integrated with Administrative Units in Microsoft Entra ID t
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Universal Print](https://www.microsoft.com/microsoft-365/windows/universal-print)
-- [Data storage in Universal Print](/universal-print/fundamentals/universal-print-encryption)
+- [Data handling in Universal Print](/universal-print/data-handling)
 - [Delegate Printer Administration with Administrative Units](/universal-print/portal/delegated-admin)
 
 For customers who want to stay on Print Servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM.

windows/security/introduction.md

@@ -1,24 +1,17 @@
 ---
 title: Introduction to Windows security
 description: System security book.
-ms.date: 09/01/2023
-ms.topic: tutorial
+ms.date: 07/22/2024
+ms.topic: overview
 ms.author: paoloma
-ms.collection:
-  - essentials-security
-content_well_notification:
-  - AI-contribution
 author: paolomatarazzo
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-ai-usage: ai-assisted
 ---
 
 # Introduction to Windows security
 
 The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
 
-Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
+Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the security baselines with new requirements for advanced hardware and software protection that extends from chip to cloud.
 
 ## How Windows 11 enables Zero Trust protection
 
@@ -44,11 +37,11 @@ In Windows 11, hardware and software work together to protect the operating syst
 
 To help keep personal and business information protected and private, Windows 11 has multiple layers of application security that safeguard critical data and code integrity. Application isolation and controls, code integrity, privacy controls, and least-privilege principles enable developers to build in security and privacy from the ground up. This integrated security protects against breaches and malware, helps keep data private, and gives IT administrators the controls they need.
 
-In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/device-experiences/oem-app-guard) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
+In Windows 11, [Microsoft Defender Application Guard](application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md) uses Hyper-V virtualization technology to isolate untrusted websites and Microsoft Office files in containers, separate from and unable to access the host operating system and enterprise data. To protect privacy, Windows 11 also provides more controls over which apps and features can collect and use data such as the device's location, or access resources like camera and microphone.
 
 ### Secured identities
 
-Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) and [passkeys](identity-protection/passkeys/index.md) for passwordless authentication.
 
 ### Connecting to cloud services
 
@@ -58,4 +51,4 @@ Microsoft offers comprehensive cloud services for identity, storage, and access
 
 To learn more about the security features included in Windows 11, read the [Windows 11 Security Book](book/index.md).
 
-<!--(https://aka.ms/Windows11SecurityBook).-->
+<!--(https://aka.ms/Windows11SecurityBook) PDF version-->

windows/security/operating-system-security/data-protection/encrypted-hard-drive.md

@@ -1,7 +1,7 @@
 ---
 title: Encrypted hard drives
 description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management.
-ms.date: 10/18/2023
+ms.date: 07/22/2024
 ms.topic: concept-article
 ---
 
@@ -75,7 +75,7 @@ To configure encrypted hard drives as startup drives, use the same methods as st
 
 There are three policy settings to manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:
 
-- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)  
+- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md?tabs=fixed#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
 - [Configure use of hardware-based encryption for removable data drives](bitlocker/configure.md?tabs=removable#configure-use-of-hardware-based-encryption-for-removable-data-drives)
 - [Configure use of hardware-based encryption for operating system drives](bitlocker/configure.md?tabs=os#configure-use-of-hardware-based-encryption-for-operating-system-drives)