diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 73dbb919ae..2a00963aef 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -5,7 +5,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 10/03/2017
-ms.topic: conceptual
+ms.topic: article
 ms.service: windows-client
 ms.subservice: itpro-apps
 ms.localizationpriority: medium
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 65f0231016..c7c06cff12 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -5,7 +5,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 09/03/2023
-ms.topic: conceptual
+ms.topic: article
 ms.service: windows-client
 ms.subservice: itpro-apps
 ms.localizationpriority: medium
diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index eefc2151ab..7b70ff0a60 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Entra integration with MDM
 description: Microsoft Entra ID is the world's largest enterprise cloud identity management service.
-ms.topic: conceptual
+ms.topic: integration
 ms.collection:
 - highpri
 - tier2
diff --git a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index aca40777f6..2b977fd6b9 100644
--- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -1,7 +1,7 @@
 ---
 title: Automatic MDM enrollment in the Intune admin center
 description: Automatic MDM enrollment in the Intune admin center
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/client-tools/administrative-tools-in-windows.md b/windows/client-management/client-tools/administrative-tools-in-windows.md
index 785eb740cc..7e095632aa 100644
--- a/windows/client-management/client-tools/administrative-tools-in-windows.md
+++ b/windows/client-management/client-tools/administrative-tools-in-windows.md
@@ -2,7 +2,7 @@
 title: Windows Tools
 description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
 ms.date: 07/01/2024
-ms.topic: conceptual
+ms.topic: article
 zone_pivot_groups: windows-versions-11-10
 ms.collection:
 - essentials-manage
diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md
index f497c86712..bdf2eb1540 100644
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -1,7 +1,7 @@
 ---
 title: Secured-core configuration lock
 description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/client-management/device-update-management.md b/windows/client-management/device-update-management.md
index 5f61783f99..4a33972765 100644
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@@ -1,7 +1,7 @@
 ---
 title: Mobile device management MDM for device updates
 description: Windows provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ms.collection:
 - highpri
diff --git a/windows/client-management/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md
index cfc52d7c69..39ad4a5693 100644
--- a/windows/client-management/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md
@@ -1,7 +1,7 @@
 ---
 title: Disconnecting from the management infrastructure (unenrollment)
 description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md
index 71b7fe55b9..589b1b90c1 100644
--- a/windows/client-management/enterprise-app-management.md
+++ b/windows/client-management/enterprise-app-management.md
@@ -1,7 +1,7 @@
 ---
 title: Enterprise app management
 description: This article covers one of the key mobile device management (MDM) features for managing the lifecycle of apps across Windows devices.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
index 2a28981591..db582151c3 100644
--- a/windows/client-management/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -2,7 +2,7 @@
 title: eSIM Enterprise Management
 description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md
index 32b2fef7ef..6ae40cab14 100644
--- a/windows/client-management/federated-authentication-device-enrollment.md
+++ b/windows/client-management/federated-authentication-device-enrollment.md
@@ -1,7 +1,7 @@
 ---
 title: Federated authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index a43167be49..475dfb0985 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -3,7 +3,7 @@ title: Manage Windows devices in your organization - transitioning to modern man
 description: This article offers strategies for deploying and managing Windows devices, including deploying Windows in a mixed environment.
 ms.localizationpriority: medium
 ms.date: 07/08/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # Manage Windows devices in your organization - transitioning to modern management
diff --git a/windows/client-management/mdm-diagnose-enrollment.md b/windows/client-management/mdm-diagnose-enrollment.md
index 5610d29c34..1b62250e8e 100644
--- a/windows/client-management/mdm-diagnose-enrollment.md
+++ b/windows/client-management/mdm-diagnose-enrollment.md
@@ -1,7 +1,7 @@
 ---
 title: Diagnose MDM enrollment failures
 description: Learn how to diagnose enrollment failures for Windows devices
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/mdm-known-issues.md b/windows/client-management/mdm-known-issues.md
index 43e571ecb6..6534f06502 100644
--- a/windows/client-management/mdm-known-issues.md
+++ b/windows/client-management/mdm-known-issues.md
@@ -1,7 +1,7 @@
 ---
 title: Known issues in MDM
 description: Learn about known issues for Windows devices in MDM
-ms.topic: conceptual
+ms.topic: troubleshooting-known-issue
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index 1db4cb2fee..0bac6e35c0 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -2,7 +2,7 @@
 title: Mobile Device Management overview
 description: Windows provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
 ms.date: 07/08/2024
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 ms.collection:
 - highpri
diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md
index 214a73f052..5c3f785c04 100644
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@@ -1,7 +1,7 @@
 ---
 title: Mobile device enrollment
 description: Learn how mobile device enrollment verifies that only authenticated and authorized devices are managed by the enterprise.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ms.collection:
 - highpri
diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md
index 053a0dd779..7be08881f7 100644
--- a/windows/client-management/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md
@@ -1,7 +1,7 @@
 ---
 title: What's new in MDM enrollment and management
 description: Discover what's new and breaking changes in mobile device management (MDM) enrollment and management experience across all Windows devices.
-ms.topic: conceptual
+ms.topic: whats-new
 ms.localizationpriority: medium
 ms.date: 07/08/2024
 ---
diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md
index 5caf42c5f0..7095cd64e9 100644
--- a/windows/client-management/oma-dm-protocol-support.md
+++ b/windows/client-management/oma-dm-protocol-support.md
@@ -1,7 +1,7 @@
 ---
 title: OMA DM protocol support
 description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md
index e6c445b43c..16f7ade83e 100644
--- a/windows/client-management/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/on-premise-authentication-device-enrollment.md
@@ -1,7 +1,7 @@
 ---
 title: On-premises authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md
index 92e09679f4..8931bdcdbf 100644
--- a/windows/client-management/server-requirements-windows-mdm.md
+++ b/windows/client-management/server-requirements-windows-mdm.md
@@ -1,7 +1,7 @@
 ---
 title: Server requirements for using OMA DM to manage Windows devices
 description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
index ca347147ab..e404a8bacd 100644
--- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,7 +1,7 @@
 ---
 title: Using PowerShell scripting with the WMI Bridge Provider
 description: This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md
index 363072d68c..eebd880b1e 100644
--- a/windows/client-management/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md
@@ -1,7 +1,7 @@
 ---
 title: Win32 and Desktop Bridge app ADMX policy Ingestion
 description: Ingest ADMX files and set ADMX policies for Win32 and Desktop Bridge apps.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md
index a9b47a78e9..a86920ff45 100644
--- a/windows/client-management/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/windows-mdm-enterprise-settings.md
@@ -1,7 +1,7 @@
 ---
 title: Enterprise settings and policy management
 description: The DMClient manages the interaction between a device and a server. Learn more about the client-server management workflow.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md
index 610f0e36b9..e9a528a68b 100644
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@@ -1,7 +1,7 @@
 ---
 title: WMI providers supported in Windows
 description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index ec61311214..6c82ea8c13 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,7 +1,7 @@
 ---
 title: How provisioning works in Windows
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/09/2024
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index a226b877f3..14273f9e99 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -2,7 +2,7 @@
 title: Provisioning packages overview
 description: With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages are and what they do.
 ms.reviewer: kevinsheehan
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 07/08/2024
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index d8292d3413..26ceb503e8 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: PowerShell cmdlets for provisioning packages in Windows
 description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows devices.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/09/2024
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index a4f68379ee..b203b2e332 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,7 +1,7 @@
 ---
 title: Settings changed when you uninstall a provisioning package
 description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows desktop client devices.
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 07/09/2024
 ---
 
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index 4b8d904b2e..0cd29c4772 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.author: frankroj
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 11/23/2022
 ms.subservice: itpro-deploy
 ---
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 858a5e63bf..0d282bce4e 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.author: frankroj
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 08/16/2024
 ms.subservice: itpro-deploy
 appliesto:
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index d125b76faf..83453c4766 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -6,7 +6,7 @@ description: Learn about deploying Windows with Microsoft 365 and how to use a f
 ms.service: windows-client
 ms.localizationpriority: medium
 author: frankroj
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 02/13/2024
 ms.subservice: itpro-deploy
 appliesto:
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index 3449e9f030..c0f4cd232b 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -3,7 +3,7 @@ title: Using a proxy with Delivery Optimization
 description: Settings to use with various proxy configurations to allow Delivery Optimization to work in your environment.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: article
 author: cmknox
 ms.author: carmenf
 manager: aaroncz
@@ -66,7 +66,7 @@ You can set a device-wide proxy that will apply to all users including an intera
 
 Or, if you use Group Policy, you can apply proxy settings to all users of the same device by enabling the **Computer Configuration\ Administrative Templates\ Windows Components\ Internet Explorer\ Make proxy settings per-machine (rather than per-user)** policy.
 
-This policy is meant to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user, so if you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.
+This policy is meant to ensure that proxy settings apply uniformly to the same computer and don't vary from user to user, so if you enable this policy, users can't set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or don't configure it, users of the same computer can establish their own proxy settings.
 
 ## Using a proxy with Microsoft Connected Cache
 
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index 1f89eca0a6..8683d2cbfc 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -3,7 +3,7 @@ title: Delivery Optimization workflow, privacy, security, and endpoints
 description: Details of how Delivery Optimization communicates with the server when content is requested to download including privacy, security, and endpoints.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: article
 author: cmknox
 ms.author: carmenf
 manager: aaroncz
diff --git a/windows/deployment/do/mcc-ent-early-preview.md b/windows/deployment/do/mcc-ent-early-preview.md
index 1e1922f15a..eb1e76aeb7 100644
--- a/windows/deployment/do/mcc-ent-early-preview.md
+++ b/windows/deployment/do/mcc-ent-early-preview.md
@@ -3,7 +3,7 @@ title: Microsoft Connected Cache for Enterprise and Education early preview
 description: Details on Microsoft Connected Cache for Enterprise early preview
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: article
 manager: naengler
 ms.author: lichris
 author: chrisjlin
diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md
index f8ddaef129..4462a52318 100644
--- a/windows/deployment/do/mcc-ent-prerequisites.md
+++ b/windows/deployment/do/mcc-ent-prerequisites.md
@@ -3,7 +3,7 @@ title: Microsoft Connected Cache for Enterprise and Education prerequisites
 description: Details of prerequisites and recommendations for using Microsoft Connected Cache for Enterprise and Education.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: article
 ms.author: lichris
 author: chrisjlin
 manager: naengler
diff --git a/windows/deployment/do/mcc-ent-release-notes.md b/windows/deployment/do/mcc-ent-release-notes.md
index 7a69747aff..774d9cd43f 100644
--- a/windows/deployment/do/mcc-ent-release-notes.md
+++ b/windows/deployment/do/mcc-ent-release-notes.md
@@ -3,7 +3,7 @@ title: Microsoft Connected Cache Release Notes
 description: Release Notes for Microsoft Connected Cache for Enterprise and Education.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: release-notes
 ms.author: lichris
 author: chrisjlin
 manager: naengler
diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index fbe4478bf8..daa7a581db 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -7,7 +7,7 @@ manager: aaroncz
 author: nidos
 ms.author: nidos
 ms.reviewer: mstewart
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.collection: tier3
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md
index 330f5c1225..b03d0b328e 100644
--- a/windows/deployment/do/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/do/waas-optimize-windows-10-updates.md
@@ -2,7 +2,7 @@
 title: Optimize Windows update delivery
 description: Learn about the two methods of peer-to-peer content distribution that are available, Delivery Optimization and BranchCache.
 ms.service: windows-client
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-updates
 ms.author: carmenf
 author: cmknox
diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index 607817cbf7..1e39fdbb8d 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -3,7 +3,7 @@ title: What's new in Delivery Optimization
 description: What's new in Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: whats-new
 author: cmknox
 ms.author: carmenf
 manager: aaroncz
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index bb837de075..66190ba643 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -3,7 +3,7 @@ title: How to check Windows release health
 description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 ms.author: mstewart
 author: mestew
 manager: aaroncz
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index d1b6ebd87e..12be8abe43 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -3,7 +3,7 @@ title: Create a deployment plan
 description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 33f43d08f6..736b716433 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -3,7 +3,7 @@ title: Update Windows installation media with Dynamic Update
 description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 892daae8af..24d404f377 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -3,7 +3,7 @@ title: Integrate Windows Update for Business
 description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: integration
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 78cf2b2e50..03cdf677fb 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -3,7 +3,7 @@ title: Assign devices to servicing channels for updates
 description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 2e0aea738c..994bb5ef07 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -3,7 +3,7 @@ title: Prepare a servicing strategy for Windows client updates
 description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index 0ab9c7324e..372c9e38c8 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -3,7 +3,7 @@ title: Configure Windows Update for Business by using CSPs and MDM
 description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index f78cd0d3e4..52a546dcf2 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -4,7 +4,7 @@ description: Walk through of how to configure Windows Update for Business settin
 ms.service: windows-client
 ms.subservice: itpro-updates
 manager: aaroncz
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index c81a8e7319..55cf4cf9e5 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -3,7 +3,7 @@ title: Get started with Windows Update
 description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: get-started
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 94e36fa723..555bab68e4 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
 description: How to configure devices to use Windows Update for Business reports from Microsoft Intune.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 157adbc776..0deac75ed2 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
 description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 4561a0045f..868d704195 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
 description: Windows Update for Business reports support, feedback, and troubleshooting information.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 7fb8613fcf..4f96164a1b 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
 description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index faa2671fbe..ba85a80f98 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
 description: How to use the Windows Update for Business reports workbook from the Azure portal.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
index 2cb3016af2..0d9b10ba84 100644
--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@@ -3,7 +3,7 @@ title: Use Windows Update for Business and Windows Server Update Services (WSUS)
 description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy.
 ms.service: windows-client
 ms.subservice: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
 author: mestew
 ms.author: mstewart
 manager: aaroncz
@@ -23,7 +23,7 @@ The Windows update scan source policy enables you to choose what types of update
 We added the scan source policy starting with the [September 1, 2021—KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202) Preview](https://support.microsoft.com/help/5005101) update and it applies to Window 10, version 2004 and above and Windows 11. This policy changes the way devices determine whether to scan against a local WSUS server or Windows Update service.
 
 > [!IMPORTANT]
-> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it is replaced by the new Windows scan source policy and is not recommended for use. If you configure both on Windows 10, you will not get updates from Windows Update.
+> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it's replaced by the new Windows scan source policy and isn't recommended for use. If you configure both on Windows 10, you won't get updates from Windows Update.
 
 ## About the scan source policy
 
@@ -53,7 +53,7 @@ To help you better understand the scan source policy, see the default scan behav
 > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options.
 
 > [!NOTE]
-> If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such.
+> If you have devices configured for WSUS and don't configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such.
 
 ## Configure the scan sources
 
@@ -68,7 +68,7 @@ The policy can be configured using the following two methods:
 2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor&lt;Update Type>**:
 
 > [!NOTE]
-> - You should configure **all** of these policies if you are using CSPs.
+> - You should configure **all** of these policies if you're using CSPs.
 > - Editing the registry to change the behavior of update policies isn't recommended. Use Group Policy or the Configuration Service Provider (CSP) policy instead of directly writing to the registry. However, if you choose to edit the registry, ensure you've configured the `UseUpdateClassPolicySource` registry key too, or the scan source won't be altered.
 > - If you're also using the **Specify settings for optional component installation and component repair** policy to enable content for FoDs and language packs, see [How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager](fod-and-lang-packs.md) to verify your policy configuration. 
 
diff --git a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
index 444ff9cf37..9ab18bdcfd 100644
--- a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md
@@ -5,7 +5,7 @@ ms.author: frankroj
 description: Resolve Windows upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.service: windows-client
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md
index 5caad8feef..fd90fdc246 100644
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@@ -6,7 +6,7 @@ description: Download the Feedback Hub app, and then submit Windows upgrade erro
 ms.service: windows-client
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
 appliesto:
diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md
index b1fc50c67b..eea591bb03 100644
--- a/windows/deployment/upgrade/windows-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-edition-upgrades.md
@@ -6,7 +6,7 @@ ms.author: frankroj
 ms.service: windows-client
 ms.localizationpriority: medium
 author: frankroj
-ms.topic: conceptual
+ms.topic: upgrade-and-migration-article
 ms.collection:
   - highpri
   - tier2
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index 34c5e47773..958dbd15ef 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -6,7 +6,7 @@ description: Learn how to review the events generated by Windows Error Reporting
 ms.service: windows-client
 author: frankroj
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
 appliesto:
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 125f0fd64a..ca0f26473f 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -5,7 +5,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: conceptual
+ms.topic: upgrade-and-migration-article
 ms.subservice: itpro-deploy
 ms.date: 08/30/2024
 ---
diff --git a/windows/deployment/upgrade/windows-upgrade-paths.md b/windows/deployment/upgrade/windows-upgrade-paths.md
index 4d1dcd205e..f6a5c42c55 100644
--- a/windows/deployment/upgrade/windows-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-upgrade-paths.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 manager: aaroncz
 ms.author: frankroj
-ms.topic: conceptual
+ms.topic: upgrade-and-migration-article
 ms.collection:
   - highpri
   - tier2
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 3a2a091e06..d1313e2a39 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: conceptual
+ms.topic: get-started
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
 appliesto:
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 563fffa13b..c6c0627a49 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index e69fa2a0eb..a8473748b7 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: overview
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 631c7b6aa6..e60272da5f 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index 2994c4a929..fab9e7724b 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index fe77583153..34fb82aa18 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: best-practice
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md
index e8a0d69a2f..46f76521b8 100644
--- a/windows/deployment/usmt/usmt-choose-migration-store-type.md
+++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: overview
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md
index 71da51bdda..cac5f93581 100644
--- a/windows/deployment/usmt/usmt-command-line-syntax.md
+++ b/windows/deployment/usmt/usmt-command-line-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: overview
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index d618b669c3..b81d59505e 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f77777e41f..b0444cb0cd 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
index c2a0454e4b..c514ca0de2 100644
--- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md
+++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index c398822c63..ea5761cc5e 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
 appliesto:
diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md
index 00a902de28..1c80db779b 100644
--- a/windows/deployment/usmt/usmt-customize-xml-files.md
+++ b/windows/deployment/usmt/usmt-customize-xml-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
index 098c1a8a45..afad7e7d3d 100644
--- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md
+++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index ae5b4e142e..0ebc0fc1de 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index 72388d511e..52a44c5d33 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
index 9fefd6f0b4..8f2d1c1196 100644
--- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 950371b73e..146ed9bd56 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index 7c21f7e783..75a8d9fb1d 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md
index 0da69dfec4..49a7170f0c 100644
--- a/windows/deployment/usmt/usmt-how-it-works.md
+++ b/windows/deployment/usmt/usmt-how-it-works.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
 appliesto:
diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md
index 72231c5f35..29114c8d6e 100644
--- a/windows/deployment/usmt/usmt-how-to.md
+++ b/windows/deployment/usmt/usmt-how-to.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: overview
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md
index 41d2a4f881..644d0c72b2 100644
--- a/windows/deployment/usmt/usmt-identify-application-settings.md
+++ b/windows/deployment/usmt/usmt-identify-application-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
index e46ff9f218..217fc28b31 100644
--- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
index 941df2cced..b37083ce78 100644
--- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md
+++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md
index 314590b2b7..e72d3bab25 100644
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@@ -6,7 +6,7 @@ manager: aaroncz
 ms.author: frankroj
 ms.service: windows-client
 author: frankroj
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 ms.subservice: itpro-deploy
 ms.date: 01/29/2025
diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md
index 6ff87626e6..aa3a9e2593 100644
--- a/windows/deployment/usmt/usmt-include-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-include-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index 30667f7873..cb3ee8ef8b 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 27e897b01d..e015af4036 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
index 8d146557a2..9f896b125f 100644
--- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index 2e82b3db4e..ba220bc251 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md
index 2084dbdd22..0af8864e20 100644
--- a/windows/deployment/usmt/usmt-migration-store-encryption.md
+++ b/windows/deployment/usmt/usmt-migration-store-encryption.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md
index 6fbc90a488..a75bc7ea90 100644
--- a/windows/deployment/usmt/usmt-plan-your-migration.md
+++ b/windows/deployment/usmt/usmt-plan-your-migration.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md
index 74170fceed..c626ac56fe 100644
--- a/windows/deployment/usmt/usmt-recognized-environment-variables.md
+++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md
@@ -8,7 +8,7 @@ manager: aaroncz
 ms.author: frankroj
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.collection:
   - highpri
   - tier2
diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md
index adeaf3c10e..a5e4eea126 100644
--- a/windows/deployment/usmt/usmt-reference.md
+++ b/windows/deployment/usmt/usmt-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md
index 438b71d40b..fb0d5ddf48 100644
--- a/windows/deployment/usmt/usmt-requirements.md
+++ b/windows/deployment/usmt/usmt-requirements.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index e7a5305f00..8cbda2d6c9 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md
index 6e81c92b9a..cf9749d531 100644
--- a/windows/deployment/usmt/usmt-resources.md
+++ b/windows/deployment/usmt/usmt-resources.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index a25a4bde8e..04fee70623 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md
index d269cd7597..4e15899fb3 100644
--- a/windows/deployment/usmt/usmt-technical-reference.md
+++ b/windows/deployment/usmt/usmt-technical-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index 4b1d005a41..08bbb67f9d 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md
index 56ee8a1868..98ddecb7ae 100644
--- a/windows/deployment/usmt/usmt-topics.md
+++ b/windows/deployment/usmt/usmt-topics.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index 3ca79322a4..98b2ed5c0e 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md
index bef1f41088..29f40c6108 100644
--- a/windows/deployment/usmt/usmt-utilities.md
+++ b/windows/deployment/usmt/usmt-utilities.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
index 56cee12f98..a60ce0dd07 100644
--- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
+++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: concept-article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index fc41899980..edf9b0b470 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 21d2195393..551883b1ab 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: reference
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index f611d55175..0f537173ad 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: how-to
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md
index 8b1d97b433..d26d21f084 100644
--- a/windows/deployment/usmt/xml-file-requirements.md
+++ b/windows/deployment/usmt/xml-file-requirements.md
@@ -7,7 +7,7 @@ ms.author: frankroj
 ms.service: windows-client
 author: frankroj
 ms.date: 01/29/2025
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 182f55c874..35a89089d3 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/19/2024
 ms.subservice: itpro-deploy
 appliesto:
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index cf038aa4a9..2c3b28dac0 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -7,7 +7,7 @@ manager: aaroncz
 ms.service: windows-client
 ms.localizationpriority: medium
 ms.date: 02/13/2024
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: itpro-deploy
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
index 90528e17a2..6e8b915912 100644
--- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
@@ -4,7 +4,7 @@ description: This article explains the Windows quality update end user experienc
 ms.date: 11/04/2024
 ms.service: windows-client
 ms.subservice: autopatch
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
index ed17d7438c..31a02381ec 100644
--- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
@@ -4,7 +4,7 @@ description: This article explains how Windows quality updates are managed
 ms.date: 11/20/2024
 ms.service: windows-client
 ms.subservice: autopatch
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index 4794ab6ddf..22734dbc08 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -5,7 +5,7 @@ manager: aaroncz
 ms.author: frankroj
 author: frankroj
 ms.service: windows-client
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 08/30/2024
 ms.subservice: itpro-deploy
 ---
diff --git a/windows/deployment/windows-deployment-scenarios.md b/windows/deployment/windows-deployment-scenarios.md
index 857188ae38..ca61bef97b 100644
--- a/windows/deployment/windows-deployment-scenarios.md
+++ b/windows/deployment/windows-deployment-scenarios.md
@@ -6,7 +6,7 @@ ms.author: frankroj
 author: frankroj
 ms.service: windows-client
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 02/13/2024
 ms.subservice: itpro-deploy
 appliesto:
diff --git a/windows/deployment/windows-missing-fonts.md b/windows/deployment/windows-missing-fonts.md
index eabee6f44f..f86ac6ce2f 100644
--- a/windows/deployment/windows-missing-fonts.md
+++ b/windows/deployment/windows-missing-fonts.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: frankroj
 ms.author: frankroj
 manager: aaroncz
-ms.topic: conceptual
+ms.topic: how-to
 ms.date: 03/28/2024
 ms.subservice: itpro-deploy
 zone_pivot_groups: windows-versions-11-10
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 6fa1d2a9e2..6239e43f99 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -9,7 +9,7 @@ ms.author: danbrown
 manager: laurawi
 ms.date: 03/11/2016
 ms.collection: highpri
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
 # Configure Windows diagnostic data in your organization
diff --git a/windows/privacy/windows-privacy-compliance-guide.md b/windows/privacy/windows-privacy-compliance-guide.md
index fb9459ba79..2cb7a70074 100644
--- a/windows/privacy/windows-privacy-compliance-guide.md
+++ b/windows/privacy/windows-privacy-compliance-guide.md
@@ -8,7 +8,7 @@ author: DHB-MSFT
 ms.author: danbrown
 manager: laurawi
 ms.date: 05/20/2019
-ms.topic: conceptual
+ms.topic: article
 ms.collection: essentials-compliance
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
index 8ea04f6820..d6095213cd 100644
--- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
@@ -3,7 +3,7 @@ title: Designing, creating, managing, and troubleshooting App Control for Busine
 description: How to design, create, manage, and troubleshoot your App Control AppId Tagging policies
 ms.localizationpriority: medium
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # App Control Application ID (AppId) Tagging guide
diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
index 82fbcd6156..3ab782c3a7 100644
--- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Deploying App Control for Business AppId tagging policies
 description: How to deploy your App Control AppId tagging policies locally and globally within your managed environment.
 ms.localizationpriority: medium
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ---
 
 # Deploying App Control for Business AppId tagging policies
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 64ec3acfbf..19aa013427 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -2,7 +2,7 @@
 title: Add rules for packaged apps to existing AppLocker rule-set
 description: This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
index 7314cce2f9..b23c2bbb56 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
@@ -2,7 +2,7 @@
 title: AppLocker architecture and components
 description: This article for IT professional describes AppLocker’s basic architecture and its major components.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
index 2ce3ad5532..cd332a947e 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
@@ -2,7 +2,7 @@
 title: AppLocker functions
 description: This article for the IT professional lists the functions and security levels for AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
index 1af7a371bb..0123fba7fe 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
@@ -4,7 +4,7 @@ description: This article provides a description of AppLocker and can help you d
 ms.collection:
 - tier3
 - must-keep
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/11/2024
 ---
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
index 8520621d36..2708051c46 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker deployment guide
 description: This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
index 174ed4907c..af106d2482 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker design guide
 description: This article for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
index 0d11e182ca..0b9425c2ca 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
@@ -2,7 +2,7 @@
 title: AppLocker policy use scenarios
 description: This article for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
index 4bc0bd0949..b28e45f232 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
@@ -2,7 +2,7 @@
 title: AppLocker processes and interactions
 description: This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
index 5dd3820526..057585ea54 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
@@ -2,7 +2,7 @@
 title: AppLocker technical reference
 description: This overview article for IT professionals provides links to the articles in the technical reference.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
index f015e79882..a573b63891 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -2,7 +2,7 @@
 title: Create a list of apps deployed to each business group
 description: This article describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 83e603b364..50bc9f1a76 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -2,7 +2,7 @@
 title: Deploy AppLocker policies by using the enforce rules setting
 description: This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
index 941a047e99..37ffcce44c 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
@@ -2,7 +2,7 @@
 title: Deploy the AppLocker policy into production
 description: This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
index 29380fe1e1..64a91162b6 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -2,7 +2,7 @@
 title: Determine the Group Policy structure and rule enforcement
 description: This overview article describes the process to follow when you're planning to deploy AppLocker rules.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
index 054c18fb61..c26bd8e92a 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: DLL rules in AppLocker
 description: This article describes the file formats and available default rules for the DLL rule collection.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
index 00e357875d..49bcd565c3 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
@@ -2,7 +2,7 @@
 title: Document your app list
 description: This planning article describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
index 2abb621ddc..ac0281aec5 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Enforce AppLocker rules
 description: This article for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
index 99ffe04a6d..650edc17f1 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Executable rules in AppLocker
 description: This article describes the file formats and available default rules for the executable rule collection.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
index c704a9e977..b9871903f4 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
@@ -2,7 +2,7 @@
 title: How AppLocker works
 description: This article for the IT professional provides links to articles about AppLocker architecture and components, processes and interactions, rules and policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
index f160bda367..e19aced7fc 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
@@ -2,7 +2,7 @@
 title: Optimize AppLocker performance
 description: This article for IT professionals describes how to optimize AppLocker policy enforcement.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index 7085567383..edae5b70c8 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Packaged apps and packaged app installer rules in AppLocker
 description: This article explains the AppLocker rule collection for packaged app installers and packaged apps.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
index 2caf917483..ca1dd0b0c7 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Requirements for deploying AppLocker policies
 description: This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
index 7bb94f1197..1cdee958cf 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
@@ -2,7 +2,7 @@
 title: Requirements to use AppLocker
 description: This article for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
index e4481ab2c7..deab94e661 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
@@ -4,7 +4,7 @@ description: This article describes the RuleCollectionExtensions added in Window
 ms.collection:
 - tier3
 - must-keep
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/11/2024
 ---
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
index bc342eba8b..a9f2b80103 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Script rules in AppLocker
 description: This article describes the file formats and available default rules for the script rule collection.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
@@ -26,7 +26,7 @@ The following table lists the default rules that are available for the script ru
 | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder | Everyone | Path: `%programfiles%\*`|
 
 > [!NOTE]
-> When a script runs that is not allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). Authorized scripts run in Full Language Mode.
+> When a script runs that isn't allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). Authorized scripts run in Full Language Mode.
 
 ## Related articles
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
index 6a11796ca7..894f2f14ac 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
@@ -2,7 +2,7 @@
 title: Security considerations for AppLocker
 description: This article for the IT professional describes the security considerations you need to address when implementing AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
index 8000ce41d4..b6385e0a25 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
@@ -2,7 +2,7 @@
 title: Select the types of rules to create
 description: This article lists resources you can use when selecting your application control policy rules by using AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
index 5b1ed0083d..f595601d15 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
@@ -2,7 +2,7 @@
 title: Tools to use with AppLocker
 description: This article for the IT professional describes the tools available to create and administer AppLocker policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
index 1bbbc6329c..fcdb46f43a 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule condition types
 description: This article for the IT professional describes the three types of AppLocker rule conditions.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 574c33a03b..8bf591dcbe 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -2,7 +2,7 @@
 title: Use the AppLocker Windows PowerShell cmdlets
 description: This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
index 65fa1be015..e73c36db1f 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
@@ -2,7 +2,7 @@
 title: Using Event Viewer with AppLocker
 description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
index cfc1ce02c6..bbf33108ab 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Windows Installer rules in AppLocker
 description: This article describes the file formats and available default rules for the Windows Installer rule collection.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
index 2a7f5153ec..24899eecfc 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Working with AppLocker policies
 description: This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
index c827358a61..74f328bc4a 100644
--- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
@@ -4,7 +4,7 @@ description: This article for IT professionals describes AppLocker rule types an
 ms.localizationpriority: medium
 msauthor: jsuther
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # Working with AppLocker rules
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
index 69735b11bd..3710567ff2 100644
--- a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
@@ -2,7 +2,7 @@
 title: Use code signing for added control and protection with App Control
 description: Code signing can be used to better control Win32 app authorization and add protection for your App Control for Business policies.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md
index 6e31a5e523..5a5945c92c 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md
@@ -3,7 +3,7 @@ title: App Control for Business and .NET
 description: Understand how App Control and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
 ms.localizationpriority: medium
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # App Control for Business and .NET
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md
index 73bbde562c..74cccbdaad 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md
@@ -2,7 +2,7 @@
 title: App Control for Business design guide
 description: Microsoft App Control for Business allows organizations to control what apps and drivers will run on their managed Windows devices.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
index 5de28ef21c..02e0814f1f 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
@@ -2,7 +2,7 @@
 title: App Control for Business Wizard Base Policy Creation
 description: Creating new base App Control policies with the App Control Wizard.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
index 3cd72d3fcd..e0bb02d843 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
@@ -2,7 +2,7 @@
 title: App Control for Business Wizard Supplemental Policy Creation
 description: Creating supplemental App Control policies with the App Control Wizard.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md
index 8818dc5ae7..832e5b3936 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md
@@ -2,7 +2,7 @@
 title: Editing App Control for Business Policies with the Wizard
 description: Editing existing base and supplemental policies with the Microsoft App Control Wizard.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md
index a0c8c1e69a..ad430e20d0 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md
@@ -2,7 +2,7 @@
 title: App Control for Business Wizard Policy Merging Operation
 description: Merging multiple policies into a single App Control policy with the App Control Wizard.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md
index 5e2b4e4017..4cd50e9bd2 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md
@@ -2,7 +2,7 @@
 title: App Control for Business Wizard App Control Event Parsing
 description: Creating App Control policy rules from the App Control event logs and the MDE Advanced Hunting App Control events.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md
index 5fab393481..5cd068e7b1 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md
@@ -2,7 +2,7 @@
 title: App Control for Business Wizard
 description: The App Control for Business policy wizard tool allows you to create, edit, and merge App Control policies in a simple to use Windows application.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/11/2024
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md
index 4ba40200b3..bf802fc507 100644
--- a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md
@@ -3,7 +3,7 @@ title: Policy creation for common App Control usage scenarios
 description: Develop a plan for deploying App Control for Business in your organization based on these common scenarios.
 ms.localizationpriority: medium
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: install-set-up-deploy
 ---
 
 # App Control for Business deployment in different scenarios: types of devices
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
index f2db0b2d7a..eb8c5af737 100644
--- a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
@@ -3,7 +3,7 @@ title: Understanding App Control event tags
 description: Learn what different App Control for Business event tags signify.
 ms.localizationpriority: medium
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # Understanding App Control event tags
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
index f62b037cb4..6520b17bbb 100644
--- a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
@@ -3,7 +3,7 @@ title: Inbox App Control policies
 description: This article describes the inbox App Control policies that may be active on a device.
 ms.manager: jsuther
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md
index ce8d6225a0..9f6ad2b2dc 100644
--- a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md
+++ b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md
@@ -6,7 +6,7 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.date: 09/11/2024
-ms.topic: conceptual
+ms.topic: article
 appliesto:
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
index cc5f471678..436c24ff57 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -2,7 +2,7 @@
 title: Microsoft Defender Application Guard
 description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
 ms.date: 07/11/2024
-ms.topic: conceptual
+ms.topic: overview
 ---
 
 # Microsoft Defender Application Guard overview
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index 275a28dd9e..9fdffea69e 100644
--- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -3,7 +3,7 @@ title: Testing scenarios with Microsoft Defender Application Guard
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
 ms.localizationpriority: medium
 ms.date: 07/11/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # Application Guard testing scenarios
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
index fcb9b56ddc..671352b771 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox architecture
 description: Windows Sandbox architecture
-ms.topic: conceptual
+ms.topic: article
 ms.date: 09/09/2024
 ---
 
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md
index 42ffe331cc..aa15412076 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox versions
 description: Windows Sandbox versions
-ms.topic: conceptual
+ms.topic: article
 ms.date: 10/22/2024
 ---
 
diff --git a/windows/security/book/cloud-services-protect-your-personal-information.md b/windows/security/book/cloud-services-protect-your-personal-information.md
index 36707a697b..085aecff6a 100644
--- a/windows/security/book/cloud-services-protect-your-personal-information.md
+++ b/windows/security/book/cloud-services-protect-your-personal-information.md
@@ -9,57 +9,10 @@ ms.date: 11/18/2024
 
 :::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
 
-## Microsoft account
+[!INCLUDE [microsoft-account](includes/microsoft-account.md)]
 
-Your Microsoft account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
+[!INCLUDE [find-my-device](includes/find-my-device.md)]
 
-You can even go passwordless with your Microsoft account by removing the password from your MSA:
+[!INCLUDE [onedrive-for-personal](includes/onedrive-for-personal.md)]
 
-- Use Windows Hello to eliminate the password sign-in method for an even more secure experience
-- Use the Microsoft Authenticator app on your Android or iOS device
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [What is a Microsoft account?][LINK-1]
-- [Go passwordless with your Microsoft account][LINK-5]
-
-## Find my device
-
-When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [How to set up, find, and lock a lost Windows device using a Microsoft account][LINK-2]
-
-## OneDrive for personal
-
-Microsoft OneDrive for personal<sup>[\[10\]](conclusion.md#footnote10)</sup> offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
-
-- If a device is lost or stolen, users can quickly recover all their important files from the cloud
-- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Get started with OneDrive][LINK-6]
-- [How to recover from a ransomware attack using Microsoft 365][LINK-7]
-- [How to restore from OneDrive][LINK-3]
-
-## Personal Vault
-
-Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in Personal Vault, where they're protected by identity verification and are easily accessible across devices.
-
-Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Protect your OneDrive files in Personal Vault][LINK-4]
-
-<!--links-->
-
-[LINK-1]: https://support.microsoft.com/topic/4a7c48e9-ff5a-e9c6-5a5c-1a57d66c3bfa
-[LINK-2]: https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316
-[LINK-3]: https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15
-[LINK-4]: https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4
-[LINK-5]: https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856
-[LINK-6]: https://support.microsoft.com/onedrive
-[LINK-7]: /microsoft-365/security/office-365-security/recover-from-ransomware
+[!INCLUDE [personal-vault](includes/personal-vault.md)]
diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md
index 033200a8f1..d29800ce98 100644
--- a/windows/security/book/cloud-services-protect-your-work-information.md
+++ b/windows/security/book/cloud-services-protect-your-work-information.md
@@ -9,374 +9,28 @@ ms.date: 11/04/2024
 
 :::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false":::
 
-## :::image type="icon" source="images/microsoft-entra-id.svg" border="false"::: Microsoft Entra ID
+[!INCLUDE [microsoft-entra-id](includes/microsoft-entra-id.md)]
 
-Microsoft Entra ID is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. Microsoft Entra ID can also be used with Windows Autopilot for zero-touch provisioning of devices preconfigured with corporate security policies.
+[!INCLUDE [azure-attestation-service](includes/azure-attestation-service.md)]
 
-Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID .
+[!INCLUDE [microsoft-defender-for-endpoint](includes/microsoft-defender-for-endpoint.md)]
 
-:::row:::
-    :::column:::
-        For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification.
-    :::column-end:::
-    :::column:::
-:::image type="content" source="images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="images/device-registration.png":::
-    :::column-end:::
-:::row-end:::
+[!INCLUDE [cloud-native-device-management](includes/cloud-native-device-management.md)]
 
-To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management.
+[!INCLUDE [microsoft-intune](includes/microsoft-intune.md)]
 
-Windows 11 works with Microsoft Entra ID to provide secure access, identity management, and single sign-on to apps and services from anywhere. Windows has built-in settings to add work or school accounts by syncing the device configuration to an Active Directory domain or Microsoft Entra ID tenant.
+[!INCLUDE [security-baselines](includes/security-baselines.md)]
 
-:::image type="content" source="images/access-work-or-school.png" alt-text="Screenshot of the add work or school account in Settings." border="false":::
+[!INCLUDE [windows-laps](includes/windows-laps.md)]
 
-When a device is Microsoft Entra ID joined and managed with Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>, it receives the following security benefits:
+[!INCLUDE [windows-autopilot](includes/windows-autopilot.md)]
 
-- Default managed user and device settings and policies
-- Single sign-in to all Microsoft Online Services
-- Full suite of authentication management capabilities using Windows Hello for Business
-- Single sign-on (SSO) to enterprise and SaaS applications
-- No use of consumer Microsoft account identity
+[!INCLUDE [windows-update-for-business](includes/windows-update-for-business.md)]
 
-Organizations and users can join or register their Windows devices with Microsoft Entra ID to get a seamless experience to both native and web applications. In addition, users can set up Windows Hello for Business or FIDO2 security keys with Microsoft Entra ID and benefit from greater security with passwordless authentication.
+[!INCLUDE [windows-autopatch](includes/windows-autopatch.md)]
 
-In combination with Microsoft Intune, Microsoft Entra ID offers powerful security control through Conditional Access to restrict access to organizational resources to healthy and compliant devices. Note that Microsoft Entra ID is only supported on Windows Pro and Enterprise editions.
+[!INCLUDE [windows-hotpatch](includes/windows-hotpatch.md)]
 
-Every Windows device has a built-in local administrator account that must be secured and protected to mitigate any Pass-the-Hash (PtH) and lateral traversal attacks. Many customers have been using our standalone, on-premises Windows Local Administrator Password Solution (LAPS) to manage their domain-joined Windows machines. We heard from many customers that LAPS support was needed as they modernized their Windows environment to join directly to Microsoft Entra ID.
+[!INCLUDE [onedrive-for-work-or-school](includes/onedrive-for-work-or-school.md)]
 
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Microsoft Entra ID documentation][LINK-1]
-- [Microsoft Entra plans and pricing][LINK-2]
-
-### Microsoft Entra Private Access
-
-Microsoft Entra Private Access provides organizations the ability to manage and give users access to private or internal fully qualified domain names (FQDNs) and IP addresses. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Microsoft Entra Private Access][LINK-4]
-
-### Microsoft Entra Internet Access
-
-Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs.
-
-> [!NOTE]
-> Both Microsoft Entra Private Access and Microsoft Entra Internet Access requires Microsoft Entra ID and Microsoft Entra Joined devices for deployment. The two solutions use the Global Secure Access client for Windows, which secures and controls the features.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Microsoft Entra Internet Access][LINK-3]
-- [Global Secure Access client for Windows][LINK-6]
-- [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept][LINK-5]
-
-### Enterprise State Roaming
-
-Available to any organization with a Microsoft Entra ID Premium<sup>[\[4\]](conclusion.md#footnote4)</sup> license, Enterprise State Roaming provides users with a unified Windows Settings experience across their Windows devices and reduces the time needed for configuring a new device.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Enterprise State Roaming in Microsoft Entra ID][LINK-7]
-
-## :::image type="icon" source="images/azure-attestation.svg" border="false"::: Azure Attestation service
-
-Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> integrates with Azure Attestation service to review Windows device health comprehensively and connect this information with Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup> Conditional Access.
-
-**Attestation policies are configured in the Azure Attestation service which can then:**
-
-- Verify the integrity of evidence provided by the Windows Attestation component by validating the signature and ensuring the Platform Configuration Registers (PCRs) match the values recomputed by replaying the measured boot log
-- Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM
-- Verify that security features are in the expected states
-
-Once this verification is complete, the attestation service returns a signed report with the security features state to the relying party - such as Microsoft Intune - to assess the trustworthiness of the platform relative to the admin-configured device compliance specifications. Conditional access is then granted or denied based on the device's compliance.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Azure Attestation overview][LINK-8]
-
-## :::image type="icon" source="images/defender-for-endpoint.svg" border="false"::: Microsoft Defender for Endpoint
-
-Microsoft Defender for Endpoint<sup>[\[4\]](conclusion.md#footnote4)</sup> is an enterprise endpoint detection and response solution that helps security teams detect, disrupt, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents.
-
-Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents:
-
-- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated cloud instance of Microsoft Defender for Endpoint
-- With Automatic Attack Disruption uses AI, machine learning, and Microsoft Security Intelligence to analyze the entire attack and respond at the incident level, where it's able to contain a device, and/or a user which reduces the impact of attacks such as ransomware, human-operated attacks, and other advanced attacks.
-- Cloud security analytics: Behavioral signals are translated into insights, detections, and recommended responses to advanced threats. These analytics leverage big data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365<sup>[\[4\]](conclusion.md#footnote4)</sup>, and online assets
-- Threat intelligence: Microsoft processes over 43 trillion security signals every 24 hours, yielding a deep and broad view into the evolving threat landscape. Combined with our global team of security experts and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. This threat intelligence helps provide unparalleled protection for our customers. The protections built into our platforms and products blocked attacks that include 31 billion identity threats and 32 billion email threats
-- Rich response capabilities: Defender for Endpoint empowers SecOps teams to isolate, remediate, and remote into machines to further investigate and stop active threats in their environment, as well as block files, network destinations, and create alerts for them. In addition, Automated Investigation and Remediation can help reduce the load on the SOC by automatically performing otherwise manual steps towards remediation and providing
-detailed investigation outcomes
-
-Defender for Endpoint is also part of Microsoft Defender XDR, our end-to-end, cloud-native extended detection and response (XDR) solution that combines best-of-breed endpoint, email, and identity security products. It enables organizations to prevent, detect, investigate, and remediate attacks by delivering deep visibility, granular context, and actionable insights generated from raw signals harnessed across the Microsoft 365 environment and other
-platforms, all synthesized into a single dashboard. This solution offers tremendous value to organizations of any size, especially those that are looking to break away from the added complexity of multiple point solutions, keeping them protected from sophisticated attacks and saving IT and security teams' time and resources.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft 365 Defender](/defender-xdr/microsoft-365-defender)
-
-## Cloud-native device management
-
-Microsoft recommends cloud-based device management so that IT professionals can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With cloud-native device management solutions like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>, IT can manage Windows 11 using industry standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate device management client.
-
-Windows 11 built-in management features include:
-
-- The enrollment client, which enrolls and configures the device to securely communicate with the enterprise device management server
-- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Mobile device management overview][LINK-9]
-
-### Remote wipe
-
-When a device is lost or stolen, IT administrators might want to remotely wipe data stored in memory and hard disks. A helpdesk agent might also want to reset devices to fix issues encountered by remote workers. A remote wipe can also be used to prepare a previously used device for a new user.
-
-Windows 11 supports the Remote Wipe configuration service provider (CSP) so that device management solutions can remotely initiate any of the following operations:
-
-- Reset the device and remove user accounts and data
-- Reset the device and clean the drive
-- Reset the device but persist user accounts and data
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Remote wipe CSP][LINK-10]
-
-## :::image type="icon" source="images/microsoft-intune.svg" border="false"::: Microsoft Intune
-
-Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> is a comprehensive cloud-native endpoint management solution that helps secure, deploy, and manage users, apps, and devices. Intune brings together technologies like Microsoft Configuration Manager and Windows Autopilot to simplify provisioning, configuration management, and software updates across the organization.
-
-Intune works with Microsoft Entra ID to manage security features and processes, including multifactor authentication and conditional access.
-
-Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies<sup>[\[11\]](conclusion.md#footnote11)</sup>. For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot.
-
-Windows 11 enables IT professionals to move to the cloud while consistently enforcing security policies. Windows 11 provides expanded support for group policy administrative templates (ADMX-backed policies) in cloud-native device management solutions like Microsoft Intune, enabling IT professionals to easily apply the same security policies to both on-premises and remote devices.
-
-Customers have asked for App Control for Business (previously called *Windows Defender Application Control*) to support manage installer for a long time. Now it's possible to enable allowlisting of Win32 apps to proactively reduce the number of malware infections.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [What is Microsoft Intune][LINK-12]
-
-### Windows enrollment attestation
-
-When a device enrolls into device management, the administrator expects it to receive the appropriate policies to secure and manage the PC. However, in some cases, malicious actors can remove enrollment certificates and use them on unmanaged PCs, making them appear enrolled but without the intended security and management policies.
-
-With Windows enrollment attestation, Microsoft Entra and Microsoft Intune certificates are bound to a device using the Trusted Platform Module (TPM). This ensures that the certificates can't be transferred from one device to another, maintaining the integrity of the enrollment process.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows enrollment attestation][LINK-13]
-
-### Microsoft Cloud PKI
-
-Microsoft Cloud PKI is a cloud-based service included in the Microsoft Intune Suite<sup>[\[4\]](conclusion.md#footnote4)</sup> that simplifies and automates the management of a Public Key Infrastructure (PKI) for organizations. It eliminates the need for on-premises servers, hardware, and connectors, making it easier to set up and manage a PKI compared to, for instance, Microsoft Active Directory Certificate Services (AD CS) combined with the Certificate Connector for Microsoft Intune.
-
-Key features include:
-
-- Certificate lifecycle management: automates the lifecycle of certificates, including issuance, renewal, and revocation, for all devices managed by Intune
-- Multi-platform support: supports certificate management for Windows, iOS/iPadOS, macOS, and Android devices
-- Enhanced security: enables certificate-based authentication for Wi-Fi, VPN, and other scenarios, improving security over traditional password-based methods. All certificate requests leverage Simple Certificate Enrollment Protocol (SCEP), making sure that the private key never leaves the requesting client
-- Simplified management: provides easy management of certification authorities (CAs), registration authorities (RAs), certificate revocation lists (CRLs), monitoring, and reporting
-
-With Microsoft Cloud PKI, organizations can accelerate their digital transformation and achieve a fully managed cloud PKI service with minimal effort.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Overview of Microsoft Cloud PKI for Microsoft Intune](/mem/intune/protect/microsoft-cloud-pki-overview)
-
-### Endpoint Privilege Management (EPM)
-
-Intune Endpoint Privilege Management supports organizations' Zero Trust journeys by helping them achieve a broad user base running with least privilege, while still permitting users to run elevated tasks allowed by the organization to remain productive.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Endpoint Privilege Management][LINK-14]
-
-### Mobile application management (MAM)
-
-With Intune, organizations can also extend MAM App Config, MAM App Protection, and App Protection Conditional Access capabilities to Windows. This enables people to access protected organizational content without having the device managed by IT. The first application to support MAM for Windows is Microsoft Edge.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Data protection for Windows MAM][LINK-15]
-
-## Security baselines
-
-Every organization faces security threats. However, different organizations can be concerned with different types of security threats. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital on confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
-
-A security baseline is a group of Microsoft-recommended configuration settings that explains their security implications. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Security baselines][LINK-11]
-
-### Security baseline for cloud-based device management solutions
-
-Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>. These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools.
-
-The security baseline includes policies for:
-
-- Microsoft inbox security technologies such as BitLocker, Microsoft Defender SmartScreen, Virtualization-based security, Exploit Guard, Microsoft Defender Antivirus, and Windows Firewall
-- Restricting remote access to devices
-- Setting credential requirements for passwords and PINs
-- Restricting the use of legacy technology
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Intune security baseline overview][LINK-16]
-- [List of the settings in the Windows security baseline in Intune][LINK-17]
-
-## Windows Local Administrator Password Solution (LAPS)
-
-Windows Local Administrator Password Solution (LAPS) is a feature that automatically manages and backs up the password of a local administrator account on Microsoft Entra joined and Active Directory-joined devices. It helps enhance security by regularly rotating and managing local administrator account passwords, protecting against pass-the-hash and lateral-traversal attacks.
-
-Windows LAPS can be configured via group policy or with a device management solution like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>.
-
-[!INCLUDE [new-24h2](includes/new-24h2.md)]
-
-Several enhancements have been made to improve manageability and security. Administrators can now configure LAPS to automatically create managed local accounts, integrating with existing policies to enhance security and efficiency. Policy settings have been updated to generate more readable passwords by ignoring certain characters and to support the generation of readable passphrases, with options to choose from three separate word source list and control passphrase length. Additionally, LAPS can detect when a computer rolls back to a previous image, ensuring password consistency between the computer and Active Directory.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows LAPS overview][LINK-18]
-
-## Windows Autopilot
-
-Traditionally, IT professionals spend significant time building and customizing images that will later be deployed to devices. If you're purchasing new devices or managing device refresh cycles, you can use Windows Autopilot to set up and preconfigure new devices, getting them ready for productive use. Autopilot helps you ensure your devices are delivered locked down and compliant with corporate security policies. The solution can also be used to reset, repurpose, and recover devices with zero touch by your IT team and no infrastructure to manage, enhancing efficiency with a process that's both easy and simple.
-
-With Windows Autopilot, there's no need to reimage or manually set-up devices before giving them to the users. Your hardware vendor can ship them, ready to go, directly to the users. From a user perspective, they turn on their device, go online, and Windows Autopilot delivers apps and settings.
-
-Windows Autopilot enables you to:
-
-- Automatically join devices to Microsoft Entra ID or Active Directory via Microsoft Entra hybrid join
-- Autoenroll devices into a device management solution like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup> (requires a Microsoft Entra ID Premium subscription for configuration)
-- Create and autoassignment of devices to configuration groups based on a device's profile
-- Customize of the out-of-box experience (OOBE) content specific to your organization
-
-Existing devices can also be quickly prepared for a new user with Windows Autopilot Reset. The reset capability is also useful in break/fix scenarios to quickly bring a device back to a business-ready state.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows Autopilot][LINK-19]
-- [Windows Autopilot Reset][LINK-20]
-
-## Windows Update for Business
-
-Windows Update for Business empowers IT administrators to ensure that their organization's Windows client devices are consistently up to date with the latest security updates and features. By directly connecting these systems to the Windows Update service, administrators can maintain a high level of security and functionality.
-
-Administrators can utilize group policy or a device management solution like Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>, to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization.
-
-This approach not only provides control over the update process but also ensures a seamless and positive update experience for all users within the organization. By using Windows Update for Business, organizations can achieve a more secure and efficient operational environment.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows Update for Business documentation][LINK-21]
-
-## Windows Autopatch
-
-Cybercriminals commonly exploit obsolete or unpatched software to infiltrate networks. It's essential to maintain current updates to seal security gaps. Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates so your IT Admins can focus on other activities and tasks.
-
-There's a lot more to learn about Windows Autopatch: this [Forrester Consulting Total Economic Impact&trade; Study][LINK-22] commissioned by Microsoft, features insights from customers who deployed Windows Autopatch and its impact on their organizations. You can also find out more information about new Autopatch features and the future of the service in the regularly published Windows IT Pro Blog and Windows Autopatch community.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/)
-- [Windows updates API overview](/graph/windowsupdates-concept-overview)
-- [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog/label-name/Windows%20Autopatch)
-- [Windows Autopatch community](https://techcommunity.microsoft.com/t5/windows-autopatch/bd-p/Windows-Autopatch)
-
-## :::image type="icon" source="images/soon-button-title.svg" border="false"::: Windows Hotpatch
-
-Windows Hotpatch is a feature designed to enhance security and minimize disruptions. With Windows Hotpatch, organizations can apply critical security updates without requiring a system restart, reducing the time to adopt a security update by 60% from the moment the update is offered. Hotpatch updates streamline the installation process, enhance compliance efficiency, and provide a per-policy level view of update statuses for all devices.
-
-By utilizing hotpatching through Windows Autopatch, the number of system restarts for Windows updates can be reduced from 12 times a year to just 4, ensuring consistent protection and uninterrupted productivity. This means less downtime, a streamlined experience for users, and a reduction in security risks. This technology, proven in the Azure Server environment, is now expanding to Windows 11, offering immediate security from day one without the need for a restart.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/)
-
-## :::image type="icon" source="images/onedrive.svg" border="false"::: OneDrive for work or school
-
-OneDrive for work or school is a cloud storage service that allows users to store, share, and collaborate on files. It's a part of Microsoft 365 and is designed to help organizations protect their data and comply with regulations. OneDrive for work or school is protected both in transit and at rest.
-
-When data transits either into the service from clients or between datacenters, it's protected using transport layer security (TLS) encryption. OneDrive only permits secure access.
-
-Authenticated connections aren't allowed over HTTP and instead redirect to HTTPS.
-
-There are several ways that OneDrive for work or school is protected at rest:
-
-- Physical protection: Microsoft understands the importance of protecting customer data and is committed to securing the datacenters that contain it. Microsoft datacenters are designed, built, and operated to strictly limit physical access to the areas where customer data is stored. Physical security at datacenters is in alignment with the defense-in-depth principle. Multiple security measures are implemented to reduce the risk of unauthorized users accessing data and other datacenter resources. Learn more [here](/compliance/assurance/assurance-datacenter-physical-access-security).
-- Network protection: The networks and identities are isolated from the corporate network. Firewalls limit traffic into the environment from unauthorized locations
-- Application security: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The [Microsoft Security Response Center](https://technet.microsoft.com/security/dn440717.aspx) helps triage incoming vulnerability reports and evaluate mitigations. Through the [Microsoft Cloud Bug Bounty Terms](https://technet.microsoft.com/dn800983), people across the world can earn money by reporting vulnerabilities
-- Content protection: Each file is encrypted at rest with a unique AES-256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [How OneDrive safeguards data in the cloud](https://support.microsoft.com/topic/23c6ea94-3608-48d7-8bf0-80e142edd1e1)
-
-## :::image type="icon" source="images/universal-print.svg" border="false"::: Universal Print
-
-Universal Print eliminates the need for on-premises print servers. It also eliminates the need for print drivers from the users' Windows devices and makes the devices secure, reducing the malware attacks that typically exploit vulnerabilities in driver model. It enables Universal Print-ready printers (with native support) to connect directly to the Microsoft Cloud. All major printer OEMs have these [models][LINK-23]. It also supports existing printers by using the connector software that comes with Universal Print.
-
-Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft-hosted cloud subscription service that supports a Zero Trust security model when using the Universal Print-ready printers. Customers can enable network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. Users and their devices don't need to be on the same local network as the printers or the Universal Print connector.
-
-Universal Print supports Zero Trust security by requiring that:
-
-- Each connection and API call to Universal Print cloud service requires authentication validated by Microsoft Entra ID<sup>[\[4\]](conclusion.md#footnote4)</sup>. A hacker would have to have knowledge of the right credentials to successfully connect to the Universal Print service
-- Every connection established by the user's device (client), the printer, or another cloud service to the Universal Print cloud service uses SSL with TLS 1.2 protection. This protects network snooping of traffic to gain access to sensitive data
-- Each printer registered with Universal Print is created as a device object in the customer's Microsoft Entra ID tenant and issued its own device certificate. Every connection from the printer is authenticated using this certificate. The printer can access only its own data and no other device's data
-- Applications can connect to Universal Print using either user, device, or application authentication. To ensure data security, it's highly recommended that only cloud applications use application authentication
-- Each acting application must register with Microsoft Entra ID and specify the set of permission scopes it requires. Microsoft's own acting applications - for example, the Universal Print connector - are registered with the Microsoft Entra ID service. Customer administrators need to provide their consent to the required permission scopes as part of onboarding the application to their tenant
-- Each authentication with Microsoft Entra ID from an acting application can't extend the permission scope as defined by the acting client app. This prevents the app from requesting additional permissions if the app is breached
-
-Additionally, Windows 11 includes device management support to simplify printer setup for users. With support from Microsoft Intune<sup>[\[4\]](conclusion.md#footnote4)</sup>, admins can now configure policy settings to provision specific printers onto the user's Windows devices.
-
-Universal Print stores the print data in cloud securely in Office Storage, the same storage used by other Microsoft 365 products.
-
-More information about handling of Microsoft 365 data (this includes Universal Print data) can be found [here][LINK-24].
-
-The Universal Print secure release platform ensures user privacy, secures organizational data, and reduces print wastage. It eliminates the need for people to rush to a shared printer as soon as they send a print job to ensure that no one sees the private or confidential content. Sometimes, printed documents are picked up by another person or not picked up at all and discarded. Detailed support and configuration information can be found [here][LINK-25].
-
-Universal Print supports Administrative Units in Microsoft Entra ID to enable the assignments of a *Printer Administrator* role to specific teams in the organization. The assigned team can configure only the printers that are part of the same Administrative Unit.
-
-For customers who want to stay on print servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM.
-
-[!INCLUDE [learn-more](includes/learn-more.md)]
-
-- [Universal Print][LINK-26]
-- [Data handling in Universal Print][LINK-27]
-- [Delegate Printer Administration with Administrative Units][LINK-28]
-- [Print support app design guide][LINK-29]
-
-<!--links-->
-
-[LINK-1]: /entra
-[LINK-2]: https://www.microsoft.com/security/business/microsoft-entra-pricing
-[LINK-3]: /entra/global-secure-access/concept-internet-access
-[LINK-4]: /entra/global-secure-access/concept-private-access
-[LINK-5]: /entra/architecture/sse-deployment-guide-internet-access
-[LINK-6]: /entra/global-secure-access/how-to-install-windows-client
-[LINK-7]: /entra/identity/devices/enterprise-state-roaming-enable
-[LINK-8]: /azure/attestation/overview
-[LINK-9]: /windows/client-management/mdm-overview
-[LINK-10]: /windows/client-management/mdm/remotewipe-csp
-[LINK-11]: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-[LINK-12]: /mem/intune/fundamentals/what-is-intune
-[LINK-13]: /mem/intune/enrollment/windows-enrollment-attestation
-[LINK-14]: /mem/intune/protect/epm-overview?formCode=MG0AV3
-[LINK-15]: /mem/intune/apps/protect-mam-windows?formCode=MG0AV3
-[LINK-16]: /mem/intune/protect/security-baselines
-[LINK-17]: /mem/intune/protect/security-baseline-settings-mdm-all
-[LINK-18]: /windows-server/identity/laps/laps-overview
-[LINK-19]: /autopilot/overview
-[LINK-20]: /mem/autopilot/windows-autopilot-reset
-[LINK-21]: /windows/deployment/update/waas-manage-updates-wufb
-[LINK-22]: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW10vlw
-[LINK-23]: /universal-print/fundamentals/universal-print-partner-integrations
-[LINK-24]: /microsoft-365/enterprise/m365-dr-overview
-[LINK-25]: /universal-print/fundamentals/universal-print-qrcode
-[LINK-26]: https://www.microsoft.com/microsoft-365/windows/universal-print
-[LINK-27]: /universal-print/data-handling
-[LINK-28]: /universal-print/portal/delegated-admin
-[LINK-29]: /windows-hardware/drivers/devapps/print-support-app-design-guide
+[!INCLUDE [universal-print](includes/universal-print.md)]
diff --git a/windows/security/book/includes/azure-attestation-service.md b/windows/security/book/includes/azure-attestation-service.md
new file mode 100644
index 0000000000..e233d321fd
--- /dev/null
+++ b/windows/security/book/includes/azure-attestation-service.md
@@ -0,0 +1,23 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/azure-attestation.svg" border="false"::: Azure Attestation service
+
+Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup> integrates with Azure Attestation service to review Windows device health comprehensively and connect this information with Microsoft Entra ID<sup>[\[4\]](../conclusion.md#footnote4)</sup> Conditional Access.
+
+**Attestation policies are configured in the Azure Attestation service which can then:**
+
+- Verify the integrity of evidence provided by the Windows Attestation component by validating the signature and ensuring the Platform Configuration Registers (PCRs) match the values recomputed by replaying the measured boot log
+- Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM
+- Verify that security features are in the expected states
+
+Once this verification is complete, the attestation service returns a signed report with the security features state to the relying party - such as Microsoft Intune - to assess the trustworthiness of the platform relative to the admin-configured device compliance specifications. Conditional access is then granted or denied based on the device's compliance.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Azure Attestation overview](/azure/attestation/overview)
diff --git a/windows/security/book/includes/cloud-native-device-management.md b/windows/security/book/includes/cloud-native-device-management.md
new file mode 100644
index 0000000000..33a7b3fe8c
--- /dev/null
+++ b/windows/security/book/includes/cloud-native-device-management.md
@@ -0,0 +1,34 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Cloud-native device management
+
+Microsoft recommends cloud-based device management so that IT professionals can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With cloud-native device management solutions like Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>, IT can manage Windows 11 using industry standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate device management client.
+
+Windows 11 built-in management features include:
+
+- The enrollment client, which enrolls and configures the device to securely communicate with the enterprise device management server
+- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Mobile device management overview](/windows/client-management/mdm-overview)
+
+### Remote wipe
+
+When a device is lost or stolen, IT administrators might want to remotely wipe data stored in memory and hard disks. A helpdesk agent might also want to reset devices to fix issues encountered by remote workers. A remote wipe can also be used to prepare a previously used device for a new user.
+
+Windows 11 supports the Remote Wipe configuration service provider (CSP) so that device management solutions can remotely initiate any of the following operations:
+
+- Reset the device and remove user accounts and data
+- Reset the device and clean the drive
+- Reset the device but persist user accounts and data
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Remote wipe CSP](/windows/client-management/mdm/remotewipe-csp)
diff --git a/windows/security/book/includes/find-my-device.md b/windows/security/book/includes/find-my-device.md
new file mode 100644
index 0000000000..b889fb3898
--- /dev/null
+++ b/windows/security/book/includes/find-my-device.md
@@ -0,0 +1,15 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Find my device
+
+When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [How to set up, find, and lock a lost Windows device using a Microsoft account](https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316)
\ No newline at end of file
diff --git a/windows/security/book/includes/microsoft-account.md b/windows/security/book/includes/microsoft-account.md
new file mode 100644
index 0000000000..221eb6d664
--- /dev/null
+++ b/windows/security/book/includes/microsoft-account.md
@@ -0,0 +1,21 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Microsoft account
+
+Your Microsoft account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android.
+
+You can even go passwordless with your Microsoft account by removing the password from your MSA:
+
+- Use Windows Hello to eliminate the password sign-in method for an even more secure experience
+- Use the Microsoft Authenticator app on your Android or iOS device
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [What is a Microsoft account?](https://support.microsoft.com/topic/4a7c48e9-ff5a-e9c6-5a5c-1a57d66c3bfa)
+- [Go passwordless with your Microsoft account](https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856)
\ No newline at end of file
diff --git a/windows/security/book/includes/microsoft-defender-for-endpoint.md b/windows/security/book/includes/microsoft-defender-for-endpoint.md
new file mode 100644
index 0000000000..dbe7d1f270
--- /dev/null
+++ b/windows/security/book/includes/microsoft-defender-for-endpoint.md
@@ -0,0 +1,28 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/defender-for-endpoint.svg" border="false"::: Microsoft Defender for Endpoint
+
+Microsoft Defender for Endpoint<sup>[\[4\]](../conclusion.md#footnote4)</sup> is an enterprise endpoint detection and response solution that helps security teams detect, disrupt, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents.
+
+Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents:
+
+- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated cloud instance of Microsoft Defender for Endpoint
+- With Automatic Attack Disruption uses AI, machine learning, and Microsoft Security Intelligence to analyze the entire attack and respond at the incident level, where it's able to contain a device, and/or a user which reduces the impact of attacks such as ransomware, human-operated attacks, and other advanced attacks.
+- Cloud security analytics: Behavioral signals are translated into insights, detections, and recommended responses to advanced threats. These analytics leverage big data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365<sup>[\[4\]](../conclusion.md#footnote4)</sup>, and online assets
+- Threat intelligence: Microsoft processes over 43 trillion security signals every 24 hours, yielding a deep and broad view into the evolving threat landscape. Combined with our global team of security experts and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. This threat intelligence helps provide unparalleled protection for our customers. The protections built into our platforms and products blocked attacks that include 31 billion identity threats and 32 billion email threats
+- Rich response capabilities: Defender for Endpoint empowers SecOps teams to isolate, remediate, and remote into machines to further investigate and stop active threats in their environment, as well as block files, network destinations, and create alerts for them. In addition, Automated Investigation and Remediation can help reduce the load on the SOC by automatically performing otherwise manual steps towards remediation and providing
+detailed investigation outcomes
+
+Defender for Endpoint is also part of Microsoft Defender XDR, our end-to-end, cloud-native extended detection and response (XDR) solution that combines best-of-breed endpoint, email, and identity security products. It enables organizations to prevent, detect, investigate, and remediate attacks by delivering deep visibility, granular context, and actionable insights generated from raw signals harnessed across the Microsoft 365 environment and other
+platforms, all synthesized into a single dashboard. This solution offers tremendous value to organizations of any size, especially those that are looking to break away from the added complexity of multiple point solutions, keeping them protected from sophisticated attacks and saving IT and security teams' time and resources.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
+- [Microsoft 365 Defender](/defender-xdr/microsoft-365-defender)
diff --git a/windows/security/book/includes/microsoft-entra-id.md b/windows/security/book/includes/microsoft-entra-id.md
new file mode 100644
index 0000000000..f0b400b0dd
--- /dev/null
+++ b/windows/security/book/includes/microsoft-entra-id.md
@@ -0,0 +1,84 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/microsoft-entra-id.svg" border="false"::: Microsoft Entra ID
+
+Microsoft Entra ID is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. Microsoft Entra ID can also be used with Windows Autopilot for zero-touch provisioning of devices preconfigured with corporate security policies.
+
+Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID .
+
+:::row:::
+    :::column:::
+        For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification.
+    :::column-end:::
+    :::column:::
+:::image type="content" source="../images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="../images/device-registration.png":::
+    :::column-end:::
+:::row-end:::
+
+To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management.
+
+Windows 11 works with Microsoft Entra ID to provide secure access, identity management, and single sign-on to apps and services from anywhere. Windows has built-in settings to add work or school accounts by syncing the device configuration to an Active Directory domain or Microsoft Entra ID tenant.
+
+:::image type="content" source="../images/access-work-or-school.png" alt-text="Screenshot of the add work or school account in Settings." border="false":::
+
+When a device is Microsoft Entra ID joined and managed with Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>, it receives the following security benefits:
+
+- Default managed user and device settings and policies
+- Single sign-in to all Microsoft Online Services
+- Full suite of authentication management capabilities using Windows Hello for Business
+- Single sign-on (SSO) to enterprise and SaaS applications
+- No use of consumer Microsoft account identity
+
+Organizations and users can join or register their Windows devices with Microsoft Entra ID to get a seamless experience to both native and web applications. In addition, users can set up Windows Hello for Business or FIDO2 security keys with Microsoft Entra ID and benefit from greater security with passwordless authentication.
+
+In combination with Microsoft Intune, Microsoft Entra ID offers powerful security control through Conditional Access to restrict access to organizational resources to healthy and compliant devices. Note that Microsoft Entra ID is only supported on Windows Pro and Enterprise editions.
+
+Every Windows device has a built-in local administrator account that must be secured and protected to mitigate any Pass-the-Hash (PtH) and lateral traversal attacks. Many customers have been using our standalone, on-premises Windows Local Administrator Password Solution (LAPS) to manage their domain-joined Windows machines. We heard from many customers that LAPS support was needed as they modernized their Windows environment to join directly to Microsoft Entra ID.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Microsoft Entra ID documentation][LINK-1]
+- [Microsoft Entra plans and pricing][LINK-2]
+
+### Microsoft Entra Private Access
+
+Microsoft Entra Private Access provides organizations the ability to manage and give users access to private or internal fully qualified domain names (FQDNs) and IP addresses. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Microsoft Entra Private Access][LINK-4]
+
+### Microsoft Entra Internet Access
+
+Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs.
+
+> [!NOTE]
+> Both Microsoft Entra Private Access and Microsoft Entra Internet Access requires Microsoft Entra ID and Microsoft Entra Joined devices for deployment. The two solutions use the Global Secure Access client for Windows, which secures and controls the features.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Microsoft Entra Internet Access][LINK-3]
+- [Global Secure Access client for Windows][LINK-6]
+- [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept][LINK-5]
+
+### Enterprise State Roaming
+
+Available to any organization with a Microsoft Entra ID Premium<sup>[\[4\]](../conclusion.md#footnote4)</sup> license, Enterprise State Roaming provides users with a unified Windows Settings experience across their Windows devices and reduces the time needed for configuring a new device.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Enterprise State Roaming in Microsoft Entra ID][LINK-7]
+
+[LINK-1]: /entra
+[LINK-2]: https://www.microsoft.com/security/business/microsoft-entra-pricing
+[LINK-3]: /entra/global-secure-access/concept-internet-access
+[LINK-4]: /entra/global-secure-access/concept-private-access
+[LINK-5]: /entra/architecture/sse-deployment-guide-internet-access
+[LINK-6]: /entra/global-secure-access/how-to-install-windows-client
+[LINK-7]: /entra/identity/devices/enterprise-state-roaming-enable
diff --git a/windows/security/book/includes/microsoft-intune.md b/windows/security/book/includes/microsoft-intune.md
new file mode 100644
index 0000000000..e0ca22fcd7
--- /dev/null
+++ b/windows/security/book/includes/microsoft-intune.md
@@ -0,0 +1,66 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/microsoft-intune.svg" border="false"::: Microsoft Intune
+
+Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup> is a comprehensive cloud-native endpoint management solution that helps secure, deploy, and manage users, apps, and devices. Intune brings together technologies like Microsoft Configuration Manager and Windows Autopilot to simplify provisioning, configuration management, and software updates across the organization.
+
+Intune works with Microsoft Entra ID to manage security features and processes, including multifactor authentication and conditional access.
+
+Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies<sup>[\[11\]](../conclusion.md#footnote11)</sup>. For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot.
+
+Windows 11 enables IT professionals to move to the cloud while consistently enforcing security policies. Windows 11 provides expanded support for group policy administrative templates (ADMX-backed policies) in cloud-native device management solutions like Microsoft Intune, enabling IT professionals to easily apply the same security policies to both on-premises and remote devices.
+
+Customers have asked for App Control for Business (previously called *Windows Defender Application Control*) to support manage installer for a long time. Now it's possible to enable allowlisting of Win32 apps to proactively reduce the number of malware infections.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune)
+
+### Windows enrollment attestation
+
+When a device enrolls into device management, the administrator expects it to receive the appropriate policies to secure and manage the PC. However, in some cases, malicious actors can remove enrollment certificates and use them on unmanaged PCs, making them appear enrolled but without the intended security and management policies.
+
+With Windows enrollment attestation, Microsoft Entra and Microsoft Intune certificates are bound to a device using the Trusted Platform Module (TPM). This ensures that the certificates can't be transferred from one device to another, maintaining the integrity of the enrollment process.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows enrollment attestation](/mem/intune/enrollment/windows-enrollment-attestation)
+
+### Microsoft Cloud PKI
+
+Microsoft Cloud PKI is a cloud-based service included in the Microsoft Intune Suite<sup>[\[4\]](../conclusion.md#footnote4)</sup> that simplifies and automates the management of a Public Key Infrastructure (PKI) for organizations. It eliminates the need for on-premises servers, hardware, and connectors, making it easier to set up and manage a PKI compared to, for instance, Microsoft Active Directory Certificate Services (AD CS) combined with the Certificate Connector for Microsoft Intune.
+
+Key features include:
+
+- Certificate lifecycle management: automates the lifecycle of certificates, including issuance, renewal, and revocation, for all devices managed by Intune
+- Multi-platform support: supports certificate management for Windows, iOS/iPadOS, macOS, and Android devices
+- Enhanced security: enables certificate-based authentication for Wi-Fi, VPN, and other scenarios, improving security over traditional password-based methods. All certificate requests leverage Simple Certificate Enrollment Protocol (SCEP), making sure that the private key never leaves the requesting client
+- Simplified management: provides easy management of certification authorities (CAs), registration authorities (RAs), certificate revocation lists (CRLs), monitoring, and reporting
+
+With Microsoft Cloud PKI, organizations can accelerate their digital transformation and achieve a fully managed cloud PKI service with minimal effort.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Overview of Microsoft Cloud PKI for Microsoft Intune](/mem/intune/protect/microsoft-cloud-pki-overview)
+
+### Endpoint Privilege Management (EPM)
+
+Intune Endpoint Privilege Management supports organizations' Zero Trust journeys by helping them achieve a broad user base running with least privilege, while still permitting users to run elevated tasks allowed by the organization to remain productive.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Endpoint Privilege Management](/mem/intune/protect/epm-overview?formCode=MG0AV3)
+
+### Mobile application management (MAM)
+
+With Intune, organizations can also extend MAM App Config, MAM App Protection, and App Protection Conditional Access capabilities to Windows. This enables people to access protected organizational content without having the device managed by IT. The first application to support MAM for Windows is Microsoft Edge.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Data protection for Windows MAM](/mem/intune/apps/protect-mam-windows?formCode=MG0AV3)
diff --git a/windows/security/book/includes/onedrive-for-personal.md b/windows/security/book/includes/onedrive-for-personal.md
new file mode 100644
index 0000000000..65c039f76d
--- /dev/null
+++ b/windows/security/book/includes/onedrive-for-personal.md
@@ -0,0 +1,20 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## OneDrive for personal
+
+Microsoft OneDrive for personal<sup>[\[10\]](../conclusion.md#footnote10)</sup> offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that:
+
+- If a device is lost or stolen, users can quickly recover all their important files from the cloud
+- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Get started with OneDrive](https://support.microsoft.com/onedrive)
+- [How to recover from a ransomware attack using Microsoft 365](/microsoft-365/security/office-365-security/recover-from-ransomware)
+- [How to restore from OneDrive](https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15)
\ No newline at end of file
diff --git a/windows/security/book/includes/onedrive-for-work-or-school.md b/windows/security/book/includes/onedrive-for-work-or-school.md
new file mode 100644
index 0000000000..2abb36a1a1
--- /dev/null
+++ b/windows/security/book/includes/onedrive-for-work-or-school.md
@@ -0,0 +1,26 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/onedrive.svg" border="false"::: OneDrive for work or school
+
+OneDrive for work or school is a cloud storage service that allows users to store, share, and collaborate on files. It's a part of Microsoft 365 and is designed to help organizations protect their data and comply with regulations. OneDrive for work or school is protected both in transit and at rest.
+
+When data transits either into the service from clients or between datacenters, it's protected using transport layer security (TLS) encryption. OneDrive only permits secure access.
+
+Authenticated connections aren't allowed over HTTP and instead redirect to HTTPS.
+
+There are several ways that OneDrive for work or school is protected at rest:
+
+- Physical protection: Microsoft understands the importance of protecting customer data and is committed to securing the datacenters that contain it. Microsoft datacenters are designed, built, and operated to strictly limit physical access to the areas where customer data is stored. Physical security at datacenters is in alignment with the defense-in-depth principle. Multiple security measures are implemented to reduce the risk of unauthorized users accessing data and other datacenter resources. Learn more [here](/compliance/assurance/assurance-datacenter-physical-access-security).
+- Network protection: The networks and identities are isolated from the corporate network. Firewalls limit traffic into the environment from unauthorized locations
+- Application security: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The [Microsoft Security Response Center](https://technet.microsoft.com/security/dn440717.aspx) helps triage incoming vulnerability reports and evaluate mitigations. Through the [Microsoft Cloud Bug Bounty Terms](https://technet.microsoft.com/dn800983), people across the world can earn money by reporting vulnerabilities
+- Content protection: Each file is encrypted at rest with a unique AES-256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [How OneDrive safeguards data in the cloud](https://support.microsoft.com/topic/23c6ea94-3608-48d7-8bf0-80e142edd1e1)
diff --git a/windows/security/book/includes/personal-vault.md b/windows/security/book/includes/personal-vault.md
new file mode 100644
index 0000000000..6b0b47fcc0
--- /dev/null
+++ b/windows/security/book/includes/personal-vault.md
@@ -0,0 +1,17 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Personal Vault
+
+Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in Personal Vault, where they're protected by identity verification and are easily accessible across devices.
+
+Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Protect your OneDrive files in Personal Vault](https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4)
\ No newline at end of file
diff --git a/windows/security/book/includes/security-baselines.md b/windows/security/book/includes/security-baselines.md
new file mode 100644
index 0000000000..5473219e28
--- /dev/null
+++ b/windows/security/book/includes/security-baselines.md
@@ -0,0 +1,33 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Security baselines
+
+Every organization faces security threats. However, different organizations can be concerned with different types of security threats. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital on confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.
+
+A security baseline is a group of Microsoft-recommended configuration settings that explains their security implications. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Security baselines](/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines)
+
+### Security baseline for cloud-based device management solutions
+
+Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>. These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools.
+
+The security baseline includes policies for:
+
+- Microsoft inbox security technologies such as BitLocker, Microsoft Defender SmartScreen, Virtualization-based security, Exploit Guard, Microsoft Defender Antivirus, and Windows Firewall
+- Restricting remote access to devices
+- Setting credential requirements for passwords and PINs
+- Restricting the use of legacy technology
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Intune security baseline overview](/mem/intune/protect/security-baselines)
+- [List of the settings in the Windows security baseline in Intune](/mem/intune/protect/security-baseline-settings-mdm-all)
diff --git a/windows/security/book/includes/universal-print.md b/windows/security/book/includes/universal-print.md
new file mode 100644
index 0000000000..7e61d82121
--- /dev/null
+++ b/windows/security/book/includes/universal-print.md
@@ -0,0 +1,51 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/universal-print.svg" border="false"::: Universal Print
+
+Universal Print eliminates the need for on-premises print servers. It also eliminates the need for print drivers from the users' Windows devices and makes the devices secure, reducing the malware attacks that typically exploit vulnerabilities in driver model. It enables Universal Print-ready printers (with native support) to connect directly to the Microsoft Cloud. All major printer OEMs have these [models][LINK-23]. It also supports existing printers by using the connector software that comes with Universal Print.
+
+Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft-hosted cloud subscription service that supports a Zero Trust security model when using the Universal Print-ready printers. Customers can enable network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. Users and their devices don't need to be on the same local network as the printers or the Universal Print connector.
+
+Universal Print supports Zero Trust security by requiring that:
+
+- Each connection and API call to Universal Print cloud service requires authentication validated by Microsoft Entra ID<sup>[\[4\]](../conclusion.md#footnote4)</sup>. A hacker would have to have knowledge of the right credentials to successfully connect to the Universal Print service
+- Every connection established by the user's device (client), the printer, or another cloud service to the Universal Print cloud service uses SSL with TLS 1.2 protection. This protects network snooping of traffic to gain access to sensitive data
+- Each printer registered with Universal Print is created as a device object in the customer's Microsoft Entra ID tenant and issued its own device certificate. Every connection from the printer is authenticated using this certificate. The printer can access only its own data and no other device's data
+- Applications can connect to Universal Print using either user, device, or application authentication. To ensure data security, it's highly recommended that only cloud applications use application authentication
+- Each acting application must register with Microsoft Entra ID and specify the set of permission scopes it requires. Microsoft's own acting applications - for example, the Universal Print connector - are registered with the Microsoft Entra ID service. Customer administrators need to provide their consent to the required permission scopes as part of onboarding the application to their tenant
+- Each authentication with Microsoft Entra ID from an acting application can't extend the permission scope as defined by the acting client app. This prevents the app from requesting additional permissions if the app is breached
+
+Additionally, Windows 11 includes device management support to simplify printer setup for users. With support from Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>, admins can now configure policy settings to provision specific printers onto the user's Windows devices.
+
+Universal Print stores the print data in cloud securely in Office Storage, the same storage used by other Microsoft 365 products.
+
+More information about handling of Microsoft 365 data (this includes Universal Print data) can be found [here][LINK-24].
+
+The Universal Print secure release platform ensures user privacy, secures organizational data, and reduces print wastage. It eliminates the need for people to rush to a shared printer as soon as they send a print job to ensure that no one sees the private or confidential content. Sometimes, printed documents are picked up by another person or not picked up at all and discarded. Detailed support and configuration information can be found [here][LINK-25].
+
+Universal Print supports Administrative Units in Microsoft Entra ID to enable the assignments of a *Printer Administrator* role to specific teams in the organization. The assigned team can configure only the printers that are part of the same Administrative Unit.
+
+For customers who want to stay on print servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Universal Print][LINK-26]
+- [Data handling in Universal Print][LINK-27]
+- [Delegate Printer Administration with Administrative Units][LINK-28]
+- [Print support app design guide][LINK-29]
+
+<!--links-->
+
+[LINK-23]: /universal-print/fundamentals/universal-print-partner-integrations
+[LINK-24]: /microsoft-365/enterprise/m365-dr-overview
+[LINK-25]: /universal-print/fundamentals/universal-print-qrcode
+[LINK-26]: https://www.microsoft.com/microsoft-365/windows/universal-print
+[LINK-27]: /universal-print/data-handling
+[LINK-28]: /universal-print/portal/delegated-admin
+[LINK-29]: /windows-hardware/drivers/devapps/print-support-app-design-guide
diff --git a/windows/security/book/includes/windows-autopatch.md b/windows/security/book/includes/windows-autopatch.md
new file mode 100644
index 0000000000..b6d04f951b
--- /dev/null
+++ b/windows/security/book/includes/windows-autopatch.md
@@ -0,0 +1,20 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Windows Autopatch
+
+Cybercriminals commonly exploit obsolete or unpatched software to infiltrate networks. It's essential to maintain current updates to seal security gaps. Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates so your IT Admins can focus on other activities and tasks.
+
+There's a lot more to learn about Windows Autopatch: this [Forrester Consulting Total Economic Impact&trade; Study](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW10vlw) commissioned by Microsoft, features insights from customers who deployed Windows Autopatch and its impact on their organizations. You can also find out more information about new Autopatch features and the future of the service in the regularly published Windows IT Pro Blog and Windows Autopatch community.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/)
+- [Windows updates API overview](/graph/windowsupdates-concept-overview)
+- [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog/label-name/Windows%20Autopatch)
+- [Windows Autopatch community](https://techcommunity.microsoft.com/t5/windows-autopatch/bd-p/Windows-Autopatch)
diff --git a/windows/security/book/includes/windows-autopilot.md b/windows/security/book/includes/windows-autopilot.md
new file mode 100644
index 0000000000..4fc3ca74c7
--- /dev/null
+++ b/windows/security/book/includes/windows-autopilot.md
@@ -0,0 +1,27 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Windows Autopilot
+
+Traditionally, IT professionals spend significant time building and customizing images that will later be deployed to devices. If you're purchasing new devices or managing device refresh cycles, you can use Windows Autopilot to set up and preconfigure new devices, getting them ready for productive use. Autopilot helps you ensure your devices are delivered locked down and compliant with corporate security policies. The solution can also be used to reset, repurpose, and recover devices with zero touch by your IT team and no infrastructure to manage, enhancing efficiency with a process that's both easy and simple.
+
+With Windows Autopilot, there's no need to reimage or manually set-up devices before giving them to the users. Your hardware vendor can ship them, ready to go, directly to the users. From a user perspective, they turn on their device, go online, and Windows Autopilot delivers apps and settings.
+
+Windows Autopilot enables you to:
+
+- Automatically join devices to Microsoft Entra ID or Active Directory via Microsoft Entra hybrid join
+- Autoenroll devices into a device management solution like Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup> (requires a Microsoft Entra ID Premium subscription for configuration)
+- Create and autoassignment of devices to configuration groups based on a device's profile
+- Customize of the out-of-box experience (OOBE) content specific to your organization
+
+Existing devices can also be quickly prepared for a new user with Windows Autopilot Reset. The reset capability is also useful in break/fix scenarios to quickly bring a device back to a business-ready state.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows Autopilot](/autopilot/overview)
+- [Windows Autopilot Reset](/mem/autopilot/windows-autopilot-reset)
diff --git a/windows/security/book/includes/windows-hotpatch.md b/windows/security/book/includes/windows-hotpatch.md
new file mode 100644
index 0000000000..c084cb0939
--- /dev/null
+++ b/windows/security/book/includes/windows-hotpatch.md
@@ -0,0 +1,17 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## :::image type="icon" source="../images/soon-button-title.svg" border="false"::: Windows Hotpatch
+
+Windows Hotpatch is a feature designed to enhance security and minimize disruptions. With Windows Hotpatch, organizations can apply critical security updates without requiring a system restart, reducing the time to adopt a security update by 60% from the moment the update is offered. Hotpatch updates streamline the installation process, enhance compliance efficiency, and provide a per-policy level view of update statuses for all devices.
+
+By utilizing hotpatching through Windows Autopatch, the number of system restarts for Windows updates can be reduced from 12 times a year to just 4, ensuring consistent protection and uninterrupted productivity. This means less downtime, a streamlined experience for users, and a reduction in security risks. This technology, proven in the Azure Server environment, is now expanding to Windows 11, offering immediate security from day one without the need for a restart.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/)
diff --git a/windows/security/book/includes/windows-laps.md b/windows/security/book/includes/windows-laps.md
new file mode 100644
index 0000000000..7c2d30bc84
--- /dev/null
+++ b/windows/security/book/includes/windows-laps.md
@@ -0,0 +1,21 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Windows Local Administrator Password Solution (LAPS)
+
+Windows Local Administrator Password Solution (LAPS) is a feature that automatically manages and backs up the password of a local administrator account on Microsoft Entra joined and Active Directory-joined devices. It helps enhance security by regularly rotating and managing local administrator account passwords, protecting against pass-the-hash and lateral-traversal attacks.
+
+Windows LAPS can be configured via group policy or with a device management solution like Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>.
+
+[!INCLUDE [new-24h2](new-24h2.md)]
+
+Several enhancements have been made to improve manageability and security. Administrators can now configure LAPS to automatically create managed local accounts, integrating with existing policies to enhance security and efficiency. Policy settings have been updated to generate more readable passwords by ignoring certain characters and to support the generation of readable passphrases, with options to choose from three separate word source list and control passphrase length. Additionally, LAPS can detect when a computer rolls back to a previous image, ensuring password consistency between the computer and Active Directory.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows LAPS overview](/windows-server/identity/laps/laps-overview)
diff --git a/windows/security/book/includes/windows-update-for-business.md b/windows/security/book/includes/windows-update-for-business.md
new file mode 100644
index 0000000000..a52459c919
--- /dev/null
+++ b/windows/security/book/includes/windows-update-for-business.md
@@ -0,0 +1,19 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/11/2024
+ms.topic: include
+ms.service: windows-client
+---
+
+## Windows Update for Business
+
+Windows Update for Business empowers IT administrators to ensure that their organization's Windows client devices are consistently up to date with the latest security updates and features. By directly connecting these systems to the Windows Update service, administrators can maintain a high level of security and functionality.
+
+Administrators can utilize group policy or a device management solution like Microsoft Intune<sup>[\[4\]](../conclusion.md#footnote4)</sup>, to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization.
+
+This approach not only provides control over the update process but also ensures a seamless and positive update experience for all users within the organization. By using Windows Update for Business, organizations can achieve a more secure and efficient operational environment.
+
+[!INCLUDE [learn-more](learn-more.md)]
+
+- [Windows Update for Business documentation](/windows/deployment/update/waas-manage-updates-wufb)
diff --git a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
index 54f9cc0237..6e2dcf5d19 100644
--- a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -3,7 +3,7 @@ title: How System Guard helps protect Windows
 description: Learn how System Guard reorganizes the existing Windows system integrity features under one roof.
 ms.localizationpriority: medium
 ms.date: 07/10/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # System Guard: How a hardware-based root of trust helps protect Windows
diff --git a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
index d010c70d1c..71947fb098 100644
--- a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
@@ -3,7 +3,7 @@ title: Kernel DMA Protection
 description: Learn how Kernel DMA Protection protects Windows devices against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices.
 ms.collection:
   - tier1
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
index dfdb572272..0e940b9215 100644
--- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/pluton/pluton-as-tpm.md b/windows/security/hardware-security/pluton/pluton-as-tpm.md
index 2946f43e11..c73773ce96 100644
--- a/windows/security/hardware-security/pluton/pluton-as-tpm.md
+++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
index af01702227..d088aaf278 100644
--- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
@@ -2,7 +2,7 @@
 title: System Guard Secure Launch and SMM protection
 description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows devices.
 ms.date: 07/10/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # System Guard Secure Launch and SMM protection
diff --git a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 7a1c590a9a..c6bbdddee7 100644
--- a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -1,7 +1,7 @@
 ---
 title: Back up TPM recovery information to Active Directory
 description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
index 37025f1eca..12ec2add28 100644
--- a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
@@ -1,7 +1,7 @@
 ---
 title: Change the TPM owner password
 description: This article for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
index a4d314ad3f..fc8234350c 100644
--- a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
@@ -1,7 +1,7 @@
 ---
 title: How Windows uses the TPM
 description: Learn how Windows uses the Trusted Platform Module (TPM) to enhance security.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
index bede99fdbe..4534e82e7a 100644
--- a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -1,7 +1,7 @@
 ---
 title: Troubleshoot the TPM
 description: Learn how to view and troubleshoot the Trusted Platform Module (TPM).
-ms.topic: conceptual
+ms.topic: troubleshooting-general
 ms.date: 07/10/2024
 ms.collection:
 - tier1
diff --git a/windows/security/hardware-security/tpm/tpm-fundamentals.md b/windows/security/hardware-security/tpm/tpm-fundamentals.md
index a6b202ab80..973ba406fe 100644
--- a/windows/security/hardware-security/tpm/tpm-fundamentals.md
+++ b/windows/security/hardware-security/tpm/tpm-fundamentals.md
@@ -1,7 +1,7 @@
 ---
 title: Trusted Platform Module (TPM) fundamentals
 description: Learn about the components of the Trusted Platform Module and how they're used to mitigate dictionary attacks.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md
index ff2f368320..5d8894c0dd 100644
--- a/windows/security/hardware-security/tpm/tpm-recommendations.md
+++ b/windows/security/hardware-security/tpm/tpm-recommendations.md
@@ -1,7 +1,7 @@
 ---
 title: TPM recommendations
 description: This article provides recommendations for Trusted Platform Module (TPM) technology for Windows.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ms.collection:
 - tier1
diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
index fdc858bcd3..11597ee071 100644
--- a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -1,7 +1,7 @@
 ---
 title: TPM Group Policy settings
 description: This article describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index 75939e36c9..e4e9708f86 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -2,7 +2,7 @@
 title: Get support for security baselines
 description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
 ms.localizationpriority: medium
-ms.topic: conceptual
+ms.topic: article
 ms.date: 10/01/2024
 ---
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
index 436a88a7a3..50bf145b5d 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
@@ -1,7 +1,7 @@
 ---
 title: Security baselines guide
 description: Learn how to use security baselines in your organization.
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ---
 
diff --git a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
index 0d9d62c33e..0cc64c4d6f 100644
--- a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
+++ b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
@@ -1,7 +1,7 @@
 ---
 title: Cryptography and Certificate Management
 description: Get an overview of cryptography and certificate management in Windows
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ms.reviewer: skhadeer, aathipsa
 ---
diff --git a/windows/security/operating-system-security/system-security/trusted-boot.md b/windows/security/operating-system-security/system-security/trusted-boot.md
index 4da0621dc6..8265bf9725 100644
--- a/windows/security/operating-system-security/system-security/trusted-boot.md
+++ b/windows/security/operating-system-security/system-security/trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
-ms.topic: conceptual
+ms.topic: article
 ms.date: 07/10/2024
 ms.reviewer: jsuther
 appliesto:
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
index 2a65943ed8..0fdbcab450 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
@@ -2,7 +2,7 @@
 title: Windows Security
 description: Windows Security brings together common Windows security features into one place.
 ms.date: 06/27/2024
-ms.topic: conceptual
+ms.topic: article
 ---
 
 # Windows Security
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
index ee7a31a01b..595cb143ba 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@@ -2,7 +2,7 @@
 title: Enhanced Phishing Protection in Microsoft Defender SmartScreen
 description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
 ms.date: 07/10/2024
-ms.topic: conceptual
+ms.topic: article
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
 ---
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
index 56fc48b2bf..909ccb5dd2 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
@@ -2,7 +2,7 @@
 title: Microsoft Defender SmartScreen overview
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
 ms.date: 07/10/2024
-ms.topic: conceptual
+ms.topic: overview
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
index 392c293fd2..d41e015648 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
@@ -1,7 +1,7 @@
 ---
 title: Common Criteria certifications for previous Windows Server releases
 description: Learn about the completed Common Criteria certifications for previous Windows Server releases.
-ms.date: 2/1/2024
+ms.date: 2/24/2025
 ms.topic: reference
 ---
 
@@ -28,16 +28,16 @@ The following tables list the completed Common Criteria certifications for Windo
 
 |Product details  |Date  |Scope  |Documents  |
 |---------|---------|---------|---------|
-|Validated editions: Standard, Enterprise, Datacenter, Itanium. |March 24, 2011 |(OS certification.) Certified against the Protection Profile for General Purpose Operating Systems. |[Security Target][security-target-march-2011]; [Administrative Guide][admin-guide-march-2011]; [Certification Report][certification-report-march-2011] |
+|Validated editions: Standard, Enterprise, Datacenter, Itanium. |March 24, 2011 |(OS certification.) Certified against the Protection Profile for General Purpose Operating Systems. |[Security Target][security-target-march-2011]; [Certification Report][certification-report-march-2011] |
 |Server Core 2008 R2: Hyper-V Server Role|July 24, 2009 |(Hyper-V certification.) Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 3. It is CC Part 2 extended and Part 3 conformant, with a claimed Evaluation Assurance Level of EAL4, augmented by ALC_FLR.3. |[Security Target][security-target-july-2009]; [Administrative Guide][admin-guide-july-2009]; [Certification Report][certification-report-july-2009] |
 
 ## Windows Server 2008
 
 |Product details  |Date  |Scope  |Documents  |
 |---------|---------|---------|---------|
-|Validated edition: Standard, Enterprise, Datacenter. |August 15, 2009 |Controlled Access Protection Profile. CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-august-2009]; [Administrative Guide][admin-guide-august-2009]; [Certification Report][certification-report-august-2009] |
+|Validated edition: Standard, Enterprise, Datacenter. |August 15, 2009 |Controlled Access Protection Profile. CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-august-2009]; [Certification Report][certification-report-august-2009] |
 |Microsoft Windows Server Core 2008: Hyper-V Server Role. |July 24, 2009 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-july-2009-hyperv]; [Administrative Guide][admin-guide-july-2009-hyperv]; [Certification Report][certification-report-july-2009-hyperv] |
-|Validated edition: Standard, Enterprise, Datacenter. |September 17, 2008 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 1. |[Security Target][security-target-september-2008]; [Administrative Guide][admin-guide-september-2008]; [Certification Report][certification-report-september-2008] |
+|Validated edition: Standard, Enterprise, Datacenter. |September 17, 2008 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 1. |[Security Target][security-target-september-2008]; [Certification Report][certification-report-september-2008] |
 
 ## Windows Server 2003 Certificate Server
 
@@ -77,11 +77,8 @@ The following tables list the completed Common Criteria certifications for Windo
 [admin-guide-january-2015-pro]: https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx
 [admin-guide-april-2014]: https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf
 [admin-guide-january-2014]: https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx
-[admin-guide-march-2011]: https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00
 [admin-guide-july-2009]: https://www.microsoft.com/download/en/details.aspx?id=29308
 [admin-guide-july-2009-hyperv]: https://www.microsoft.com/en-us/download/details.aspx?id=14252
-[admin-guide-august-2009]: https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567
-[admin-guide-september-2008]: https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567
 
 <!-- Assurance Activity Reports -->
 
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows10.md b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
index 9bf64e0084..e7cecf69e6 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows10.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
@@ -1,7 +1,7 @@
 ---
 title: FIPS 140 validated modules for Windows 10
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10.
-ms.date: 11/13/2024
+ms.date: 2/24/2025
 ms.topic: reference
 ---
 
@@ -339,6 +339,6 @@ Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, M
 [sp-4515]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4515.pdf
 [sp-4536]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4536.pdf
 [sp-4537]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
-[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
+[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4538.pdf
 [sp-4766]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf
 [sp-4825]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 0409ddfbb3..a7938a1a29 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -4,7 +4,7 @@ description: Describes the security capabilities in Windows client focused on th
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.topic: conceptual
+ms.topic: article
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 327b1336ab..abb60675b1 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -6,7 +6,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/31/2017
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
 # Mitigate threats by using Windows 10 security features