diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index deb2888417..f4d8be3a0a 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -30,10 +30,10 @@ If your changes are extensive:
 -->
 
 <!--
-Thanks for contributing to Microsoft docs content!
+Thanks for contributing to Microsoft technical content!
 
 Here are some resources that might be helpful while contributing:
-- [Microsoft Docs contributor guide](https://docs.microsoft.com/contribute/)
-- [Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference)
-- [Microsoft Writing Style Guide](https://docs.microsoft.com/style-guide/welcome/)
--->
\ No newline at end of file
+- [Microsoft Docs contributor guide](https://learn.microsoft.com/contribute/)
+- [Docs Markdown reference](https://learn.microsoft.com/contribute/markdown-reference)
+- [Microsoft Writing Style Guide](https://learn.microsoft.com/style-guide/welcome/)
+-->
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 811fd84480..e7397c36cc 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,8 +1,6 @@
 # Editing Windows IT professional documentation
 
-Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
-This page covers the basic steps for editing our technical documentation.
-For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://learn.microsoft.com/contribute/).
+Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our content. This page covers the basic steps for editing our technical documentation. For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://learn.microsoft.com/contribute/).
 
 ## Sign a CLA
 
@@ -19,7 +17,7 @@ We've tried to make editing an existing, public file as simple as possible.
 
 ### To edit a topic
 
-1. Browse to the [Microsoft Docs](https://learn.microsoft.com/) article that you want to update.
+1. Browse to the [Microsoft Learn](https://learn.microsoft.com/) article that you want to update.
 
     > **Note**<br>
     > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.learn.microsoft.com/help/get-started/edit-article-in-github?branch=main).
@@ -65,8 +63,7 @@ We've tried to make editing an existing, public file as simple as possible.
 
 ## Making more substantial changes
 
-To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
-For info about creating a fork or clone, see [Set up a local Git repository](https://learn.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
+To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content. For information about creating a fork or clone, see [Set up a local Git repository](https://learn.microsoft.com/contribute/get-started-setup-local). The [Fork a Repo](https://docs.github.com/articles/fork-a-repo) article is also helpful.
 
 Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Finally, open a pull request back to the main branch of the official repo.
 
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 83d51cf7f0..f52e815de7 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -26,6 +26,7 @@
       "recommendations": true,
       "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
+      "ms.topic": "article",
       "feedback_system": "None",
       "hideEdit": true,
       "_op_documentIdPathDepotMapping": {
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 9fa135eccb..c0a273e836 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,6 +2,14 @@
 

 
 
+## Week of September 19, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 9/20/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
+
+
 ## Week of September 12, 2022
 
 
@@ -42,11 +50,3 @@
 | 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added |
 | 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added |
 | 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added |
-
-
-## Week of August 15, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 8/17/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index ad98be350e..0e328b18b4 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -61,7 +61,7 @@ You can set the policy using one of these methods:
 
   - When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
 
-    ![Configure student PC settings in Set up School PCs.](images/suspc_configure_pc2.jpg)
+    ![Configure student PC settings in Set up School PCs.](images/suspcs/suspc_configure_pc2.jpg)
     
 ## Trigger Autopilot Reset
 Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use. 
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index 3c0e5424ee..4b5676f845 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -81,7 +81,7 @@ You can use Windows Configuration Designer to create a provisioning package that
 
     **Figure 2** - Enter the license key 
 
-    ![Enter the license key to change to Windows 10 Pro Education.](images/wcd_productkey.png)
+    ![Enter the license key to change to Windows 10 Pro Education.](images/wcd/wcd_productkey.png)
 
 3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
 
@@ -170,16 +170,8 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
 
 1. During initial device setup, on the **How would you like to set up?** page, select **Set up for an organization**, and then click **Next**.
 
-    **Figure 4** - Select how you'd like to set up the device
-
-    ![Select how you'd like to set up the device.](images/1_howtosetup.png)
-
 2. On the **Sign in with Microsoft** page, enter the username and password to use with Office 365 or other services from Microsoft, and then click **Next**.
 
-    **Figure 5** - Enter the account details
-
-    ![Enter the account details you use with Office 365 or other Microsoft services.](images/2_signinwithms.png)
-
 3. Go through the rest of Windows device setup. Once you're done, the device will be Azure AD joined to your school's subscription.
 
 
@@ -305,10 +297,6 @@ You need to synchronize these identities so that users will have a *single ident
 
 (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
 
-**Figure 13** - On-premises AD DS integrated with Azure AD
-
-![Illustration of Azure Active Directory Connect.](images/windows-ad-connect.png)
-
 For more information about integrating on-premises AD DS domains with Azure AD, see these resources:
 -   [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
 -   [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index 4b876aa023..a10edc3964 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -92,20 +92,14 @@ Use one of these methods to set this policy.
     - Data type:  Integer
     - Value:  0
 
-      ![Create an OMA URI for AllowCortana.](images/allowcortana_omauri.png)
-
 ### Group Policy
 Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
 
-![Set AllowCortana to disabled through Group Policy.](images/allowcortana_gp.png)
-
 ### Provisioning tools
 - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
 - [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) 
     - Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**.
 
-        ![Set AllowCortana to No in Windows Configuration Designer.](images/allowcortana_wcd.png)
-
 ## SetEduPolicies
 **SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It's a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
 
diff --git a/education/windows/deploy-windows-10-overview.md b/education/windows/deploy-windows-10-overview.md
index 3977c5f664..7fe730e070 100644
--- a/education/windows/deploy-windows-10-overview.md
+++ b/education/windows/deploy-windows-10-overview.md
@@ -19,9 +19,7 @@ appliesto:
 
 # Windows 10 for Education
 
-![Windows 10 Education and Windows 10 Pro Education.](images/windows-10-for-education-banner.png)
-
-## ![Learn more about Windows.](images/education.png) Learn
+## Learn
 
 **[Windows 10 editions for education customers](windows-editions-for-education-customers.md)**
 
@@ -35,7 +33,7 @@ Find out more about the features and functionality we support in each edition of
 
 When you've made your decision, find out how to buy Windows for your school.
 
-## ![Plan for Windows 10 in your school.](images/clipboard.png) Plan
+## Plan
 
 **[Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)**
 
@@ -57,7 +55,7 @@ Take a Test is a new app that lets you create the right environment for taking t
 
 Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
 
-## ![Deploy Windows 10 for Education.](images/PCicon.png) Deploy
+## Deploy
 
 **[Set up Windows devices for education](set-up-windows-10.md)**
 
@@ -75,7 +73,7 @@ Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across
 
 Test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
 
-## ![Switch to Windows 10 for Education.](images/windows.png) Switch
+## Switch
 
 **[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)**
 
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index c29d3d4a47..62d41af22e 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -26,21 +26,17 @@ We want all students to have the chance to use the apps they need for success in
 
 Keep these best practices in mind when deploying any edition of Windows 10 in schools or districts:
 
-* A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account.
-
-* If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school.
-
-* IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store.
-
-* If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
+* A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account
+* If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school
+* IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store
+* If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info
 
 ## Windows 10 Contacts privacy settings
 
 If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
 
-* [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data.
-
-* [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
+* [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data
+* [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data
 
 In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
 
@@ -53,37 +49,24 @@ To change the setting, you can:
 To turn off access to contacts for all apps on individual Windows devices:
 
 1. On the computer, go to **Settings** and select **Privacy**.
-
-   ![Privacy settings.](images/win10_settings_privacy.png)
-
-2. Under the list of **Privacy** areas, select **Contacts**.
-
-   ![Contacts privacy settings.](images/win10_settings_privacy_contacts.png)
-
-3. Turn off **Let apps access my contacts**.
+1. Under the list of **Privacy** areas, select **Contacts**.
+1. Turn off **Let apps access my contacts**.
 
 For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To turn off the setting:
 
 1. Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts**.
-
-2. Set the **Select a setting** box to **Force Deny**.
+1. Set the **Select a setting** box to **Force Deny**.
 
 ### Choose the apps that you want to allow access to contacts
 
 If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
 
-![Choose apps with access to contacts.](images/win10_settings_privacy_contacts_apps.png)
-
 The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you've installed and which of these apps access contacts.
 
 To allow only certain apps to have access to contacts, you can:
 
-* Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
-
-* Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce.
-
-  ![App privacy Group Policy.](images/gp_letwinappsaccesscontacts.png)
-
+- Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce
 
 ## Skype and Xbox settings
 
@@ -108,10 +91,8 @@ Skype uses the user’s contact details to deliver important information about t
 
 To manage and edit your profile in the Skype UWP app, follow these steps:
 
-1. In the Skype UWP app, select the user profile icon ![Skype profile icon.](images/skype_uwp_userprofile_icon.png)  to go to the user’s profile page.
-
+1. In the Skype UWP app, select the user profile icon to go to the user's profile page.
 2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
-
 3. In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
 
    The profile page includes these sections:
@@ -121,16 +102,11 @@ To manage and edit your profile in the Skype UWP app, follow these steps:
    * Profile settings
 
 4. Review the information in each section and click **Edit profile** in either or both the **Personal information** and **Contact details** sections to change the information being shared. You can also remove the checks in the **Profile settings** section to change settings on discoverability, notifications, and staying in touch.
-
 5. If you don't wish the name to be included, edit the fields and replace the fields with **XXX**.
-
 6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
 
-   ![The icon for Skype profile.](images/skype_uwp_manageprofilepic.png)
-
-   * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**).
-
-   * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**.
+   * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**)
+   * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**
 
 #### Xbox
 
@@ -150,10 +126,9 @@ To delete a Skype account, you can follow the instructions here: [How do I close
 If you need help with deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
 
 1. Select a help topic (**Account and Password**)
-2. Select a related problem (**Deleting an account**)
-3. Click **Next**.
-4. Select a contact method to get answers to your questions.
-
+1. Select a related problem (**Deleting an account**)
+1. Click **Next**.
+1. Select a contact method to get answers to your questions.
 
 #### Xbox
 
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 0a06370a11..07ed6a6adf 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -44,8 +44,6 @@ Admins can control whether or not teachers are automatically assigned the **Basi
 2. Click **Manage**, and then click **Settings**. 
 3. On **Shop**, select or clear **Make everyone a Basic Purchaser**.
 
-![manage settings to control Basic Purchaser role assignment.](images/sfe-make-everyone-bp.png)
-
 > [!NOTE]
 > **Make everyone a Basic Purchaser** is on by default. 
 
@@ -57,7 +55,6 @@ When **Make everyone a Basic Purchaser** is turned off, admins can manually assi
 2. Click **Manage**, and then choose **Permissions**.
 3. On **Roles**, click **Assign roles**, type and select a name, choose the role you want to assign, and then click **Save**.
 
-    ![Permission page for Microsoft Store for Business.](images/sfe-roles.png)
 
 **Blocked Basic Purchasers**
 
@@ -85,7 +82,7 @@ As an admin, you can remove any of these apps from the private store if you'd pr
 Applies to: IT admins
 
 ### Self-service sign up
-Self-service sign up makes it easier for teachers and students in your organization to get started with **Minecraft: Education Edition**. If you have self-service sign up enabled in your tenant, teachers can assign **Minecraft: Education Edition** to students before they have a work or school account. Students receive an email that steps them through the process of signing up for a work or school account. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
+Self-service sign-up makes it easier for users in your organization to sign up for online services from Microsoft. We call this sign up process "self-service sign-up" because your users can sign up to use services paid by your subscription, or use free services, without asking you to take action on their behalf. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
 
 ### Domain verification
 For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Microsoft 365 admin center. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
@@ -107,12 +104,6 @@ For more information on payment options, see [payment options](/microsoft-store/
 
 For more information on tax rates, see [tax information](/microsoft-store/update-windows-store-for-business-account-settings#organization-tax-information). 
 
-### Get started with Minecraft: Education Edition
-Teachers and IT administrators can now get trials or subscriptions to Minecraft: Education Edition and add it to Microsoft Store for Business for distribution.
-- [Get started with Minecraft: Education Edition](./get-minecraft-for-education.md)
-- [For IT admins – Minecraft: Education Edition](./school-get-minecraft.md)
-- [For teachers – Minecraft: Education Edition](./teacher-get-minecraft.md)
-
 ## Manage apps and software
 Applies to: IT admins and teachers
 
@@ -136,8 +127,7 @@ Teachers can:
 ## Distribute apps
 
 **To manage and distribute apps**
-- For info on how to distribute **Minecraft: Education Edition**, see [For IT admins – Minecraft: Education Edition](./school-get-minecraft.md#distribute-minecraft)
-- For info on how to manage and distribute other apps, see [App inventory management - Microsoft Store for Business](/microsoft-store/app-inventory-management-windows-store-for-business)
+- For info on how to manage and distribute apps, see [App inventory management - Microsoft Store for Business](/microsoft-store/app-inventory-management-windows-store-for-business)
 
 **To assign an app to a student**
 
@@ -159,16 +149,9 @@ You can manage current app licenses, or purchase more licenses for apps in **App
 
 You'll have a summary of current license availability.  
 
-**Minecraft: Education Edition subscriptions**
-
-Similarly, you can purchase more subscriptions of **Minecraft: Education Edition** through Microsoft Store for Business. Find **Minecraft: Education Edition** in your inventory and use the previous steps for purchasing more app licenses. 
-
 ## Manage order history
 Applies to: IT admins and teachers
 
 You can manage your orders through Microsoft Store for Business. For info on order history and how to refund an order, see [Manage app orders in Microsoft Store for Business](/microsoft-store/manage-orders-microsoft-store-for-business). 
 
 It can take up to 24 hours after a purchase, before a receipt is available on your **Order history page**. 
-
-> [!NOTE]
-> For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call.
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index a29c2d277f..fa858b7bfb 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -36,8 +36,4 @@ Teachers and IT administrators can now get access to **Minecraft: Education Edit
   - Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://www.microsoft.com/education/products/office)
   - If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](/windows/client-management/mdm/register-your-free-azure-active-directory-subscription)
 
-<!-- ![teacher.](images/teacher.png) --> 
-  
-<!-- ![IT administrator.](images/school.png) -->
-
 [Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
diff --git a/education/windows/images/1_howtosetup.png b/education/windows/images/1_howtosetup.png
deleted file mode 100644
index 7eb8222ed3..0000000000
Binary files a/education/windows/images/1_howtosetup.png and /dev/null differ
diff --git a/education/windows/images/2_signinwithms.png b/education/windows/images/2_signinwithms.png
deleted file mode 100644
index e4b5f27f12..0000000000
Binary files a/education/windows/images/2_signinwithms.png and /dev/null differ
diff --git a/education/windows/images/ICDstart-option.PNG b/education/windows/images/ICDstart-option.PNG
deleted file mode 100644
index 1ba49bb261..0000000000
Binary files a/education/windows/images/ICDstart-option.PNG and /dev/null differ
diff --git a/education/windows/images/PCicon.png b/education/windows/images/PCicon.png
deleted file mode 100644
index c97c137b83..0000000000
Binary files a/education/windows/images/PCicon.png and /dev/null differ
diff --git a/education/windows/images/allowcortana_gp.PNG b/education/windows/images/allowcortana_gp.PNG
deleted file mode 100644
index 7adf1b7594..0000000000
Binary files a/education/windows/images/allowcortana_gp.PNG and /dev/null differ
diff --git a/education/windows/images/allowcortana_omauri.PNG b/education/windows/images/allowcortana_omauri.PNG
deleted file mode 100644
index 303c89ed5f..0000000000
Binary files a/education/windows/images/allowcortana_omauri.PNG and /dev/null differ
diff --git a/education/windows/images/allowcortana_wcd.PNG b/education/windows/images/allowcortana_wcd.PNG
deleted file mode 100644
index 5e62e0bb01..0000000000
Binary files a/education/windows/images/allowcortana_wcd.PNG and /dev/null differ
diff --git a/education/windows/images/app-distribution-options.PNG b/education/windows/images/app-distribution-options.PNG
deleted file mode 100644
index 75b3374720..0000000000
Binary files a/education/windows/images/app-distribution-options.PNG and /dev/null differ
diff --git a/education/windows/images/app-privacy-group-policy.png b/education/windows/images/app-privacy-group-policy.png
deleted file mode 100644
index 96a5f0380a..0000000000
Binary files a/education/windows/images/app-privacy-group-policy.png and /dev/null differ
diff --git a/education/windows/images/app1.jpg b/education/windows/images/app1.jpg
deleted file mode 100644
index aef6c5c22e..0000000000
Binary files a/education/windows/images/app1.jpg and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png b/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png
deleted file mode 100644
index f0549797a0..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png b/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png
deleted file mode 100644
index 37ea63cda2..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png b/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png
deleted file mode 100644
index 1b8389b1f5..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png b/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png
deleted file mode 100644
index 40a603cf64..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png and /dev/null differ
diff --git a/education/windows/images/checkmark.png b/education/windows/images/checkmark.png
deleted file mode 100644
index f9f04cd6bd..0000000000
Binary files a/education/windows/images/checkmark.png and /dev/null differ
diff --git a/education/windows/images/choose-package-icd.png b/education/windows/images/choose-package-icd.png
deleted file mode 100644
index 2bf7a18648..0000000000
Binary files a/education/windows/images/choose-package-icd.png and /dev/null differ
diff --git a/education/windows/images/clipboard.png b/education/windows/images/clipboard.png
deleted file mode 100644
index bbfa2c9e8d..0000000000
Binary files a/education/windows/images/clipboard.png and /dev/null differ
diff --git a/education/windows/images/connect-aad.png b/education/windows/images/connect-aad.png
deleted file mode 100644
index 8583866165..0000000000
Binary files a/education/windows/images/connect-aad.png and /dev/null differ
diff --git a/education/windows/images/connect-ad.png b/education/windows/images/connect-ad.png
deleted file mode 100644
index 4da67e8cdd..0000000000
Binary files a/education/windows/images/connect-ad.png and /dev/null differ
diff --git a/education/windows/images/crossmark.png b/education/windows/images/crossmark.png
deleted file mode 100644
index 69432ff71c..0000000000
Binary files a/education/windows/images/crossmark.png and /dev/null differ
diff --git a/education/windows/images/education.png b/education/windows/images/education.png
deleted file mode 100644
index cc4f7fabb2..0000000000
Binary files a/education/windows/images/education.png and /dev/null differ
diff --git a/education/windows/images/enter-email.PNG b/education/windows/images/enter-email.PNG
deleted file mode 100644
index 644d893f06..0000000000
Binary files a/education/windows/images/enter-email.PNG and /dev/null differ
diff --git a/education/windows/images/express-settings.png b/education/windows/images/express-settings.png
deleted file mode 100644
index 99e9c4825a..0000000000
Binary files a/education/windows/images/express-settings.png and /dev/null differ
diff --git a/education/windows/images/get-app-store.png b/education/windows/images/get-app-store.png
deleted file mode 100644
index 14ae888425..0000000000
Binary files a/education/windows/images/get-app-store.png and /dev/null differ
diff --git a/education/windows/images/get-mcee-promo.png b/education/windows/images/get-mcee-promo.png
deleted file mode 100644
index 823631367d..0000000000
Binary files a/education/windows/images/get-mcee-promo.png and /dev/null differ
diff --git a/education/windows/images/get-the-app.PNG b/education/windows/images/get-the-app.PNG
deleted file mode 100644
index 0692ae6f7f..0000000000
Binary files a/education/windows/images/get-the-app.PNG and /dev/null differ
diff --git a/education/windows/images/gp_letwinappsaccesscontacts.PNG b/education/windows/images/gp_letwinappsaccesscontacts.PNG
deleted file mode 100644
index 0228c9474b..0000000000
Binary files a/education/windows/images/gp_letwinappsaccesscontacts.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_trialsigninpage.PNG b/education/windows/images/i4e_trialsigninpage.PNG
deleted file mode 100644
index 5945ce3170..0000000000
Binary files a/education/windows/images/i4e_trialsigninpage.PNG and /dev/null differ
diff --git a/education/windows/images/icd-adv-shared-pc.PNG b/education/windows/images/icd-adv-shared-pc.PNG
deleted file mode 100644
index a8da5fa78a..0000000000
Binary files a/education/windows/images/icd-adv-shared-pc.PNG and /dev/null differ
diff --git a/education/windows/images/icd-school-adv-edit.png b/education/windows/images/icd-school-adv-edit.png
deleted file mode 100644
index 16843cc010..0000000000
Binary files a/education/windows/images/icd-school-adv-edit.png and /dev/null differ
diff --git a/education/windows/images/icd-school.PNG b/education/windows/images/icd-school.PNG
deleted file mode 100644
index e6a944a193..0000000000
Binary files a/education/windows/images/icd-school.PNG and /dev/null differ
diff --git a/education/windows/images/icd-simple.PNG b/education/windows/images/icd-simple.PNG
deleted file mode 100644
index 7ae8a1728b..0000000000
Binary files a/education/windows/images/icd-simple.PNG and /dev/null differ
diff --git a/education/windows/images/icdbrowse.png b/education/windows/images/icdbrowse.png
deleted file mode 100644
index 53c91074c7..0000000000
Binary files a/education/windows/images/icdbrowse.png and /dev/null differ
diff --git a/education/windows/images/it-get-app.PNG b/education/windows/images/it-get-app.PNG
deleted file mode 100644
index 9740081ef4..0000000000
Binary files a/education/windows/images/it-get-app.PNG and /dev/null differ
diff --git a/education/windows/images/license-terms.png b/education/windows/images/license-terms.png
deleted file mode 100644
index 8dd34b0a18..0000000000
Binary files a/education/windows/images/license-terms.png and /dev/null differ
diff --git a/education/windows/images/lightbulb.png b/education/windows/images/lightbulb.png
deleted file mode 100644
index 95bea10957..0000000000
Binary files a/education/windows/images/lightbulb.png and /dev/null differ
diff --git a/education/windows/images/list.png b/education/windows/images/list.png
deleted file mode 100644
index 089827c373..0000000000
Binary files a/education/windows/images/list.png and /dev/null differ
diff --git a/education/windows/images/mc-assign-to-others-admin.png b/education/windows/images/mc-assign-to-others-admin.png
deleted file mode 100644
index 907f21d514..0000000000
Binary files a/education/windows/images/mc-assign-to-others-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-assign-to-others-teacher.png b/education/windows/images/mc-assign-to-others-teacher.png
deleted file mode 100644
index 2656e9c784..0000000000
Binary files a/education/windows/images/mc-assign-to-others-teacher.png and /dev/null differ
diff --git a/education/windows/images/mc-check-for-updates.png b/education/windows/images/mc-check-for-updates.png
deleted file mode 100644
index a9a0fbae5f..0000000000
Binary files a/education/windows/images/mc-check-for-updates.png and /dev/null differ
diff --git a/education/windows/images/mc-dnld-others-admin.png b/education/windows/images/mc-dnld-others-admin.png
deleted file mode 100644
index 5e253c20d1..0000000000
Binary files a/education/windows/images/mc-dnld-others-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-dnld-others-teacher.png b/education/windows/images/mc-dnld-others-teacher.png
deleted file mode 100644
index aa5df16595..0000000000
Binary files a/education/windows/images/mc-dnld-others-teacher.png and /dev/null differ
diff --git a/education/windows/images/mc-ee-video-icon.png b/education/windows/images/mc-ee-video-icon.png
deleted file mode 100644
index 61c8a0f681..0000000000
Binary files a/education/windows/images/mc-ee-video-icon.png and /dev/null differ
diff --git a/education/windows/images/mc-install-for-me-admin.png b/education/windows/images/mc-install-for-me-admin.png
deleted file mode 100644
index f9194a6188..0000000000
Binary files a/education/windows/images/mc-install-for-me-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-install-for-me-teacher.png b/education/windows/images/mc-install-for-me-teacher.png
deleted file mode 100644
index e303e63660..0000000000
Binary files a/education/windows/images/mc-install-for-me-teacher.png and /dev/null differ
diff --git a/education/windows/images/microsoft-education-workflow.png b/education/windows/images/microsoft-education-workflow.png
deleted file mode 100644
index f15aa3f783..0000000000
Binary files a/education/windows/images/microsoft-education-workflow.png and /dev/null differ
diff --git a/education/windows/images/minecraft.PNG b/education/windows/images/minecraft.PNG
deleted file mode 100644
index c758c28ad5..0000000000
Binary files a/education/windows/images/minecraft.PNG and /dev/null differ
diff --git a/education/windows/images/mcee-add-payment-method.png b/education/windows/images/minecraft/mcee-add-payment-method.png
similarity index 100%
rename from education/windows/images/mcee-add-payment-method.png
rename to education/windows/images/minecraft/mcee-add-payment-method.png
diff --git a/education/windows/images/mcee-auto-assign-bd.png b/education/windows/images/minecraft/mcee-auto-assign-bd.png
similarity index 100%
rename from education/windows/images/mcee-auto-assign-bd.png
rename to education/windows/images/minecraft/mcee-auto-assign-bd.png
diff --git a/education/windows/images/mcee-auto-assign-legacy.png b/education/windows/images/minecraft/mcee-auto-assign-legacy.png
similarity index 100%
rename from education/windows/images/mcee-auto-assign-legacy.png
rename to education/windows/images/minecraft/mcee-auto-assign-legacy.png
diff --git a/education/windows/images/mcee-benefits.png b/education/windows/images/minecraft/mcee-benefits.png
similarity index 100%
rename from education/windows/images/mcee-benefits.png
rename to education/windows/images/minecraft/mcee-benefits.png
diff --git a/education/windows/images/mcee-icon.png b/education/windows/images/minecraft/mcee-icon.png
similarity index 100%
rename from education/windows/images/mcee-icon.png
rename to education/windows/images/minecraft/mcee-icon.png
diff --git a/education/windows/images/mcee-invoice-bills.PNG b/education/windows/images/minecraft/mcee-invoice-bills.PNG
similarity index 100%
rename from education/windows/images/mcee-invoice-bills.PNG
rename to education/windows/images/minecraft/mcee-invoice-bills.PNG
diff --git a/education/windows/images/mcee-invoice-info.png b/education/windows/images/minecraft/mcee-invoice-info.png
similarity index 100%
rename from education/windows/images/mcee-invoice-info.png
rename to education/windows/images/minecraft/mcee-invoice-info.png
diff --git a/education/windows/images/mcee-view-bills.png b/education/windows/images/minecraft/mcee-view-bills.png
similarity index 100%
rename from education/windows/images/mcee-view-bills.png
rename to education/windows/images/minecraft/mcee-view-bills.png
diff --git a/education/windows/images/minecraft-admin-permissions.png b/education/windows/images/minecraft/minecraft-admin-permissions.png
similarity index 100%
rename from education/windows/images/minecraft-admin-permissions.png
rename to education/windows/images/minecraft/minecraft-admin-permissions.png
diff --git a/education/windows/images/minecraft-assign-roles-2.png b/education/windows/images/minecraft/minecraft-assign-roles-2.png
similarity index 100%
rename from education/windows/images/minecraft-assign-roles-2.png
rename to education/windows/images/minecraft/minecraft-assign-roles-2.png
diff --git a/education/windows/images/minecraft-assign-roles.png b/education/windows/images/minecraft/minecraft-assign-roles.png
similarity index 100%
rename from education/windows/images/minecraft-assign-roles.png
rename to education/windows/images/minecraft/minecraft-assign-roles.png
diff --git a/education/windows/images/minecraft-assign-to-others.png b/education/windows/images/minecraft/minecraft-assign-to-others.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-others.png
rename to education/windows/images/minecraft/minecraft-assign-to-others.png
diff --git a/education/windows/images/minecraft-assign-to-people-name.png b/education/windows/images/minecraft/minecraft-assign-to-people-name.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-people-name.png
rename to education/windows/images/minecraft/minecraft-assign-to-people-name.png
diff --git a/education/windows/images/minecraft-assign-to-people.png b/education/windows/images/minecraft/minecraft-assign-to-people.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-people.png
rename to education/windows/images/minecraft/minecraft-assign-to-people.png
diff --git a/education/windows/images/minecraft-get-the-app.png b/education/windows/images/minecraft/minecraft-get-the-app.png
similarity index 100%
rename from education/windows/images/minecraft-get-the-app.png
rename to education/windows/images/minecraft/minecraft-get-the-app.png
diff --git a/education/windows/images/minecraft-in-windows-store-app.png b/education/windows/images/minecraft/minecraft-in-windows-store-app.png
similarity index 100%
rename from education/windows/images/minecraft-in-windows-store-app.png
rename to education/windows/images/minecraft/minecraft-in-windows-store-app.png
diff --git a/education/windows/images/minecraft-my-library.png b/education/windows/images/minecraft/minecraft-my-library.png
similarity index 100%
rename from education/windows/images/minecraft-my-library.png
rename to education/windows/images/minecraft/minecraft-my-library.png
diff --git a/education/windows/images/minecraft-perms.PNG b/education/windows/images/minecraft/minecraft-perms.PNG
similarity index 100%
rename from education/windows/images/minecraft-perms.PNG
rename to education/windows/images/minecraft/minecraft-perms.PNG
diff --git a/education/windows/images/minecraft-private-store.png b/education/windows/images/minecraft/minecraft-private-store.png
similarity index 100%
rename from education/windows/images/minecraft-private-store.png
rename to education/windows/images/minecraft/minecraft-private-store.png
diff --git a/education/windows/images/minecraft-student-install-email.png b/education/windows/images/minecraft/minecraft-student-install-email.png
similarity index 100%
rename from education/windows/images/minecraft-student-install-email.png
rename to education/windows/images/minecraft/minecraft-student-install-email.png
diff --git a/education/windows/images/msfe-device-promo-success.png b/education/windows/images/msfe-device-promo-success.png
deleted file mode 100644
index 590a488c11..0000000000
Binary files a/education/windows/images/msfe-device-promo-success.png and /dev/null differ
diff --git a/education/windows/images/msfe_clickemaillink_switchtoproedu.png b/education/windows/images/msfe_clickemaillink_switchtoproedu.png
deleted file mode 100644
index ca70e35a6a..0000000000
Binary files a/education/windows/images/msfe_clickemaillink_switchtoproedu.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage.png b/education/windows/images/msfe_manage.png
deleted file mode 100644
index 0fd5802786..0000000000
Binary files a/education/windows/images/msfe_manage.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage_benefits_switchtoproedu.png b/education/windows/images/msfe_manage_benefits_switchtoproedu.png
deleted file mode 100644
index 12ba470cc9..0000000000
Binary files a/education/windows/images/msfe_manage_benefits_switchtoproedu.png and /dev/null differ
diff --git a/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png b/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png
deleted file mode 100644
index 581a1c1e8c..0000000000
Binary files a/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png and /dev/null differ
diff --git a/education/windows/images/oobe.jpg b/education/windows/images/oobe.jpg
deleted file mode 100644
index 53a5dab6bf..0000000000
Binary files a/education/windows/images/oobe.jpg and /dev/null differ
diff --git a/education/windows/images/package.png b/education/windows/images/package.png
deleted file mode 100644
index f5e975e3e9..0000000000
Binary files a/education/windows/images/package.png and /dev/null differ
diff --git a/education/windows/images/privacy-contacts-marked.png b/education/windows/images/privacy-contacts-marked.png
deleted file mode 100644
index 54a3116408..0000000000
Binary files a/education/windows/images/privacy-contacts-marked.png and /dev/null differ
diff --git a/education/windows/images/proof-of-purchase.png b/education/windows/images/proof-of-purchase.png
deleted file mode 100644
index dd78d6329d..0000000000
Binary files a/education/windows/images/proof-of-purchase.png and /dev/null differ
diff --git a/education/windows/images/prov.jpg b/education/windows/images/prov.jpg
deleted file mode 100644
index 1593ccb36b..0000000000
Binary files a/education/windows/images/prov.jpg and /dev/null differ
diff --git a/education/windows/images/school.PNG b/education/windows/images/school.PNG
deleted file mode 100644
index f8be255a05..0000000000
Binary files a/education/windows/images/school.PNG and /dev/null differ
diff --git a/education/windows/images/settings-contacts-app-marked.png b/education/windows/images/settings-contacts-app-marked.png
deleted file mode 100644
index 94523f1b36..0000000000
Binary files a/education/windows/images/settings-contacts-app-marked.png and /dev/null differ
diff --git a/education/windows/images/settings-privacy-marked.png b/education/windows/images/settings-privacy-marked.png
deleted file mode 100644
index 513e9b1afc..0000000000
Binary files a/education/windows/images/settings-privacy-marked.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-access.png b/education/windows/images/setup-app-1-access.png
deleted file mode 100644
index 1de1081d1d..0000000000
Binary files a/education/windows/images/setup-app-1-access.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-usb.png b/education/windows/images/setup-app-1-usb.png
deleted file mode 100644
index b2d170244f..0000000000
Binary files a/education/windows/images/setup-app-1-usb.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-wifi-manual.png b/education/windows/images/setup-app-1-wifi-manual.png
deleted file mode 100644
index 92de4f784c..0000000000
Binary files a/education/windows/images/setup-app-1-wifi-manual.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-wifi.png b/education/windows/images/setup-app-1-wifi.png
deleted file mode 100644
index 9f305e081c..0000000000
Binary files a/education/windows/images/setup-app-1-wifi.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1.PNG b/education/windows/images/setup-app-1.PNG
deleted file mode 100644
index 1b88c5ac31..0000000000
Binary files a/education/windows/images/setup-app-1.PNG and /dev/null differ
diff --git a/education/windows/images/setup-app-2-directions.png b/education/windows/images/setup-app-2-directions.png
deleted file mode 100644
index f245aafb2b..0000000000
Binary files a/education/windows/images/setup-app-2-directions.png and /dev/null differ
diff --git a/education/windows/images/setup-app-3-directions.png b/education/windows/images/setup-app-3-directions.png
deleted file mode 100644
index f593ea7371..0000000000
Binary files a/education/windows/images/setup-app-3-directions.png and /dev/null differ
diff --git a/education/windows/images/setup-app-all-done.png b/education/windows/images/setup-app-all-done.png
deleted file mode 100644
index af7343f0e5..0000000000
Binary files a/education/windows/images/setup-app-all-done.png and /dev/null differ
diff --git a/education/windows/images/setup-options.png b/education/windows/images/setup-options.png
deleted file mode 100644
index 07d29576a0..0000000000
Binary files a/education/windows/images/setup-options.png and /dev/null differ
diff --git a/education/windows/images/setupmsg.jpg b/education/windows/images/setupmsg.jpg
deleted file mode 100644
index 12935483c5..0000000000
Binary files a/education/windows/images/setupmsg.jpg and /dev/null differ
diff --git a/education/windows/images/sfe-allow-shop-setting.png b/education/windows/images/sfe-allow-shop-setting.png
deleted file mode 100644
index 52320751ac..0000000000
Binary files a/education/windows/images/sfe-allow-shop-setting.png and /dev/null differ
diff --git a/education/windows/images/sfe-make-everyone-bp.png b/education/windows/images/sfe-make-everyone-bp.png
deleted file mode 100644
index fd2e263417..0000000000
Binary files a/education/windows/images/sfe-make-everyone-bp.png and /dev/null differ
diff --git a/education/windows/images/sfe-roles.png b/education/windows/images/sfe-roles.png
deleted file mode 100644
index 63a9290371..0000000000
Binary files a/education/windows/images/sfe-roles.png and /dev/null differ
diff --git a/education/windows/images/sign-in-prov.png b/education/windows/images/sign-in-prov.png
deleted file mode 100644
index 55c9276203..0000000000
Binary files a/education/windows/images/sign-in-prov.png and /dev/null differ
diff --git a/education/windows/images/signin.jpg b/education/windows/images/signin.jpg
deleted file mode 100644
index ad31bb31c4..0000000000
Binary files a/education/windows/images/signin.jpg and /dev/null differ
diff --git a/education/windows/images/skype-manage-profile-pic.png b/education/windows/images/skype-manage-profile-pic.png
deleted file mode 100644
index 4133ac9c60..0000000000
Binary files a/education/windows/images/skype-manage-profile-pic.png and /dev/null differ
diff --git a/education/windows/images/skype-profile-icon.png b/education/windows/images/skype-profile-icon.png
deleted file mode 100644
index 7ccaaea693..0000000000
Binary files a/education/windows/images/skype-profile-icon.png and /dev/null differ
diff --git a/education/windows/images/skype_uwp_manageprofilepic.PNG b/education/windows/images/skype_uwp_manageprofilepic.PNG
deleted file mode 100644
index bdcf23dbc2..0000000000
Binary files a/education/windows/images/skype_uwp_manageprofilepic.PNG and /dev/null differ
diff --git a/education/windows/images/skype_uwp_userprofile_icon.PNG b/education/windows/images/skype_uwp_userprofile_icon.PNG
deleted file mode 100644
index ad36c7f886..0000000000
Binary files a/education/windows/images/skype_uwp_userprofile_icon.PNG and /dev/null differ
diff --git a/education/windows/images/1810_Name_Your_Package_SUSPC.png b/education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_Name_Your_Package_SUSPC.png
rename to education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png
diff --git a/education/windows/images/1810_SUSPC_Insert_USB.png b/education/windows/images/suspcs/1810_SUSPC_Insert_USB.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Insert_USB.png
rename to education/windows/images/suspcs/1810_SUSPC_Insert_USB.png
diff --git a/education/windows/images/1810_SUSPC_Package_ready.png b/education/windows/images/suspcs/1810_SUSPC_Package_ready.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Package_ready.png
rename to education/windows/images/suspcs/1810_SUSPC_Package_ready.png
diff --git a/education/windows/images/1810_SUSPC_Product_key.png b/education/windows/images/suspcs/1810_SUSPC_Product_key.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Product_key.png
rename to education/windows/images/suspcs/1810_SUSPC_Product_key.png
diff --git a/education/windows/images/1810_SUSPC_Take_Test.png b/education/windows/images/suspcs/1810_SUSPC_Take_Test.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Take_Test.png
rename to education/windows/images/suspcs/1810_SUSPC_Take_Test.png
diff --git a/education/windows/images/1810_SUSPC_USB.png b/education/windows/images/suspcs/1810_SUSPC_USB.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_USB.png
rename to education/windows/images/suspcs/1810_SUSPC_USB.png
diff --git a/education/windows/images/1810_SUSPC_add_apps.png b/education/windows/images/suspcs/1810_SUSPC_add_apps.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_add_apps.png
rename to education/windows/images/suspcs/1810_SUSPC_add_apps.png
diff --git a/education/windows/images/1810_SUSPC_app_error.png b/education/windows/images/suspcs/1810_SUSPC_app_error.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_app_error.png
rename to education/windows/images/suspcs/1810_SUSPC_app_error.png
diff --git a/education/windows/images/1810_SUSPC_available_settings.png b/education/windows/images/suspcs/1810_SUSPC_available_settings.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_available_settings.png
rename to education/windows/images/suspcs/1810_SUSPC_available_settings.png
diff --git a/education/windows/images/1810_SUSPC_personalization.png b/education/windows/images/suspcs/1810_SUSPC_personalization.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_personalization.png
rename to education/windows/images/suspcs/1810_SUSPC_personalization.png
diff --git a/education/windows/images/1810_SUSPC_select_Wifi.png b/education/windows/images/suspcs/1810_SUSPC_select_Wifi.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_select_Wifi.png
rename to education/windows/images/suspcs/1810_SUSPC_select_Wifi.png
diff --git a/education/windows/images/1810_SUSPC_summary.png b/education/windows/images/suspcs/1810_SUSPC_summary.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_summary.png
rename to education/windows/images/suspcs/1810_SUSPC_summary.png
diff --git a/education/windows/images/1810_Sign_In_SUSPC.png b/education/windows/images/suspcs/1810_Sign_In_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_Sign_In_SUSPC.png
rename to education/windows/images/suspcs/1810_Sign_In_SUSPC.png
diff --git a/education/windows/images/1810_choose_account_SUSPC.png b/education/windows/images/suspcs/1810_choose_account_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_choose_account_SUSPC.png
rename to education/windows/images/suspcs/1810_choose_account_SUSPC.png
diff --git a/education/windows/images/1810_name-devices_SUSPC.png b/education/windows/images/suspcs/1810_name-devices_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_name-devices_SUSPC.png
rename to education/windows/images/suspcs/1810_name-devices_SUSPC.png
diff --git a/education/windows/images/1810_suspc_settings.png b/education/windows/images/suspcs/1810_suspc_settings.png
similarity index 100%
rename from education/windows/images/1810_suspc_settings.png
rename to education/windows/images/suspcs/1810_suspc_settings.png
diff --git a/education/windows/images/1810_suspc_timezone.png b/education/windows/images/suspcs/1810_suspc_timezone.png
similarity index 100%
rename from education/windows/images/1810_suspc_timezone.png
rename to education/windows/images/suspcs/1810_suspc_timezone.png
diff --git a/education/windows/images/1812_Add_Apps_SUSPC.png b/education/windows/images/suspcs/1812_Add_Apps_SUSPC.png
similarity index 100%
rename from education/windows/images/1812_Add_Apps_SUSPC.png
rename to education/windows/images/suspcs/1812_Add_Apps_SUSPC.png
diff --git a/education/windows/images/suspc-add-recommended-apps-1807.png b/education/windows/images/suspcs/suspc-add-recommended-apps-1807.png
similarity index 100%
rename from education/windows/images/suspc-add-recommended-apps-1807.png
rename to education/windows/images/suspcs/suspc-add-recommended-apps-1807.png
diff --git a/education/windows/images/suspc-admin-token-delete-1807.png b/education/windows/images/suspcs/suspc-admin-token-delete-1807.png
similarity index 100%
rename from education/windows/images/suspc-admin-token-delete-1807.png
rename to education/windows/images/suspcs/suspc-admin-token-delete-1807.png
diff --git a/education/windows/images/suspc-assessment-url-1807.png b/education/windows/images/suspcs/suspc-assessment-url-1807.png
similarity index 100%
rename from education/windows/images/suspc-assessment-url-1807.png
rename to education/windows/images/suspcs/suspc-assessment-url-1807.png
diff --git a/education/windows/images/suspc-available-student-settings-1807.png b/education/windows/images/suspcs/suspc-available-student-settings-1807.png
similarity index 100%
rename from education/windows/images/suspc-available-student-settings-1807.png
rename to education/windows/images/suspcs/suspc-available-student-settings-1807.png
diff --git a/education/windows/images/suspc-configure-student-settings-1807.png b/education/windows/images/suspcs/suspc-configure-student-settings-1807.png
similarity index 100%
rename from education/windows/images/suspc-configure-student-settings-1807.png
rename to education/windows/images/suspcs/suspc-configure-student-settings-1807.png
diff --git a/education/windows/images/suspc-createpackage-signin-1807.png b/education/windows/images/suspcs/suspc-createpackage-signin-1807.png
similarity index 100%
rename from education/windows/images/suspc-createpackage-signin-1807.png
rename to education/windows/images/suspcs/suspc-createpackage-signin-1807.png
diff --git a/education/windows/images/suspc-createpackage-summary-1807.png b/education/windows/images/suspcs/suspc-createpackage-summary-1807.png
similarity index 100%
rename from education/windows/images/suspc-createpackage-summary-1807.png
rename to education/windows/images/suspcs/suspc-createpackage-summary-1807.png
diff --git a/education/windows/images/suspc-current-os-version-1807.png b/education/windows/images/suspcs/suspc-current-os-version-1807.png
similarity index 100%
rename from education/windows/images/suspc-current-os-version-1807.png
rename to education/windows/images/suspcs/suspc-current-os-version-1807.png
diff --git a/education/windows/images/suspc-current-os-version-next-1807.png b/education/windows/images/suspcs/suspc-current-os-version-next-1807.png
similarity index 100%
rename from education/windows/images/suspc-current-os-version-next-1807.png
rename to education/windows/images/suspcs/suspc-current-os-version-next-1807.png
diff --git a/education/windows/images/suspc-device-names-1807.png b/education/windows/images/suspcs/suspc-device-names-1807.png
similarity index 100%
rename from education/windows/images/suspc-device-names-1807.png
rename to education/windows/images/suspcs/suspc-device-names-1807.png
diff --git a/education/windows/images/suspc-enable-shared-pc-1807.png b/education/windows/images/suspcs/suspc-enable-shared-pc-1807.png
similarity index 100%
rename from education/windows/images/suspc-enable-shared-pc-1807.png
rename to education/windows/images/suspcs/suspc-enable-shared-pc-1807.png
diff --git a/education/windows/images/suspc-savepackage-insertusb-1807.png b/education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png
similarity index 100%
rename from education/windows/images/suspc-savepackage-insertusb-1807.png
rename to education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png
diff --git a/education/windows/images/suspc-savepackage-ppkgisready-1807.png b/education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png
similarity index 100%
rename from education/windows/images/suspc-savepackage-ppkgisready-1807.png
rename to education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png
diff --git a/education/windows/images/suspc-select-wifi-1807.png b/education/windows/images/suspcs/suspc-select-wifi-1807.png
similarity index 100%
rename from education/windows/images/suspc-select-wifi-1807.png
rename to education/windows/images/suspcs/suspc-select-wifi-1807.png
diff --git a/education/windows/images/suspc-select-wifi-network-1807.png b/education/windows/images/suspcs/suspc-select-wifi-network-1807.png
similarity index 100%
rename from education/windows/images/suspc-select-wifi-network-1807.png
rename to education/windows/images/suspcs/suspc-select-wifi-network-1807.png
diff --git a/education/windows/images/suspc-sign-in-select-1807.png b/education/windows/images/suspcs/suspc-sign-in-select-1807.png
similarity index 100%
rename from education/windows/images/suspc-sign-in-select-1807.png
rename to education/windows/images/suspcs/suspc-sign-in-select-1807.png
diff --git a/education/windows/images/suspc-take-a-test-1807.png b/education/windows/images/suspcs/suspc-take-a-test-1807.png
similarity index 100%
rename from education/windows/images/suspc-take-a-test-1807.png
rename to education/windows/images/suspcs/suspc-take-a-test-1807.png
diff --git a/education/windows/images/suspc-take-a-test-app-1807.png b/education/windows/images/suspcs/suspc-take-a-test-app-1807.png
similarity index 100%
rename from education/windows/images/suspc-take-a-test-app-1807.png
rename to education/windows/images/suspcs/suspc-take-a-test-app-1807.png
diff --git a/education/windows/images/suspc-time-zone-1807.png b/education/windows/images/suspcs/suspc-time-zone-1807.png
similarity index 100%
rename from education/windows/images/suspc-time-zone-1807.png
rename to education/windows/images/suspcs/suspc-time-zone-1807.png
diff --git a/education/windows/images/suspc-wifi-network-1807.png b/education/windows/images/suspcs/suspc-wifi-network-1807.png
similarity index 100%
rename from education/windows/images/suspc-wifi-network-1807.png
rename to education/windows/images/suspcs/suspc-wifi-network-1807.png
diff --git a/education/windows/images/suspc_account_signin.PNG b/education/windows/images/suspcs/suspc_account_signin.PNG
similarity index 100%
rename from education/windows/images/suspc_account_signin.PNG
rename to education/windows/images/suspcs/suspc_account_signin.PNG
diff --git a/education/windows/images/suspc_and_wcd_comparison.png b/education/windows/images/suspcs/suspc_and_wcd_comparison.png
similarity index 100%
rename from education/windows/images/suspc_and_wcd_comparison.png
rename to education/windows/images/suspcs/suspc_and_wcd_comparison.png
diff --git a/education/windows/images/suspc_choosesettings_apps.PNG b/education/windows/images/suspcs/suspc_choosesettings_apps.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_apps.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_apps.PNG
diff --git a/education/windows/images/suspc_choosesettings_settings.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_settings.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_settings.PNG
diff --git a/education/windows/images/suspc_choosesettings_settings_updated.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_settings_updated.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG
diff --git a/education/windows/images/suspc_choosesettings_signin.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_signin.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_signin.PNG
diff --git a/education/windows/images/suspc_choosesettings_signin_final.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_signin_final.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG
diff --git a/education/windows/images/suspc_choosesettings_summary.PNG b/education/windows/images/suspcs/suspc_choosesettings_summary.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_summary.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_summary.PNG
diff --git a/education/windows/images/suspc_configure_pc2.jpg b/education/windows/images/suspcs/suspc_configure_pc2.jpg
similarity index 100%
rename from education/windows/images/suspc_configure_pc2.jpg
rename to education/windows/images/suspcs/suspc_configure_pc2.jpg
diff --git a/education/windows/images/suspc_createpackage_configurestudentpcsettings.png b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_configurestudentpcsettings.png
rename to education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png
diff --git a/education/windows/images/suspc_createpackage_configurestudentpcsettings_121117.PNG b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_configurestudentpcsettings_121117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG
diff --git a/education/windows/images/suspc_createpackage_recommendedapps.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps.png
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps.png
diff --git a/education/windows/images/suspc_createpackage_recommendedapps_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps_073117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG
diff --git a/education/windows/images/suspc_createpackage_recommendedapps_office061217.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps_office061217.png
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png
diff --git a/education/windows/images/suspc_createpackage_settingspage.PNG b/education/windows/images/suspcs/suspc_createpackage_settingspage.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_settingspage.PNG
rename to education/windows/images/suspcs/suspc_createpackage_settingspage.PNG
diff --git a/education/windows/images/suspc_createpackage_signin.png b/education/windows/images/suspcs/suspc_createpackage_signin.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_signin.png
rename to education/windows/images/suspcs/suspc_createpackage_signin.png
diff --git a/education/windows/images/suspc_createpackage_skipwifi_modaldialog.png b/education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_skipwifi_modaldialog.png
rename to education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png
diff --git a/education/windows/images/suspc_createpackage_summary.PNG b/education/windows/images/suspcs/suspc_createpackage_summary.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_summary.PNG
rename to education/windows/images/suspcs/suspc_createpackage_summary.PNG
diff --git a/education/windows/images/suspc_createpackage_summary_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_summary_073117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG
diff --git a/education/windows/images/suspc_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_getpcsready.PNG
diff --git a/education/windows/images/suspc_getpcsready_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG
diff --git a/education/windows/images/suspc_getpcsready_installpackage.PNG b/education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready_installpackage.PNG
rename to education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG
diff --git a/education/windows/images/suspc_getstarted.PNG b/education/windows/images/suspcs/suspc_getstarted.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted.PNG
rename to education/windows/images/suspcs/suspc_getstarted.PNG
diff --git a/education/windows/images/suspc_getstarted_050817.PNG b/education/windows/images/suspcs/suspc_getstarted_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted_050817.PNG
rename to education/windows/images/suspcs/suspc_getstarted_050817.PNG
diff --git a/education/windows/images/suspc_getstarted_final.PNG b/education/windows/images/suspcs/suspc_getstarted_final.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted_final.PNG
rename to education/windows/images/suspcs/suspc_getstarted_final.PNG
diff --git a/education/windows/images/suspc_getstarted_resized.png b/education/windows/images/suspcs/suspc_getstarted_resized.png
similarity index 100%
rename from education/windows/images/suspc_getstarted_resized.png
rename to education/windows/images/suspcs/suspc_getstarted_resized.png
diff --git a/education/windows/images/suspc_installsetupfile.PNG b/education/windows/images/suspcs/suspc_installsetupfile.PNG
similarity index 100%
rename from education/windows/images/suspc_installsetupfile.PNG
rename to education/windows/images/suspcs/suspc_installsetupfile.PNG
diff --git a/education/windows/images/suspc_ppkg_isready.PNG b/education/windows/images/suspcs/suspc_ppkg_isready.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkg_isready.PNG
rename to education/windows/images/suspcs/suspc_ppkg_isready.PNG
diff --git a/education/windows/images/suspc_ppkgisready_050817.PNG b/education/windows/images/suspcs/suspc_ppkgisready_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkgisready_050817.PNG
rename to education/windows/images/suspcs/suspc_ppkgisready_050817.PNG
diff --git a/education/windows/images/suspc_ppkgready.PNG b/education/windows/images/suspcs/suspc_ppkgready.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkgready.PNG
rename to education/windows/images/suspcs/suspc_ppkgready.PNG
diff --git a/education/windows/images/suspc_reviewsettings.PNG b/education/windows/images/suspcs/suspc_reviewsettings.PNG
similarity index 100%
rename from education/windows/images/suspc_reviewsettings.PNG
rename to education/windows/images/suspcs/suspc_reviewsettings.PNG
diff --git a/education/windows/images/suspc_reviewsettings_bluelinks.png b/education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png
similarity index 100%
rename from education/windows/images/suspc_reviewsettings_bluelinks.png
rename to education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png
diff --git a/education/windows/images/suspc_runpackage_getpcsready.PNG b/education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_runpackage_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
diff --git a/education/windows/images/suspc_runpackage_installpackage.PNG b/education/windows/images/suspcs/suspc_runpackage_installpackage.PNG
similarity index 100%
rename from education/windows/images/suspc_runpackage_installpackage.PNG
rename to education/windows/images/suspcs/suspc_runpackage_installpackage.PNG
diff --git a/education/windows/images/suspc_savepackage_insertusb.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb.PNG
similarity index 100%
rename from education/windows/images/suspc_savepackage_insertusb.PNG
rename to education/windows/images/suspcs/suspc_savepackage_insertusb.PNG
diff --git a/education/windows/images/suspc_savepackage_insertusb_050817.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_savepackage_insertusb_050817.PNG
rename to education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG
diff --git a/education/windows/images/suspc_savepackage_ppkgisready.png b/education/windows/images/suspcs/suspc_savepackage_ppkgisready.png
similarity index 100%
rename from education/windows/images/suspc_savepackage_ppkgisready.png
rename to education/windows/images/suspcs/suspc_savepackage_ppkgisready.png
diff --git a/education/windows/images/suspc_savesettings.PNG b/education/windows/images/suspcs/suspc_savesettings.PNG
similarity index 100%
rename from education/windows/images/suspc_savesettings.PNG
rename to education/windows/images/suspcs/suspc_savesettings.PNG
diff --git a/education/windows/images/suspc_setup_removemediamessage.png b/education/windows/images/suspcs/suspc_setup_removemediamessage.png
similarity index 100%
rename from education/windows/images/suspc_setup_removemediamessage.png
rename to education/windows/images/suspcs/suspc_setup_removemediamessage.png
diff --git a/education/windows/images/suspc_setupfile_reviewsettings.PNG b/education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfile_reviewsettings.PNG
rename to education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG
diff --git a/education/windows/images/suspc_setupfile_savesettings.PNG b/education/windows/images/suspcs/suspc_setupfile_savesettings.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfile_savesettings.PNG
rename to education/windows/images/suspcs/suspc_setupfile_savesettings.PNG
diff --git a/education/windows/images/suspc_setupfileready.PNG b/education/windows/images/suspcs/suspc_setupfileready.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfileready.PNG
rename to education/windows/images/suspcs/suspc_setupfileready.PNG
diff --git a/education/windows/images/suspc_signin_account.PNG b/education/windows/images/suspcs/suspc_signin_account.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_account.PNG
rename to education/windows/images/suspcs/suspc_signin_account.PNG
diff --git a/education/windows/images/suspc_signin_addapps.PNG b/education/windows/images/suspcs/suspc_signin_addapps.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_addapps.PNG
rename to education/windows/images/suspcs/suspc_signin_addapps.PNG
diff --git a/education/windows/images/suspc_signin_allowguests.PNG b/education/windows/images/suspcs/suspc_signin_allowguests.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_allowguests.PNG
rename to education/windows/images/suspcs/suspc_signin_allowguests.PNG
diff --git a/education/windows/images/suspc_signin_setuptakeatest.PNG b/education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_setuptakeatest.PNG
rename to education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG
diff --git a/education/windows/images/suspc_start.PNG b/education/windows/images/suspcs/suspc_start.PNG
similarity index 100%
rename from education/windows/images/suspc_start.PNG
rename to education/windows/images/suspcs/suspc_start.PNG
diff --git a/education/windows/images/suspc_studentpcsetup_installingsetupfile.png b/education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png
similarity index 100%
rename from education/windows/images/suspc_studentpcsetup_installingsetupfile.png
rename to education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png
diff --git a/education/windows/images/suspc_wcd_featureslist.png b/education/windows/images/suspcs/suspc_wcd_featureslist.png
similarity index 100%
rename from education/windows/images/suspc_wcd_featureslist.png
rename to education/windows/images/suspcs/suspc_wcd_featureslist.png
diff --git a/education/windows/images/suspc_wcd_sidebyside.png b/education/windows/images/suspcs/suspc_wcd_sidebyside.png
similarity index 100%
rename from education/windows/images/suspc_wcd_sidebyside.png
rename to education/windows/images/suspcs/suspc_wcd_sidebyside.png
diff --git a/education/windows/images/suspc_win10v1703_getstarted.PNG b/education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG
similarity index 100%
rename from education/windows/images/suspc_win10v1703_getstarted.PNG
rename to education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG
diff --git a/education/windows/images/win10_1703_oobe_firstscreen.png b/education/windows/images/suspcs/win10_1703_oobe_firstscreen.png
similarity index 100%
rename from education/windows/images/win10_1703_oobe_firstscreen.png
rename to education/windows/images/suspcs/win10_1703_oobe_firstscreen.png
diff --git a/education/windows/images/take-a-test-flow.png b/education/windows/images/take-a-test-flow.png
deleted file mode 100644
index a5135c1822..0000000000
Binary files a/education/windows/images/take-a-test-flow.png and /dev/null differ
diff --git a/education/windows/images/take_a_test_flow.png b/education/windows/images/take_a_test_flow.png
deleted file mode 100644
index 261813c7f8..0000000000
Binary files a/education/windows/images/take_a_test_flow.png and /dev/null differ
diff --git a/education/windows/images/take_a_test_workflow.png b/education/windows/images/take_a_test_workflow.png
deleted file mode 100644
index a4c7a84686..0000000000
Binary files a/education/windows/images/take_a_test_workflow.png and /dev/null differ
diff --git a/education/windows/images/TakeATestURL.png b/education/windows/images/takeatest/TakeATestURL.png
similarity index 100%
rename from education/windows/images/TakeATestURL.png
rename to education/windows/images/takeatest/TakeATestURL.png
diff --git a/education/windows/images/i4e_takeatestprofile_accountsummary.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_accountsummary.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_accountsummary.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_accountsummary.PNG
diff --git a/education/windows/images/i4e_takeatestprofile_addnewprofile.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_addnewprofile.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_addnewprofile.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_addnewprofile.PNG
diff --git a/education/windows/images/i4e_takeatestprofile_changegroup_selectgroup.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_changegroup_selectgroup.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_changegroup_selectgroup.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_changegroup_selectgroup.PNG
diff --git a/education/windows/images/i4e_takeatestprofile_groupassignment_selected.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_groupassignment_selected.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_groupassignment_selected.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_groupassignment_selected.PNG
diff --git a/education/windows/images/i4e_takeatestprofile_groups_changegroupassignments.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_groups_changegroupassignments.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.PNG
diff --git a/education/windows/images/i4e_takeatestprofile_newtestaccount.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_newtestaccount.PNG
similarity index 100%
rename from education/windows/images/i4e_takeatestprofile_newtestaccount.PNG
rename to education/windows/images/takeatest/i4e_takeatestprofile_newtestaccount.PNG
diff --git a/education/windows/images/suspc_choosesettings_setuptakeatest.PNG b/education/windows/images/takeatest/suspc_choosesettings_setuptakeatest.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_setuptakeatest.PNG
rename to education/windows/images/takeatest/suspc_choosesettings_setuptakeatest.PNG
diff --git a/education/windows/images/suspc_choosesettings_takeatest.PNG b/education/windows/images/takeatest/suspc_choosesettings_takeatest.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_takeatest.PNG
rename to education/windows/images/takeatest/suspc_choosesettings_takeatest.PNG
diff --git a/education/windows/images/suspc_choosesettings_takeatest_updated.png b/education/windows/images/takeatest/suspc_choosesettings_takeatest_updated.png
similarity index 100%
rename from education/windows/images/suspc_choosesettings_takeatest_updated.png
rename to education/windows/images/takeatest/suspc_choosesettings_takeatest_updated.png
diff --git a/education/windows/images/suspc_createpackage_takeatest.png b/education/windows/images/takeatest/suspc_createpackage_takeatest.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_takeatest.png
rename to education/windows/images/takeatest/suspc_createpackage_takeatest.png
diff --git a/education/windows/images/suspc_createpackage_takeatestpage.PNG b/education/windows/images/takeatest/suspc_createpackage_takeatestpage.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_takeatestpage.PNG
rename to education/windows/images/takeatest/suspc_createpackage_takeatestpage.PNG
diff --git a/education/windows/images/suspc_createpackage_takeatestpage_073117.PNG b/education/windows/images/takeatest/suspc_createpackage_takeatestpage_073117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_takeatestpage_073117.PNG
rename to education/windows/images/takeatest/suspc_createpackage_takeatestpage_073117.PNG
diff --git a/education/windows/images/take_a_test_flow_dark.png b/education/windows/images/takeatest/take_a_test_flow_dark.png
similarity index 100%
rename from education/windows/images/take_a_test_flow_dark.png
rename to education/windows/images/takeatest/take_a_test_flow_dark.png
diff --git a/education/windows/images/tat_settingsapp_setupaccount_addtestaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_setupaccount_addtestaccount.PNG
similarity index 100%
rename from education/windows/images/tat_settingsapp_setupaccount_addtestaccount.PNG
rename to education/windows/images/takeatest/tat_settingsapp_setupaccount_addtestaccount.PNG
diff --git a/education/windows/images/tat_settingsapp_setuptesttakingaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount.PNG
similarity index 100%
rename from education/windows/images/tat_settingsapp_setuptesttakingaccount.PNG
rename to education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount.PNG
diff --git a/education/windows/images/tat_settingsapp_setuptesttakingaccount_1703.PNG b/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.PNG
similarity index 100%
rename from education/windows/images/tat_settingsapp_setuptesttakingaccount_1703.PNG
rename to education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.PNG
diff --git a/education/windows/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG
similarity index 100%
rename from education/windows/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG
rename to education/windows/images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG
diff --git a/education/windows/images/teacher-get-app.PNG b/education/windows/images/teacher-get-app.PNG
deleted file mode 100644
index 329607edb9..0000000000
Binary files a/education/windows/images/teacher-get-app.PNG and /dev/null differ
diff --git a/education/windows/images/teacher.PNG b/education/windows/images/teacher.PNG
deleted file mode 100644
index 286d515624..0000000000
Binary files a/education/windows/images/teacher.PNG and /dev/null differ
diff --git a/education/windows/images/test-account-icd.PNG b/education/windows/images/test-account-icd.PNG
deleted file mode 100644
index 4fd9bf3f28..0000000000
Binary files a/education/windows/images/test-account-icd.PNG and /dev/null differ
diff --git a/education/windows/images/trust-package.png b/education/windows/images/trust-package.png
deleted file mode 100644
index 8a293ea4da..0000000000
Binary files a/education/windows/images/trust-package.png and /dev/null differ
diff --git a/education/windows/images/uwp-dependencies.PNG b/education/windows/images/uwp-dependencies.PNG
deleted file mode 100644
index 4e2563169f..0000000000
Binary files a/education/windows/images/uwp-dependencies.PNG and /dev/null differ
diff --git a/education/windows/images/uwp-family.PNG b/education/windows/images/uwp-family.PNG
deleted file mode 100644
index bec731eec4..0000000000
Binary files a/education/windows/images/uwp-family.PNG and /dev/null differ
diff --git a/education/windows/images/uwp-license.PNG b/education/windows/images/uwp-license.PNG
deleted file mode 100644
index ccb5cf7cf4..0000000000
Binary files a/education/windows/images/uwp-license.PNG and /dev/null differ
diff --git a/education/windows/images/wcd_accountmanagement.PNG b/education/windows/images/wcd/wcd_accountmanagement.PNG
similarity index 100%
rename from education/windows/images/wcd_accountmanagement.PNG
rename to education/windows/images/wcd/wcd_accountmanagement.PNG
diff --git a/education/windows/images/wcd_exportpackage.PNG b/education/windows/images/wcd/wcd_exportpackage.PNG
similarity index 100%
rename from education/windows/images/wcd_exportpackage.PNG
rename to education/windows/images/wcd/wcd_exportpackage.PNG
diff --git a/education/windows/images/wcd_productkey.png b/education/windows/images/wcd/wcd_productkey.png
similarity index 100%
rename from education/windows/images/wcd_productkey.png
rename to education/windows/images/wcd/wcd_productkey.png
diff --git a/education/windows/images/wcd_settings_assignedaccess.PNG b/education/windows/images/wcd/wcd_settings_assignedaccess.PNG
similarity index 100%
rename from education/windows/images/wcd_settings_assignedaccess.PNG
rename to education/windows/images/wcd/wcd_settings_assignedaccess.PNG
diff --git a/education/windows/images/wcd_setupdevice.PNG b/education/windows/images/wcd/wcd_setupdevice.PNG
similarity index 100%
rename from education/windows/images/wcd_setupdevice.PNG
rename to education/windows/images/wcd/wcd_setupdevice.PNG
diff --git a/education/windows/images/wcd_setupnetwork.PNG b/education/windows/images/wcd/wcd_setupnetwork.PNG
similarity index 100%
rename from education/windows/images/wcd_setupnetwork.PNG
rename to education/windows/images/wcd/wcd_setupnetwork.PNG
diff --git a/education/windows/images/wcd_win10v1703_start_newdesktopproject.PNG b/education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG
similarity index 100%
rename from education/windows/images/wcd_win10v1703_start_newdesktopproject.PNG
rename to education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG
diff --git a/education/windows/images/who-owns-pc.png b/education/windows/images/who-owns-pc.png
deleted file mode 100644
index d3ce1def8d..0000000000
Binary files a/education/windows/images/who-owns-pc.png and /dev/null differ
diff --git a/education/windows/images/win10-connect-to-work-or-school.png b/education/windows/images/win10-connect-to-work-or-school.png
deleted file mode 100644
index 08afb5b092..0000000000
Binary files a/education/windows/images/win10-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/win10-lets-get-2.png b/education/windows/images/win10-lets-get-2.png
deleted file mode 100644
index c2d3c3ba61..0000000000
Binary files a/education/windows/images/win10-lets-get-2.png and /dev/null differ
diff --git a/education/windows/images/win10-set-up-work-or-school.png b/education/windows/images/win10-set-up-work-or-school.png
deleted file mode 100644
index 0ca83fb0e1..0000000000
Binary files a/education/windows/images/win10-set-up-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy.PNG b/education/windows/images/win10_settings_privacy.PNG
deleted file mode 100644
index 5285ce94f2..0000000000
Binary files a/education/windows/images/win10_settings_privacy.PNG and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy_contacts.PNG b/education/windows/images/win10_settings_privacy_contacts.PNG
deleted file mode 100644
index f17ef60de0..0000000000
Binary files a/education/windows/images/win10_settings_privacy_contacts.PNG and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy_contacts_apps.png b/education/windows/images/win10_settings_privacy_contacts_apps.png
deleted file mode 100644
index 774f18fad9..0000000000
Binary files a/education/windows/images/win10_settings_privacy_contacts_apps.png and /dev/null differ
diff --git a/education/windows/images/windows-10-for-education-banner.png b/education/windows/images/windows-10-for-education-banner.png
deleted file mode 100644
index cf33adc9b6..0000000000
Binary files a/education/windows/images/windows-10-for-education-banner.png and /dev/null differ
diff --git a/education/windows/images/windows-ad-connect.png b/education/windows/images/windows-ad-connect.png
deleted file mode 100644
index 97a69d1a6c..0000000000
Binary files a/education/windows/images/windows-ad-connect.png and /dev/null differ
diff --git a/education/windows/images/windows-choose-how.png b/education/windows/images/windows-choose-how.png
deleted file mode 100644
index 8e84535bfd..0000000000
Binary files a/education/windows/images/windows-choose-how.png and /dev/null differ
diff --git a/education/windows/images/windows-connect-to-work-or-school.png b/education/windows/images/windows-connect-to-work-or-school.png
deleted file mode 100644
index 90e1b1131f..0000000000
Binary files a/education/windows/images/windows-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/windows-lets-get-2.png b/education/windows/images/windows-lets-get-2.png
deleted file mode 100644
index ef523d4af8..0000000000
Binary files a/education/windows/images/windows-lets-get-2.png and /dev/null differ
diff --git a/education/windows/images/windows-lets-get.png b/education/windows/images/windows-lets-get.png
deleted file mode 100644
index 582da1ab2d..0000000000
Binary files a/education/windows/images/windows-lets-get.png and /dev/null differ
diff --git a/education/windows/images/windows-set-up-work-or-school.png b/education/windows/images/windows-set-up-work-or-school.png
deleted file mode 100644
index cebd87cff8..0000000000
Binary files a/education/windows/images/windows-set-up-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/windows-sign-in.png b/education/windows/images/windows-sign-in.png
deleted file mode 100644
index 3029d3ef2b..0000000000
Binary files a/education/windows/images/windows-sign-in.png and /dev/null differ
diff --git a/education/windows/images/windows-who-owns.png b/education/windows/images/windows-who-owns.png
deleted file mode 100644
index c3008869d2..0000000000
Binary files a/education/windows/images/windows-who-owns.png and /dev/null differ
diff --git a/education/windows/images/windows.png b/education/windows/images/windows.png
deleted file mode 100644
index 9b312d7844..0000000000
Binary files a/education/windows/images/windows.png and /dev/null differ
diff --git a/education/windows/images/windows_glyph.png b/education/windows/images/windows_glyph.png
deleted file mode 100644
index 3a41d4dfb1..0000000000
Binary files a/education/windows/images/windows_glyph.png and /dev/null differ
diff --git a/education/windows/images/wsfb-minecraft-vl.png b/education/windows/images/wsfb-minecraft-vl.png
deleted file mode 100644
index e3fe6de6d7..0000000000
Binary files a/education/windows/images/wsfb-minecraft-vl.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png b/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png
deleted file mode 100644
index ea3d582d79..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_launch.png b/education/windows/images/wsfb_win10_pro_education_launch.png
deleted file mode 100644
index 4e7b741227..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_launch.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_order_confirmation.png b/education/windows/images/wsfb_win10_pro_education_order_confirmation.png
deleted file mode 100644
index e35bbf64d5..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_order_confirmation.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_order_options.png b/education/windows/images/wsfb_win10_pro_education_order_options.png
deleted file mode 100644
index eaf93ece33..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_order_options.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png b/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png
deleted file mode 100644
index 4749dafc44..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_refund_order.png b/education/windows/images/wsfb_win10_pro_education_refund_order.png
deleted file mode 100644
index 813cfce309..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_refund_order.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png
deleted file mode 100644
index 92aeb8ed19..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png
deleted file mode 100644
index 177c6e36df..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png
deleted file mode 100644
index 8044a4cc91..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png
deleted file mode 100644
index 420b44513f..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png
deleted file mode 100644
index a507f56694..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png b/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png
deleted file mode 100644
index a30869b8ea..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png and /dev/null differ
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 8ed1fbf9e7..ee9ab69a50 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -24,14 +24,11 @@ ms.topic: conceptual
 When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription, Minecraft: Education Edition will be added to the inventory in your Microsoft Admin Center which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Admin Center is only displayed to members of your organization with administrative roles.
 
 >[!Note]
->If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
+>If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you purchase Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
 
 ## Settings for Microsoft 365 A3 or Microsoft 365 A5 customers
 
-Schools that purchased these products have an extra option for making Minecraft: Education Edition available to their students:
-
-- Microsoft 365 A3 or Microsoft 365 A5
-- Minecraft: Education Edition
+Schools that purchased Microsoft 365 A3 or Microsoft 365 A5 have an extra option for making Minecraft: Education Edition available to their students:
 
 If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already. 
 
@@ -94,7 +91,7 @@ Invoices are now a supported payment method for Minecraft: Education Edition. Th
 
 2. Select the Invoice option, and provide the info needed for an invoice. The **PO number** item allows you to add a tracking number or info that is meaningful to your organization.
 
-    ![Invoice Details page showing items that need to be completed for an invoice. PO number is highlighted.](images/mcee-invoice-info.png)
+    ![Invoice Details page showing items that need to be completed for an invoice. PO number is highlighted.](images/minecraft/mcee-invoice-info.png)
 
 For more info on invoices and how to pay by invoice, see [How to pay for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?).  
 
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index b7a35b9784..428ea7ffa1 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -1,7 +1,7 @@
 ---
 title: Azure AD Join with Set up School PCs app
 description: Describes how Azure AD Join is configured in the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
+keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
@@ -27,8 +27,7 @@ appliesto:
 Set up School PCs lets you create a provisioning package that automates Azure AD
 Join on your devices. This feature eliminates the need to manually:
 
--   Connect to your school’s network.
-
+-   Connect to your school's network.
 -   Join your organization's domain.
 
 ## Automated connection to school domain  
@@ -37,8 +36,8 @@ During initial device setup, Azure AD Join automatically connects your PCs to yo
 
 Students who sign in to their PCs with their Azure AD credentials get access to on-premises apps and the following cloud apps:
 * Office 365
-* OneDrive 
-* OneNote.
+* OneDrive
+* OneNote
 
 ## Enable Azure AD Join  
 
@@ -51,7 +50,7 @@ Active Directory** \> **Devices** \> **Device settings**.
 for Azure AD by selecting **All** or **Selected**. If you choose the latter
 option, select the teachers and IT staff to allow them to connect to Azure AD.  
 
-![Select the users you want to let join devices to Azure AD.](images/suspc-enable-shared-pc-1807.png)  
+![Select the users you want to let join devices to Azure AD.](images/suspcs/suspc-enable-shared-pc-1807.png)  
 
 You can also create an account that holds the exclusive rights to join devices. When a student PC has to be set up, provide the account credentials to the appropriate teachers or staff.
 
@@ -73,7 +72,7 @@ The following table describes each setting within **Device Settings**.
 Your Intune tenant can only have 500 active Azure AD tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens.
 
 To reduce your inventory, clear out all unnecessary and inactive tokens.
-1. Go to **Azure Active Directory** \> **Users** \> **All users**  
+1. Go to **Azure Active Directory** > **Users** > **All users**  
 2. In the **User Name** column, select and delete all accounts with a **package\ _**
 prefix. These accounts are created at a 1:1 ratio for every token and are safe
 to delete.   
@@ -82,7 +81,7 @@ to delete.
 ### How do I know if my package expired?
 Automated Azure AD tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.  
 
-![Screenshot of the Azure portal, Azure Active Directory, All Users page. Highlights all accounts that start with the prefix package_ and can be deleted.](images/suspc-admin-token-delete-1807.png)  
+![Screenshot of the Azure portal, Azure Active Directory, All Users page. Highlights all accounts that start with the prefix package_ and can be deleted.](images/suspcs/suspc-admin-token-delete-1807.png)  
 
 ## Next steps    
 Learn more about setting up devices with the Set up School PCs app.  
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 3aeb7d738c..feb7da1b70 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -1,7 +1,7 @@
 ---
 title: What's in Set up School PCs provisioning package
 description: Lists the provisioning package settings that are configured in the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
+keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
index e007d4957b..fa010834d5 100644
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@@ -1,7 +1,7 @@
 ---
 title: Shared PC mode for school devices
 description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
+keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
@@ -63,7 +63,7 @@ To create a compatible image, first create your custom Windows image with all so
 Teachers can then run the Set up School PCs package on the computer.  
 
 ## Optimize device for use by a single student
-Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students.  The  Set up School PCs app also offers the option to configure settings for devices that aren't shared. 
+Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students. The  Set up School PCs app also offers the option to configure settings for devices that aren't shared.
   
 If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)  
 1. In the app, go to the **Create package** > **Settings** step. 
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 6dbdf70186..21c1721e3a 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -1,7 +1,7 @@
 ---
 title: Set up School PCs app technical reference overview
 description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
-keywords: shared cart, shared PC, school, set up school pcs
+keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index fce328a1c0..d83fe32329 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -1,7 +1,7 @@
 ---
 title: What's new in the Windows Set up School PCs app
 description: Find out about app updates and new features in Set up School PCs.
-keywords: shared cart, shared PC, school, set up school pcs
+keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index 32f97bf4b3..1c1d1ba1e1 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -43,7 +43,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
 
       **Figure 7** - Add the account to use for test-taking
 
-      ![Add the account to use for test-taking.](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking.](images/wcd/wcd_settings_assignedaccess.png)
 
       The account can be in one of the following formats:
       - username
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 840dd7836b..0e02a8d5c5 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -24,193 +24,6 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
 
 - If you want to provision a school PC to join Azure AD, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package.
 
-<!--
-## Add apps to a provisioning package
-
-1. Follow the steps to [create the provisioning package](set-up-students-pcs-to-join-domain.md#create-the-provisioning-package). 
-2. 
-2. On the **Finish** page, select **Switch to advanced editor**.
-
-  ![Switch to advanced editor.](images/icd-school-adv-edit.png)
-
-**Next steps**
-- [Add a desktop app to your package](#add-a-desktop-app-to-your-package)
-- [Add a universal app to your package](#add-a-universal-app-to-your-package)
-- [Build your package](#build-your-package)
-- [Apply the provisioning package to a PC](#apply-package)
-
-
-## Create a provisioning package to add apps after initial setup
-
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
-
-1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
-
-2. Click **Advanced provisioning**.
-
-  ![ICD start options.](images/icdstart-option.png)  
-  
-3. Name your project and click **Next**.
-
-3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.  
-
-**Next steps**
-- [Add a desktop app to your package](#add-a-desktop-app-to-your-package)
-- [Add a universal app to your package](#add-a-universal-app-to-your-package)
-- [Build your package](#build-your-package)
-- [Apply the provisioning package to a PC](#apply-package)
-
-
-## Add a desktop app to your package
-
-1. In the **Available customizations** pane, go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandFiles**. 
-
-2. Add all the files required for the app install, including the data files and the installer.
-
-3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the msiexec /quiet option. 
-
-> [!NOTE] 
-> If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](/windows/configuration/provisioning-packages/provisioning-script-to-install-app). 
-
-**Next steps**
-- (optional) [Add a universal app to your package](#add-a-universal-app-to-your-package)
-- [Build your package](#build-your-package)
-- [Apply the provisioning package to a PC](#apply-package)
-
-## Add a universal app to your package
-
-Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Microsoft Store for Business apps that you acquire with [offline licensing](/microsoft-store/acquire-apps-microsoft-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Microsoft Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer. 
-
-1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**. 
-
-2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
-
-    ![details for offline app package.](images/uwp-family.png)
-
-3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
-
-4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
-
-    ![required frameworks for offline app package.](images/uwp-dependencies.png)
-
-5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Microsoft Store for Business, you generate the license for the app on the app's download page.
-
-    ![generate license for offline app.](images/uwp-license.png)
-
-[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
-
-> [!NOTE]  
-> Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
-
-**Next steps**
-- (optional) [Add a desktop app to your package](#add-a-desktop-app-to-your-package)
-- [Build your package](#build-your-package)
-- [Apply the provisioning package to a PC](#apply-package)
-
-## Build your package
-
-1. When you are done configuring the provisioning package, on the **File** menu, click **Save**.
-
-2. Read the warning that project files may contain sensitive information, and click **OK**.
-> **Important**  When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-3. On the **Export** menu, click **Provisioning package**.
-
-1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-
-10. Set a value for **Package Version**.
-
-    **Tip**  
-    You can make changes to existing packages and change the version number to update previously applied packages.
-
-11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
-
-    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
-
-        **Important**  
-        We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. 
-
-12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.<p>
-Optionally, you can click **Browse** to change the default output location.
-
-13. Click **Next**.
-
-14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.<p>
-If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-
-15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.<p>
-If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
-
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
-
-16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
-
-    -   Shared network folder
-
-    -   SharePoint site
-
-    -   Removable media (USB/SD)
-
-   
-**Next step**
-- [Apply the provisioning package to a PC](#apply-package)
-
-## Apply package 
-
-**During initial setup, from a USB drive**
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
-    ![The first screen to set up a new PC.](images/oobe.jpg)
-
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
-
-    ![Set up device?](images/setupmsg.jpg)
-
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
-
-    ![Provision this device.](images/prov.jpg)
-    
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
-
-    ![Choose a package.](images/choose-package.png)
-
-5. Select **Yes, add it**.
-
-    ![Do you trust this package?](images/trust-package.png)
-    
-6. Read and accept the Microsoft Software License Terms.  
-
-    ![Sign in.](images/license-terms.png)
-    
-7. Select **Use Express settings**.
-
-    ![Get going fast.](images/express-settings.png)
-
-8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
-
-    ![Who owns this PC?](images/who-owns-pc.png)
-
-9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
-
-    ![Connect to Azure AD.](images/connect-aad.png)
-
-10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
-
-    ![Sign in.](images/sign-in-prov.png)
-
-    
-**After setup, from a USB drive, network folder, or SharePoint site**
-
-On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work access** &gt; **Add or remove a management package** &gt; **Add a package**, and select the package to install. 
-
-![add a package option.](images/package.png)
-
--->
-
 ## Learn more
 
 -[Develop Universal Windows Education apps](/windows/uwp/apps-for-education/)
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index a9e53b4beb..92e12acb44 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -27,7 +27,7 @@ Choose the tool that is appropriate for how your students will sign in (Active D
 
 You can use the following diagram to compare the tools.
 
-![Which tool to use to set up Windows 10.](images/suspc_wcd_featureslist.png)
+![Which tool to use to set up Windows 10.](images/suspcs/suspc_wcd_featureslist.png)
 
 
 ## In this section
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index e2858efc79..25de4845e6 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -40,7 +40,7 @@ If you set up Take a Test, the **Take a Test** button is added on the student PC
 
 **Figure 1** - Configure Take a Test in the Set up School PCs app
 
-![Configure Take a Test in the Set up School PCs app.](images/suspc_choosesettings_setuptakeatest.png)
+![Configure Take a Test in the Set up School PCs app.](images/takeatest/suspc_choosesettings_setuptakeatest.png)
 
 ### Set up a test account in Intune for Education
 You can set up a test-taking account in Intune for Education. To do this, follow these steps:
@@ -50,7 +50,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
     **Figure 2** - Add a test profile in Intune for Education
 
-    ![Add a test profile in Intune for Education.](images/i4e_takeatestprofile_addnewprofile.png)
+    ![Add a test profile in Intune for Education.](images/takeatest/i4e_takeatestprofile_addnewprofile.png)
 
 3. In the new profile page:
    1. Enter a name for the profile.
@@ -61,7 +61,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
       **Figure 3** - Add information about the test profile
 
-      ![Add information about the test profile.](images/i4e_takeatestprofile_newtestaccount.png)
+      ![Add information about the test profile.](images/takeatest/i4e_takeatestprofile_newtestaccount.png)
 
       After you save the test profile, you'll see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
     
@@ -69,13 +69,13 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
    **Figure 4** - Assign the test account to a group
 
-   ![Assign the test account to a group.](images/i4e_takeatestprofile_accountsummary.png)
+   ![Assign the test account to a group.](images/takeatest/i4e_takeatestprofile_accountsummary.png)
 
 5. In the **Groups** page, click **Change group assignments**.
 
     **Figure 5** - Change group assignments
 
-    ![Change group assignments.](images/i4e_takeatestprofile_groups_changegroupassignments.png)
+    ![Change group assignments.](images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.png)
 
 6. In the **Change group assignments** page:
    1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group. 
@@ -83,7 +83,7 @@ You can set up a test-taking account in Intune for Education. To do this, follow
 
       **Figure 6** - Select the group(s) that will use the test account
 
-      ![Select the groups that will use the test account.](images/i4e_takeatestprofile_groupassignment_selected.png)
+      ![Select the groups that will use the test account.](images/takeatest/i4e_takeatestprofile_groupassignment_selected.png)
 
 And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests.
 
@@ -135,7 +135,7 @@ To set up a test account through Windows Configuration Designer, follow these st
 
       **Figure 7** - Add the account to use for test-taking
 
-      ![Add the account to use for test-taking.](images/wcd_settings_assignedaccess.png)
+      ![Add the account to use for test-taking.](images/wcd/wcd_settings_assignedaccess.png)
 
       The account can be in one of the following formats:
       - username
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 2cf14b3079..bf7fd7c439 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -31,13 +31,13 @@ To configure the assessment URL and a dedicated testing account on a single PC,
 
    **Figure 1** - Use the Settings app to set up a test-taking account
 
-   ![Use the Settings app to set up a test-taking account.](images/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
+   ![Use the Settings app to set up a test-taking account.](images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.png)
 
 4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account.
 
    **Figure 2** - Choose the test-taking account
 
-   ![Choose the test-taking account.](images/tat_settingsapp_setuptesttakingaccount_1703.png) 
+   ![Choose the test-taking account.](images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.png) 
 
     > [!NOTE]  
     > If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**.
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 64dc362a33..3bff38fdc6 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -33,7 +33,7 @@ Many schools use online testing for formative and summative assessments. It's cr
 
 ## How to use Take a Test
 
-![Set up and user flow for the Take a Test app.](images/take_a_test_flow_dark.png)
+![Set up and user flow for the Take a Test app.](images/takeatest/take_a_test_flow_dark.png)
 
 There are several ways to configure devices for assessments, depending on your use case:
 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 958e32ad29..44298d51a2 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -1,7 +1,7 @@
 ---
 title: Use Set up School PCs app
 description: Learn how to use the Set up School PCs app and apply the provisioning package.
-keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
+keywords: shared PC, school, Set up School PCs, overview, how to use
 ms.prod: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -105,7 +105,7 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
 
 The **Set up School PCs** app guides you through the configuration choices for the student PCs.  To begin, open the app on your PC and click **Get started**.   
     
-   ![Launch the Set up School PCs app.](images/suspc_getstarted_050817.png)  
+   ![Launch the Set up School PCs app.](images/suspcs/suspc_getstarted_050817.png)  
 
 ### Package name  
 Type a unique name to help distinguish your school's provisioning packages. The name appears:  
@@ -115,7 +115,7 @@ Type a unique name to help distinguish your school's provisioning packages. The
 
 A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 4-16-2019)*. The expiration date is 180 days after you create your package.  
 
-  ![Example screenshot of the Set up School PCs app, Name your package screen.](images/1810_Name_Your_Package_SUSPC.png)  
+  ![Example screenshot of the Set up School PCs app, Name your package screen.](images/suspcs/1810_Name_Your_Package_SUSPC.png)  
 
 After you click **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.  
 
@@ -129,7 +129,7 @@ To change an existing package's name, right-click the package folder on your dev
     b. To complete setup without signing in, click **Continue without account**. Student PCs won't be connected to your school's cloud services and managing them will be more difficult later. Continue to [Wireless network](#wireless-network).  
 2. In the new window, select the account you want to use throughout setup.  
 
-    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/1810_choose_account_suspc.png)  
+    ![Sign-in screen showing the option to "Use this account" or use a different "Work or school account."](images/suspcs/1810_choose_account_suspc.png)  
 
     To add an account not listed:  
     a. Click **Work or school account** > **Continue**.  
@@ -140,14 +140,14 @@ To change an existing package's name, right-click the package folder on your dev
 3. Click **Accept** to allow Set up School PCs to access your account throughout setup.
 2. When your account name appears on the page, as shown in the image below, click **Next.**
 
-      ![Example screenshot of the Set up School PC app, Sign in screen, showing that the user's account name appears at the bottom of the page.](images/1810_Sign_In_SUSPC.png)  
+      ![Example screenshot of the Set up School PC app, Sign in screen, showing that the user's account name appears at the bottom of the page.](images/suspcs/1810_Sign_In_SUSPC.png)  
 
 ### Wireless network
 Add and save the wireless network profile that you want student PCs to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.  
 
 Select your school's Wi-Fi network from the list of available wireless networks, or click **Add a wireless network** to manually configure it. Then click **Next.**  
 
- ![Example screenshot of the Set up School PC app, Wireless network page with two Wi-Fi networks listed, one of which is selected.](images/1810_SUSPC_select_Wifi.png)  
+ ![Example screenshot of the Set up School PC app, Wireless network page with two Wi-Fi networks listed, one of which is selected.](images/suspcs/1810_SUSPC_select_Wifi.png)  
 
 ### Device names
 Create a short name to add as a prefix to each PC. This name will help you recognize and manage this specific group of devices in your mobile device manager. The name must be five (5) characters or less.  
@@ -156,19 +156,19 @@ To make sure all device names are unique, Set up School PCs automatically append
 
 To keep the default name for your devices, click **Continue with existing names**.
 
-  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/1810_name-devices_SUSPC.png)  
+  !["Name these devices" screen with the device field filled in with example device name, "Grd8."](images/suspcs/1810_name-devices_SUSPC.png)  
 
 
 
 ### Settings
 Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.  
 
-![Screenshot of the Current OS version page with the Select OS version menu selected, showing 7 Windows 10 options. All other settings on page are unavailable to select.](images/1810_suspc_settings.png)  
+![Screenshot of the Current OS version page with the Select OS version menu selected, showing 7 Windows 10 options. All other settings on page are unavailable to select.](images/suspcs/1810_suspc_settings.png)  
 
 Setting selections vary based on the OS version you select. The example screenshot below shows the settings that become available when you select **Windows 10 version 1703**. The option to **Enable Autopilot Reset** is not available for this version of Windows 10.  
 
 
-![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/1810_SUSPC_available_settings.png)  
+![Example screenshot of the Current OS version page, with Windows 10 version 1803 selected. 4 available settings and 1 unavailable setting are shown, and none are selected.](images/suspcs/1810_SUSPC_available_settings.png)  
 
 
 > [!NOTE]
@@ -179,13 +179,13 @@ The following table describes each setting and lists the applicable Windows 10 v
 |Setting  |1703|1709|1803|1809|What happens if I select it? |Note|
 |---------|---------|---------|---------|---------|---------|---------|
 |Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
-|Allow local storage (not recommended for shared devices)    |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC.         |Not recommended if the device will be part of a shared cart or lab.|
-|Optimize device for a single student, instead of a shared cart or lab    |X|X|X|X|Optimizes the device for use by a single student, rather than many students.       |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
+|Allow local storage (not recommended for shared devices)    |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC.         |Not recommended if the device will be shared between different students.|
+|Optimize device for a single student, instead of a shared cart or lab    |X|X|X|X|Optimizes the device for use by a single student, rather than many students.       |Recommended if the device will be shared between different students. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
 |Let guests sign in to these PCs     |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
 |Enable Autopilot Reset  |Not available|X|X|X|Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM).  |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
 |Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|   
 
-After you've made your selections, click **Next**.   
+After you've made your selections, click **Next**.
 
 ### Time zone  
 
@@ -194,21 +194,21 @@ After you've made your selections, click **Next**.
 
 Choose the time zone where your school's PCs are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, click **Next**.  
 
-![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/1810_suspc_timezone.png)  
+![Choose PC time zone page with the time zone menu expanded to show all time zone selections.](images/suspcs/1810_suspc_timezone.png)  
 
 ### Product key  
 Optionally, type in a 25-digit product key to:
 * Upgrade your current edition of Windows. For example, if you want to upgrade from Windows 10 Education to Windows 10 Education Pro, enter the product key for the Pro edition.
 * Change the product key. If you want to associate student devices with a new or different Windows 10 product key, enter it now.  
 
-![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/1810_suspc_product_key.png)  
+![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/suspcs/1810_suspc_product_key.png)  
 
 ### Take a Test  
 Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device.  
 
 1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs.    
 
-    ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/1810_SUSPC_Take_Test.png)   
+    ![Set up Take a Test app page with "Yes" selected to create an app button. Page also has two checkboxes for additional settings and one text field for the assessment URL.](images/suspcs/1810_SUSPC_Take_Test.png)   
 
 2. Select from the advanced settings. Available settings include:  
     * Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard.  
@@ -224,7 +224,7 @@ If there aren't any apps in your Microsoft Store inventory, or you don't have th
 After you've made your selections, click **Next**.  
 
 
-  ![Example screenshots of the Add apps screen with selection of recommended apps and school inventory apps.](images/1812_Add_Apps_SUSPC.png)  
+  ![Example screenshots of the Add apps screen with selection of recommended apps and school inventory apps.](images/suspcs/1812_Add_Apps_SUSPC.png)  
 
 The following table lists the recommended apps you'll see.  
 
@@ -241,7 +241,7 @@ Upload custom images to replace the student devices' default desktop and lock sc
 
 If you don't want to upload custom images or use the images that appear in the app, click **Continue without personalization**. This option does not apply any customizations, and instead uses the devices' default or preset images.  
 
-   ![Example image of the Set up School PCs app, Personalization screen, showing the default desktop and lock screen background photos, a Browse button under each photo, a blue Next button, and a Continue without personalization button.](images/1810_SUSPC_personalization.png)  
+   ![Example image of the Set up School PCs app, Personalization screen, showing the default desktop and lock screen background photos, a Browse button under each photo, a blue Next button, and a Continue without personalization button.](images/suspcs/1810_SUSPC_personalization.png)  
 
 
 ### Summary  
@@ -249,22 +249,22 @@ Review all of the settings for accuracy and completeness. Check carefully. To ma
 1. To make changes now, click any page along the left side of the window.  
 2. When finished, click **Accept**.  
 
-      ![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/1810_SUSPC_summary.png)  
+      ![Example image of the Summary screen, showing the user's configurations for Sign-in, Wireless network, Device names, Settings, Time zone, Take a Test. Accept button is available and the page contains three links on the right-hand side to help and support.](images/suspcs/1810_SUSPC_summary.png)  
 
 ### Insert USB
 1. Insert a USB drive. The **Save** button will light up when your computer detects the USB.  
 2. Choose your USB drive from the list and click **Save**.
 
-      ![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/1810_SUSPC_USB.png)
+      ![Insert a USB drive now screen with USB drive selection highlighted. Save button is blue and active.](images/suspcs/1810_SUSPC_USB.png)
 
 3. When the package is ready, you'll see the filename and package expiration date. You can also click **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and click **Next**. 
 
-      ![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/1810_SUSPC_Package_ready.png)  
+      ![Your provisioning package is ready screen with package filename and expiration date. Shows an active blue, Next button, and a gray Add a USB button.](images/suspcs/1810_SUSPC_Package_ready.png)  
 
 ## Run package - Get PCs ready  
 Complete each step on the **Get PCs ready** page to prepare student PCs for set-up. Then click **Next**.  
    
-  ![Your provisioning package is ready! screen with 3 steps to get student PCs ready for setup. Save button is active.](images/suspc_runpackage_getpcsready.png)  
+  ![Your provisioning package is ready! screen with 3 steps to get student PCs ready for setup. Save button is active.](images/suspcs/suspc_runpackage_getpcsready.png)  
 
 ## Run package - Install package on PC
 
@@ -279,14 +279,14 @@ When used in context of the Set up School PCs app, the word *package* refers to
 
     If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.  
 
-       ![Example screenshot of the first screen the Windows 10 PC setup for OOBE. United States is selected as the region and the Yes button is active.](images/win10_1703_oobe_firstscreen.png)  
+       ![Example screenshot of the first screen the Windows 10 PC setup for OOBE. United States is selected as the region and the Yes button is active.](images/suspcs/win10_1703_oobe_firstscreen.png)  
   
 2. Insert the USB drive. Windows automatically recognizes and installs the package.  
    
-     ![Screen showing that the installation is automatically beginning, with a loading bar showing the status on the installation.](images/suspc_studentpcsetup_installingsetupfile.png)  
+     ![Screen showing that the installation is automatically beginning, with a loading bar showing the status on the installation.](images/suspcs/suspc_studentpcsetup_installingsetupfile.png)  
 3. When you receive the message that it's okay to remove the USB drive, remove it from the PC. If there are more PCs to set up, insert the USB drive into the next PC.  
 
-     ![Screen with message telling user to remove the USB drive.](images/suspc_setup_removemediamessage.png)  
+     ![Screen with message telling user to remove the USB drive.](images/suspcs/suspc_setup_removemediamessage.png)  
 
 4. If you didn't set up the package with Azure AD Join, continue the Windows device setup experience.  If you did configure the package with Azure AD Join, the computer is ready for use and no further configurations are required.  
 
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 793b376823..4d1777d0ad 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -60,7 +60,7 @@ The following table lists all the applications included in Windows 11 SE and the
 | File Explorer                | Win32    |                  | ✅                |
 | FlipGrid                     | PWA      |                  |                    |
 | Get Help                     | UWP      |                  |                    |
-| Groove Music                 | UWP      | ✅              |                    |
+| Media Player                 | UWP      | ✅              |                    |
 | Maps                         | UWP      |                  |                    |
 | Minecraft: Education Edition | UWP      |                  |                    |
 | Movies & TV                  | UWP      |                  |                    |
@@ -87,8 +87,10 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Application                             | Supported version | App Type | Vendor                       |
 |-----------------------------------------|-------------------|----------|------------------------------|
 | AirSecure                               | 8.0.0             | Win32    | AIR                          |
+| Alertus Desktop                         | 5.4.44.0          | Win32    | Alertus technologies         |
 | Brave Browser                           | 1.34.80           | Win32    | Brave                        |
 | Bulb Digital Portfolio                  | 0.0.7.0           | Store    | Bulb                         |
+| CA Secure Browser                       | 14.0.0            | Win32    | Cambium Development          |
 | Cisco Umbrella                          | 3.0.110.0         | Win32    | Cisco                        |
 | CKAuthenticator                         | 3.6               | Win32    | Content Keeper               |
 | Class Policy                            | 114.0.0           | Win32    | Class Policy                 |
@@ -99,7 +101,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Duo from Cisco                          | 2.25.0            | Win32    | Cisco                        |
 | e-Speaking Voice and Speech recognition | 4.4.0.8           | Win32    | e-speaking                   |
 | eTests                                  | 4.0.25            | Win32    | CASAS                        |
-| FortiClient                             | 7.0.1.0083        | Win32    | Fortinet                     |
+| FortiClient                             | 7.2.0.4034+       | Win32    | Fortinet                     |
 | Free NaturalReader                      | 16.1.2            | Win32    | Natural Soft                 |
 | Ghotit Real Writer & Reader             | 10.14.2.3         | Win32    | Ghotit Ltd                   |
 | GoGuardian                              | 1.4.4             | Win32    | GoGuardian                   |
@@ -111,7 +113,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Kite Student Portal                     | 8.0.3.0           | Win32    | Dynamic Learning Maps        |
 | Kortext                                 | 2.3.433.0         | Store    | Kortext                      |
 | Kurzweil 3000 Assistive Learning        | 20.13.0000        | Win32    | Kurzweil Educational Systems |
-| LanSchool                               | 9.1.0.46          | Win32    | Stoneware                    |
+| LanSchool Classic                       | 9.1.0.46          | Win32    | Stoneware, Inc.              |
+| LanSchool Air                           | 2.0.13312         | Win32    | Stoneware, Inc.              |
 | Lightspeed Smart Agent                  | 1.9.1             | Win32    | Lightspeed Systems           |
 | MetaMoJi ClassRoom                      | 3.12.4.0          | Store    | MetaMoJi Corporation         |
 | Microsoft Connect                       | 10.0.22000.1      | Store    | Microsoft                    |
@@ -131,7 +134,6 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Remote Help                             | 3.8.0.12          | Win32    | Microsoft                    |
 | Respondus Lockdown Browser              | 2.0.9.00          | Win32    | Respondus                    |
 | Safe Exam Browser                       | 3.3.2.413         | Win32    | Safe Exam Browser            |
-| Secure Browser                          | 14.0.0            | Win32    | Cambium Development          |
 | Senso.Cloud                             | 2021.11.15.0      | Win32    | Senso.Cloud                  |
 | SuperNova Magnifier & Screen Reader     | 21.02             | Win32    | Dolphin Computer Access      |
 | Zoom                                    | 5.9.1 (2581)      | Win32    | Zoom                         |
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index b61fb4f87e..1c99168f4a 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -44,9 +44,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | | | | | |
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809| 
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ✔️ | ✔️ | ✔️ | | | | | |
 
     ---
 
@@ -54,9 +54,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -64,9 +64,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | Use Settings App | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | Use Settings App | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -74,9 +74,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -84,9 +84,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -94,19 +94,31 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
+    
+- [HEVC Video Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEVCVideoExtension_8wekyb3d8bbwe) | Package name: Microsoft.HEVCVideoExtension
+> [!NOTE]
+> For devices running Windows 11, version 21H2, and any supported version of Windows 10, you need to acquire the [HEVC Video Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEVCVideoExtension_8wekyb3d8bbwe) from the Microsoft Store.
+  - Supported versions:
+
+    ---
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️|||||||
+    
+    ---  
 
 - [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | Package name:Microsoft.Messaging
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
 
     ---
 
@@ -114,9 +126,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -124,9 +136,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -134,9 +146,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -144,9 +156,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -154,9 +166,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -164,9 +176,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -174,9 +186,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -184,9 +196,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
 
     ---
 
@@ -194,9 +206,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    |  | ✔️ | ✔️| | ✔️| | |
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    | --- | --- | --- | --- | --- | --- | --- |--- |
+    |️ | ✔️ | ✔️ | ✔️|️ | ✔️|️️|
 
     ---
 
@@ -204,9 +216,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -214,9 +226,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
 
     ---
 
@@ -224,9 +236,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -234,9 +246,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -244,9 +256,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -254,9 +266,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -264,9 +276,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+     | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -274,9 +286,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -284,9 +296,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -294,9 +306,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -304,9 +316,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -314,9 +326,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -324,9 +336,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -334,9 +346,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -344,9 +356,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -354,9 +366,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -364,9 +376,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -374,9 +386,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -386,9 +398,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -396,9 +408,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -406,9 +418,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -416,9 +428,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -426,9 +438,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -436,9 +448,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -446,9 +458,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -456,9 +468,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
 
@@ -466,8 +478,8 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+    |---| --- | --- | --- | --- | --- | --- |--- |
+    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
 
     ---
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index e631ae9d84..442eedecc8 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -7,12 +7,12 @@ author: Deland-Han
 ms.localizationpriority: medium
 ms.author: delhan
 ms.date: 8/28/2019
-ms.reviewer: 
+ms.reviewer:
 manager: willchen
 ms.collection: highpri
 ---
 
-# Generate a kernel or complete crash dump 
+# Generate a kernel or complete crash dump
 
 A system crash (also known as a “bug check” or a "Stop error") occurs when Windows can't run correctly. The dump file that is produced from this event is called a system crash dump.
 
@@ -39,7 +39,7 @@ To enable memory dump setting, follow these steps:
 5. Restart the computer.
 
 >[!Note]
->You can change the dump file path by edit the **Dump file** field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp. 
+>You can change the dump file path by edit the **Dump file** field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.
 
 ### Tips to generate memory dumps
 
@@ -72,13 +72,13 @@ If you can sign in while the problem is occurring, you can use the Microsoft Sys
 
 On some computers, you can't use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard isn't attached to the HP BladeSystem server.
 
-In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor. 
+In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.
 
 To implement this process, follow these steps:
 
-> [!IMPORTANT]  
+> [!IMPORTANT]
 > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
- 
+
 > [!NOTE]
 > This registry key isn't required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
 
@@ -98,14 +98,14 @@ To implement this process, follow these steps:
 
 7. Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. You should disable this feature during troubleshooting. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. For the exact steps, contact your hardware vendor.
 
-8. Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface. 
+8. Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.
 
    >[!Note]
    >For the exact steps, see the BIOS reference manual or contact your hardware vendor.
 
 9. Test this method on the server by using the NMI switch to generate a dump file. You'll see a STOP 0x00000080 hardware malfunction.
 
-If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](/azure/virtual-machines/linux/serial-console-nmi-sysrq).
+If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](/troubleshoot/azure/virtual-machines/serial-console-nmi-sysrq).
 
 ### Use the keyboard
 
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 9f828bd150..d3f9eb80c2 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -44,3 +44,6 @@ You can use the same management tools to manage all device types running Windows
 [Microsoft Intune End User Enrollment Guide](/samples/browse/?redirectedfrom=TechNet-Gallery)
 
 [Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
+
+Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/training/)
+
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index f69dfcb4d0..70617f2287 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -2,14 +2,14 @@
 title: Local Administrator Password Solution CSP
 description: Learn how the Local Administrator Password Solution configuration service provider (CSP) is used by the enterprise to manage backup of local administrator account passwords.
 ms.author: jsimmons
-ms.topic: article
-ms.prod: w11
-ms.technology: windows
-author: jsimmons
+author: jay98014
+ms.reviewer: vinpa
+manager: aaroncz
+ms.topic: reference
+ms.prod: windows-client
+ms.technology: itpro-manage
 ms.localizationpriority: medium
-ms.date: 07/04/2022
-ms.reviewer: jsimmons
-manager: jsimmons
+ms.date: 09/20/2022
 ---
 
 # Local Administrator Password Solution CSP
@@ -19,6 +19,9 @@ The Local Administrator Password Solution (LAPS) configuration service provider
 > [!IMPORTANT]
 > Windows LAPS is currently only available in Windows Insider builds as of 25145 and later. Support for the Windows LAPS Azure AD scenario is currently limited to a small group of Windows Insiders.
 
+> [!TIP]
+> This article covers the specific technical details of the LAPS CSP.  For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps).
+
 The following example shows the LAPS CSP in tree format.
 
 ```xml
@@ -231,7 +234,7 @@ Supported operations are Add, Get, Replace, and Delete.
 <!--Policy-->
 ### PasswordExpirationProtectionEnabled
 <!--Description-->
-Use this setting to configure additional enforcement of maximum password age for the managed local administrator account.
+Use this setting to configure enforcement of maximum password age for the managed local administrator account.
 <!--/Description-->
 
 <!--SupportedSKUs-->
@@ -758,3 +761,5 @@ This example is configuring a hybrid device to back up its password to Active Di
 ## Related articles
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
+
+[Windows LAPS](/windows-server/identity/laps/laps)
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 67c5ae122a..8379da3699 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -83,7 +83,8 @@ PassportForWork
 -------UseBiometrics
 -------Biometrics
 ----------UseBiometrics
-----------FacialFeatureUse
+----------FacialFeaturesUseEnhancedAntiSpoofing
+----------EnableESSwithSupportedPeripherals
 -------DeviceUnlock
 ----------GroupA
 ----------GroupB
@@ -286,8 +287,6 @@ Boolean value used to enable or disable the use of biometric gestures, such as f
 
 Default value is true, enabling the biometric gestures for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
 
-
-
 Supported operations are Add, Get, Delete, and Replace.
 
 *Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
@@ -305,6 +304,26 @@ Supported operations are Add, Get, Delete, and Replace.
 
 *Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
 
+<a href="" id="biometrics-enableESSwithSupportedPeripherals--only-for---device-vendor-msft-"></a>**Biometrics/EnableESSwithSupportedPeripherals** (only for ./Device/Vendor/MSFT)  
+
+If this policy is enabled, Windows Hello authentication using peripheral biometric sensors will be blocked. Any non-authentication operational functionalities such as camera usage (for instance, video calls and the camera) will be unaffected.
+
+If you enable this policy it can have the following possible values:
+
+**0 - Enhanced Sign-in Security Disabled** (not recommended)
+
+Enhanced sign-in security will be disabled on all systems, enabling the use of peripheral biometric authentication. If this policy value is set to 0 after users have enrolled in ESS biometrics, users will be prompted to reset their PIN. They will lose all their existing biometric enrollments. To use biometrics they will have to enroll again. 
+
+**1 - Enhanced Sign-in Security Enabled** (default and recommended for highest security)
+
+Enhanced sign-in security will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any biometric device that Enhanced Sign-in Security does not support, including that of peripheral devices, will be blocked and not available for Windows Hello.
+
+If you disable or do not configure this policy, Enhanced Sign-in Security is preferred on the device. The behavior will be the same as enabling the policy and setting the value to 1.
+
+Supported operations are Add, Get, Delete, and Replace.
+
+*Supported from Windows 11 version 22H2*
+
 <a href="" id="deviceunlock"></a>**DeviceUnlock** (only for ./Device/Vendor/MSFT)  
 Added in Windows 10, version 1803. Interior node.
 
@@ -551,7 +570,7 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol
                 <Data>true</Data>
               </Item>
             </Add>
-    <Add>
+            <Add>
               <CmdID>15</CmdID>
               <Item>
                 <Target>
@@ -566,6 +585,21 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol
                 <Data>true</Data>
               </Item>
             </Add>
+            <Add>
+              <CmdID>16</CmdID>
+              <Item>
+                <Target>
+                  <LocURI>
+                    ./Vendor/MSFT/PassportForWork/Biometrics/EnableESSwithSupportedPeripherals
+                  </LocURI>
+                </Target>
+                <Meta>
+                  <Format xmlns="syncml:metinf">int</Format>
+                  <Type>text/plain</Type>
+                </Meta>
+                <Data>0</Data>
+              </Item>
+            </Add>
             <Final/> 
           </SyncBody>
         </SyncML>
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 465ac4ecd9..5524dfcf1a 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -29,7 +29,7 @@ The Personalization CSP can set the lock screen and desktop background images. S
 This CSP was added in Windows 10, version 1703.
 
 > [!Note]
-> Personalization CSP is supported in Windows 10 Enterprise and Education SKUs. It works in Windows 10 Pro and Windows 10 Pro in S mode if SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
+> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional if SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
 
 The following example shows the Personalization configuration service provider in tree format.
 ```
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 79aba31f6b..7be79948ea 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,7 +1,7 @@
 ---
 title: Policy CSP
 description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@@ -65,22 +65,22 @@ Policy
 ```
 
 
-<a href="" id="--vendor-msft-policy"></a>**./Vendor/MSFT/Policy**  
+<a href="" id="--vendor-msft-policy"></a>**./Vendor/MSFT/Policy**
 The root node for the Policy configuration service provider.
 
 Supported operation is Get.
 
-<a href="" id="policy-config"></a>**Policy/Config**  
+<a href="" id="policy-config"></a>**Policy/Config**
 Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value) the configuration source can use the Policy/Result path to retrieve the resulting value.
 
 Supported operation is Get.
 
-<a href="" id="policy-config-areaname"></a>**Policy/Config/_AreaName_**  
+<a href="" id="policy-config-areaname"></a>**Policy/Config/_AreaName_**
 The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-config-areaname-policyname"></a>**Policy/Config/_AreaName/PolicyName_**  
+<a href="" id="policy-config-areaname-policyname"></a>**Policy/Config/_AreaName/PolicyName_**
 Specifies the name/value pair used in the policy.
 
 The following list shows some tips to help you when configuring policies:
@@ -94,27 +94,27 @@ The following list shows some tips to help you when configuring policies:
 - Supported operations are Add, Get, Delete, and Replace.
 - Value type is string.
 
-<a href="" id="policy-result"></a>**Policy/Result**  
+<a href="" id="policy-result"></a>**Policy/Result**
 Groups the evaluated policies from all providers that can be configured.
 
 Supported operation is Get.
 
-<a href="" id="policy-result-areaname"></a>**Policy/Result/_AreaName_**  
+<a href="" id="policy-result-areaname"></a>**Policy/Result/_AreaName_**
 The area group that can be configured by a single technology independent of the providers.
 
 Supported operation is Get.
 
-<a href="" id="policy-result-areaname-policyname"></a>**Policy/Result/_AreaName/PolicyName_**  
+<a href="" id="policy-result-areaname-policyname"></a>**Policy/Result/_AreaName/PolicyName_**
 Specifies the name/value pair used in the policy.
 
 Supported operation is Get.
 
-<a href="" id="policy-result"></a>**Policy/ConfigOperations**  
+<a href="" id="policy-result"></a>**Policy/ConfigOperations**
 Added in Windows 10, version 1703. The root node for grouping different configuration operations.
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-configoperations-admxinstall"></a>**Policy/ConfigOperations/ADMXInstall**  
+<a href="" id="policy-configoperations-admxinstall"></a>**Policy/ConfigOperations/ADMXInstall**
 Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: <code>./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall</code>. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
 
 > [!NOTE]
@@ -124,27 +124,27 @@ ADMX files that have been installed by using **ConfigOperations/ADMXInstall** ca
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-configoperations-admxinstall-appname"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_**  
-Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. 
+<a href="" id="policy-configoperations-admxinstall-appname"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_**
+Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-configoperations-admxinstall-appname-policy"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**  
+<a href="" id="policy-configoperations-admxinstall-appname-policy"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**
 Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-configoperations-admxinstall-appname-policy-uniqueid"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_** 
+<a href="" id="policy-configoperations-admxinstall-appname-policy-uniqueid"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_**
 Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
 
 Supported operations are Add and Get. Does not support Delete.
 
-<a href="" id="policy-configoperations-admxinstall-appname-preference"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**  
+<a href="" id="policy-configoperations-admxinstall-appname-preference"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**
 Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
 
 Supported operations are Add, Get, and Delete.
 
-<a href="" id="policy-configoperations-admxinstall-appname-preference-uniqueid"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**  
+<a href="" id="policy-configoperations-admxinstall-appname-preference-uniqueid"></a>**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**
 Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
 
 Supported operations are Add and Get. Does not support Delete.
@@ -174,7 +174,7 @@ Supported operations are Add and Get. Does not support Delete.
   <dd>
     <a href="./policy-csp-accounts.md#accounts-allowmicrosoftaccountsigninassistant" id="accounts-allowmicrosoftaccountsigninassistant">Accounts/AllowMicrosoftAccountSignInAssistant</a>
   </dd>
-  
+
 </dl>
 
 ### ActiveXControls policies
@@ -185,7 +185,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_ActiveXInstallService policies  
+### ADMX_ActiveXInstallService policies
 
 <dl>
   <dd>
@@ -279,7 +279,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_AppxPackageManager policies  
+### ADMX_AppxPackageManager policies
 
 <dl>
   <dd>
@@ -287,7 +287,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_AppXRuntime policies  
+### ADMX_AppXRuntime policies
 
 <dl>
   <dd>
@@ -304,7 +304,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_AttachmentManager policies  
+### ADMX_AttachmentManager policies
 
 <dl>
   <dd>
@@ -380,7 +380,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_CipherSuiteOrder policies  
+### ADMX_CipherSuiteOrder policies
 
 <dl>
   <dd>
@@ -391,7 +391,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_COM policies  
+### ADMX_COM policies
 
 <dl>
   <dd>
@@ -402,7 +402,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_ControlPanel policies  
+### ADMX_ControlPanel policies
 
 <dl>
   <dd>
@@ -419,7 +419,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_ControlPanelDisplay policies  
+### ADMX_ControlPanelDisplay policies
 
 <dl>
   <dd>
@@ -513,7 +513,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_CredentialProviders policies  
+### ADMX_CredentialProviders policies
 
 <dl>
   <dd>
@@ -527,7 +527,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_CredSsp policies  
+### ADMX_CredSsp policies
 
 <dl>
   <dd>
@@ -563,7 +563,7 @@ Supported operations are Add and Get. Does not support Delete.
   <dd>
     <a href="./policy-csp-admx-credssp.md#admx-credssp-restrictedremoteadministration" id="admx-credssp-restrictedremoteadministration">ADMX_CredSsp/RestrictedRemoteAdministration</a>
 
-### ADMX_CredUI policies  
+### ADMX_CredUI policies
 
 <dl>
   <dd>
@@ -574,14 +574,14 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-###  ADMX_CtrlAltDel policies  
+###  ADMX_CtrlAltDel policies
 <dl>
   <dd>
     <a href="./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile" id="#admx-cpls-usedefaulttile">ADMX_Cpls/UseDefaultTile</a>
   </dd>
 </dl>
 
-### ADMX_DataCollection policies  
+### ADMX_DataCollection policies
 
 <dl>
   <dd>
@@ -710,7 +710,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 <dl>
 
-### ADMX_DeviceInstallation policies  
+### ADMX_DeviceInstallation policies
 
 <dl>
   <dd>
@@ -739,7 +739,7 @@ Supported operations are Add and Get. Does not support Delete.
   </dd>
 </dl>
 
-### ADMX_DeviceSetup policies  
+### ADMX_DeviceSetup policies
 
 <dl>
   <dd>
@@ -761,7 +761,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 
 ### ADMX_DigitalLocker policies
 
-</dl>  
+</dl>
 <dd>
     <a href="./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1" id="admx-digitallocker-digitalx-diableapplication-titletext-1">ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1</a>
   </dd>
@@ -818,7 +818,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_DistributedLinkTracking policies  
+### ADMX_DistributedLinkTracking policies
 
 <dl>
   <dd>
@@ -920,7 +920,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_EAIME policies  
+### ADMX_EAIME policies
 
 <dl>
   <dd>
@@ -975,7 +975,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_EnhancedStorage policies  
+### ADMX_EnhancedStorage policies
 
 <dl>
   <dd>
@@ -998,7 +998,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_ErrorReporting policies  
+### ADMX_ErrorReporting policies
 
 <dl>
   <dd>
@@ -1101,7 +1101,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_EventLog policies  
+### ADMX_EventLog policies
 
 <dl>
   <dd>
@@ -1169,7 +1169,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_EventViewer policies  
+### ADMX_EventViewer policies
 
 <dl>
   <dd>
@@ -1182,7 +1182,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
     <a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl" id="admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
   <dd>
 
-### ADMX_Explorer policies  
+### ADMX_Explorer policies
 
 <dl>
   <dd>
@@ -1202,7 +1202,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_ExternalBoot policies  
+### ADMX_ExternalBoot policies
 
 <dl>
   <dd>
@@ -1329,7 +1329,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Globalization policies  
+### ADMX_Globalization policies
 
 <dl>
   <dd>
@@ -1406,7 +1406,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_GroupPolicy policies  
+### ADMX_GroupPolicy policies
 
 <dl>
   <dd>
@@ -1557,7 +1557,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 </dl>
 
 
-## ADMX_ICM policies  
+## ADMX_ICM policies
 
 <dl>
   <dd>
@@ -1691,7 +1691,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Kerberos policies  
+### ADMX_Kerberos policies
 
 <dl>
   <dd>
@@ -1736,7 +1736,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_LanmanWorkstation policies  
+### ADMX_LanmanWorkstation policies
 
 <dl>
   <dd>
@@ -1775,7 +1775,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_Logon policies  
+### ADMX_Logon policies
 
 <dl>
   <dd>
@@ -1825,7 +1825,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_MicrosoftDefenderAntivirus policies  
+### ADMX_MicrosoftDefenderAntivirus policies
 
 <dl>
   <dd>
@@ -2128,7 +2128,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_MMCSnapins policies  
+### ADMX_MMCSnapins policies
 
 <dl>
   <dd>
@@ -2472,7 +2472,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
   <dd>
 
-### ADMX_msched policies  
+### ADMX_msched policies
 
 <dl>
   <dd>
@@ -2483,7 +2483,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_MSDT policies  
+### ADMX_MSDT policies
 
 <dl>
   <dd>
@@ -2497,7 +2497,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_MSI policies  
+### ADMX_MSI policies
 
 <dl>
   <dd>
@@ -2744,7 +2744,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_NetworkConnections policies  
+### ADMX_NetworkConnections policies
 
 <dl>
   <dd>
@@ -3058,7 +3058,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Power policies  
+### ADMX_Power policies
 
 <dl>
   <dd>
@@ -3138,7 +3138,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_PowerShellExecutionPolicy policies  
+### ADMX_PowerShellExecutionPolicy policies
 
 <dl>
   <dd>
@@ -3184,7 +3184,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Printing policies  
+### ADMX_Printing policies
 
 <dl>
   <dd>
@@ -3268,7 +3268,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Printing2 policies  
+### ADMX_Printing2 policies
 
 <dl>
   <dd>
@@ -3300,7 +3300,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Programs policies  
+### ADMX_Programs policies
 
 <dl>
   <dd>
@@ -3341,9 +3341,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   <dd>
     <a href="./policy-csp-admx-reliability.md#admx-reliability-shutdownreason" id="admx-reliability-shutdownreason">ADMX_Reliability/ShutdownReason</a>
   </dd>
-</dl>  
+</dl>
 
-### ADMX_RemoteAssistance policies  
+### ADMX_RemoteAssistance policies
 
 <dl>
   <dd>
@@ -3354,7 +3354,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_RemovableStorage policies  
+### ADMX_RemovableStorage policies
 
 <dl>
   <dd>
@@ -3455,7 +3455,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_RPC policies  
+### ADMX_RPC policies
 
 <dl>
   <dd>
@@ -3543,7 +3543,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Sensors policies  
+### ADMX_Sensors policies
 
 <dl>
   <dd>
@@ -3580,7 +3580,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Servicing policies  
+### ADMX_Servicing policies
 
 <dl>
   <dd>
@@ -3588,7 +3588,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_SettingSync policies  
+### ADMX_SettingSync policies
 
 <dl>
   <dd>
@@ -3620,7 +3620,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_SharedFolders policies  
+### ADMX_SharedFolders policies
 
 <dl>
   <dd>
@@ -3709,7 +3709,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_Snmp policies  
+### ADMX_Snmp policies
 
 <dl>
   <dd>
@@ -3725,7 +3725,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_StartMenu policies  
+### ADMX_StartMenu policies
 
 <dl>
   <dd>
@@ -3931,7 +3931,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_SystemRestore policies  
+### ADMX_SystemRestore policies
 
 <dl>
   <dd>
@@ -3950,7 +3950,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_Taskbar policies  
+### ADMX_Taskbar policies
 
 <dl>
   <dd>
@@ -4021,7 +4021,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_tcpip policies  
+### ADMX_tcpip policies
 
 <dl>
   <dd>
@@ -4166,25 +4166,25 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_gateway_policy_server" id="admx-terminalserver-ts_gateway_policy_server">ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_join_session_directory" id="admx-terminalserver-ts_join_session_directory">ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_keep_alive" id="admx-terminalserver-ts_keep_alive">ADMX_TerminalServer/TS_KEEP_ALIVE</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_secgroup" id="admx-terminalserver-ts_license_secgroup">ADMX_TerminalServer/TS_LICENSE_SECGROUP</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_servers" id="admx-terminalserver-ts_license_servers">ADMX_TerminalServer/TS_LICENSE_SERVERS</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_license_tooltip" id="admx-terminalserver-ts_license_tooltip">ADMX_TerminalServer/TS_LICENSE_TOOLTIP</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_licensing_mode" id="admx-terminalserver-ts_licensing_mode">ADMX_TerminalServer/TS_LICENSING_MODE</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_max_con_policy" id="admx-terminalserver-ts_max_con_policy">ADMX_TerminalServer/TS_MAX_CON_POLICY</a>
   </dd>
@@ -4282,7 +4282,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_disconnected_timeout_2" id="admx-terminalserver-ts_sessions_disconnected_timeout_2">ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2</a>
   </dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_1" id="admx-terminalserver-ts_sessions_idle_limit_1">ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1</a>
-  </dd>  
+  </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_sessions_idle_limit_2" id="admx-terminalserver-ts_sessions_idle_limit_2">ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2</a>
   </dd>
@@ -4330,15 +4330,15 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
   <dd>
     <a href="./policy-csp-admx-terminalserver.md#admx-terminalserver-ts_user_profiles" id="admx-terminalserver-ts_user_profiles">ADMX_TerminalServer/TS_USER_PROFILES</a>
-  </dd>  
+  </dd>
 <dl>
 
-### ADMX_Thumbnails policies  
+### ADMX_Thumbnails policies
 
 <dl>
   <dd>
     <a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails" id="admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
-  </dd>  
+  </dd>
   <dd>
     <a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders" id="admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
   </dd>
@@ -4352,7 +4352,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 <dl>
   <dd>
     <a href="./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_1" id="admx-touchinput-touchinputoff_1">ADMX_TouchInput/TouchInputOff_1</a>
-  </dd>  
+  </dd>
   <dd>
     <a href="./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_2" id="admx-touchinput-touchinputoff_2">ADMX_TouchInput/TouchInputOff_2</a>
   </dd>
@@ -4364,7 +4364,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_TPM policies  
+### ADMX_TPM policies
 
 <dl>
   <dd>
@@ -4399,7 +4399,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_UserExperienceVirtualization policies  
+### ADMX_UserExperienceVirtualization policies
 
 <dl>
   <dd>
@@ -4782,7 +4782,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_UserProfiles policies  
+### ADMX_UserProfiles policies
 
 <dl>
   <dd>
@@ -4811,7 +4811,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_W32Time policies  
+### ADMX_W32Time policies
 
 <dl>
   <dd>
@@ -4828,7 +4828,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WCM policies  
+### ADMX_WCM policies
 
 <dl>
   <dd>
@@ -4853,7 +4853,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_WinCal policies  
+### ADMX_WinCal policies
 
 <dl>
   <dd>
@@ -4864,7 +4864,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WindowsConnectNow policies  
+### ADMX_WindowsConnectNow policies
 
 <dl>
   <dd>
@@ -4879,7 +4879,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 </dl>
 
 
-### ADMX_WindowsExplorer policies  
+### ADMX_WindowsExplorer policies
 
 <dl>
   <dd>
@@ -5097,7 +5097,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WindowsMediaDRM policies  
+### ADMX_WindowsMediaDRM policies
 
 <dl>
   <dd>
@@ -5105,7 +5105,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WindowsMediaPlayer policies  
+### ADMX_WindowsMediaPlayer policies
 
 <dl>
   <dd>
@@ -5174,7 +5174,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 </dl>
 
 
-### ADMX_WindowsRemoteManagement policies  
+### ADMX_WindowsRemoteManagement policies
 
 <dl>
   <dd>
@@ -5185,7 +5185,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WindowsStore policies  
+### ADMX_WindowsStore policies
 
 <dl>
   <dd>
@@ -5205,7 +5205,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WinInit policies  
+### ADMX_WinInit policies
 
 <dl>
   <dd>
@@ -5219,7 +5219,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_WinLogon policies  
+### ADMX_WinLogon policies
 
 <dl>
   <dd>
@@ -5250,7 +5250,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### ADMX_wlansvc policies  
+### ADMX_wlansvc policies
 
 <dl>
   <dd>
@@ -5286,7 +5286,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 <dl>
 
-### ADMX_WPN policies  
+### ADMX_WPN policies
 
 <dl>
   <dd>
@@ -5338,8 +5338,8 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata" id="applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
   </dd>
-  <dd> 
-    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall"id="applicationmanagement-blocknonadminuserinstall">ApplicationManagement/BlockNonAdminUserInstall</a> 
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall"id="applicationmanagement-blocknonadminuserinstall">ApplicationManagement/BlockNonAdminUserInstall</a>
   </dd>
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
@@ -5478,7 +5478,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### Audit policies  
+### Audit policies
 
 <dl>
   <dd>
@@ -6304,40 +6304,40 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### DesktopAppInstaller policies 
+### DesktopAppInstaller policies
 <dl>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#desktopappinstaller-enableadditionalsources" id="desktopappinstaller-enableadditionalsources">DesktopAppInstaller/EnableAdditionalSources</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enableadditionalsources" id="desktopappinstaller-enableadditionalsources">DesktopAppInstaller/EnableAdditionalSources</a>
   </dd>
 <dd>
-    <a href="/policy-csp-desktopappinstaller.md#desktopappinstaller-enableappinstaller"id="desktopappinstaller-enableappinstaller">DesktopAppInstaller/EnableAppInstaller</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enableappinstaller"id="desktopappinstaller-enableappinstaller">DesktopAppInstaller/EnableAppInstaller</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#desktopappinstaller-enabledefaultsource"id="desktopappinstaller-enabledefaultsource">DesktopAppInstaller/EnableDefaultSource</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enabledefaultsource"id="desktopappinstaller-enabledefaultsource">DesktopAppInstaller/EnableDefaultSource</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enablelocalmanifestfiles"id="desktopappinstaller-enablelocalmanifestfiles">DesktopAppInstaller/EnableLocalManifestFiles</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enablelocalmanifestfiles"id="desktopappinstaller-enablelocalmanifestfiles">DesktopAppInstaller/EnableLocalManifestFiles</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enablehashoverride"id="desktopappinstaller-enablehashoverride">DesktopAppInstaller/EnableHashOverride</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enablehashoverride"id="desktopappinstaller-enablehashoverride">DesktopAppInstaller/EnableHashOverride</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enablemicrosoftstoresource"id="desktopappinstaller-enablemicrosoftstoresource">DesktopAppInstaller/EnableMicrosoftStoreSource</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enablemicrosoftstoresource"id="desktopappinstaller-enablemicrosoftstoresource">DesktopAppInstaller/EnableMicrosoftStoreSource</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enablemsappinstallerprotocol"id="desktopappinstaller-enablemsappinstallerprotocol">DesktopAppInstaller/EnableMSAppInstallerProtocol</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enablemsappinstallerprotocol"id="desktopappinstaller-enablemsappinstallerprotocol">DesktopAppInstaller/EnableMSAppInstallerProtocol</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enablesettings"id="desktopappinstaller-enablesettings">DesktopAppInstaller/EnableSettings</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enablesettings"id="desktopappinstaller-enablesettings">DesktopAppInstaller/EnableSettings</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enableallowedsources"id="desktopappinstaller-enableallowedsources">DesktopAppInstaller/EnableAllowedSources</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enableallowedsources"id="desktopappinstaller-enableallowedsources">DesktopAppInstaller/EnableAllowedSources</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-enableexperimentalfeatures"id="desktopappinstaller-enableexperimentalfeatures">DesktopAppInstaller/EnableExperimentalFeatures</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-enableexperimentalfeatures"id="desktopappinstaller-enableexperimentalfeatures">DesktopAppInstaller/EnableExperimentalFeatures</a>
   </dd>
   <dd>
-    <a href="/policy-csp-desktopappinstaller.md#DesktopAppInstaller-sourceautoupdateinterval"id="desktopappinstaller-sourceautoupdateinterval">DesktopAppInstaller/SourceAutoUpdateInterval</a>
+    <a href="./policy-csp-desktopappinstaller.md#desktopappinstaller-sourceautoupdateinterval"id="desktopappinstaller-sourceautoupdateinterval">DesktopAppInstaller/SourceAutoUpdateInterval</a>
   </dd>
 </dl>
 
@@ -7719,7 +7719,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### MixedReality policies  
+### MixedReality policies
 
 <dl>
   <dd>
@@ -7779,7 +7779,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### Multitasking policies  
+### Multitasking policies
 
 <dl>
   <dd>
@@ -8030,7 +8030,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
   <dd>
     <a href="./policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-userincontroloftheseapps"id="privacy-letappsaccessbackgroundspatialperception-userincontroloftheseapps">Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps</a>
-  </dd>  
+  </dd>
   <dd>
     <a href="./policy-csp-privacy.md#privacy-letappsaccesscalendar" id="privacy-letappsaccesscalendar">Privacy/LetAppsAccessCalendar</a>
   </dd>
@@ -8597,7 +8597,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
   <dd>
     <a href="./policy-csp-start.md#start-disablecontextmenus" id="start-disablecontextmenus">Start/DisableContextMenus</a>
-  </dd> 
+  </dd>
   <dd>
     <a href="./policy-csp-start.md#start-disablecontrolcenter" id="start-disablecontrolcenter">Start/DisableControlCenter</a>
   </dd>
@@ -9143,11 +9143,11 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   <dd>
     <a href="./policy-csp-update.md#update-setpolicydrivenupdatesourceforquality" id="update-setpolicydrivenupdatesourceforquality">Update/SetPolicyDrivenUpdateSourceForQuality</a>
   </dd>
-  <dd> 
-    <a href="./policy-csp-update.md#update-setproxybehaviorforupdatedetection"id="update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a> 
+  <dd>
+    <a href="./policy-csp-update.md#update-setproxybehaviorforupdatedetection"id="update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
   </dd>
-  <dd> 
-    <a href="./policy-csp-update.md#update-targetreleaseversion"id="update-targetreleaseversion">Update/TargetReleaseVersion</a> 
+  <dd>
+    <a href="./policy-csp-update.md#update-targetreleaseversion"id="update-targetreleaseversion">Update/TargetReleaseVersion</a>
   </dd>
   <dd>
   <dd>
@@ -9442,7 +9442,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
-### WindowsSandbox policies  
+### WindowsSandbox policies
 
 <dl>
   <dd>
@@ -9506,8 +9506,8 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
 > Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
 ## Policies in Policy CSP supported by HoloLens devices
-- [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)  
-- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)  
+- [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
+- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
 - [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
 
 ## Policies in Policy CSP supported by Windows 10 IoT
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 5eb4a605e5..6f50b43ffa 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -8,7 +8,7 @@ ms.technology: windows
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 02/12/2021
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ---
 
@@ -18,7 +18,7 @@ manager: aaroncz
 <hr/>
 
 <!--Policies-->
-## Search policies  
+## Search policies
 
 <dl>
   <dd>
@@ -75,7 +75,7 @@ manager: aaroncz
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowcloudsearch"></a>**Search/AllowCloudSearch**  
+<a href="" id="search-allowcloudsearch"></a>**Search/AllowCloudSearch**
 
 <!--SupportedSKUs-->
 
@@ -105,7 +105,7 @@ Allow Search and Cortana to search cloud sources like OneDrive and SharePoint. T
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow Cloud Search*
 -   GP name: *AllowCloudSearch*
 -   GP element: *AllowCloudSearch_Dropdown*
@@ -125,7 +125,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowcortanainaad"></a>**Search/AllowCortanaInAAD**  
+<a href="" id="search-allowcortanainaad"></a>**Search/AllowCortanaInAAD**
 
 <!--SupportedSKUs-->
 
@@ -155,7 +155,7 @@ This policy allows the cortana opt-in page during windows setup out of the box e
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow Cloud Search*
 -   GP name: *AllowCortanaInAAD*
 -   GP element: *AllowCloudSearch_Dropdown*
@@ -174,7 +174,7 @@ This value is a simple boolean value, default false, that can be set by MDM poli
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowfindmyfiles"></a>**Search/AllowFindMyFiles**  
+<a href="" id="search-allowfindmyfiles"></a>**Search/AllowFindMyFiles**
 
 <!--SupportedSKUs-->
 
@@ -204,7 +204,7 @@ Controls if the user can configure search to Find My Files mode, which searches
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow Find My Files*
 -   GP name: *AllowFindMyFiles*
 -   GP path: *Computer Configuration/Administrative Templates/Windows Components/Search*
@@ -212,7 +212,7 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--SupportedValues-->
-The following list shows the supported values:  
+The following list shows the supported values:
 
 - 1 (Default) - Find My Files feature can be toggled (still off by default), and the settings UI is present.
 - 0 - Find My Files feature is turned off completely, and the settings UI is disabled.
@@ -229,7 +229,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**  
+<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**
 
 <!--SupportedSKUs-->
 
@@ -265,7 +265,7 @@ Most restricted value is 0.
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow indexing of encrypted files*
 -   GP name: *AllowIndexingEncryptedStoresOrItems*
 -   GP path: *Windows Components/Search*
@@ -284,7 +284,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**  
+<a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**
 
 <!--SupportedSKUs-->
 
@@ -316,7 +316,7 @@ Most restricted value is 0.
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow search and Cortana to use location*
 -   GP name: *AllowSearchToUseLocation*
 -   GP path: *Windows Components/Search*
@@ -335,7 +335,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowsearchhighlights"></a>**Search/AllowSearchHighlights**  
+<a href="" id="search-allowsearchhighlights"></a>**Search/AllowSearchHighlights**
 
 <!--SupportedSKUs-->
 
@@ -364,11 +364,11 @@ The following list shows the supported values:
 This policy controls whether search highlights are shown in the search box or in search home.
 
 - If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home.
-- If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home. 
+- If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home.
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow search and highlights*
 -   GP name: *AllowSearchHighlights*
 -   GP path: *Windows Components/Search*
@@ -378,15 +378,13 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values in Windows 10:
 
-- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
-
-- Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home.
+- 1 (default) - Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
+- 0 - Disabling this setting turns off search highlights in the taskbar search box and in search home.
 
 The following list shows the supported values in Windows 11:
 
-- Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
-
-- Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home.
+- 1 (default) - Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
+- 0 - Disabling this setting turns off search highlights in the start menu search box and in search home.
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -394,7 +392,7 @@ The following list shows the supported values in Windows 11:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowstoringimagesfromvisionsearch"></a>**Search/AllowStoringImagesFromVisionSearch**  
+<a href="" id="search-allowstoringimagesfromvisionsearch"></a>**Search/AllowStoringImagesFromVisionSearch**
 
 <!--Description-->
 This policy has been deprecated.
@@ -405,7 +403,7 @@ This policy has been deprecated.
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**  
+<a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**
 
 <!--SupportedSKUs-->
 
@@ -437,7 +435,7 @@ Most restricted value is 0.
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Allow use of diacritics*
 -   GP name: *AllowUsingDiacritics*
 -   GP path: *Windows Components/Search*
@@ -456,7 +454,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-allowwindowsindexer"></a>**Search/AllowWindowsIndexer**  
+<a href="" id="search-allowwindowsindexer"></a>**Search/AllowWindowsIndexer**
 
 <!--SupportedSKUs-->
 
@@ -490,7 +488,7 @@ Allow Windows indexer. Supported value type is integer.
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**  
+<a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**
 
 <!--SupportedSKUs-->
 
@@ -522,7 +520,7 @@ Most restricted value is 0.
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Always use automatic language detection when indexing content and properties*
 -   GP name: *AlwaysUseAutoLangDetection*
 -   GP path: *Windows Components/Search*
@@ -541,7 +539,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**  
+<a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**
 
 <!--SupportedSKUs-->
 
@@ -571,7 +569,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Disable indexer backoff*
 -   GP name: *DisableBackoff*
 -   GP path: *Windows Components/Search*
@@ -590,7 +588,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**  
+<a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**
 
 <!--SupportedSKUs-->
 
@@ -624,7 +622,7 @@ If you disable or don't configure this policy setting, locations on removable dr
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Do not allow locations on removable drives to be added to libraries*
 -   GP name: *DisableRemovableDriveIndexing*
 -   GP path: *Windows Components/Search*
@@ -643,7 +641,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-disablesearch"></a>**Search/DisableSearch**  
+<a href="" id="search-disablesearch"></a>**Search/DisableSearch**
 
 <!--SupportedSKUs-->
 
@@ -674,7 +672,7 @@ It removes the Search button from the Taskbar and the corresponding option in th
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 
 -   GP Friendly name: *Fully disable Search UI*
 -   GP name: *DisableSearch*
@@ -694,7 +692,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-donotusewebresults"></a>**Search/DoNotUseWebResults**  
+<a href="" id="search-donotusewebresults"></a>**Search/DoNotUseWebResults**
 
 <!--SupportedSKUs-->
 
@@ -730,7 +728,7 @@ This policy setting allows you to control whether or not Search can perform quer
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Don't search the web or display web results in Search*
 -   GP name: *DoNotUseWebResults*
 -   GP path: *Windows Components/Search*
@@ -749,7 +747,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**  
+<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**
 
 <!--SupportedSKUs-->
 
@@ -783,7 +781,7 @@ When this policy is disabled or not configured, Windows Desktop Search automatic
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Stop indexing in the event of limited hard drive space*
 -   GP name: *StopIndexingOnLimitedHardDriveSpace*
 -   GP path: *Windows Components/Search*
@@ -802,7 +800,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**  
+<a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**
 
 <!--SupportedSKUs-->
 
@@ -832,7 +830,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Prevent clients from querying the index remotely*
 -   GP name: *PreventRemoteQueries*
 -   GP path: *Windows Components/Search*
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index bd8d22ec50..5dc80b41a1 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -8,7 +8,7 @@ ms.technology: windows
 author: alekyaj
 ms.localizationpriority: medium
 ms.date: 09/27/2019
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ---
 
@@ -18,7 +18,7 @@ manager: aaroncz
 <hr/>
 
 <!--Policies-->
-## WebThreatDefense policies  
+## WebThreatDefense policies
 
 <dl>
   <dd>
@@ -39,7 +39,7 @@ manager: aaroncz
 >In Microsoft Intune, this CSP is under the “Enhanced Phishing Protection” category.
 
 <!--Policy-->
-<a href="" id="webthreatdefense-enableservice"></a>**WebThreatDefense/EnableService**  
+<a href="" id="webthreatdefense-enableservice"></a>**WebThreatDefense/EnableService**
 
 <!--SupportedSKUs-->
 
@@ -48,7 +48,7 @@ manager: aaroncz
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|Yes|
-|Business|No|Yes|
+|Business|No|No|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 
@@ -66,7 +66,7 @@ manager: aaroncz
 <!--/Scope-->
 <!--Description-->
 
-This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. When in audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends telemetry through Microsoft Defender.  
+This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. When in audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends telemetry through Microsoft Defender.
 
 If you enable this policy setting or don’t configure this setting, Enhanced Phishing Protection is enabled in audit mode, and your users are unable to turn it off.
 
@@ -74,7 +74,7 @@ If you disable this policy setting, Enhanced Phishing Protection is off. When of
 
 <!--/Description-->
 <!--ADMXMapped-->
-ADMX Info:  
+ADMX Info:
 -   GP Friendly name: *Configure Web Threat Defense*
 -   GP name: *EnableWebThreatDefenseService*
 -   GP path: *Windows Security\App & browser control\Reputation-based protection\Phishing protections*
@@ -94,7 +94,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="webthreatdefense-notifymalicious"></a>**WebThreatDefense/NotifyMalicious**  
+<a href="" id="webthreatdefense-notifymalicious"></a>**WebThreatDefense/NotifyMalicious**
 
 <!--SupportedSKUs-->
 
@@ -103,7 +103,7 @@ The following list shows the supported values:
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|Yes|
-|Business|No|Yes|
+|Business|No|No|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 
@@ -139,7 +139,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="webthreatdefense-notifypasswordreuse"></a>**WebThreatDefense/NotifyPasswordReuse**  
+<a href="" id="webthreatdefense-notifypasswordreuse"></a>**WebThreatDefense/NotifyPasswordReuse**
 
 <!--SupportedSKUs-->
 
@@ -148,7 +148,7 @@ The following list shows the supported values:
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|Yes|
-|Business|No|Yes|
+|Business|No|No|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 
@@ -185,7 +185,7 @@ The following list shows the supported values:
 <hr/>
 
 <!--Policy-->
-<a href="" id="webthreatdefense-notifyunsafeapp"></a>**WebThreatDefense/NotifyUnsafeApp**  
+<a href="" id="webthreatdefense-notifyunsafeapp"></a>**WebThreatDefense/NotifyUnsafeApp**
 
 <!--SupportedSKUs-->
 
@@ -194,7 +194,7 @@ The following list shows the supported values:
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|Yes|
-|Business|No|Yes|
+|Business|No|No|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 
@@ -216,13 +216,13 @@ This policy setting determines whether Enhanced Phishing Protection warns your u
 
 If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in text editor apps.
 
-If you disable or don’t configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in text editor apps. 
+If you disable or don’t configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in text editor apps.
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 
 -	0: Turns off Enhanced Phishing Protection notifications when users type their work or school passwords in text editor apps like OneNote, Word, Notepad, etc.
--	1: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in text editor apps.  
+-	1: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in text editor apps.
 <!--/SupportedValues-->
 <!--/Policy-->
 
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 2f16f647de..0e11d6566e 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -32,6 +32,10 @@ The following example shows the SecureAssessment configuration service provider
 SecureAssessment
 ----LaunchURI
 ----TesterAccount
+----AllowScreenMonitoring
+----RequirePrinting
+----AllowTextSuggestions
+----Assessments
 ```
 <a href="" id="--vendor-msft-secureassessment"></a>**./Vendor/MSFT/SecureAssessment**  
 The root node for the SecureAssessment configuration service provider.
@@ -67,6 +71,60 @@ Added in Windows 10, version 1703. Boolean value that indicates whether keyboard
 
 Supported operations are Get and Replace.
 
+<a href="" id="Assessments"></a>**Assessments**  
+Added in Windows 11, version 22H2. Enables support for multiple assessments. When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments. 
+
+Supported operations are Add, Delete, Get and Replace.
+
+XML schema
+
+```xml
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:element name="AssessmentsRoot">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="Assessments">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="Assessment" maxOccurs="unbounded" minOccurs="0">
+                <xs:complexType>
+                  <xs:sequence>
+                    <xs:element type="xs:string" name="TestName"/>
+                    <xs:element type="xs:string" name="TestUri"/>
+                  </xs:sequence>
+                </xs:complexType>
+              </xs:element>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
+```
+
+Example:
+```xml
+<?xml version="1.0" encoding="utf-16"?>
+<AssessmentsRoot xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <Assessments>
+        <Assessment>
+            <TestName>English exam</TestName>
+            <TestUri>https://contoso.com/english</TestUri>
+        </Assessment>
+        <Assessment>
+            <TestName>Math exam</TestName>
+            <TestUri>https://contoso.com/math</TestUri>
+        </Assessment>
+        <Assessment>
+            <TestName>Geography exam</TestName>
+            <TestUri>https://contoso.com/geography</TestUri>
+        </Assessment>
+    </Assessments>
+</AssessmentsRoot>
+```
+
 ## Related topics
 
 [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs)  
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index 9dc7485482..84c80b01df 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -8,7 +8,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: vinaypamnani-msft
-ms.date: 01/16/2019
+ms.date: 09/23/2022
 ---
 
 # SharedPC CSP
@@ -81,9 +81,6 @@ In Windows 10, version 1607, the value is set to True and the education environm
 <a href="" id="setpowerpolicies"></a>**SetPowerPolicies**
 Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The default value is Not Configured and the effective power settings are determined by the OS's default power settings. Its value in the SharedPC provisioning package is True.
@@ -91,9 +88,6 @@ The default value is Not Configured and the effective power settings are determi
 <a href="" id="maintenancestarttime"></a>**MaintenanceStartTime**
 Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
 
-> [!NOTE]
->  If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The default value is Not Configured and its value in the SharedPC provisioning package is 0 (12 AM).
@@ -101,9 +95,6 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="signinonresume"></a>**SignInOnResume**
 Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The default value is Not Configured and its value in the SharedPC provisioning package is True.
@@ -111,9 +102,6 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="sleeptimeout"></a>**SleepTimeout**
 The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in the SharedPC provisioning package for Windows 10, version 1703 is 300, and in Windows 10, version 1607 is 3600.
@@ -121,9 +109,6 @@ The default value is Not Configured, and effective behavior is determined by the
 <a href="" id="enableaccountmanager"></a>**EnableAccountManager**
 A boolean that enables the account manager for shared PC mode.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The default value is Not Configured and its value in the SharedPC provisioning package is True.
@@ -131,9 +116,6 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="accountmodel"></a>**AccountModel**
 Configures which type of accounts are allowed to use the PC.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 The following list shows the supported values:
@@ -147,9 +129,6 @@ Its value in the SharedPC provisioning package is 1 or 2.
 <a href="" id="deletionpolicy"></a>**DeletionPolicy**
 Configures when accounts are deleted.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The supported operations are Add, Get, Replace, and Delete.
 
 For Windows 10, version 1607, here's the list shows the supported values:
@@ -168,9 +147,6 @@ The default value is Not Configured. Its value in the SharedPC provisioning pack
 <a href="" id="diskleveldeletion"></a>**DiskLevelDeletion**
 Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first.
 
-> [!NOTE]
-> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
-
 The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
 
 For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under half of the deletion threshold and disk space is low, regardless of whether the PC is actively in use or not.
@@ -180,9 +156,6 @@ The supported operations are Add, Get, Replace, and Delete.
 <a href="" id="disklevelcaching"></a>**DiskLevelCaching**
 Sets the percentage of available disk space a PC should have before it stops deleting cached accounts.
 
-> [!NOTE]
-> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-
 The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
 
 For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately on signing out from an account if free space is under the deletion threshold and disk space is low, regardless whether the PC is actively in use or not.
@@ -194,26 +167,17 @@ Added in Windows 10, version 1703. Restricts the user from using local storage.
 
 The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
 
-> [!NOTE]
-> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-
 <a href="" id="kioskmodeaumid"></a>**KioskModeAUMID**
 Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional.
 
 - Value type is string.
 - Supported operations are Add, Get, Replace, and Delete.
 
-> [!NOTE]
-> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-
 <a href="" id="kioskmodeusertiledisplaytext"></a>**KioskModeUserTileDisplayText**
 Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional.
 
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
-> [!NOTE]
-> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-
 <a href="" id="inactivethreshold"></a>**InactiveThreshold**
 Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
 
@@ -226,9 +190,6 @@ The default in the SharedPC provisioning package is 30.
 <a href="" id="maxpagefilesizemb"></a>**MaxPageFileSizeMB**
 Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional.
 
-> [!NOTE]
-> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
-
 - Default value is Not Configured.
 - Value type is integer.
 - Supported operations are Add, Get, Replace, and Delete.
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 071887f881..75667401c6 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -80,7 +80,7 @@ The XML below is the DDF for Windows 10, version 1703.
                   <Replace />
                 </AccessType>
                 <DefaultValue>false</DefaultValue>
-                <Description>Setting this node to “1” triggers the action to configure a device to Shared PC mode with OneDrive sync turned on</Description>
+                <Description>Setting this node to "1" triggers the action to configure a device to Shared PC mode with OneDrive sync turned on</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -104,7 +104,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>false</DefaultValue>
-                <Description>Set a list of EDU policies. This node is independent of EnableSharedPCMode.</Description>
+                <Description>Set a list of EDU policies.</Description>
                 <DFFormat>
                     <bool />
                 </DFFormat>
@@ -128,7 +128,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>Specify that the power policies should be set when configuring SharedPC mode. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Specify that the power policies should be set when configuring SharedPC mode. This node is optional.</Description>
                 <DFFormat>
                     <bool />
                 </DFFormat>
@@ -152,7 +152,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>0</DefaultValue>
-                <Description>Daily start time of maintenance hour. Given in minutes from midnight. Default is 0 (12am). This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Daily start time of maintenance hour. Given in minutes from midnight. Default is 0 (12am). This node is optional.</Description>
                 <DFFormat>
                     <int />
                 </DFFormat>
@@ -176,7 +176,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>Require signing in on waking up from sleep. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Require signing in on waking up from sleep. This node is optional.</Description>
                 <DFFormat>
                     <bool />
                 </DFFormat>
@@ -200,7 +200,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>300</DefaultValue>
-                <Description>The amount of time before the PC sleeps, given in seconds. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>The amount of time before the PC sleeps, given in seconds. 0 means the PC never sleeps. Default is 5 minutes. This node is optional.</Description>
                 <DFFormat>
                     <int />
                 </DFFormat>
@@ -344,7 +344,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>true</DefaultValue>
-                <Description>Restricts the user from using local storage. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Restricts the user from using local storage. This node is optional.</Description>
                 <DFFormat>
                     <bool />
                 </DFFormat>
@@ -367,7 +367,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Get />
                     <Replace />
                 </AccessType>
-                <Description>Specifies the AUMID of the app to use with assigned access. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Specifies the AUMID of the app to use with assigned access. This node is optional.</Description>
                 <DFFormat>
                     <chr />
                 </DFFormat>
@@ -390,7 +390,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Get />
                     <Replace />
                 </AccessType>
-                <Description>Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. This node is optional.</Description>
                 <DFFormat>
                     <chr />
                 </DFFormat>
@@ -438,7 +438,7 @@ The XML below is the DDF for Windows 10, version 1703.
                     <Replace />
                 </AccessType>
                 <DefaultValue>1024</DefaultValue>
-                <Description>Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional. If used, it needs to be set before the action on "EnableSharedPCMode" node is taken.</Description>
+                <Description>Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional.</Description>
                 <DFFormat>
                     <int />
                 </DFFormat>
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index 2e3e08cf89..cfa21daedd 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -70,19 +70,13 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
 
-    ![details for offline app package.](../images/uwp-family.png)
-
 3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
 4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
-    ![required frameworks for offline app package.](../images/uwp-dependencies.png)
-
 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
     - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**.
-
-        ![generate license for offline app.](../images/uwp-license.png)
         
     - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
     
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index c96322afd3..7e5632400f 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -85,19 +85,14 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 2. For **DeviceContextApp**, specify the **PackageFamilyName** for the app. In Microsoft Store for Business, the package family name is listed in the **Package details** section of the download page.
 
-    ![details for offline app package.](../images/uwp-family.png)
-
 3. For **ApplicationFile**, select **Browse** to find and select the target app (either an \*.appx or \*.appxbundle).
 
 4. For **DependencyAppxFiles**, select **Browse** to find and add any dependencies for the app. In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. 
 
-    ![required frameworks for offline app package.](../images/uwp-dependencies.png)
 
 5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
     - In Microsoft Store for Business, generate the unencoded license for the app on the app's download page. 
-
-        ![generate license for offline app.](../images/uwp-license.png)
         
     - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and select **Add**.
     
diff --git a/windows/configuration/windows-accessibility-for-ITPros.md b/windows/configuration/windows-accessibility-for-ITPros.md
index 38c0ed6030..cbd0e23756 100644
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-accessibility-for-ITPros.md
@@ -63,6 +63,8 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
 
 ## Hearing
 
+- [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
+
 - [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
 
 - [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
diff --git a/windows/deployment/images/before.png b/windows/deployment/images/before.png
deleted file mode 100644
index 1a50878670..0000000000
Binary files a/windows/deployment/images/before.png and /dev/null differ
diff --git a/windows/deployment/images/sa-mfa1.png b/windows/deployment/images/sa-mfa1.png
deleted file mode 100644
index 045e5a7794..0000000000
Binary files a/windows/deployment/images/sa-mfa1.png and /dev/null differ
diff --git a/windows/deployment/images/sa-mfa2.png b/windows/deployment/images/sa-mfa2.png
deleted file mode 100644
index 1964a7b263..0000000000
Binary files a/windows/deployment/images/sa-mfa2.png and /dev/null differ
diff --git a/windows/deployment/images/sa-mfa3.png b/windows/deployment/images/sa-mfa3.png
deleted file mode 100644
index 8987eac97b..0000000000
Binary files a/windows/deployment/images/sa-mfa3.png and /dev/null differ
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 5da61c2f9a..a7dbbcc6f0 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -95,7 +95,7 @@ landingContent:
             url: /microsoftteams/faq-support-remote-workforce
 
   # Card (optional)
-  - title: Microsoft Learn
+  - title: Microsoft Learn training
     linkLists:
       - linkListType: learn
         links:
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index cbcb7c8acb..a865459e80 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -106,11 +106,12 @@ A list of all status updates posted in the selected timeframe will be displayed,
 -   **Where do I find Windows release health?**   
     After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** and you'll see **Windows release health**.
 
--   **Is the Windows release health content published to Microsoft 365 admin center the same as the content on Windows release health on Docs.microsoft.com?**   
-    No. While the content is similar, you may see more issues and technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you'll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
+
+-   **Is the Windows release health content published to Microsoft 365 admin center the same as the content on Windows release health on Microsoft Learn?**   
+    No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you’ll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
 
 -   **How often will content be updated?**   
-    To ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Docs.microsoft.com and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have more details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
+    In an effort to ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Microsoft Learn and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
 
 -   **Can I share this content publicly or with other Windows customers?**   
     Windows release health is provided to you as a licensed Windows customer and isn't to be shared publicly.
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index c301863138..bc6e8a327e 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -1,11 +1,11 @@
 ---
 title: Manually configuring devices for Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Manually configuring devices for Update Compliance
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index 6db9d2bb84..31cc1b5b80 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -1,11 +1,11 @@
 ---
 title: Configuring Microsoft Endpoint Manager devices for Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
@@ -21,62 +21,64 @@ ms.topic: article
 This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
 
 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured.
-2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured.
-3. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more about this in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance).
+1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more about this in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance).
+
+> [!TIP]
+> If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
 
 ## Create a configuration profile
 
 Take the following steps to create a configuration profile that will set required policies for Update Compliance:
 
 1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**.
-2. On the **Configuration profiles** view, select **Create a profile**.
-3. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
-4. For **Template name**, select **Custom**, and then press **Create**.
-5. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
-6. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
+1. On the **Configuration profiles** view, select **Create a profile**.
+1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
+1. For **Template name**, select **Custom**, and then press **Create**.
+1. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
+1. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
     1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid).
-    2. Add a setting for **Commercial ID** with the following values:
+    1. Add a setting for **Commercial ID** with the following values:
         - **Name**: Commercial ID
         - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
         - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
         - **Data type**: String
         - **Value**: *Set this to your Commercial ID*
-    2. Add a setting configuring the **Windows Diagnostic Data level** for devices:
+    1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
         - **Name**: Allow Telemetry
         - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
         - **Data type**: Integer
         - **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*).
-    3. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this is not disabled, users of each device can potentially override the diagnostic data level of devices such that data will not be available for those devices in Update Compliance:
+    1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this is not disabled, users of each device can potentially override the diagnostic data level of devices such that data will not be available for those devices in Update Compliance:
         - **Name**: Disable Telemetry opt-in interface
         - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
         - **Data type**: Integer
         - **Value**: 1
-    4. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance:
+    1. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance:
         - **Name**: Allow device name in Diagnostic Data
         - **Description**: Allows device name in Diagnostic Data.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
         - **Data type**: Integer
         - **Value**: 1
-    5. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
+    1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
         - **Name**: Allow Update Compliance Processing
         - **Description**: Opts device data into Update Compliance processing. Required to see data.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing`
         - **Data type**: Integer
         - **Value**: 16
-    6. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
+    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
         - **Name**: Allow commercial data pipeline
         - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
         - **Data type**: Integer
         - **Value**: 1
 
-7.  Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
-8. Review and select **Create**.
+1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
+1. Review and select **Create**.
 
 ## Deploy the configuration script
 
-The [Update Compliance Configuration Script](update-compliance-configuration-script.md) is an important component of properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
+The [Update Compliance Configuration Script](update-compliance-configuration-script.md) is a useful tool for properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
 When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in Pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices which will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in Deployment mode as a Win32 app to all Update Compliance devices.
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index 15c207cf56..dfc1c5cae2 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -1,7 +1,7 @@
 ---
 title: Update Compliance Configuration Script
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Downloading and using the Update Compliance Configuration Script
 ms.prod: w10
 author: mestew
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 97771928db..34024f43cb 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -1,11 +1,11 @@
 ---
 title: Delivery Optimization in Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
@@ -46,7 +46,7 @@ The table breaks down the number of bytes from each download source into specifi
 The download sources that could be included are:
 - LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
 - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used)
-- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an Configuration Manager Distribution Point for Express Updates.
+- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or a Configuration Manager Distribution Point for Express Updates.
 
 <!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
 [!INCLUDE [Monitor Delivery Optimization](../do/includes/waas-delivery-optimization-monitor.md)]
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index aef454e5ea..17b63d9e79 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance - Feature Update Status report
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 3449a9e3ff..23d4fb68e8 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -1,10 +1,10 @@
 ---
 title: Get started with Update Compliance
-manager: dougeby
+manager: aczechowski
 description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance 
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection:
   - M365-analytics
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 14be646f48..0ed598274c 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -1,11 +1,11 @@
 ---
 title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index a72b0bd9e9..680cfffa35 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -1,9 +1,9 @@
 ---
 title: Update Compliance - Need Attention! report
-manager: dougeby
+manager: aczechowski
 description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ms.prod: w10
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
index 25616519e4..08423ff755 100644
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -1,11 +1,11 @@
 ---
 title: Privacy in Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: an overview of the Feature Update Status report
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
index c745e589a3..f45cd6f50d 100644
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ b/windows/deployment/update/update-compliance-safeguard-holds.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance - Safeguard Holds report
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Learn how the Safeguard Holds report provides information about safeguard holds in your population.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index 80aca45d8a..2dc69aadd8 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Schema - WaaSDeploymentStatus
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: WaaSDeploymentStatus schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index a3029d3af7..30667a459e 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Schema - WaaSInsiderStatus
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: WaaSInsiderStatus schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index 7691648ab9..b1cb215ae1 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Schema - WaaSUpdateStatus
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: WaaSUpdateStatus schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
index 585d9bb1a9..c38fe10c37 100644
--- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Schema - WUDOAggregatedStatus
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: WUDOAggregatedStatus schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
index a954e3329c..7635fd97e7 100644
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Schema - WUDOStatus
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: WUDOStatus schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
index 872530b839..3f5325e847 100644
--- a/windows/deployment/update/update-compliance-schema.md
+++ b/windows/deployment/update/update-compliance-schema.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance Data Schema
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: an overview of Update Compliance data schema
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ---
@@ -21,7 +21,7 @@ The table below summarizes the different tables that are part of the Update Comp
 
 |Table |Category |Description |
 |--|--|--|
-|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. |
+|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. |
 |[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. |
 |[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. |
 |[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). |
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index 9bec83ea8e..3fcd47f35f 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -1,11 +1,11 @@
 ---
 title: Update Compliance - Security Update Status report
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Learn how the Security Update Status section provides information about security updates across all devices.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
 ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 1181984ab9..717bfa6599 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -1,11 +1,11 @@
 ---
 title: Using Update Compliance
 ms.reviewer: 
-manager: dougeby
+manager: aczechowski
 description: Learn how to use Update Compliance to monitor your device's Windows updates.
 ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: mestew
+ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md
index 765128a9dc..2589190da8 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md
@@ -24,8 +24,10 @@ ms.date: 08/24/2022
 This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
 
 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll. The configuration profile contains settings for all the Mobile Device Management (MDM) policies that must be configured.
-2. [Deploy the configuration script](#deploy-the-configuration-script) as a Win32 app to those same devices, so additional checks can be performed to ensure devices are correctly configured.
-3. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. For more information, see [Use Update Compliance](update-compliance-v2-use.md).
+1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. For more information, see [Use Update Compliance](update-compliance-v2-use.md).
+
+> [!TIP]
+> If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
 
 ## Create a configuration profile
 
@@ -105,7 +107,7 @@ Create a configuration profile that will set the required policies for Update Co
 
 ## Deploy the configuration script
 
-The [Update Compliance Configuration Script](update-compliance-v2-configuration-script.md) is an important component of properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
+The [Update Compliance Configuration Script](update-compliance-v2-configuration-script.md) is a useful tool for properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
 When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices which will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in deployment mode as a Win32 app to all Update Compliance devices.
 
diff --git a/windows/deployment/update/update-compliance-v2-help.md b/windows/deployment/update/update-compliance-v2-help.md
index e1fccf14ec..cbdbab10e9 100644
--- a/windows/deployment/update/update-compliance-v2-help.md
+++ b/windows/deployment/update/update-compliance-v2-help.md
@@ -64,9 +64,9 @@ You can open support requests directly from the Azure portal. If  the **Help + S
 
 Select the **Feedback** link in the upper right of any article to go to the Feedback section at the bottom. Feedback is integrated with GitHub Issues. For more information about this integration with GitHub Issues, see the [docs platform blog post](/teamblog/a-new-feedback-system-is-coming-to-docs).
 
-:::image type="content" source="media/docs-feedback.png" alt-text="Screenshot of the feedback section on a docs article.":::
+:::image type="content" source="media/docs-feedback.png" alt-text="Screenshot of the feedback section of a Microsoft Learn page.":::
 
-To share docs feedback about the current article, select **This page**. A [GitHub account](https://github.com/join) is a prerequisite for providing documentation feedback. Once you sign in, there's a one-time authorization for the MicrosoftDocs organization. It then opens the GitHub new issue form. Add a descriptive title and detailed feedback in the body, but don't modify the document details section. Then select **Submit new issue** to file a new issue for the target article in the [Windows-ITPro-docs GitHub repository](https://github.com/MicrosoftDocs/windows-itpro-docs/issues).
+To share feedback about the current article, select **This page**. A [GitHub account](https://github.com/join) is a prerequisite for providing documentation feedback. Once you sign in, there's a one-time authorization for the MicrosoftDocs organization. It then opens the GitHub new issue form. Add a descriptive title and detailed feedback in the body, but don't modify the document details section. Then select **Submit new issue** to file a new issue for the target article in the [Windows-ITPro-docs GitHub repository](https://github.com/MicrosoftDocs/windows-itpro-docs/issues).
 
 To see whether there's already feedback for this article, select **View all page feedback**. This action opens a GitHub issue query for this article. By default it displays both open and closed issues. Review any existing feedback before you submit a new issue. If you find a related issue, select the face icon to add a reaction, add a comment to the thread, or **Subscribe** to receive notifications.
 
@@ -86,7 +86,7 @@ If you create an issue for something not related to documentation, Microsoft wil
 - [Product questions (using Microsoft Q&A)](/answers/products/)
 - [Support requests](#open-a-microsoft-support-case) for Update Compliance
 
-To share feedback about the Microsoft Docs platform, see [Microsoft Docs feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
+To share feedback about the Microsoft Learn platform, see [Microsoft Learn feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
 
 ## Troubleshooting tips
 
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 87590d77a7..187ec9c7c0 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -1,150 +1,165 @@
 ---
-title: Configure VDA for Windows 10/11 Subscription Activation
+title: Configure VDA for Windows subscription activation
+description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 author: aczechowski
-description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
 ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
+ms.technology: itpro-deploy
 ms.localizationpriority: medium
-ms.topic: article
+ms.topic: how-to
 ms.collection: M365-modern-desktop
+ms.date: 09/26/2022
 ---
 
-# Configure VDA for Windows 10/11 Subscription Activation
+# Configure VDA for Windows subscription activation
 
 Applies to:
+
 - Windows 10
 - Windows 11
 
-This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
+This document describes how to configure virtual machines (VMs) to enable [Windows subscription activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
 
 Deployment instructions are provided for the following scenarios:
+
 1. [Active Directory-joined VMs](#active-directory-joined-vms)
 2. [Azure Active Directory-joined VMs](#azure-active-directory-joined-vms)
 3. [Azure Gallery VMs](#azure-gallery-vms)
 
 ## Requirements
 
-- VMs must be running Windows 10 Pro, version 1703 or later. Windows 11 is "later" in this context. 
-- VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
-- VMs must be hosted by a Qualified Multitenant Hoster (QMTH). 
-    - For more information, see [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
+- VMs must be running a supported version of Windows Pro edition.
+- VMs must be joined to Active Directory or Azure Active Directory (Azure AD).
+- VMs must be hosted by a Qualified Multitenant Hoster (QMTH). For more information, download the PDF that describes the [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf).
 
 ## Activation
 
 ### Scenario 1
 
-- The VM is running Windows 10, version 1803 or later (ex: Windows 11).
+- The VM is running a supported version of Windows.
 - The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
 
-    When a user with VDA rights signs in to the VM using their Azure Active Directory credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
+    When a user with VDA rights signs in to the VM using their Azure AD credentials, the VM is automatically stepped-up to Enterprise and activated. There's no need to do Windows Pro activation. This functionality eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
 
 ### Scenario 2
 
-- The Hyper-V host and the VM are both running Windows 10, version 1803 or later.
+- The Hyper-V host and the VM are both running a supported version of Windows.
 
-    [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10/11 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
+    [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure AD account.
 
 ### Scenario 3
 
-- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) partner.
+- The hoster isn't an authorized QMTH partner.
 
-    In this scenario, the underlying Windows 10/11 Pro license must be activated prior to Subscription Activation of Windows 10/11 Enterprise. Activation is accomplished using a Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems).
+    In this scenario, the underlying Windows Pro license must be activated prior to using subscription activation Windows Enterprise. Activation is accomplished using a generic volume license key (GVLK) and a volume license KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems).
 
 For examples of activation issues, see [Troubleshoot the user experience](./deploy-enterprise-licenses.md#troubleshoot-the-user-experience).
 
 ## Active Directory-joined VMs
 
 1. Use the following instructions to prepare the VM for Azure: [Prepare a Windows VHD or VHDX to upload to Azure](/azure/virtual-machines/windows/prepare-for-upload-vhd-image)
-2. (Optional) To disable network level authentication, type the following at an elevated command prompt:
+2. (Optional) To disable network level authentication, type the following command at an elevated command prompt:
 
-    ```
+    ```cmd
     REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
     ```
 
 3. At an elevated command prompt, type **sysdm.cpl** and press ENTER.
-4. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
-5. Click **Add**, type **Authenticated users**, and then click **OK** three times.
-6. Follow the instructions to use sysprep at [Steps to generalize a VHD](/azure/virtual-machines/windows/prepare-for-upload-vhd-image#steps-to-generalize-a-vhd) and then start the VM again.
-7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 20.
-8. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-9. Open Windows Configuration Designer and click **Provision desktop services**.
-10. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
-        - Note: You can use a different project name, but this name is also used with dism.exe in a subsequent step.
-11. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
-12. On the Set up network page, choose **Off**.
-13. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
-    - Note: This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
-14. On the Add applications page, add applications if desired. This step is optional.
-15. On the Add certificates page, add certificates if desired. This step is optional.
-16. On the Finish page, click **Create**.
-17. In file explorer, double-click the VHD to mount the disk image. Determine the drive letter of the mounted image.
-18. Type the following at an elevated command prompt. Replace the letter **G** with the drive letter of the mounted image, and enter the project name you used if it is different than the one suggested:
+4. On the Remote tab, choose **Allow remote connections to this computer** and then select **Select Users**.
+5. Select **Add**, type **Authenticated users**, and then select **OK** three times.
+6. Follow the instructions to use sysprep at [Steps to generalize a VHD](/azure/virtual-machines/windows/prepare-for-upload-vhd-image#generalize-a-vhd) and then start the VM again.
+7. If you must activate Windows Pro as described for [scenario 3](#scenario-3), complete the following steps to use Windows Configuration Designer and inject an activation key. Otherwise, skip to step 8.
+    1. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
+    1. Open Windows Configuration Designer and select **Provision desktop services**.
+    1. Under **Name**, type **Desktop AD Enrollment Pro GVLK**, select **Finish**, and then on the **Set up device** page enter a device name.
 
-    ```cmd
-    Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
-    ```
-19. Right-click the mounted image in file explorer and click **Eject**.
-20. See instructions at [Upload and create VM from generalized VHD](/azure/virtual-machines/windows/upload-generalized-managed#log-in-to-azure) to log in to Azure, get your storage account details, upload the VHD, and create a managed image.
+        > [!NOTE]
+        > You can use a different project name, but this name is also used with dism.exe in a later step.
+
+    1. Under **Enter product key** type the Pro GVLK key: `W269N-WFGWX-YVC9B-4J6C9-T83GX`.
+    1. On the Set up network page, choose **Off**.
+    1. On the Account Management page, choose **Enroll into Active Directory** and then enter the account details.
+
+        > [!NOTE]
+        > This step is different for [Azure AD-joined VMs](#azure-active-directory-joined-vms).
+
+    1. On the Add applications page, add applications if desired. This step is optional.
+    1. On the Add certificates page, add certificates if desired. This step is optional.
+    1. On the Finish page, select **Create**.
+    1. In file explorer, open the VHD to mount the disk image. Determine the drive letter of the mounted image.
+    1. Type the following command at an elevated command prompt. Replace the letter `G` with the drive letter of the mounted image, and enter the project name you used if it's different than the one suggested:
+
+        ```cmd
+        Dism.exe /Image=G:\ /Add-ProvisioningPackage /PackagePath: "Desktop AD Enrollment Pro GVLK.ppkg"
+        ```
+
+    1. Right-click the mounted image in file explorer and select **Eject**.
+
+8. See the instructions at [Upload and create VM from generalized VHD](/azure/virtual-machines/windows/upload-generalized-managed#upload-the-vhd) to sign in to Azure, get your storage account details, upload the VHD, and create a managed image.
 
 ## Azure Active Directory-joined VMs
 
->[!IMPORTANT]
->Azure Active Directory (Azure AD) provisioning packages have a 180 day limit on bulk token usage. You will need to update the provisioning package and re-inject it into the image after 180 days. Existing virtual machines that are Azure AD-joined and deployed will not need to be recreated.
+> [!IMPORTANT]
+> Azure AD provisioning packages have a 180 day limit on bulk token usage. After 180 days, you'll need to update the provisioning package and re-inject it into the image. Existing virtual machines that are Azure AD-joined and deployed won't need to be recreated.
 
-For Azure AD-joined VMs, follow the same instructions (above) as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions:
-- In step 9, during setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it is not for Active Directory-joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**.
-- In step 11, during setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in and add the bulk token using your organization's credentials.
-- In step 15, sub-step 2, when entering the PackagePath, use the project name you entered in step 9 (ex: **Desktop Bulk Enrollment Token Pro GVLK.ppkg**)
-- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure).
+For Azure AD-joined VMs, follow the same instructions as for [Active Directory-joined VMs](#active-directory-joined-vms) with the following exceptions:
+
+- During setup with Windows Configuration Designer, under **Name**, type a name for the project that indicates it isn't for Active Directory-joined VMs, such as **Desktop Bulk Enrollment Token Pro GVLK**.
+- During setup with Windows Configuration Designer, on the Account Management page, instead of enrolling in Active Directory, choose **Enroll in Azure AD**, select **Get Bulk Token**, sign in, and add the bulk token using your organization's credentials.
+- When entering the PackagePath, use the project name you previously entered. For example, **Desktop Bulk Enrollment Token Pro GVLK.ppkg**
+- When attempting to access the VM using remote desktop, you'll need to create a custom RDP settings file as described below in [Create custom RDP settings for Azure](#create-custom-rdp-settings-for-azure).
 
 ## Azure Gallery VMs
 
-1. (Optional) To disable network level authentication, type the following at an elevated command prompt:
+1. (Optional) To disable network level authentication, type the following command at an elevated command prompt:
 
-    ```
+    ```cmd
     REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
     ```
 
-2. At an elevated command prompt, type **sysdm.cpl** and press ENTER.
-3. On the Remote tab, choose **Allow remote connections to this computer** and then click **Select Users**.
-4. Click **Add**, type **Authenticated users**, and then click **OK** three times.
+2. At an elevated command prompt, type `sysdm.cpl` and press ENTER.
+3. On the Remote tab, choose **Allow remote connections to this computer** and then select **Select Users**.
+4. Select **Add**, type **Authenticated users**, and then select **OK** three times.
 5. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-6. Open Windows Configuration Designer and click **Provision desktop services**.
-7. If you must activate Windows 10 Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 8.
-    1. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, click **Finish**, and then on the **Set up device** page enter a device name.
-    2. Under **Enter product key** type the Pro GVLK key: **W269N-WFGWX-YVC9B-4J6C9-T83GX**.
-8. Under **Name**, type **Desktop Bulk Enrollment**, click **Finish**, and then on the **Set up device** page enter a device name.
+6. Open Windows Configuration Designer and select **Provision desktop services**.
+7. If you must activate Windows Pro as described for [scenario 3](#scenario-3), complete the following steps. Otherwise, skip to step 8.
+    1. Under **Name**, type **Desktop Bulk Enrollment Token Pro GVLK**, select **Finish**, and then on the **Set up device** page enter a device name.
+    2. Under **Enter product key** type the Pro GVLK key: `W269N-WFGWX-YVC9B-4J6C9-T83GX`.
+8. Under **Name**, type **Desktop Bulk Enrollment**, select **Finish**, and then on the **Set up device** page enter a device name.
 9. On the Set up network page, choose **Off**.
-10. On the Account Management page, choose **Enroll in Azure AD**, click **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials.
+10. On the Account Management page, choose **Enroll in Azure AD**, select **Get Bulk Token**, sign in, and add the bulk token using your organizations credentials.
 11. On the Add applications page, add applications if desired. This step is optional.
 12. On the Add certificates page, add certificates if desired. This step is optional.
-13. On the Finish page, click **Create**.
-14. Copy the .ppkg file to the remote Virtual machine.  Double click to initiate the provisioning package install.  This will reboot the system.
+13. On the Finish page, select **Create**.
+14. Copy the PPKG file to the remote virtual machine. Open the provisioning package to install it. This process will restart the system.
 
-- When attempting to access the VM using remote desktop, you will need to create a custom RDP settings file as described [below](#create-custom-rdp-settings-for-azure).
+> [!NOTE]
+> When you try to access the VM using remote desktop, you'll need to [create a custom RDP settings file](#create-custom-rdp-settings-for-azure).
 
 ## Create custom RDP settings for Azure
 
-To create custom RDP settings for Azure:
-
 1. Open Remote Desktop Connection and enter the IP address or DNS name for the remote host.
-2. Click **Show Options**, and then under Connection settings click **Save As** and save the RDP file to the location where you will use it.
+2. Select **Show Options**, and then under Connection settings select **Save As**. Save the RDP file to the location where you'll use it.
 3. Close the Remote Desktop Connection window and open Notepad.
-4. Drag the RDP file into the Notepad window to edit it.
+4. Open the RDP file in Notepad to edit it.
 5. Enter or replace the line that specifies authentication level with the following two lines of text:
 
     ```text
     enablecredsspsupport:i:0
     authentication level:i:2
     ```
-6. **enablecredsspsupport** and **authentication level** should each appear only once in the file.
-7. Save your changes, and then use this custom RDP file with your Azure AD credentials to connect to the Azure VM.
 
-## Related topics
+    The values `enablecredsspsupport` and `authentication level` should each appear only once in the file.
 
-[Windows 10/11 Subscription Activation](windows-10-subscription-activation.md)
-<BR>[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
-<BR>[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)
+6. Save your changes, and then use this custom RDP file with your Azure AD credentials to connect to the Azure VM.
+
+## Related articles
+
+[Windows subscription activation](windows-10-subscription-activation.md)
+
+[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
+
+[Whitepaper on licensing the Windows desktop for VDI environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 67df3547c9..969e44b244 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -1,8 +1,8 @@
 ---
-title: Windows 10/11 Subscription Activation
+title: Windows subscription activation
 description: In this article, you'll learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions.
-ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
+ms.technology: itpro-deploy
 ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
@@ -12,239 +12,203 @@ ms.collection:
   - highpri
 search.appverid:
 - MET150
-ms.topic: article
+ms.topic: conceptual
 ms.date: 07/12/2022
 ---
 
-# Windows 10/11 Subscription Activation
+# Windows subscription activation
 
 Applies to:
+
 - Windows 10
 - Windows 11
 
-Windows 10 Pro supports the Subscription Activation feature, enabling users to "step-up" from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they're subscribed to Windows 10/11 Enterprise E3 or E5.
+The subscription activation feature enables you to "step-up" from Windows Pro edition to Enterprise or Education editions. You can use this feature if you're subscribed to Windows Enterprise E3 or E5 licenses. Subscription activation also supports step-up from Windows Pro Education edition to Education edition.
 
-With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
+If you have devices that are licensed for earlier versions of Windows Professional, Microsoft 365 Business Premium provides an upgrade to Windows Pro edition, which is the prerequisite for deploying [Windows Business](/microsoft-365/business-premium/microsoft-365-business-faqs#what-is-windows-10-business).
 
-If you have devices that are licensed for Windows 7, 8, and 8.1 Professional, Microsoft 365 Business Premium provides an upgrade to Windows 10 Pro, which is the prerequisite for deploying [Windows 10 Business](/microsoft-365/business-premium/microsoft-365-business-faqs#what-is-windows-10-business).
+The subscription activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and then rebooting client devices.
 
-The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-premises key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.  
+This article covers the following information:
 
-For more information, see the following articles:
-
-- [Subscription Activation](#subscription-activation-for-windows-1011-enterprise): An introduction to Subscription Activation for Windows 10/11 Enterprise.
-- [Subscription Activation for Education](#subscription-activation-for-windows-1011-enterprise): Information about Subscription Activation for Windows 10/11 Education.
-- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
+- [Subscription activation](#subscription-activation-for-enterprise): An introduction to subscription activation for Windows Enterprise.
+- [Subscription activation for Education](#subscription-activation-for-education): Information about subscription activation for Windows Education.
+- [Inherited activation](#inherited-activation): Allow virtual machines to inherit activation state from their Windows client host.
 - [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
+- [Requirements](#requirements): Prerequisites to use the Windows subscription activation model.
 - [Benefits](#benefits): Advantages of subscription-based licensing.
 - [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): How to enable Windows 10 Subscription Activation for VMs in the cloud.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): How to enable Windows subscription activation for VMs in the cloud.
 
-For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
+For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
-## Subscription Activation for Windows 10/11 Enterprise
+## Subscription activation for Enterprise
 
-Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
+Windows Enterprise E3 and E5 are available as online services via subscription. You can deploy Windows Enterprise in your organization without keys and reboots.
 
- If you're running Windows 10, version 1703 or later:
+- Devices with a current Windows Pro edition license can be seamlessly upgraded to Windows Enterprise.
+- Product key-based Windows Enterprise software licenses can be transitioned to Windows Enterprise subscriptions.
 
-- Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
-- Product key-based Windows 10 Enterprise or Windows 11 Enterprise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
-
-Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
+Organizations that have an enterprise agreement can also benefit from the service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure Active Directory (Azure AD) using [Azure AD Connect Sync](/azure/active-directory/hybrid/how-to-connect-sync-whatis).
 
 > [!NOTE]
-> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. You cannot use Subscription Activation to upgrade from Windows 10 to Windows 11.
+> Subscription activation is available for qualifying devices running Windows 10 or Windows 11. You can't use subscription activation to upgrade from Windows 10 to Windows 11.
 
-## Subscription Activation for Education
+## Subscription activation for Education
 
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
+Subscription activation for Education works the same as the Enterprise edition, but in order to use subscription activation for Education, you must have a device running Windows Pro Education and an active subscription plan with an Enterprise license. For more information, see the [requirements](#windows-education-requirements) section.
 
-## Inherited Activation
+## Inherited activation
 
-Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
+Inherited activation allows Windows virtual machines to inherit activation state from their Windows client host. When a user with a Windows E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10 or Windows 11 host, the VM inherits the activation state from a host machine. This behavior is independent of whether the user signs on with a local account or uses an Azure AD account on a VM.
 
-When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (Azure AD) account on a VM.
-
-To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V.
+To support inherited activation, both the host computer and the VM must be running a supported version of Windows 10 or Windows 11. The hypervisor platform must also be Windows Hyper-V.
 
 ## The evolution of deployment
 
+> [!TIP]
 > The original version of this section can be found at [Changing between Windows SKUs](/archive/blogs/mniehaus/changing-between-windows-skus).
 
 The following list illustrates how deploying Windows client has evolved with each release:
 
-- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.<br>
-- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a "repair upgrade" because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.<br>
-- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.<br>
-- **Windows 10, version 1607** made a large leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.<br>
-- **Windows 10, version 1703** made this "step-up" from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.<br>
-- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.<br>
-- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It's no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.<br>
-- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
-- **Windows 11** updates Subscription Activation to work on both Windows 10 and Windows 11 devices. **Important**: Subscription activation doesn't update a device from Windows 10 to Windows 11. Only the edition is updated.
+- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
+
+- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade. This process was considered a "repair upgrade", because the OS version was the same before and after. This upgrade was a lot easier than wipe-and-load, but it was still time-consuming.
+
+- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This process required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
+
+- **Windows 10, version 1607** made a large leap forward. You could just change the product key and the edition instantly changed from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can inject a key using slmgr.vbs, which injects the key into WMI. It became trivial to do this process using a command line.
+
+- **Windows 10, version 1703** made this "step-up" from Windows 10 Pro to Windows 10 Enterprise automatic for devices that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
+
+- **Windows 10, version 1709** added support for Windows 10 subscription activation, similar to the CSP support but for large enterprises. This feature enabled the use of Azure AD for assigning licenses to users. When users sign in to a device that's joined to Active Directory or Azure AD, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
+
+- **Windows 10, version 1803** updated Windows 10 subscription activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It was no longer necessary to run a script to activate Windows 10 Pro before activating Enterprise. For virtual machines and hosts running Windows 10, version 1803, [inherited activation](#inherited-activation) was also enabled.
+
+- **Windows 10, version 1903** updated Windows 10 subscription activation to enable step up from Windows 10 Pro Education to Windows 10 Education for devices with a qualifying Windows 10 or Microsoft 365 subscription.
+
+- **Windows 11, version 21H2** updated subscription activation to work on both Windows 10 and Windows 11 devices.
+
+    > [!IMPORTANT]
+    > Subscription activation doesn't update a device from Windows 10 to Windows 11. Only the edition is updated.
 
 ## Requirements
 
-### Windows 10/11 Enterprise requirements
+### Windows Enterprise requirements
 
 > [!NOTE]
-> The following requirements do not apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+> The following requirements don't apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only. It supports workgroup, hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure virtual machines](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems).
 
 > [!IMPORTANT]
-> Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
+> Currently, subscription activation is only available on commercial tenants. It's currently not available on US GCC, GCC High, or DoD tenants.
 
 For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following requirements:
 
-- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. Windows 11 is considered a "later" version in this context.
-- Azure Active Directory (Azure AD) available for identity management.
-- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported.
+- A supported version of Windows Pro or Enterprise edition installed on the devices to be upgraded.
+- Azure AD available for identity management.
+- Devices must be Azure AD-joined or hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported.
 
-For Microsoft customers that don't have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10/11 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10/11 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
+For Microsoft customers that don't have EA or MPSA, you can get Windows Enterprise E3/E5 or A3/A5 licenses through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses. For more information about getting Windows Enterprise E3 through your CSP, see [Windows Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
 
-If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
+### Windows Education requirements
 
-#### Multifactor authentication
-
-An issue has been identified with Hybrid Azure AD-joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device won't successfully upgrade to their Windows Enterprise subscription.
-
-To resolve this issue:
-
-If the device is running Windows 10, version 1809 or later:
-
-- Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
-
-- When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there's a problem. Select the notification and then select **Fix now** to step through the subscription activation process. See the example below:
-
-   ![Subscription Activation with MFA example 1.](images/sa-mfa1.png)<br>
-
-   ![Subscription Activation with MFA example 2.](images/sa-mfa2.png)<br>
-
-   ![Subscription Activation with MFA example 3.](images/sa-mfa3.png)
-
-Organizations that use Azure Active Directory Conditional Access may want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f from their all users all cloud apps MFA policy to avoid this issue.
-
-> [!NOTE]
-> The above recommendation also applies to Azure AD joined devices.
-
-### Windows 10/11 Education requirements
-
-- Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
-- A device with a Windows 10 Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**.
-- The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
-- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported.
+- A supported version of Windows Pro Education installed on the devices to be upgraded.
+- A device with a Windows Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**.
+- The Education tenant must have an active subscription to Microsoft 365 with a Windows Enterprise license, or a Windows Enterprise or Education subscription.
+- Devices must be Azure AD-joined or hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices aren't supported.
 
 > [!IMPORTANT]
 > If Windows 10 Pro is converted to Windows 10 Pro Education by [using benefits available in Store for Education](/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition.
 
-
 ## Benefits
 
-With Windows 10/11 Enterprise or Windows 10/11 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10/11 Education or Windows 10/11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it's available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
+With Windows Enterprise or Education editions, your organization can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Education or Enterprise editions to their users. With Windows Enterprise E3/E5 or A3/A5 being available as an online service, it's available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows features.
+
+To compare Windows 10 editions and review pricing, see the following sites:
 
 - [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
-- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing)
+- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing)
 
 You can benefit by moving to Windows as an online service in the following ways:
 
-- Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
+- Licenses for Windows Enterprise and Education are checked based on Azure AD credentials. You have a systematic way to assign licenses to end users and groups in your organization.
 
 - User sign-in triggers a silent edition upgrade, with no reboot required.
 
-- Support for mobile worker/BYOD activation; transition away from on-premises KMS and MAK keys.
+- Support for mobile worker and "bring your own device" (BYOD) activation. This support transitions away from on-premises KMS and MAK keys.
 
 - Compliance support via seat assignment.
 
-- Licenses can be updated to different users dynamically, enabling you to optimize your licensing investment against changing needs.
+- Licenses can be updated to different users dynamically, which allows you to optimize your licensing investment against changing needs.
 
 ## How it works
 
 > [!NOTE]
-> The following Windows 10 examples and scenarios also apply to Windows 11.
+> The following examples use Windows 10 Pro to Enterprise edition. The examples also apply to Windows 11, and Education editions.
 
-The device is Azure Active Directory-joined from **Settings > Accounts > Access work or school**.
+The device is Azure AD-joined from **Settings > Accounts > Access work or school**.
 
-The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
+You assign Windows 10 Enterprise to a user:
 
-![Windows 10 Enterprise.](images/ent.png)
+![A screenshot of assigning a Windows 10 Enterprise license in the Microsoft 365 admin center.](images/ent.png)
 
-When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user's subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires.
-
-Devices running Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education General Availability Channel on up to five devices for each user covered by the license. This benefit doesn't include Long Term Servicing Channel.
-
-The following figures summarize how the Subscription Activation model works:
-
-Before Windows 10, version 1903:<br>
-![1703.](images/before.png)
-
-After Windows 10, version 1903:<br>
-![1903.](images/after.png)
+When a licensed user signs in to a device that meets requirements using their Azure AD credentials, Windows steps up from Pro edition to Enterprise. Then all of the Enterprise features are unlocked. When a user's subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro edition, once the current subscription validity expires.
 
 > [!NOTE]
-> 
-> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when "Windows 10 Enterprise" license is assigned from M365 Admin center (as of May 2019).
-> 
-> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when "Windows 10 Enterprise" license is assigned from M365 Admin center (as of May 2019).
+> Devices running a supported version of Windows 10 Pro Education can get Windows 10 Enterprise or Education general availability channel on up to five devices for each user covered by the license. This benefit doesn't include the long term servicing channel.
+
+The following figure summarizes how the subscription activation model works:
+
+![Diagram of subscription activation.](images/after.png)
+
+> [!NOTE]
+>
+> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
+>
+> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
 
 ### Scenarios
 
 #### Scenario #1
 
-You're using Windows 10, version 1803 or above, and purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven't yet deployed Windows 10 Enterprise).
+You're using a supported version of Windows 10. You purchased Windows 10 Enterprise E3 or E5 subscriptions, or you've had an E3 or E5 subscription for a while but haven't yet deployed Windows 10 Enterprise.
 
-All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device.
+All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise. When a subscription activation-enabled user signs in, devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to subscription activated Enterprise edition.
 
 #### Scenario #2
 
-Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts.  The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in.
+You're using Azure AD-joined devices or Active Directory-joined devices running a supported version of Windows 10. You configured Azure AD synchronization. You follow the steps in [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md) to get a $0 SKU, and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. You then assign that license to all of your Azure AD users, which can be Active Directory-synced accounts. When that user signs in, the device will automatically change from Windows 10 Pro to Windows 10 Enterprise.
 
-In summary, if you have a Windows 10 Enterprise E3 or E5 subscription, but are still running Windows 10 Pro, it's simple (and quick) to move to Windows 10 Enterprise using one of the scenarios above.
+#### Earlier versions of Windows
 
-If you're running Windows 7, it can be more work.  A wipe-and-load approach works, but it's likely to be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise. This path is supported, and completes the move in one step.  This method also works if you're running Windows 8.1 Pro.
+If devices are running Windows 7, more steps are required. A wipe-and-load approach still works, but it can be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise edition. This path is supported, and completes the move in one step. This method also works for devices with Windows 8.1 Pro.
 
 ### Licenses
 
 The following policies apply to acquisition and renewal of licenses on devices:
-- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
-- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
-- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user hasn't logged in the longest will revert to Windows 10/11 Pro or Windows 10/11 Pro Education.
+
+- Devices that have been upgraded will attempt to renew licenses about every 30 days. They must be connected to the internet to successfully acquire or renew a license.
+
+- If a device is disconnected from the internet, until its current subscription expires Windows will revert to Pro or Pro Education. As soon as the device is connected to the internet again, the license will automatically renew.
+
+- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, on the computer to which a user hasn't logged for the longest time, Windows will revert to Pro or Pro Education.
+
 - If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
 
 Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
 
-When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](/azure/active-directory/active-directory-licensing-whatis-azure-portal).
+When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal).
 
 ### Existing Enterprise deployments
 
-If you're running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10/11 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
+If you're running a supported version of Windows 10 or Windows 11, subscription activation will automatically pull the firmware-embedded Windows activation key and activate the underlying Pro license. The license will then step-up to Enterprise using subscription activation. This behavior automatically migrates your devices from KMS or MAK activated Enterprise to subscription activated Enterprise.
 
-Subscription Activation doesn't remove the need to activate the underlying operating system, this is still a requirement for running a genuine installation of Windows.
+Subscription activation doesn't remove the need to activate the underlying OS. This requirement still exists for running a genuine installation of Windows.
 
 > [!CAUTION]
-> Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience).
+> Firmware-embedded Windows activation happens automatically only during Windows Setup out of box experience (OOBE).
 
-If you're using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
-
-If the computer has never been activated with a Pro key, run the following script. Copy the text below into a `.cmd` file, and run the file from an elevated command prompt:
-
-```console
-@echo off
-FOR /F "skip=1" %%A IN ('wmic path SoftwareLicensingService get OA3xOriginalProductKey') DO  (
-SET "ProductKey=%%A"
-goto InstallKey
-)
-
-:InstallKey
-IF [%ProductKey%]==[] (
-echo No key present
-) ELSE (
-echo Installing %ProductKey%
-changepk.exe /ProductKey %ProductKey%
-)
-```
-
-Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, you can use the following Windows PowerShell script instead:
+If the computer has never been activated with a Pro key, use the following script from an elevated PowerShell console:
 
 ```powershell
 $(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;changepk.exe /Productkey $_ } else { Write-Host "No key present" } }
@@ -252,17 +216,17 @@ $(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if (
 
 ### Obtaining an Azure AD license
 
-Enterprise Agreement/Software Assurance (EA/SA):
+If your organization has an Enterprise Agreement (EA) or Software Assurance (SA):
 
-- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](./deploy-enterprise-licenses.md#enabling-subscription-activation-with-an-existing-ea).
+- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD. Ideally, you assign the licenses to groups using the Azure AD Premium feature for group assignment. For more information, see [Enable subscription activation with an existing EA](./deploy-enterprise-licenses.md#enabling-subscription-activation-with-an-existing-ea).
 
-- The license administrator can assign seats to Azure AD users with the same process that is used for O365.
+- The license administrator can assign seats to Azure AD users with the same process that's used for Microsoft 365 Apps.
 
 - New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription.
 
-Microsoft Products & Services Agreements (MPSA):
+If your organization has a Microsoft Products & Services Agreement (MPSA):
 
-- Organizations with MPSA are automatically emailed the details of the new service. They must take steps to process the instructions.
+- New customers are automatically emailed the details of the service. Take steps to process the instructions.
 
 - Existing MPSA customers will receive service activation emails that allow their customer administrator to assign users to the service.
 
@@ -270,16 +234,18 @@ Microsoft Products & Services Agreements (MPSA):
 
 ### Deploying licenses
 
-See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
+For more information, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
 ## Virtual Desktop Access (VDA)
 
-Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Microsoft Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).<!-- this URL require the locale :( -->
+Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Microsoft Azure or in another [qualified multitenant hoster (QMTH)](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf).
 
 Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
 
-## Related articles
+## Related sites
 
-[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)<br>
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<br>
-[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)<br>
+Connect domain-joined devices to Azure AD for Windows experiences. For more information, see [Plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan)
+
+[Compare Windows editions](https://www.microsoft.com/windows/business/compare-windows-11)
+
+[Windows for business](https://www.microsoft.com/windows/business)
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index ede51bee83..a8ae09138a 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,6 +1,6 @@
 ---
 title: Device registration overview
-description:  This article provides and overview on how to register devices in Autopatch
+description:  This article provides an overview on how to register devices in Autopatch
 ms.date: 09/07/2022
 ms.prod: w11
 ms.technology: windows
@@ -44,7 +44,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
 | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
 | **Step 2: Add devices** | IT admin adds devices through direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group. |
 | **Step 3: Discover devices** | The Windows Autopatch Discover Devices function hourly discovers devices previously added by the IT admin into the **Windows Autopatch Device Registration** Azure AD assigned group in **step #2**. The Azure AD device ID is used by Windows Autopatch to query device attributes in both Microsoft Endpoint Manager-Intune and Azure AD when registering devices into its service.<ol><li>Once devices are discovered from the Azure AD group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Azure AD in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.</li></ol> |
-| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**Serial number, model, and manufacturer.**</li><ol><li>Checks if the serial number already exists in the Windows Autopatch’s managed device database.</li></ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.</li><li>A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the Azure AD device ID has an Intune device ID associated with it.</li><ol><li>**If yes**, it means this device is enrolled into Intune.</li><li>**If not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
+| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**Serial number, model, and manufacturer.**</li><ol><li>Checks if the serial number already exists in the Windows Autopatch’s managed device database.</li></ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.</li><li>A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
 | **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
 | **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to one of the following deployment ring groups:<ol><li>**Modern Workplace Devices-Windows Autopatch-First**</li><ol><li>The Windows Autopatch device registration process doesn’t automatically assign devices to the Test ring represented by the Azure AD group (Modern Workplace Devices-Windows Autopatch-Test). It’s important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ol><li>**Modern Workplace Devices-Windows Autopatch-Fast**</li><li>**Modern Workplace Devices-Windows Autopatch-Broad**</li></ol> |
 | **Step 7: Assign devices to an Azure AD group** | Windows Autopatch also assigns devices to the following Azure AD groups when certain conditions apply:<ol><li>**Modern Workplace Devices - All**</li><ol><li>This group has all devices managed by Windows Autopatch.</li></ol><li>When registering **Windows 10 devices**, use **Modern Workplace Devices Dynamic - Windows 10**</li><ol><li>This group has all devices managed by Windows Autopatch and that have Windows 10 installed.</li></ol><li>When registering **Windows 11 devices**, use **Modern Workplace Devices Dynamic - Windows 11**</li><ol><li>This group has all devices managed by Windows Autopatch and that have Windows 11 installed.</li></ol><li>When registering **virtual devices**, use **Modern Workplace Devices - Virtual Machine**</li><ol><li>This group has all virtual devices managed by Windows Autopatch.</li></ol> |
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 0ab881bf82..df7c2b8966 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -71,6 +71,9 @@ sections:
       - question: Can I run Autopatch on my Windows 365 Business Workloads?
         answer: |
           No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
+      - question: Can you change the policies and configurations created by Windows Autopatch?
+        answer: |
+          No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
   - name: Update Management
     questions: 
       - question: What systems does Windows Autopatch update?
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 9acf3787ce..63ab9a4a86 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -159,7 +159,7 @@
        items:
        - name: Personal Data Encryption (PDE) overview
          href: information-protection/personal-data-encryption/overview-pde.md
-       - name: Personal Data Encryption (PDE) (FAQ)
+       - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
          href: information-protection/personal-data-encryption/faq-pde.yml
        - name: Configure Personal Data Encryption (PDE) in Intune
          href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index d057f242cd..c2527f8e0d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -15,6 +15,7 @@ manager: aaroncz
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
+- ✅ <b>Windows Holographic for Business</b>
 ---
 
 # Windows Hello biometrics in the enterprise
@@ -27,61 +28,71 @@ Windows Hello is the biometric authentication feature that helps strengthen auth
 Because we realize your employees are going to want to use this new technology in your enterprise, we've been actively working with the device manufacturers to create strict design and performance recommendations that help to ensure that you can more confidently introduce Windows Hello biometrics into your organization.
 
 ## How does Windows Hello work?
-Windows Hello lets your employees use fingerprint or facial recognition as an alternative method to unlocking a device. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello credentials.
+
+Windows Hello lets your employees use fingerprint, facial recognition, or iris recognition as an alternative method to unlocking a device. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello credentials.
 
 The Windows Hello authenticator works to authenticate and allow employees onto your enterprise network. Authentication doesn't roam among devices, isn't shared with a server, and can't easily be extracted from a device. If multiple employees share a device, each employee will use his or her own biometric data on the device.
 
 ## Why should I let my employees use Windows Hello?
+
 Windows Hello provides many benefits, including:
 
--   It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.
+- It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.
 
--   Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords!
+- Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords!
 
--   Support for Windows Hello is built into the operating system so you can add additional biometric devices and polices as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.<br>For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic.
+- Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.<br>For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic.
 
 ## Where is Windows Hello data stored?
+
 The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.
 
 > [!NOTE]
 >Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
 
 ## Has Microsoft set any device requirements for Windows Hello?
+
 We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements:
 
--   **False Accept Rate (FAR).** Represents the instance a biometric identification solution verifies an unauthorized person. This is normally represented as a ratio of number of instances in a given population size, for example 1 in 100 000. This can also be represented as a percentage of occurrence, for example, 0.001%. This measurement is heavily considered the most important with regard to the security of the biometric algorithm.
+- **False Accept Rate (FAR).** Represents the instance a biometric identification solution verifies an unauthorized person. This is normally represented as a ratio of number of instances in a given population size, for example 1 in 100 000. This can also be represented as a percentage of occurrence, for example, 0.001%. This measurement is heavily considered the most important with regard to the security of the biometric algorithm.
 
--   **False Reject Rate (FRR).** Represents the instances a biometric identification solution fails to verify an authorized person correctly. Usually represented as a percentage, the sum of the True Accept Rate and False Reject Rate is 1. Can be with or without anti-spoofing or liveness detection.
+- **False Reject Rate (FRR).** Represents the instances a biometric identification solution fails to verify an authorized person correctly. Usually represented as a percentage, the sum of the True Accept Rate and False Reject Rate is 1. Can be with or without anti-spoofing or liveness detection.
 
 ### Fingerprint sensor requirements
-To allow fingerprint matching, you must have devices with fingerprint sensors and software. Fingerprint sensors, or sensors that use an employee's unique fingerprint as an alternative log on option, can be touch sensors (large area or small area) or swipe sensors. Each type of sensor has its own set of detailed requirements that must be implemented by the manufacturer, but all of the sensors must include anti-spoofing measures (required).
+
+To allow fingerprint matching, you must have devices with fingerprint sensors and software. Fingerprint sensors, or sensors that use an employee's unique fingerprint as an alternative logon option, can be touch sensors (large area or small area) or swipe sensors. Each type of sensor has its own set of detailed requirements that must be implemented by the manufacturer, but all of the sensors must include anti-spoofing measures (required).
 
 **Acceptable performance range for small to large size touch sensors**
 
--   False Accept Rate (FAR): &lt;0.001 – 0.002%
+- False Accept Rate (FAR): &lt;0.001 – 0.002%
 
--   Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
+- Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
 
 **Acceptable performance range for swipe sensors**
 
--   False Accept Rate (FAR): &lt;0.002%
+- False Accept Rate (FAR): &lt;0.002%
 
--   Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
+- Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
 
 ### Facial recognition sensors
+
 To allow facial recognition, you must have devices with integrated special infrared (IR) sensors and software. Facial recognition sensors use special cameras that see in IR light, letting them tell the difference between a photo and a living person while scanning an employee's facial features. These sensors, like the fingerprint sensors, must also include anti-spoofing measures (required) and a way to configure them (optional).
 
--   False Accept Rate (FAR): &lt;0.001%
+- False Accept Rate (FAR): &lt;0.001%
 
--   False Reject Rate (FRR) without Anti-spoofing or liveness detection: &lt;5%
+- False Reject Rate (FRR) without Anti-spoofing or liveness detection: &lt;5%
 
--   Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
+- Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
 
 > [!NOTE]
 >Windows Hello face authentication does not currently support wearing a mask during enrollment or authentication. Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock your device. The product group is aware of this behavior and is investigating this topic further. Please remove a mask if you are wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, please consider unenrolling from face authentication and only using PIN or fingerprint.
 
+### Iris recognition sensor requirements
+
+To use Iris authentication, you’ll need a [HoloLens 2 device](/hololens/). All HoloLens 2 editions are equipped with the same sensors. Iris is implemented the same way as other Windows Hello technologies and achieves biometrics security FAR of 1/100K.
 
 ## Related topics
+
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
@@ -90,12 +101,3 @@ To allow facial recognition, you must have devices with integrated special infra
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index da2c3ed436..7e64879acd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -253,8 +253,8 @@ Windows Hello for Business cloud Kerberos trust looks for a writeable DC to exch
 ### Do I need line of sight to a domain controller to use Windows Hello for Business cloud Kerberos trust?
 
 Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller for some scenarios:
-- The first sign-in or unlock with Windows Hello for Business after provisioning on a Hybrid Azure AD joined device
-- When attempting to access an on-premises resource from an Azure AD joined device
+- The first sign-in or unlock with Windows Hello for Business after provisioning
+- When attempting to access an on-premises resource from a Hybrid Azure AD joined device
 
 ### Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust?
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 1981ba37e3..6efd13da5a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -14,6 +14,7 @@ localizationpriority: medium
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
+- ✅ <b>Windows Holographic for Business</b>
 ---
 # Windows Hello for Business Overview
 
@@ -46,6 +47,7 @@ As an administrator in an enterprise or educational organization, you can create
 
 - **Facial recognition**. This type of biometric recognition uses special cameras that see in IR light, which allows them to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major laptop manufacturers are incorporating it into their devices, as well.
 - **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is more reliable and less error-prone. Most existing fingerprint readers work with Windows 10 and Windows 11, whether they're external or integrated into laptops or USB keyboards.
+- **Iris Recognition**. This type of biometric recognition uses cameras to perform scan of your iris. HoloLens 2 is the first Microsoft device to introduce an Iris scanner. These iris scanners are the same across all HoloLens 2 devices.
 
 Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn't roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there's no single collection point an attacker can compromise to steal biometric data. For more information about biometric authentication with Windows Hello for Business, see [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md).
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 7c87a7eecd..50d55f1b6b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -1,12 +1,13 @@
 ---
-title: BitLocker recovery guide (Windows 10)
-description: This article for IT professionals describes how to recover BitLocker keys from AD DS.
-ms.reviewer:
-ms.prod: m365-security
+title: BitLocker recovery guide
+description: This article for IT professionals describes how to recover BitLocker keys from Active Directory Domain Services (AD DS).
+ms.prod: windows-client
+ms.technology: itpro-security
 ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: frankroj
+ms.author: frankroj
+ms.reviewer: rafals
+manager: aaroncz
 ms.collection:
   - M365-security-compliance
   - highpri
@@ -21,11 +22,11 @@ ms.custom: bitlocker
 
 - Windows 10
 - Windows 11
-- Windows Server 2016 and above
+- Windows Server 2016 and later
 
-This article for IT professionals describes how to recover BitLocker keys from AD DS.
+This article for IT professionals describes how to recover BitLocker keys from Active Directory Domain Services (AD DS).
 
-Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended.
+Organizations can use BitLocker recovery information saved in AD DS to access BitLocker-protected data. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended.
 
 This article assumes that you understand how to set up AD DS to back up BitLocker recovery information automatically, and what types of recovery information are saved to AD DS.
 
@@ -45,7 +46,7 @@ BitLocker recovery is the process by which you can restore access to a BitLocker
 
 The following list provides examples of specific events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive:
 
-- On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md) only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality, administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor. Or they can use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](/Exchange/clients/exchange-activesync/exchange-activesync) (also configurable through [Microsoft Intune](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/microsoft-intune)), to limit the number of failed password attempts before the device goes into Device Lockout.
+- On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md) only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality, administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor. Or they can use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](/Exchange/clients/exchange-activesync/exchange-activesync) (also configurable through [Microsoft Intune](/mem/intune)), to limit the number of failed password attempts before the device goes into Device Lockout.
 - On devices with TPM 1.2, changing the BIOS or firmware boot device order causes BitLocker recovery. However, devices with TPM 2.0 do not start BitLocker recovery in this case. TPM 2.0 does not consider a firmware change of boot device order as a security threat because the OS Boot Loader is not compromised.
 - Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD.
 - Failing to boot from a network drive before booting from the hard drive.
@@ -280,8 +281,16 @@ This error might occur if you updated the firmware. As a best practice, you shou
 
 ## Windows RE and BitLocker Device Encryption
 
-Windows Recovery Environment (RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair can't run automatically from the PC and instead Windows RE is manually started from a repair disk, then the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
+Windows Recovery Environment (Windows RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair can't run automatically from the PC and instead Windows RE is manually started from a repair disk, then the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
 
+Windows RE will also ask for your BitLocker recovery key when you start a "Remove everything" reset from Windows RE on a device that uses the "TPM + PIN" or "Password for OS drive" protector. If you start BitLocker recovery on a keyboardless device with TPM-only protection, Windows RE, not the boot manager, will ask for the BitLocker recovery key. After you enter the key, you can access Windows RE troubleshooting tools or start Windows normally.
+
+The BitLocker recovery screen that's shown by Windows RE has the accessibility tools like narrator and on-screen keyboard to help you enter your BitLocker recovery key. If the BitLocker recovery key is requested by the Windows boot manager, those tools might not be available.
+
+To activate the narrator during BitLocker recovery in Windows RE, press **Windows** + **CTRL** + **Enter**.
+To activate the on-screen keyboard, tap on a text input control.
+
+:::image type="content" source="images/bl-narrator.png" alt-text="A screenshot of the BitLocker recovery screen showing Narrator activated.":::
 
 ## BitLocker recovery screen
 
diff --git a/windows/security/information-protection/bitlocker/images/bl-narrator.png b/windows/security/information-protection/bitlocker/images/bl-narrator.png
new file mode 100644
index 0000000000..223d0bc3b6
Binary files /dev/null and b/windows/security/information-protection/bitlocker/images/bl-narrator.png differ
diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/information-protection/personal-data-encryption/faq-pde.yml
index 49b38650ce..744161659e 100644
--- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml
+++ b/windows/security/information-protection/personal-data-encryption/faq-pde.yml
@@ -30,25 +30,25 @@ sections:
 
       - question: Can an IT admin specify which files should be encrypted?
         answer: |
-          Yes, but it can only be done using the PDE APIs.
+          Yes, but it can only be done using the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
 
       - question: Do I need to use OneDrive as my backup provider?
         answer: |
-          No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the encryption keys used by PDE are lost. OneDrive is a recommended backup provider.
+          No. PDE doesn't have a requirement for a backup provider including OneDrive. However, backups are strongly recommended in case the keys used by PDE to decrypt files are lost. OneDrive is a recommended backup provider.
 
       - question: What is the relation between Windows Hello for Business and PDE?
         answer: |
-          Windows Hello for Business unlocks PDE encryption keys during user sign on.
+          During user sign-on, Windows Hello for Business unlocks the keys that PDE uses to decrypt files.
 
       - question: Can a file be encrypted with both PDE and EFS at the same time?
         answer: |
           No. PDE and EFS are mutually exclusive.
 
-      - question: Can a PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)?
+      - question: Can PDE encrypted files be accessed after signing on via a Remote Desktop connection (RDP)?
         answer: |
           No. Accessing PDE encrypted files over RDP isn't currently supported.
 
-      - question: Can a PDE encrypted files be access via a network share?
+      - question: Can PDE encrypted files be access via a network share?
         answer: |
           No. PDE encrypted files can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
 
@@ -62,11 +62,11 @@ sections:
 
       - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE encrypted files?
         answer: |
-          No. PDE encryption keys are protected Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
+          No. The keys used by PDE to decrypt files are protected by Windows Hello for Business credentials and will only be unlocked when signing on with Windows Hello for Business PIN or biometrics.
 
       - question: What encryption method and strength does PDE use?
         answer: |
-          PDE uses AES-256 to encrypt files
+          PDE uses AES-CBC with a 256-bit key to encrypt files
 
 additionalContent: |
   ## See also
diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md
index 90896a5bd7..fb78dc475b 100644
--- a/windows/security/information-protection/personal-data-encryption/overview-pde.md
+++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md
@@ -1,6 +1,6 @@
 ---
 title: Personal Data Encryption (PDE)
-description: Personal Data Encryption unlocks user encrypted files at user sign in instead of at boot.
+description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
 
 author: frankroj
 ms.author: frankroj
@@ -40,19 +40,19 @@ ms.date: 09/22/2022
   - [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
     - Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to supplement BitLocker and not replace it.
   - Backup solution such as [OneDrive](/onedrive/onedrive)
-    - In certain scenarios such as TPM resets or destructive PIN resets, the PDE encryption keys can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.
+    - In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to decrypt files can be lost. In such scenarios, any file encrypted with PDE will no longer be accessible. The only way to recover such files would be from backup.
   - [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
-    - Destructive PIN resets will cause PDE encryption keys to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
+    - Destructive PIN resets will cause keys used by PDE to decrypt files to be lost. The destructive PIN reset will make any file encrypted with PDE no longer accessible after a destructive PIN reset. Files encrypted with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
   - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
     - Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
   - [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump)
-    - Crash dumps can potentially cause the PDE encryption keys to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
+    - Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps).
   - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
-    - Hibernation files can potentially cause the PDE encryption keys to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
+    - Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation).
 
 ## PDE protection levels
 
-PDE uses AES-256 to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the PDE APIs.
+PDE uses AES-CBC with a 256-bit key to encrypt files and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
 
 | Item | Level 1 | Level 2 |
 |---|---|---|
@@ -94,15 +94,15 @@ For information on enabling PDE via Intune, see [Enable Personal Data Encryption
 
 | Item | PDE | BitLocker |
 |--|--|--|
-| Release of encryption keys | At user sign in via Windows Hello for Business | At boot |
-| Encryption keys discarded | At user sign out | At reboot |
+| Release of key | At user sign-in via Windows Hello for Business | At boot |
+| Keys discarded | At user sign-out | At reboot |
 | Files encrypted | Individual specified files | Entire volume/drive |
 | Authentication to access encrypted file | Windows Hello for Business | When BitLocker with PIN is enabled, BitLocker PIN plus Windows sign in |
 | Accessibility | Windows Hello for Business is accessibility friendly | BitLocker with PIN doesn't have accessibility features |
 
 ## Differences between PDE and EFS
 
-The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the encryption keys that encrypts the files. EFS uses certificates to secure and encrypt the files.
+The main difference between encrypting files with PDE instead of EFS is the method they use to encrypt the file. PDE uses Windows Hello for Business to secure the keys to decrypt the files. EFS uses certificates to secure and encrypt the files.
 
 To see if a file is encrypted with PDE or EFS:
 
@@ -118,9 +118,7 @@ Encryption information including what encryption method is being used can be obt
 
 ## Disable PDE and decrypt files
 
-Currently there's no method to disable PDE via MDM policy. However, PDE can be disabled locally and files can be decrypted using `cipher.exe`.
-
-In certain scenarios a user may be able to manually decrypt a file using the following steps:
+Currently there's no method to disable PDE via MDM policy. However, in certain scenarios PDE encrypted files can be decrypted using `cipher.exe` using the following steps:
 
 1. Open the properties of the file
 2. Under the **General** tab, select **Advanced...**
@@ -139,4 +137,4 @@ Certain Windows applications support PDE out of the box. If PDE is enabled on a
 
 ## See also
 - [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
-- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
\ No newline at end of file
+- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
index dc0cc09dcd..b96b652981 100644
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@@ -19,7 +19,7 @@ appliesto:
 
 Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.
 
-Microsoft Pluton is currently available on devices with Ryzen 7000 and Qualcomm Snapdragon® 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
+Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2.
 
 ## What is Microsoft Pluton?
 
diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/information-protection/pluton/pluton-as-tpm.md
index ac2cad6ed7..121337c071 100644
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/information-protection/pluton/pluton-as-tpm.md
@@ -33,7 +33,7 @@ Pluton is integrated within the SoC subsystem, and provides a flexible, updatabl
 
 ## Enable Microsoft Pluton as TPM
 
-Devices with Ryzen 7000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
+Devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
 
 UEFI setup options differ from product to product, visit the product website and check for guidance to enable Pluton as TPM.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index d9221e9bca..382528bfa0 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -56,15 +56,15 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 
 |Name|Supported versions|Description|Options|
 |-----------|------------------|-----------|-------|
-|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** This is effective only in managed mode. Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
-|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the print functionality.|**Enabled.** This is effective only in managed mode. Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
-|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
-|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher<p>Windows 11|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** This is effective only in managed mode. Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
-|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
-|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
-|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates aren't shared with Microsoft Defender Application Guard.|
-|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** Event logs aren't collected from your Application Guard container.|
+|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** This is effective only in managed mode. Turns on the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns off the clipboard functionality for Application Guard.|
+|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** This is effective only in managed mode. Turns on the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
+|Allow Persistence|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
+|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
+|Allow files to download to host operating system|Windows 10 Enterprise or Pro, 1803 or higher<p>Windows 11 Enterprise or Pro|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** This is effective only in managed mode. Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
+|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<p>Windows 11 Enterprise|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
+|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
+|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise or Pro, 1809 or higher<p>Windows 11 Enterprise or Pro|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates aren't shared with Microsoft Defender Application Guard.|
+|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** Event logs aren't collected from your Application Guard container.|
  
 ## Application Guard support dialog settings
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index d5400d4de7..d8461e69f2 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -1,18 +1,15 @@
 ---
-title: Testing scenarios with Microsoft Defender Application Guard (Windows 10 or Windows 11)
+title: Testing scenarios with Microsoft Defender Application Guard
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
-ms.prod: m365-security
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
+ms.prod: windows-client
+ms.technology: itpro-security
 ms.localizationpriority: medium
-author: denisebmsft
-ms.author: deniseb
-ms.reviewer: 
-manager: dansimp
-ms.date: 03/14/2022
+author: vinaypamnani-msft
+ms.author: vinpa
+ms.reviewer: sazankha
+manager: aaroncz
+ms.date: 09/23/2022
 ms.custom: asr
-ms.technology: windows-sec
 ---
 
 # Application Guard testing scenarios
@@ -59,7 +56,7 @@ Before you can use Application Guard in managed mode, you must install Windows 1
 
 3. Set up the Network Isolation settings in Group Policy:
 
-   a.  Click on the **Windows** icon, type `Group Policy`, and then click **Edit Group Policy**.
+   a.  Select the **Windows** icon, type `Group Policy`, and then select **Edit Group Policy**.
 
    b.  Go to the **Administrative Templates\Network\Network Isolation\Enterprise resource domains hosted in the cloud** setting.
 
@@ -75,7 +72,7 @@ Before you can use Application Guard in managed mode, you must install Windows 1
 
 4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Managed Mode** setting.
 
-5. Click **Enabled**, choose Option **1**, and click **OK**.
+5. Select **Enabled**, choose Option **1**, and select **OK**.
 
    ![Group Policy editor with Turn On/Off setting.](images/appguard-gp-turn-on.png)
 
@@ -110,15 +107,14 @@ You have the option to change each of these settings to work with your enterpris
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
-- Windows 10 Professional edition, version 1803
-- Windows 11
+- Windows 10 Enterprise or Pro editions, version 1803 or later
+- Windows 11 Enterprise or Pro editions
 
 #### Copy and paste options
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Configure Microsoft Defender Application Guard clipboard settings**.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and select **OK**.
 
     ![Group Policy editor clipboard options.](images/appguard-gp-clipboard.png)
 
@@ -138,25 +134,25 @@ You have the option to change each of these settings to work with your enterpris
 
     - Both text and images can be copied between the host PC and the isolated container.
 
-5. Click **OK**.
+5. Select **OK**.
 
 #### Print options
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Configure Microsoft Defender Application Guard print** settings.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and select **OK**.
 
     ![Group Policy editor Print options.](images/appguard-gp-print.png)
 
 3. Based on the list provided in the setting, choose the number that best represents what type of printing should be available to your employees. You can allow any combination of local, network, PDF, and XPS printing.
 
-4. Click **OK**.
+4. Select **OK**.
 
 #### Data persistence options
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow data persistence for Microsoft Defender Application Guard** setting.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and select **OK**.
 
     ![Group Policy editor Data Persistence options.](images/appguard-gp-persistence.png)
 
@@ -166,32 +162,33 @@ You have the option to change each of these settings to work with your enterpris
 
 4. Add the site to your **Favorites** list and then close the isolated session.
 
-5. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+5. Sign out and back in to your device, opening Microsoft Edge in Application Guard again.
 
     The previously added site should still appear in your **Favorites** list.
 
     > [!NOTE]
-    > If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10 and Windows 11.
+    > Starting with Windows 11, version 22H2, data persistence is disabled by default. If you don't allow or turn off data persistence, restarting a device or signing in and out of the isolated container triggers a recycle event. This action discards all generated data, such as session cookies and Favorites, and removes the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10 and Windows 11.
     >
     > If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
     > <!--- Inline HTML is used on the next several lines so that the ordinal numbers will be rendered correctly; Markdown would otherwise try to render them as letters (a, b, c...) because they would be treated as a nested list --->
     > **To reset the container, follow these steps:**<br/>1. Open a command-line program and navigate to Windows/System32.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
+    >
+    > _Microsoft Edge version 90 or later no longer supports `RESET_PERSISTENCE_LAYER`._
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1803
-- Windows 10 Professional edition, version 1803
-- Windows 11
+- Windows 10 Enterprise or Pro editions, version 1803
+- Windows 11 Enterprise or Pro editions, version 21H2. Data persistence is disabled by default in Windows 11, version 22H2 and later.
 
 #### Download options
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow files to download and save to the host operating system from Microsoft Defender Application Guard** setting.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and select **OK**.
 
     ![Group Policy editor Download options.](images/appguard-gp-download.png)
 
-3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+3. Sign out and back in to your device, opening Microsoft Edge in Application Guard again.
 
 4. Download a file from Microsoft Defender Application Guard.
 
@@ -201,7 +198,7 @@ You have the option to change each of these settings to work with your enterpris
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow hardware-accelerated rendering for Microsoft Defender Application Guard** setting.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and Select **OK**.
 
     ![Group Policy editor hardware acceleration options.](images/appguard-gp-vgpu.png)
 
@@ -209,21 +206,15 @@ You have the option to change each of these settings to work with your enterpris
 
 4. Assess the visual experience and battery performance.
 
-**Applies to:**
-
-- Windows 10 Enterprise edition, version 1809
-- Windows 10 Professional edition, version 1809
-- Windows 11
-
 #### Camera and microphone options
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow camera and microphone access in Microsoft Defender Application Guard** setting.
 
-2. Click **Enabled** and click **OK**.
+2. Select **Enabled** and select **OK**.
 
     ![Group Policy editor Camera and microphone options.](images/appguard-gp-allow-camera-and-mic.png)
 
-3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+3. Sign out and back in to your device, opening Microsoft Edge in Application Guard again.
 
 4. Open an application with video or audio capability in Edge.
 
@@ -233,11 +224,11 @@ You have the option to change each of these settings to work with your enterpris
 
 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device** setting.
 
-2. Click **Enabled**, copy the thumbprint of each certificate to share, separated by a comma, and click **OK**.
+2. Select **Enabled**, copy the thumbprint of each certificate to share, separated by a comma, and select **OK**.
 
     ![Group Policy editor Root certificate options.](images/appguard-gp-allow-root-certificates.png)
 
-3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+3. Sign out and back in to your device, opening Microsoft Edge in Application Guard again.
 
 ## Application Guard Extension for third-party web browsers
 
@@ -245,9 +236,9 @@ The [Application Guard Extension](md-app-guard-browser-extension.md) available f
 
 Once a user has the extension and its companion app installed on their enterprise device, you can run through the following scenarios.
 
-1. Open either Firefox or Chrome — whichever browser you have the extension installed on.
+1. Open either Firefox or Chrome, whichever browser you have the extension installed on.
 
-2. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded.
+2. Navigate to an organizational website. In other words, an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded.
    ![The evaluation page displayed while the page is being loaded, explaining that the user must wait.](images/app-guard-chrome-extension-evaluation-page.png)
 
 3. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge.
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
index f2d56646e4..6fe565bf48 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
@@ -1,18 +1,14 @@
 ---
 title: Enhanced Phishing Protection in Microsoft Defender SmartScreen 
 description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
-ms.prod: m365-security
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
+ms.prod: windows-client
+ms.technology: itpro-security
 author: v-mathavale
 ms.author: v-mathavale
-audience: IT Admin
-ms.localizationpriority: medium
-ms.date: 06/21/2022
 ms.reviewer: paoloma
 manager: aaroncz
-ms.technology: windows-sec
+ms.localizationpriority: medium
+ms.date: 06/21/2022
 adobe-target: true
 appliesto:
 - ✅ <b>Windows 11, version 22H2</b>
@@ -20,22 +16,27 @@ appliesto:
 
 # Enhanced Phishing Protection in Microsoft Defender SmartScreen  
 
-Starting in Windows 11 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
+Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
 
 Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school passwords used to sign into Windows 11 in three ways:
 
-- If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection will alert them. It will also prompt them to change their password so attackers can't gain access to their account
-- Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and prompt them to change their password
-- Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file
+- If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection will alert them. It will also prompt them to change their password so attackers can't gain access to their account.
+
+- Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and prompt them to change their password.
+
+- Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file.
 
 ## Benefits of Enhanced Phishing Protection in Microsoft Defender SmartScreen
 
 Enhanced Phishing Protection provides robust phishing protections for work or school passwords that are used to sign into Windows 11. The benefits of Enhanced Phishing Protection are:
 
-- **Anti-phishing support:** Phishing attacks trick users through convincing imitations of safe content or through credential harvesting content hosted inside trusted sites and applications. Enhanced Phishing Protection helps protect users from reported phishing sites by evaluating the URLs a site or app is connecting to, along with other characteristics, to determine if they're known to distribute or host unsafe content
-- **Secure operating system integration:** Enhanced Phishing Protection is integrated directly into the Windows 11 operating system, so it can understand users' password entry context (including process connections, URLs, certificate information, etc.) in any browser or app. Because Enhanced Phishing Protection has unparalleled insight into what is happening at the OS level, it can identify when users type their work or school password unsafely. If users do use their work or school password unsafely, the feature empowers users to change their password to minimize chances of their compromised credential being weaponized against them
-- **Unparalleled telemetry shared throughout Microsoft's security suite:** Enhanced Phishing Protection is constantly learning from phishing attacks seen throughout the entire Microsoft security stack. It works alongside other Microsoft security products, to provide a layered approach to password security, especially for organizations early in their password-less authentication journey. If your organization uses Microsoft Defender for Endpoint, you'll be able to see valuable phishing sensors data in the M365D Portal. This enables you to view Enhanced Phishing Protection alerts and reports for unsafe password usage in your environment
-- **Easy management through Group Policy and Microsoft Intune:** Enhanced Phishing Protection works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Enhanced Phishing Protection, you can customize which phishing protection scenarios will show users warning dialogs. For example, the Service Enabled setting determines whether the Enhanced Phishing Protection service is on or off. The feature will be in audit mode if the other settings, which correspond to notification policies, are not enabled. 
+- **Anti-phishing support:** Phishing attacks trick users through convincing imitations of safe content or through credential harvesting content hosted inside trusted sites and applications. Enhanced Phishing Protection helps protect users from reported phishing sites by evaluating the URLs a site or app is connecting to, along with other characteristics, to determine if they're known to distribute or host unsafe content.
+
+- **Secure operating system integration:** Enhanced Phishing Protection is integrated directly into the Windows 11 operating system, so it can understand users' password entry context (including process connections, URLs, certificate information) in any browser or app. Because Enhanced Phishing Protection has unparalleled insight into what is happening at the OS level, it can identify when users type their work or school password unsafely. If users do use their work or school password unsafely, the feature empowers users to change their password to minimize chances of their compromised credential being weaponized against them.
+
+- **Unparalleled telemetry shared throughout Microsoft's security suite:** Enhanced Phishing Protection is constantly learning from phishing attacks seen throughout the entire Microsoft security stack. It works alongside other Microsoft security products, to provide a layered approach to password security, especially for organizations early in their password-less authentication journey. If your organization uses Microsoft Defender for Endpoint, you'll be able to see valuable phishing sensors data in the Microsoft 365 Defender Portal. This portal lets you view Enhanced Phishing Protection alerts and reports for unsafe password usage in your environment.
+
+- **Easy management through Group Policy and Microsoft Intune:** Enhanced Phishing Protection works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Enhanced Phishing Protection, you can customize which phishing protection scenarios will show users warning dialogs. For example, the Service Enabled setting determines whether the Enhanced Phishing Protection service is on or off. The feature will be in audit mode if the other settings, which correspond to notification policies, aren't enabled.
 
 ## Configure Enhanced Phishing Protection for your organization
 
@@ -47,8 +48,8 @@ Enhanced Phishing Protection can be configured using the following Administrativ
 
 |Setting|Description|
 |---------|---------|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends telemetry through Microsoft Defender.<br><br> If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.<br><br> If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send telemetry, or notify users. Additionally, your users are unable to turn it on.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a login URL with an invalid certificate.<br><br> If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password. <br><br>If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.<br><br> If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.<br><br> If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate.<br><br> If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password. <br><br>If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<br><br> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it. <br><br> If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.<br><br> If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.<br> <br> If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
 
@@ -67,7 +68,7 @@ Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP](
 
 ### Recommended settings for your organization
 
-By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends telemetry through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it is recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios.  
+By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it's recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios.  
 
 To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
 
@@ -76,7 +77,7 @@ To better help you protect your organization, we recommend turning on and using
 |Group Policy setting|Recommendation|
 |---------|---------|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled| **Enable**: Enhanced Phishing Protection is enabled in audit mode and your users are unable to turn it off.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|**Enable**: Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a login URL with an invalid certificate, or into an application connecting to either a reported phishing site or a login URL with an invalid certificate. It encourages users to change their password.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|**Enable**: Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate. It encourages users to change their password.|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse|**Enable**: Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|**Enable**: Enhanced Phishing Protection warns users if they store their password in Notepad and Microsoft 365 Office Apps.|
 
@@ -84,7 +85,7 @@ To better help you protect your organization, we recommend turning on and using
   
 |MDM setting|Recommendation|
 |---------|---------|
-|ServiceEnabled|**1**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends telemetry but doesn't show any notifications to your users.|
+|ServiceEnabled|**1**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.|
 |NotifyMalicious|**1**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password.|
 |NotifyPasswordReuse|**1**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password.|
 |NotifyUnsafeApp|**1**: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps.|
@@ -92,8 +93,9 @@ To better help you protect your organization, we recommend turning on and using
 ---
 
 ## Related articles
+
 - [Microsoft Defender SmartScreen](microsoft-defender-smartscreen-overview.md)
 - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
 - [Threat protection](../index.md)
 - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md)
-- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference.md#configuration-service-provider-reference)
+- [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 64e6685f37..80be7ef669 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -6,7 +6,7 @@ ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jgeurten
 ms.author: vinpa
 manager: aaroncz
 ms.date: 09/29/2021
@@ -62,6 +62,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 - texttransform.exe
 - visualuiaverifynative.exe
 - system.management.automation.dll
+- webclnt.dll/davsvc.dll
 - wfc.exe
 - windbg.exe
 - wmic.exe
@@ -119,7 +120,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.0.0</VersionEx>
+  <VersionEx>10.1.0.0</VersionEx>
   <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
@@ -143,50 +144,51 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <EKUs />
   <!-- File Rules  -->
   <FileRules>
-    <Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_ASPNET" FriendlyName="aspnet_compiler.exe" FileName="aspnet_compiler.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_BASH" FriendlyName="bash.exe" FileName="bash.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_ASPNET" FriendlyName="aspnet_compiler.exe" FileName="aspnet_compiler.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_BASH" FriendlyName="bash.exe" FileName="bash.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0" />
-    <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion="5.812.10240.0" />
     <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0" />
     <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0" />
-    <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
-    <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_LXSS" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+	<Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_LXSS" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_INTUNE_AGENT" FriendlyName="IntuneWindowsAgent.exe" FileName="Microsoft.Management.Services.IntuneWindowsAgent.exe" MinimumFileVersion="1.46.204.0" />
-    <Deny ID="ID_DENY_MFC40" FriendlyName="mfc40.dll" FileName="mfc40.dll" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MS_BUILD" FriendlyName="Microsoft.Build.dll" FileName="Microsoft.Build.dll" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MS_BUILD_FMWK" FriendlyName="Microsoft.Build.Framework.dll" FileName="Microsoft.Build.Framework.dll" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MSBUILD_DLL" FriendlyName="MSBuild.dll" FileName="MSBuild.dll" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_NTSD" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_RCSI" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_RUNSCRIPTHELPER" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_VISUALUIAVERIFY" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_MFC40" FriendlyName="mfc40.dll" FileName="mfc40.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MS_BUILD" FriendlyName="Microsoft.Build.dll" FileName="Microsoft.Build.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MS_BUILD_FMWK" FriendlyName="Microsoft.Build.Framework.dll" FileName="Microsoft.Build.Framework.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MSBUILD_DLL" FriendlyName="MSBuild.dll" FileName="MSBuild.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_NTSD" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_RCSI" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_RUNSCRIPTHELPER" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_VISUALUIAVERIFY" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+	<Deny ID="ID_DENY_WEBCLNT" FriendlyName="BlockWebDAV WebClnt" FileName="davsvc.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355"/> 
+    <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe" FileName="wscript.exe" MinimumFileVersion="5.812.10240.0" />
-    <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535" />
-    <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <!-- pick the correct version of msxml3.dll, msxml6.dll, and jscript9.dll based on the release you are supporting -->
     <!-- the versions of these files in the 1903 release have this issue fixed, so they don’t need to be blocked -->
     <!-- RS1 Windows 1607
@@ -874,7 +876,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_FSI" />
           <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
           <FileRuleRef RuleID="ID_DENY_INFINSTALL" />
-          <FileRuleRef RuleID="ID_DENY_INSTALLUTIL" />
+		  <FileRuleRef RuleID="ID_DENY_INSTALLUTIL" />
           <FileRuleRef RuleID="ID_DENY_KD" />
           <FileRuleRef RuleID="ID_DENY_KILL" />
           <FileRuleRef RuleID="ID_DENY_LXSS" />
@@ -894,6 +896,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER" />
           <FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM" />
           <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
+		  <FileRuleRef RuleID="ID_DENY_WEBCLNT" />
           <FileRuleRef RuleID="ID_DENY_WFC" />
           <FileRuleRef RuleID="ID_DENY_WINDBG" />
           <FileRuleRef RuleID="ID_DENY_WMIC" />
@@ -902,10 +905,10 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_WSLCONFIG" />
           <FileRuleRef RuleID="ID_DENY_WSLHOST" />
           <!-- uncomment the relevant line(s) below if you have uncommented them in the rule definitions above
-          <FileRuleRef RuleID="ID_DENY_MSXML3" />
-          <FileRuleRef RuleID="ID_DENY_MSXML6" />
-          <FileRuleRef RuleID="ID_DENY_JSCRIPT9" />
-          -->
+		  <FileRuleRef RuleID="ID_DENY_MSXML3" /> 
+		  <FileRuleRef RuleID="ID_DENY_MSXML6" /> 
+		  <FileRuleRef RuleID="ID_DENY_JSCRIPT9" />
+		  -->
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 130ec8b14c..6382926723 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -66,18 +66,17 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.25090.0</VersionEx>
-  <PolicyTypeID>{D2BDA982-CCF6-4344-AC5B-0B44427B6816}</PolicyTypeID>
+  <VersionEx>10.0.25210.0</VersionEx>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
     <Rule>
       <Option>Enabled:Unsigned System Integrity Policy</Option>
     </Rule>
     <Rule>
-      <Option>Enabled:Audit Mode</Option>
+      <Option>Enabled:Advanced Boot Options Menu</Option>
     </Rule>
     <Rule>
-      <Option>Enabled:Advanced Boot Options Menu</Option>
+      <Option>Enabled:Audit Mode</Option>
     </Rule>
   </Rules>
   <!--EKUS-->
@@ -86,6 +85,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
   <FileRules>
     <Allow ID="ID_ALLOW_ALL_1" FriendlyName="" FileName="*" />
     <Allow ID="ID_ALLOW_ALL_2" FriendlyName="" FileName="*" />
+    <Deny ID="ID_DENY_AGENT64_SHA1" FriendlyName="Agent64\05f052_4045ae_694848_8cb62c_b1d962 Hash Sha1" Hash="94F7575A6BB378D0CF85B3DC65941C95415E7A80" />
+    <Deny ID="ID_DENY_AGENT64_SHA256" FriendlyName="Agent64\05f052_4045ae_694848_8cb62c_b1d962 Hash Sha256" Hash="3BC0CEC99DCE687304DAD8F7A6DAF772E695CBD0169D346D03AE12500361A1E8" />
+    <Deny ID="ID_DENY_AGENT64_SHA1_PAGE" FriendlyName="Agent64\05f052_4045ae_694848_8cb62c_b1d962 Hash Page Sha1" Hash="E083142033C9653977D319B3DF4D2DE369756138" />
+    <Deny ID="ID_DENY_AGENT64_SHA256_PAGE" FriendlyName="Agent64\05f052_4045ae_694848_8cb62c_b1d962 Hash Page Sha256" Hash="68EFBAB6FEADAB076DC97DB359A287193C51199742F92E07B60417F093040FED" />
     <Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
     <Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
     <Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />
@@ -126,6 +129,58 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_ASRDRV103_SHA256" FriendlyName="AsrDrv103.sys Hash Sha256" Hash="B6BF2460E023B1005CC60E107B14A3CFDF9284CC378A086D92E5DCDF6E432E2C" />
     <Deny ID="ID_DENY_ASRDRV103_SHA1_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha1" Hash="490F85E291C4D9ED0AB8457CE6B424C0F3F7E7AC" />
     <Deny ID="ID_DENY_ASRDRV103_SHA256_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha256" Hash="E22B7BA6D064C75913C3BDADAF7AADA535DDDD83175D8A47467FED5ABC56D5AC" />
+    <Deny ID="ID_DENY_ASRDRV104_5A" FriendlyName="asrdrv104\4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89 Hash Sha1" Hash="6C1BB3A72EBFB5359B9E22CA44D0A1FF825A68F2" />
+    <Deny ID="ID_DENY_ASRDRV104_5B" FriendlyName="asrdrv104\4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89 Hash Sha256" Hash="904D8D0DB7B3ED747ECFBB04386DFBE23B71FFD054F32AB17F65BC17D500F730" />
+    <Deny ID="ID_DENY_ASRDRV104_5C" FriendlyName="asrdrv104\4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89 Hash Page Sha1" Hash="E039C9DD21494DBD073B4823FC3A17FBB951EC6C" />
+    <Deny ID="ID_DENY_ASRDRV104_5D" FriendlyName="asrdrv104\4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89 Hash Page Sha256" Hash="F292E6AADD8CB18DFC59A6B6734B5F68262E09BF1DFDB44CC2F70DF176C85F72" />
+    <Deny ID="ID_DENY_ASRDRV104_5E" FriendlyName="asrdrv104\53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854 Hash Sha1" Hash="7EEC3A1EDF3B021883A4B5DA450DB63F7C0AFEEB" />
+    <Deny ID="ID_DENY_ASRDRV104_5F" FriendlyName="asrdrv104\53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854 Hash Sha256" Hash="3F44442F56F2CEB6213FCE103466862AC750FB99038030003C1B42DA35A43A83" />
+    <Deny ID="ID_DENY_ASRDRV104_60" FriendlyName="asrdrv104\53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854 Hash Page Sha1" Hash="E5021A98E55D514E2376AA573D143631E5EE1C13" />
+    <Deny ID="ID_DENY_ASRDRV104_61" FriendlyName="asrdrv104\53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854 Hash Page Sha256" Hash="2B02B3C4F298B2B4F0B7A6714CD28B0410C1430AE6FF798056CB27EED90DD424" />
+    <Deny ID="ID_DENY_ASRDRV104_62" FriendlyName="asrdrv104\6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7 Hash Sha1" Hash="729A8675665C61824F22F06C7B954BE4D14B52C4" />
+    <Deny ID="ID_DENY_ASRDRV104_63" FriendlyName="asrdrv104\6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7 Hash Sha256" Hash="6ED35F310C96920A271C59A097B382DA07856E40179C2A4239F8DAA04EEF38E7" />
+    <Deny ID="ID_DENY_ASRDRV104_64" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Sha1" Hash="2B4D0DEAD4C1A7CC95543748B3565CFA802E5256" />
+    <Deny ID="ID_DENY_ASRDRV104_65" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Sha256" Hash="E6A2AC52A35D470DC336BAE5C48A2EBF2D80519BFD57B703DA6CE00DDD12163A" />
+    <Deny ID="ID_DENY_ASRDRV104_66" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Page Sha1" Hash="4A7D66874A0472A47087FABAA033A85D47413379" />
+    <Deny ID="ID_DENY_ASRDRV104_67" FriendlyName="asrdrv104\d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341 Hash Page Sha256" Hash="C1FE339D15E5D59F9613688B85F9B627E72ED8ED3EFC53F9DD0CD7A7F0C55133" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_39" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Sha1" Hash="0B6EC2AEDC518849A1C61A70B1F9FB068EDE2BC3" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3A" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Sha256" Hash="399EFFE75D32BDAB6FA0A6BFFE02DBF0A59219D940B654837C3BE1C0BD02E9AA" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3B" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Page Sha1" Hash="461882BD59887617CADC1C7B2B22D0A45458C070" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3C" FriendlyName="AsrSetupDrv103\9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3 Hash Page Sha256" Hash="27CD05527FEB020084A4A76579C125458571DA8843CDFC3733211760A11DA970" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3D" FriendlyName="AsrSetupDrv103\a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f Hash Sha1" Hash="A7948A4E9A3A1A9ED0E4E41350E422464D8313CD" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3E" FriendlyName="AsrSetupDrv103\a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f Hash Sha256" Hash="7AAF2AA194B936E48BC90F01EE854768C8383C0BE50CFB41B346666AEC0CF853" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_3F" FriendlyName="AsrSetupDrv103\a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f Hash Page Sha1" Hash="F3CCE7E79AB5BD055F311BB3AC44A838779270B6" />
+    <Deny ID="ID_DENY_ASRSETUPDRV103_40" FriendlyName="AsrSetupDrv103\a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f Hash Page Sha256" Hash="727E8BA66A8FF07BDC778EACB463B65F2D7167A6616CA2F259EA32571CACF8AF" />
+    <Deny ID="ID_DENY_ATILLK_2" FriendlyName="atillk64\11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f Hash Sha1" Hash="6EE2E56413CE129EA2319D6DBA28BA4F27CF75B7" />
+    <Deny ID="ID_DENY_ATILLK_3" FriendlyName="atillk64\11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f Hash Sha256" Hash="94111DE210F6B3B48DDA16B3422F0F9180E30BCB5765B6858C451D1D89196199" />
+    <Deny ID="ID_DENY_ATILLK_4" FriendlyName="atillk64\11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f Hash Page Sha1" Hash="E66E7DAA23A6F85459AB4F4CE6D74A4973E832B1" />
+    <Deny ID="ID_DENY_ATILLK_5" FriendlyName="atillk64\11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f Hash Page Sha256" Hash="29245340F8DCCC90F6CFA295EEE25C77C658965825DF27A501A5D951E7B8ECC4" />
+    <Deny ID="ID_DENY_ATILLK_6" FriendlyName="atillk64\248dcc72d799d350d30b0f9e9ae93389cdcd11b43e38949ba9be414400657587 Hash Sha1" Hash="0116793210498AC83727C7B902FDBAE0FE76BB7E" />
+    <Deny ID="ID_DENY_ATILLK_7" FriendlyName="atillk64\248dcc72d799d350d30b0f9e9ae93389cdcd11b43e38949ba9be414400657587 Hash Sha256" Hash="248DCC72D799D350D30B0F9E9AE93389CDCD11B43E38949BA9BE414400657587" />
+    <Deny ID="ID_DENY_ATILLK_8" FriendlyName="atillk64\321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe Hash Sha1" Hash="005C8117D7BF2E73E6139D3C91F24B70E22A844E" />
+    <Deny ID="ID_DENY_ATILLK_9" FriendlyName="atillk64\321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe Hash Sha256" Hash="73A0CCF3E32C262142BDE91C19F5B1F395878783F157C6BED5874EDE5A3AFDDD" />
+    <Deny ID="ID_DENY_ATILLK_A" FriendlyName="atillk64\321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe Hash Page Sha1" Hash="CC6B5B9351457B5ED2FC46F4E7CEE62F5979D7C6" />
+    <Deny ID="ID_DENY_ATILLK_B" FriendlyName="atillk64\321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe Hash Page Sha256" Hash="D96511C6D3E244A892D80C5950256E158A3132B2FB25700F334EA0DA4FDE5B21" />
+    <Deny ID="ID_DENY_ATILLK_C" FriendlyName="atillk64\4780da56667e01cdd7eff83c23c772d68deb4d9fdb69d5302f556bb424151f51 Hash Sha1" Hash="6AE93DA169BFB914109E584371FD05914795F460" />
+    <Deny ID="ID_DENY_ATILLK_D" FriendlyName="atillk64\4780da56667e01cdd7eff83c23c772d68deb4d9fdb69d5302f556bb424151f51 Hash Sha256" Hash="4780DA56667E01CDD7EFF83C23C772D68DEB4D9FDB69D5302F556BB424151F51" />
+    <Deny ID="ID_DENY_ATILLK_E" FriendlyName="atillk64\61580186311f6260c6de7fa5bf9242d74687aa1c5c9fdf9d9a48eb46d67d636f Hash Sha1" Hash="1FD4D8B13E73604E2BD8E14AC7BB4657CA17A5B3" />
+    <Deny ID="ID_DENY_ATILLK_F" FriendlyName="atillk64\61580186311f6260c6de7fa5bf9242d74687aa1c5c9fdf9d9a48eb46d67d636f Hash Sha256" Hash="61580186311F6260C6DE7FA5BF9242D74687AA1C5C9FDF9D9A48EB46D67D636F" />
+    <Deny ID="ID_DENY_ATILLK_10" FriendlyName="atillk64\6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943 Hash Sha1" Hash="0358BCBA83349CB23EA44D5C36B9E22ADAEC8D94" />
+    <Deny ID="ID_DENY_ATILLK_11" FriendlyName="atillk64\6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943 Hash Sha256" Hash="2952AE305F9E206BB0B6D7986F2B6942656C310F9D201CF2E2DD6E961C18804E" />
+    <Deny ID="ID_DENY_ATILLK_12" FriendlyName="atillk64\6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943 Hash Page Sha1" Hash="3FCFCDCBC6AD3320E561AEB634492D2BDB38FA27" />
+    <Deny ID="ID_DENY_ATILLK_13" FriendlyName="atillk64\6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943 Hash Page Sha256" Hash="CCBE842ECDB34D64B1CD7AA558CE723DB66F30D431DF4BF4C5F6178952FF309C" />
+    <Deny ID="ID_DENY_ATILLK_14" FriendlyName="atillk64\83ffcfaf429c8368194d7b73f7729d97d6a3b80fb203d57055f3e4eec8228914 Hash Sha1" Hash="9DCBAA2ECD11D664DC13B8147442B3EB0EE172DB" />
+    <Deny ID="ID_DENY_ATILLK_15" FriendlyName="atillk64\83ffcfaf429c8368194d7b73f7729d97d6a3b80fb203d57055f3e4eec8228914 Hash Sha256" Hash="83FFCFAF429C8368194D7B73F7729D97D6A3B80FB203D57055F3E4EEC8228914" />
+    <Deny ID="ID_DENY_ATILLK_16" FriendlyName="atillk64\be66f3bbfed7d648cfd110853ddb8cef561f94a45405afc6be06e846b697d2b0 Hash Sha1" Hash="5853E44EA0B6B4E9844651AA57D631193C1ED0F0" />
+    <Deny ID="ID_DENY_ATILLK_17" FriendlyName="atillk64\be66f3bbfed7d648cfd110853ddb8cef561f94a45405afc6be06e846b697d2b0 Hash Sha256" Hash="BE66F3BBFED7D648CFD110853DDB8CEF561F94A45405AFC6BE06E846B697D2B0" />
+    <Deny ID="ID_DENY_ATILLK_18" FriendlyName="atillk64\c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad Hash Sha1" Hash="2E3CF3678D476420696EC7DF46B08D4D24D25644" />
+    <Deny ID="ID_DENY_ATILLK_19" FriendlyName="atillk64\c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad Hash Sha256" Hash="C9B8ECD0657FDA14476920FE47783BD8A951D7A4A640935D9199B4A7AE4B8B69" />
+    <Deny ID="ID_DENY_ATILLK_1A" FriendlyName="atillk64\c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad Hash Page Sha1" Hash="5F70E4EA95468C0D651794665D9488A18991E54F" />
+    <Deny ID="ID_DENY_ATILLK_1B" FriendlyName="atillk64\c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad Hash Page Sha256" Hash="A711C1C437BCB9916D203D7ED196446E976B346D3D635D0E75C9C2713694667E" />
+    <Deny ID="ID_DENY_ATILLK_1C" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Sha1" Hash="FE625D7AD61B93EA376B4924FA088CB22B3FA28D" />
+    <Deny ID="ID_DENY_ATILLK_1D" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Sha256" Hash="FB19F241DDAE74EC4A0F87DFF025EC68DC809F9DD883649C0E58822DE28E6F1B" />
+    <Deny ID="ID_DENY_ATILLK_1E" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha1" Hash="6698BB12B9D9D511C018D9EA8F70C61A03A041AD" />
+    <Deny ID="ID_DENY_ATILLK_1F" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha256" Hash="47F6DFDDDA4F164448F14C0417839DB860BC4E9C4679BE3980B05BE920462870" />
     <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
     <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
     <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@@ -162,7 +217,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_FIDPCIDRV64_SHA256" FriendlyName="fidpcidrv64.sys Hash Sha256" Hash="7FB0F6FC5BDD22D53F8532CB19DA666A77A66FFB1CF3919A2E22B66C13B415B7" />
     <Deny ID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" FriendlyName="fidpcidrv64.sys Hash Page Sha1" Hash="EEFF4EC4EBC12C6ACD2C930DC2EAAF877CFEC7EC" />
     <Deny ID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" FriendlyName="fidpcidrv64.sys Hash Page Sha256" Hash="B98E008DFEA10EC74C89D08F12F31C12F52234BE6FFFF06B6B9E749BFEA6CBED" />
-    <Deny ID="ID_DENY_GDRV" FriendlyName="gdrv.sys" FileName="gdrv.sys" />
+    <Deny ID="ID_DENY_GDRV" FriendlyName="gdrv.sys" FileName="gdrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_GLCKIO2_SHA1" FriendlyName="GLCKIO2.sys Hash Sha1" Hash="D99B80B3269D735CAC43AF5E43483E64CA7961C3" />
     <Deny ID="ID_DENY_GLCKIO2_SHA256" FriendlyName="GLCKIO2.sys Hash Sha256" Hash="47DBA240967FD0088BE618163672DFBDDF0138178CCCD45B54037F622B221220" />
     <Deny ID="ID_DENY_GLCKIO2_SHA1_PAGE" FriendlyName="GLCKIO2.sys Hash Page Sha1" Hash="51E0740AAEE5AE76B0095C92908C97B817DB8BEA" />
@@ -175,10 +230,58 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_WINFLASH64_SHA256" FriendlyName="WinFlash64.sys Hash Sha256" Hash="F2B51FBEEAD17F5EE34D5B4A3A83C848FB76F8F0E80769212E137A7AA539A3BC" />
     <Deny ID="ID_DENY_WINFLASH64_SHA1_PAGE" FriendlyName="WinFlash64.sys Hash Page Sha1" Hash="C5057A4FD3C9B58F4C9AB9FE356081DF8804BF98" />
     <Deny ID="ID_DENY_WINFLASH64_SHA256_PAGE" FriendlyName="WinFlash64.sys Hash Page Sha256" Hash="C8FA1EC3D03050FBC1AA677F2C0348690521291219E8D2E94F0EA9E9174B9156" />
-    <Deny ID="ID_DENY_AMIFLDRV64_SHA1" FriendlyName="amifldrv64.sys Hash Sha1" Hash="B0EC7D971DA8AE84C0ED8F88A5D46B23996E636C" />
-    <Deny ID="ID_DENY_AMIFLDRV64_SHA256C" FriendlyName="amifldrv64.sys Hash Sha256" Hash="038F39558035292F1D794B7CF49F8E751E8633DAEC31454FE85CCCBEA83BA3FB" />
-    <Deny ID="ID_DENY_AMIFLDRV64_SHA1_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha1" Hash="C9CC3779ED67755220DBF9592EC2AC0E1DE363DC" />
-    <Deny ID="ID_DENY_AMIFLDRV64_SHA256_PAGE" FriendlyName="amifldrv64.sys Hash Page Sha256" Hash="AA594D977312A944B14351C075634E7C59B42687928FBCDA8E2C4CEA46686DD9" />
+    <Deny ID="ID_DENY_AMIFLDRV_1" FriendlyName="amifldrv64\26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63 Hash Sha1" Hash="40603C7230D74FF33524A11C0B09F9459E7AFE91" />
+    <Deny ID="ID_DENY_AMIFLDRV_2" FriendlyName="amifldrv64\26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63 Hash Sha256" Hash="8B4CBD2BC16071A1868597EC86857DBA1140F981E3E943B0857341DAFFFF4E69" />
+    <Deny ID="ID_DENY_AMIFLDRV_3" FriendlyName="amifldrv64\26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63 Hash Page Sha1" Hash="277E2D1EDB93CA4A3066014FB4D597864160A880" />
+    <Deny ID="ID_DENY_AMIFLDRV_4" FriendlyName="amifldrv64\26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63 Hash Page Sha256" Hash="2FEFE2C489DD1442FD6DF3C44C6F7357BD942529CBA3782D29C35514AE99F2B8" />
+    <Deny ID="ID_DENY_AMIFLDRV_5" FriendlyName="amifldrv64\2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae Hash Sha1" Hash="73265B25F043D2520B81A68AD0342BAAFF30E7CF" />
+    <Deny ID="ID_DENY_AMIFLDRV_6" FriendlyName="amifldrv64\2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae Hash Sha256" Hash="BEE62B69023212A5A964D323F60E5858D7CBD767A39F3D5EF87CACB080B1DBF2" />
+    <Deny ID="ID_DENY_AMIFLDRV_7" FriendlyName="amifldrv64\2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae Hash Page Sha1" Hash="F58E305CEADEC6FF9666D696982CCCB9C6C121F0" />
+    <Deny ID="ID_DENY_AMIFLDRV_8" FriendlyName="amifldrv64\2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae Hash Page Sha256" Hash="44CBDEDEA667F59B79D7A03FCBFB6D984C81C354D72CF98E39D68B5FD049E17C" />
+    <Deny ID="ID_DENY_AMIFLDRV_9" FriendlyName="amifldrv64\42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00 Hash Sha1" Hash="716BCE2CE697883EBA0C051ED487DE6304D73CD3" />
+    <Deny ID="ID_DENY_AMIFLDRV_A" FriendlyName="amifldrv64\42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00 Hash Sha256" Hash="D7841EE6DAC956CC0923368D6722063A19C9FA131E55C6F3B7484CCE78D826F0" />
+    <Deny ID="ID_DENY_AMIFLDRV_B" FriendlyName="amifldrv64\42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00 Hash Page Sha1" Hash="FA6273B17C4EAC8915A608E8D25774D8845688E2" />
+    <Deny ID="ID_DENY_AMIFLDRV_C" FriendlyName="amifldrv64\42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00 Hash Page Sha256" Hash="6A6A03ECE1DE6F4A8931B221995E07FD2920A56036CC2907DD710385CC2084D0" />
+    <Deny ID="ID_DENY_AMIFLDRV_11" FriendlyName="amifldrv64\65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 Hash Sha1" Hash="444CE1608768884D1E9742F80CCF4F53E0AA709D" />
+    <Deny ID="ID_DENY_AMIFLDRV_12" FriendlyName="amifldrv64\65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 Hash Sha256" Hash="D052299252F0F0BD70B5E7C46B9CA71A99A052B47F693582BECB6F0D567E8245" />
+    <Deny ID="ID_DENY_AMIFLDRV_13" FriendlyName="amifldrv64\65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 Hash Page Sha1" Hash="86586C412916BFEDC46BF83EE590EC0EA404DCD9" />
+    <Deny ID="ID_DENY_AMIFLDRV_14" FriendlyName="amifldrv64\65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 Hash Page Sha256" Hash="E41DAE8B3E17E7AEFD17C9476A52704EA27E2BB3C4C35BFD5C440B4F57F2CB48" />
+    <Deny ID="ID_DENY_AMIFLDRV_15" FriendlyName="amifldrv64\6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a Hash Sha1" Hash="2CEA31932E00C69E6F1BB0B0BF6B16B8C72DC3F6" />
+    <Deny ID="ID_DENY_AMIFLDRV_16" FriendlyName="amifldrv64\6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a Hash Sha256" Hash="AEF3985CAA213C9E5E0A0D5E75A9A7918A92C08690B5A04A6B14D6372C2DD71C" />
+    <Deny ID="ID_DENY_AMIFLDRV_17" FriendlyName="amifldrv64\6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a Hash Page Sha1" Hash="54671DD066E925CC7DB600CEBD53F96B234722E1" />
+    <Deny ID="ID_DENY_AMIFLDRV_18" FriendlyName="amifldrv64\6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a Hash Page Sha256" Hash="94FDAB81FE82761D59C62B62E7EDD9B91E621399F4D2549ACC2F300C35A16717" />
+    <Deny ID="ID_DENY_AMIFLDRV_19" FriendlyName="amifldrv64\7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7 Hash Sha1" Hash="169D8790EC6C0415B111411FAF36C9E2626C3E98" />
+    <Deny ID="ID_DENY_AMIFLDRV_1A" FriendlyName="amifldrv64\7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7 Hash Sha256" Hash="7CCC32E11372896CC01D7780E1176ED6FEDD17F846001BC3BF78699E4448105F" />
+    <Deny ID="ID_DENY_AMIFLDRV_1B" FriendlyName="amifldrv64\7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7 Hash Page Sha1" Hash="E418335277DD6D885A8393C9F101671481127AD5" />
+    <Deny ID="ID_DENY_AMIFLDRV_1C" FriendlyName="amifldrv64\7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7 Hash Page Sha256" Hash="D817E0F6FDA1762F2A677019032F2F1890FD993CD45CF480791C61D8E0956053" />
+    <Deny ID="ID_DENY_AMIFLDRV_1D" FriendlyName="amifldrv64\990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f Hash Sha1" Hash="A6D2266A4E27C71666CE5964570E87A8B0227E91" />
+    <Deny ID="ID_DENY_AMIFLDRV_1E" FriendlyName="amifldrv64\990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f Hash Sha256" Hash="9022CDD52AA3420757D5C16FE61A4FD4D538FE74981DDF3F29DE00EB7A3BE849" />
+    <Deny ID="ID_DENY_AMIFLDRV_1F" FriendlyName="amifldrv64\990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f Hash Page Sha1" Hash="9102B5601A65F60907703EE88BBEC9A33E7CB97B" />
+    <Deny ID="ID_DENY_AMIFLDRV_20" FriendlyName="amifldrv64\990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f Hash Page Sha256" Hash="8CA23D2CFF4E5CFF459F037E680E8EA5233B8FDDC93DB674CC89571B74F42A9E" />
+    <Deny ID="ID_DENY_AMIFLDRV_21" FriendlyName="amifldrv64\b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441 Hash Sha1" Hash="D240DB93654CE2685D3B903DB809EDCC82322DFC" />
+    <Deny ID="ID_DENY_AMIFLDRV_22" FriendlyName="amifldrv64\b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441 Hash Sha256" Hash="05E2D2F2B58DA5391598D30D7F5F33AE38CFEB0D9B9AE19B4312DE39C678F301" />
+    <Deny ID="ID_DENY_AMIFLDRV_23" FriendlyName="amifldrv64\b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441 Hash Page Sha1" Hash="BBD9F4A225866767595F5F829A2AF7436482CDA7" />
+    <Deny ID="ID_DENY_AMIFLDRV_24" FriendlyName="amifldrv64\b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441 Hash Page Sha256" Hash="4EFB08939946B3A74333BE0D28E654D5B3CCAC3BCD44D7C403140FB40934A6ED" />
+    <Deny ID="ID_DENY_AMIFLDRV_25" FriendlyName="amifldrv64\bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248 Hash Sha1" Hash="2D6CD59A2DF6883BFEC777DDFE7D10C50555E2CB" />
+    <Deny ID="ID_DENY_AMIFLDRV_26" FriendlyName="amifldrv64\bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248 Hash Sha256" Hash="846CC7C9BF2EAB3400E66481568A010FB0DFBAC01416A99258A4BAABF1E10D35" />
+    <Deny ID="ID_DENY_AMIFLDRV_27" FriendlyName="amifldrv64\bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248 Hash Page Sha1" Hash="D71D86D72427C8C6034B77457BDE6FA6AEC7B153" />
+    <Deny ID="ID_DENY_AMIFLDRV_28" FriendlyName="amifldrv64\bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248 Hash Page Sha256" Hash="77ED6F5F604E811EA679547C05DF9BEC941C0202852990141C164B84E633298B" />
+    <Deny ID="ID_DENY_AMIFLDRV_29" FriendlyName="amifldrv64\c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247 Hash Sha1" Hash="DC0D3D244D27B85E10135FFF8D34A76C17022EE1" />
+    <Deny ID="ID_DENY_AMIFLDRV_2A" FriendlyName="amifldrv64\c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247 Hash Sha256" Hash="96CB847FAB0BEFAB75A6F39080DD444D022D4BEC73017C9D7187FE6282A0FAA1" />
+    <Deny ID="ID_DENY_AMIFLDRV_2B" FriendlyName="amifldrv64\c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247 Hash Page Sha1" Hash="886779B4F7E05944171D2B5226C761605D9A19FD" />
+    <Deny ID="ID_DENY_AMIFLDRV_2C" FriendlyName="amifldrv64\c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247 Hash Page Sha256" Hash="664EB7057E9669F7FBE2C23CAB20421EA135475332782D1ABC0B9A99BD104DEF" />
+    <Deny ID="ID_DENY_AMIFLDRV_2D" FriendlyName="amifldrv64\f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062 Hash Sha1" Hash="89817CFA2603B582C1E9F7F66DB5847EC6661B36" />
+    <Deny ID="ID_DENY_AMIFLDRV_2E" FriendlyName="amifldrv64\f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062 Hash Sha256" Hash="DF4566EDEA7C02E29D7DC56FF3F7DA6C1EF846E1063B2805A5180BB0D6DB37E8" />
+    <Deny ID="ID_DENY_AMIFLDRV_2F" FriendlyName="amifldrv64\f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062 Hash Page Sha1" Hash="6A286329D0A387A61A582AB1FE483538852CD529" />
+    <Deny ID="ID_DENY_AMIFLDRV_30" FriendlyName="amifldrv64\f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062 Hash Page Sha256" Hash="2809DF11B2D22649C77223D0E470523C7B8AB55B202F771118D1F14A1BC564F5" />
+    <Deny ID="ID_DENY_AMIFLDRV_31" FriendlyName="amifldrv64\fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 Hash Sha1" Hash="B0EC7D971DA8AE84C0ED8F88A5D46B23996E636C" />
+    <Deny ID="ID_DENY_AMIFLDRV_32" FriendlyName="amifldrv64\fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 Hash Sha256" Hash="038F39558035292F1D794B7CF49F8E751E8633DAEC31454FE85CCCBEA83BA3FB" />
+    <Deny ID="ID_DENY_AMIFLDRV_33" FriendlyName="amifldrv64\fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 Hash Page Sha1" Hash="C9CC3779ED67755220DBF9592EC2AC0E1DE363DC" />
+    <Deny ID="ID_DENY_AMIFLDRV_34" FriendlyName="amifldrv64\fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 Hash Page Sha256" Hash="AA594D977312A944B14351C075634E7C59B42687928FBCDA8E2C4CEA46686DD9" />
+    <Deny ID="ID_DENY_AMIFLDRV_35" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Sha1" Hash="E91EA7FECE914EDC7F398A05BEC3FCFB765328BB" />
+    <Deny ID="ID_DENY_AMIFLDRV_36" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Sha256" Hash="2EE914C20B3E4A321BCD2EA2F0F437CDA6DA09DC0819CD6F06960C0567F4CB19" />
+    <Deny ID="ID_DENY_AMIFLDRV_37" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha1" Hash="ABD4616FF35256B5D52813FB80596326047D3768" />
+    <Deny ID="ID_DENY_AMIFLDRV_38" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha256" Hash="BB52155AD4262C8995115147847BC740873F8AA036D0118E263FD8C84AF9C649" />
     <Deny ID="ID_DENY_ASUPIO64_SHA1" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
     <Deny ID="ID_DENY_ASUPIO64_SHA256" FriendlyName="AsUpIO64.sys Hash Sha256" Hash="7F75D91844B0C162EEB24D14BCF63B7F230E111DAA7B0A26EAA489EEB22D9057" />
     <Deny ID="ID_DENY_ASUPIO64_SHA1_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha1" Hash="316E7872A227F0EAD483D244805E9FF4D3569F6F" />
@@ -191,6 +294,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_BSHWMIO64_SHA256" FriendlyName="BS_HWMIo64.sys Hash Sha256" Hash="3DE51A3102DB7297D96B4DE5B60ACA5F3A07E8577BBBED7F755F1DE9A9C38E75" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA1_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha1" Hash="FC5F231383FE72E298893010A9A3714B205C4110" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA256_PAGE" FriendlyName="BS_HWMIo64.sys Hash Page Sha256" Hash="6AD3624CA1DC38ECEEC75234E50934B1BAD7C72621DC57DEAB09044D0135877D" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA1_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Sha1" Hash="EDDCDD3838C05F5B95661D5404BF5D510EF34EB3" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA256_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Sha256" Hash="7EA9B2420483183CF7B25D6577848F2DFE2AE064A61D931D6B8B65B31A1B2685" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Page Sha1" Hash="7E21A9D03BCB6DD7597AD70B59CBD1F5930FFBF1" />
+    <Deny ID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Page Sha256" Hash="74C425BFDDD93700379E677F5CED47FC0FB4FFFC8B2E416A5247D91E5F2704E3" />
     <Deny ID="ID_DENY_DIRECTIO_12" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="E8F7E20061F9CC20583DCAB3B16054D106B8AA83" />
     <Deny ID="ID_DENY_DIRECTIO_13" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B8BF3BD441EBC5814C5D39D053FDCB263E8E58476CBDEE4B1226903305F547B6" />
     <Deny ID="ID_DENY_DIRECTIO_14" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="36875A862D1E762E6CC75595EF37EA7460A1E1DF" />
@@ -233,6 +340,79 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_DIRECTIO_39" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
     <Deny ID="ID_DENY_DIRECTIO_3A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
     <Deny ID="ID_DENY_DIRECTIO_3B" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="D0559503988DAA407FCC11E59079560CB456BB84" />
+    <Deny ID="ID_DENY_HW_22" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Sha1" Hash="924A088149D6EE89551E15D45E7BC847B9561196" />
+    <Deny ID="ID_DENY_HW_23" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Sha256" Hash="5E1E1489A1A01CFB466B527543D9D25112A83792BDE443DE9E34E4D3ADA697E3" />
+    <Deny ID="ID_DENY_HW_24" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Page Sha1" Hash="ADB70331BE7B68359C3EC3065C045349EA5B2EE2" />
+    <Deny ID="ID_DENY_HW_25" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Page Sha256" Hash="F26A70215E2D851378D05F76BF1460615CF0C93E41A01DCE4EBC6D99F6E4AEA0" />
+    <Deny ID="ID_DENY_HWRWDRV_2" FriendlyName="HwRwDrv.sys\42de79eb237293befb1b954beaf92b832f947195e3c359048aaa464ead56b62d Hash Sha1" Hash="979029B931770F96FC0070868A1303C7D3EAACA5" />
+    <Deny ID="ID_DENY_HWRWDRV_3" FriendlyName="HwRwDrv.sys\42de79eb237293befb1b954beaf92b832f947195e3c359048aaa464ead56b62d Hash Sha256" Hash="42DE79EB237293BEFB1B954BEAF92B832F947195E3C359048AAA464EAD56B62D" />
+    <Deny ID="ID_DENY_HWRWDRV_4" FriendlyName="HwRwDrv.sys\d50ee14181cf60bbdffe1a891b9bb3a852c93019f1f05dde47b3178b821b8f54 Hash Sha1" Hash="A0CD1505C42A8792FF19C88B8FB782C32702A48B" />
+    <Deny ID="ID_DENY_HWRWDRV_5" FriendlyName="HwRwDrv.sys\d50ee14181cf60bbdffe1a891b9bb3a852c93019f1f05dde47b3178b821b8f54 Hash Sha256" Hash="D50EE14181CF60BBDFFE1A891B9BB3A852C93019F1F05DDE47B3178B821B8F54" />
+    <Deny ID="ID_DENY_HWRWDRV_6" FriendlyName="HwRwDrv.sys\f2b95fc91fe33c1995c49c35e32124ece7d958ed7d3b7a5f325f2a30454b9256 Hash Sha1" Hash="A24B85D04D88B54FF3DF4CC2B4518CEF2E6A2776" />
+    <Deny ID="ID_DENY_HWRWDRV_7" FriendlyName="HwRwDrv.sys\f2b95fc91fe33c1995c49c35e32124ece7d958ed7d3b7a5f325f2a30454b9256 Hash Sha256" Hash="F2B95FC91FE33C1995C49C35E32124ECE7D958ED7D3B7A5F325F2A30454B9256" />
+    <Deny ID="ID_DENY_INPOUTX_11" FriendlyName="inpoutx\7aed38beff4d59d57b43a32738a1a30a7e0eba6a Hash Sha1" Hash="7aed38beff4d59d57b43a32738a1a30a7e0eba6a" />
+    <Deny ID="ID_DENY_INPOUTX_12" FriendlyName="inpoutx\2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d Hash Sha1" Hash="94B9B91A2ACC786B54E8DBC11B759B05BC15FC3F" />
+    <Deny ID="ID_DENY_INPOUTX_13" FriendlyName="inpoutx\2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d Hash Sha256" Hash="9F70169F9541C8F5B13D3EC1F3514CC4F2607D572FFB4C7E5A98BE0856852DD8" />
+    <Deny ID="ID_DENY_INPOUTX_14" FriendlyName="inpoutx\2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d Hash Page Sha1" Hash="6FF4D24DC317C93D1B54195E80F858B9D6CFF2C1" />
+    <Deny ID="ID_DENY_INPOUTX_15" FriendlyName="inpoutx\2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d Hash Page Sha256" Hash="9EA5E3FE2D978CD684C1E67513F24913EB24EB325287011249B6A9FACF69A59B" />
+    <Deny ID="ID_DENY_INPOUTX_16" FriendlyName="inpoutx\945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507 Hash Sha1" Hash="E7B4946A35ADCD07E8E0BDC61058B1611063CA74" />
+    <Deny ID="ID_DENY_INPOUTX_17" FriendlyName="inpoutx\945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507 Hash Sha256" Hash="FB2E8E98A58329E86A1EE310FE9DFCE7056F4A0EDE380EEE8768C51B5870C433" />
+    <Deny ID="ID_DENY_INPOUTX_18" FriendlyName="inpoutx\945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507 Hash Page Sha1" Hash="1BF94F55A5CD6D0F3552E860ACCC10F89861CE69" />
+    <Deny ID="ID_DENY_INPOUTX_19" FriendlyName="inpoutx\945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507 Hash Page Sha256" Hash="33163E3DB7B93415D24779E290E0D26D39F4193498C96F65870F475B42FAC28A" />
+    <Deny ID="ID_DENY_INPOUTX_1A" FriendlyName="inpoutx\a88733b88cdc3f3cc040912ce5a3c44fa26f2ea8454cf6fc855b104a4910fa31 Hash Sha1" Hash="A46B2491C41794D8F0E662B321F2CBED0CE1C255" />
+    <Deny ID="ID_DENY_INPOUTX_1B" FriendlyName="inpoutx\a88733b88cdc3f3cc040912ce5a3c44fa26f2ea8454cf6fc855b104a4910fa31 Hash Sha256" Hash="A88733B88CDC3F3CC040912CE5A3C44FA26F2EA8454CF6FC855B104A4910FA31" />
+    <Deny ID="ID_DENY_INPOUTX_1C" FriendlyName="inpoutx\b8ded5e10dfc997482ba4377c60e7902e6f755674be51b0e181ae465529fb2f2 Hash Sha1" Hash="A4DCE60EADCC112BDAA9562A92EDE168D981BDD7" />
+    <Deny ID="ID_DENY_INPOUTX_1D" FriendlyName="inpoutx\b8ded5e10dfc997482ba4377c60e7902e6f755674be51b0e181ae465529fb2f2 Hash Sha256" Hash="E288439705D9BE2C1F74CF8A44C3853AC3708E52C592B23398877006FADF6CCC" />
+    <Deny ID="ID_DENY_INPOUTX_1E" FriendlyName="inpoutx\cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f Hash Sha1" Hash="CF14350816192CA4824A32237DFCFFC641B4E979" />
+    <Deny ID="ID_DENY_INPOUTX_1F" FriendlyName="inpoutx\cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f Hash Sha256" Hash="4530235508B99DFFE4E912CC9CAC7BDC237E79F5A331F601C43BA909D7A3AF4A" />
+    <Deny ID="ID_DENY_INPOUTX_20" FriendlyName="inpoutx\d5cc046c2ae9ba6fe54def699f1c4fa92d3226304321bbf45cc33883ce131138 Hash Sha1" Hash="77FB38438B9E3F3CE5721EC9C0ABA775E59A951B" />
+    <Deny ID="ID_DENY_INPOUTX_21" FriendlyName="inpoutx\d5cc046c2ae9ba6fe54def699f1c4fa92d3226304321bbf45cc33883ce131138 Hash Sha256" Hash="D5CC046C2AE9BA6FE54DEF699F1C4FA92D3226304321BBF45CC33883CE131138" />
+    <Deny ID="ID_DENY_INPOUTX_22" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha1" Hash="CCE8ED3969E52080B32BCC59E2EC174CA9C578EC" />
+    <Deny ID="ID_DENY_INPOUTX_23" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha256" Hash="E2C531A771B0DF1585518A22427798E86611E6BE3D357024797871A1B3876E9C" />
+    <Deny ID="ID_DENY_LGCORETEMP_1" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha1" Hash="BF20C99129A768B3D2D5C621AB50375984AB9351" />
+    <Deny ID="ID_DENY_LGCORETEMP_2" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha256" Hash="9C4DB6EE983FD4FA74F8212031ADE343A1B9ABDB258D05BEF1AABD7AB49FBC16" />
+    <Deny ID="ID_DENY_LGCORETEMP_3" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Page Sha1" Hash="4DD5A5D9B4AF0708902DF52C6C42921DE296CC21" />
+    <Deny ID="ID_DENY_LGCORETEMP_4" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Page Sha256" Hash="211008964FAD760C1EDDB6221DF727D86695FCBFA83909225D6E5E9215D108E5" />
+    <Deny ID="ID_DENY_MHYPROT2_1" FriendlyName="mhyprot2.sys\247AADAF17ED894FCACF3FC4E109B005540E3659FD0249190EB33725D3D3082F Hash Sha1" Hash="05234D1A267C9B6C1754272658FBEBB22633CAC0" />
+    <Deny ID="ID_DENY_MHYPROT2_2" FriendlyName="mhyprot2.sys\247AADAF17ED894FCACF3FC4E109B005540E3659FD0249190EB33725D3D3082F Hash Sha256" Hash="FAA37602095F25135312F87ED7ADB607FFA5E9B2931B58D00F7376ED0C6EC69A" />
+    <Deny ID="ID_DENY_MHYPROT2_3" FriendlyName="mhyprot2.sys\247AADAF17ED894FCACF3FC4E109B005540E3659FD0249190EB33725D3D3082F Hash Page Sha1" Hash="9381E89C7BFCAE44C16E2C41D146F0198F04A9A7" />
+    <Deny ID="ID_DENY_MHYPROT2_4" FriendlyName="mhyprot2.sys\247AADAF17ED894FCACF3FC4E109B005540E3659FD0249190EB33725D3D3082F Hash Page Sha256" Hash="E977DCF2843EB5543AD85336C00CA5D855A0132737AE6853CA646901013EBBC2" />
+    <Deny ID="ID_DENY_MHYPROT2_5" FriendlyName="mhyprot2.sys\26D69E677D30BB53C7AC7F3FCE76291FE2C44720EF17EE386F95F08EC5175288 Hash Sha1" Hash="DCF13F12B2429A0A50E0094776B59BEA641B142C" />
+    <Deny ID="ID_DENY_MHYPROT2_6" FriendlyName="mhyprot2.sys\26D69E677D30BB53C7AC7F3FCE76291FE2C44720EF17EE386F95F08EC5175288 Hash Sha256" Hash="000E984D3EEBC54259A24A17745EED07D9C3658B86462CB5EBC26381302F7A38" />
+    <Deny ID="ID_DENY_MHYPROT2_7" FriendlyName="mhyprot2.sys\26D69E677D30BB53C7AC7F3FCE76291FE2C44720EF17EE386F95F08EC5175288 Hash Page Sha1" Hash="FA569BD33B198E7D80C43CD5D8313346AAEA9901" />
+    <Deny ID="ID_DENY_MHYPROT2_8" FriendlyName="mhyprot2.sys\26D69E677D30BB53C7AC7F3FCE76291FE2C44720EF17EE386F95F08EC5175288 Hash Page Sha256" Hash="BA2D76473E86CA72A30642C56207D59F9E826D07864FBE9AB8BCC76701F37D04" />
+    <Deny ID="ID_DENY_MHYPROT2_9" FriendlyName="mhyprot2.sys\46CF46E1073B7C99142964B7C4BEF1E5285FABCF2C6DBE5BE99000A393D9F474 Hash Sha1" Hash="F408AD59F7590D26AFC84A7109DD56CFE98EBEA9" />
+    <Deny ID="ID_DENY_MHYPROT2_A" FriendlyName="mhyprot2.sys\46CF46E1073B7C99142964B7C4BEF1E5285FABCF2C6DBE5BE99000A393D9F474 Hash Sha256" Hash="DBCAD271FEDA00F614EF9866886CDE83E9FFFAC6E76694FD052790541BB7E993" />
+    <Deny ID="ID_DENY_MHYPROT2_B" FriendlyName="mhyprot2.sys\46CF46E1073B7C99142964B7C4BEF1E5285FABCF2C6DBE5BE99000A393D9F474 Hash Page Sha1" Hash="71BB02DADA5A107997CFB2AEE91EF7A387741A91" />
+    <Deny ID="ID_DENY_MHYPROT2_C" FriendlyName="mhyprot2.sys\46CF46E1073B7C99142964B7C4BEF1E5285FABCF2C6DBE5BE99000A393D9F474 Hash Page Sha256" Hash="6CBB71ED0F775A9141A18CEEDED43A3ABB0303E862B923C91E1945924F96924B" />
+    <Deny ID="ID_DENY_MHYPROT2_D" FriendlyName="mhyprot2.sys\509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6 Hash Sha1" Hash="484C72DD4FD91083B249F3CCC733A3C8335E583F" />
+    <Deny ID="ID_DENY_MHYPROT2_E" FriendlyName="mhyprot2.sys\509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6 Hash Sha256" Hash="0C7809AC1FA074408518DDC0AC118912C9CD43ED9C89213BC4D59043016B040C" />
+    <Deny ID="ID_DENY_MHYPROT2_F" FriendlyName="mhyprot2.sys\509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6 Hash Page Sha1" Hash="D5720A52FCF9B78A9AB4F528E8DB97A0A309ADE9" />
+    <Deny ID="ID_DENY_MHYPROT2_10" FriendlyName="mhyprot2.sys\509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6 Hash Page Sha256" Hash="1B3EAC12BA5417CA18AFE88B4975994EDE99C32318FA44D306F2405447DD8C05" />
+    <Deny ID="ID_DENY_MHYPROT2_11" FriendlyName="mhyprot2.sys\6E76764D750EBD835AA4BB055830D278DF530303585614C1DC743F8D5ADF97D7 Hash Sha1" Hash="8E6248135AD596861D8F6D42703DEB79382F285A" />
+    <Deny ID="ID_DENY_MHYPROT2_12" FriendlyName="mhyprot2.sys\6E76764D750EBD835AA4BB055830D278DF530303585614C1DC743F8D5ADF97D7 Hash Sha256" Hash="F18605A691056B446C6411B7FA841B8178059BDE8094CFE9013E59F4663CDF7F" />
+    <Deny ID="ID_DENY_MHYPROT2_13" FriendlyName="mhyprot2.sys\6E76764D750EBD835AA4BB055830D278DF530303585614C1DC743F8D5ADF97D7 Hash Page Sha1" Hash="6B8EC268FD00F5832BEA41A4C20AB4537C91279D" />
+    <Deny ID="ID_DENY_MHYPROT2_14" FriendlyName="mhyprot2.sys\6E76764D750EBD835AA4BB055830D278DF530303585614C1DC743F8D5ADF97D7 Hash Page Sha256" Hash="7B82DD9B35D55D4718E0BC1F24827AEA6162DB5C1BBD691C4525931DD9EC906F" />
+    <Deny ID="ID_DENY_MHYPROT2_15" FriendlyName="mhyprot2.sys\AD2477632B9B07588CFE0E692F244C05FA4202975C1FE91DD3B90FA911AC6058 Hash Sha1" Hash="BD2C5FDAE29B39DE9F862455FB2FB07FBF99ECE2" />
+    <Deny ID="ID_DENY_MHYPROT2_16" FriendlyName="mhyprot2.sys\AD2477632B9B07588CFE0E692F244C05FA4202975C1FE91DD3B90FA911AC6058 Hash Sha256" Hash="DF3FD9FA267E12D7C6B65028373E21978041F0C94375B5C7316498FBAD6F4AE0" />
+    <Deny ID="ID_DENY_MHYPROT2_17" FriendlyName="mhyprot2.sys\AD2477632B9B07588CFE0E692F244C05FA4202975C1FE91DD3B90FA911AC6058 Hash Page Sha1" Hash="830E26AB8ADD5C589A20C9CAADC31599E78A8D7C" />
+    <Deny ID="ID_DENY_MHYPROT2_18" FriendlyName="mhyprot2.sys\AD2477632B9B07588CFE0E692F244C05FA4202975C1FE91DD3B90FA911AC6058 Hash Page Sha256" Hash="4F43AF4FA32E28A4232ACFA0EFAC492635FF5ECB2EAAF10A30637A98E77C289D" />
+    <Deny ID="ID_DENY_MHYPROT2_19" FriendlyName="mhyprot2.sys\B8B94C2646B62F6AC08F16514B6EFAA9866AA3C581E4C0435A7AEAFE569B2418 Hash Sha1" Hash="A3FD0D15889398830A61EED9DFAC17DFBDE792EF" />
+    <Deny ID="ID_DENY_MHYPROT2_1A" FriendlyName="mhyprot2.sys\B8B94C2646B62F6AC08F16514B6EFAA9866AA3C581E4C0435A7AEAFE569B2418 Hash Sha256" Hash="8CED17D1EE92AE72749AFDFE40F5029223D97F0F977E718BD5AB1242D1FF7CB5" />
+    <Deny ID="ID_DENY_MHYPROT2_1B" FriendlyName="mhyprot2.sys\B8B94C2646B62F6AC08F16514B6EFAA9866AA3C581E4C0435A7AEAFE569B2418 Hash Page Sha1" Hash="1C843C256936E700CEDE3DD444E1B6714EFF4E8B" />
+    <Deny ID="ID_DENY_MHYPROT2_1C" FriendlyName="mhyprot2.sys\B8B94C2646B62F6AC08F16514B6EFAA9866AA3C581E4C0435A7AEAFE569B2418 Hash Page Sha256" Hash="84516365771430545C4D7D950B0F0699EC1573F316EF787983081F027E8A1FC5" />
+	<Deny ID="ID_DENY_MHYPROT2_21" FriendlyName="mhyprot.sys\69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2 Hash Sha1" Hash="C771EA59F075170E952C393CFD6FC784B265027C" />
+    <Deny ID="ID_DENY_MHYPROT2_22" FriendlyName="mhyprot.sys\69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2 Hash Sha256" Hash="39937D239220C1B779D7D55613DE2C0A48BD6E12E0214DA4C65992B96CF591DF" />
+    <Deny ID="ID_DENY_MHYPROT2_23" FriendlyName="mhyprot.sys\69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2 Hash Page Sha1" Hash="CB44C6F0EE51CB4C5836499BC61DD6C1FBDF8AA1" />
+    <Deny ID="ID_DENY_MHYPROT2_24" FriendlyName="mhyprot.sys\69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2 Hash Page Sha256" Hash="7ED26A593524A2A92FFCFB075A42BB4FA4775FFBF83AF98525244A4710886EAD" />
+    <Deny ID="ID_DENY_MHYPROT2_25" FriendlyName="mhyprot.sys\8eed6b4a1e6f7dd66807beeb6ff71f8b34cd8c7777f1e31d326cb87593e8f836 Hash Sha1" Hash="0918277FCDC64A9DC51C04324377B3468FA1269B" />
+    <Deny ID="ID_DENY_MHYPROT2_26" FriendlyName="mhyprot.sys\8eed6b4a1e6f7dd66807beeb6ff71f8b34cd8c7777f1e31d326cb87593e8f836 Hash Sha256" Hash="AA717E9AB4D614497DF19F602D289A6EDDCDBA8027C71BCC807780A219347D16" />
+    <Deny ID="ID_DENY_MHYPROT2_27" FriendlyName="mhyprot.sys\8eed6b4a1e6f7dd66807beeb6ff71f8b34cd8c7777f1e31d326cb87593e8f836 Hash Page Sha1" Hash="B09BCC042D60D2F4C0D08284818ED198CEDEDA04" />
+    <Deny ID="ID_DENY_MHYPROT2_28" FriendlyName="mhyprot.sys\8eed6b4a1e6f7dd66807beeb6ff71f8b34cd8c7777f1e31d326cb87593e8f836 Hash Page Sha256" Hash="FF5F6048A3D6F6738B60E911E3876FCBDC9A02EC9862F909345C8A50FD4CC0A7" />
+    <Deny ID="ID_DENY_MHYPROT3_1" FriendlyName="mhyprot3.sys\24E70C87D58FA5771F02B9DDF0D8870CBA6B26E35C6455A2C77F482E2080D3E9 Hash Sha1" Hash="E19E10D97D7ECD4A4376196F7E3DFA2365872867" />
+    <Deny ID="ID_DENY_MHYPROT3_2" FriendlyName="mhyprot3.sys\24E70C87D58FA5771F02B9DDF0D8870CBA6B26E35C6455A2C77F482E2080D3E9 Hash Sha256" Hash="5A021532F0AC453256526428CCF3518CDBA4C6373CC72F340BA208B6C41B3A9E" />
+    <Deny ID="ID_DENY_MHYPROT3_3" FriendlyName="mhyprot3.sys\24E70C87D58FA5771F02B9DDF0D8870CBA6B26E35C6455A2C77F482E2080D3E9 Hash Page Sha1" Hash="25C88C4312C3120547FE62EBF5E56FF1174AAFBC" />
+    <Deny ID="ID_DENY_MHYPROT3_4" FriendlyName="mhyprot3.sys\24E70C87D58FA5771F02B9DDF0D8870CBA6B26E35C6455A2C77F482E2080D3E9 Hash Page Sha256" Hash="AADE26BCD9B435D7ED420134855428AFF84EDCF4E6E66A500A04135ADB4D97E0" />
     <Deny ID="ID_DENY_MSIO_SHA1_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
     <Deny ID="ID_DENY_MSIO_SHA256_1" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
     <Deny ID="ID_DENY_MSIO_SHA1_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
@@ -245,6 +425,118 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_MSIO_SHA256_3" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
     <Deny ID="ID_DENY_MSIO_SHA1_4" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
     <Deny ID="ID_DENY_MSIO_SHA256_4" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
+    <Deny ID="ID_DENY_NVFLASH_1" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha1" Hash="213C4EC78132D6C0FDFDD7B640107E0CE4990A0E" />
+    <Deny ID="ID_DENY_NVFLASH_2" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha256" Hash="91EE89520105CCBCECA6EE0E34070F28C8DC5A3D73EC65F384DA5DA4F2A36DC0" />
+    <Deny ID="ID_DENY_NVFLASH_3" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Page Sha1" Hash="C24D6F9132486AF1EB2937D9366275126A5A35E1" />
+    <Deny ID="ID_DENY_NVFLASH_4" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Page Sha256" Hash="EC1F0A277927B9C62B074FC4DC830A8C326BB7EDC667A09F2B3FC5684211A471" />
+    <Deny ID="ID_DENY_NVFLASH_5" FriendlyName="nvflash.sys\0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f Hash Sha1" Hash="B76B53A72B66938BB3E9C787D0E075260F3E821C" />
+    <Deny ID="ID_DENY_NVFLASH_6" FriendlyName="nvflash.sys\0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f Hash Sha256" Hash="3CEE638C546EFE5BD23880DA9FA2B90E8DD0FD4A228FB0AD96F6C11D47A52593" />
+    <Deny ID="ID_DENY_NVFLASH_7" FriendlyName="nvflash.sys\0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f Hash Page Sha1" Hash="92A074CE4E5D2C89F709F63889BBE36EF92EA5AD" />
+    <Deny ID="ID_DENY_NVFLASH_8" FriendlyName="nvflash.sys\0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f Hash Page Sha256" Hash="19885E3CDADC4F226A1E71F69D463B93B8612C1D50F17BE831EC123D9A6BF09C" />
+    <Deny ID="ID_DENY_NVFLASH_9" FriendlyName="nvflash.sys\159dcf37dc723d6db2bad46ed6a1b0e31d72390ec298a5413c7be318aef4a241 Hash Sha1" Hash="892200C0BAE37AB60DECF28CE9E83D9CB56ACA24" />
+    <Deny ID="ID_DENY_NVFLASH_A" FriendlyName="nvflash.sys\159dcf37dc723d6db2bad46ed6a1b0e31d72390ec298a5413c7be318aef4a241 Hash Sha256" Hash="DDE12D20A00F7987F6E53EEEEE3D5667482940F06D012A0003B80F217A105D74" />
+    <Deny ID="ID_DENY_NVFLASH_B" FriendlyName="nvflash.sys\1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc Hash Sha1" Hash="2AE5A1F9C96F3935D58830D2FDF00B4517DACFD9" />
+    <Deny ID="ID_DENY_NVFLASH_C" FriendlyName="nvflash.sys\1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc Hash Sha256" Hash="51DBF446DEB54BEB8AEF1DE11E0F868AC062A9DB0C31D0E16EFF99203AEC86A9" />
+    <Deny ID="ID_DENY_NVFLASH_D" FriendlyName="nvflash.sys\1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc Hash Page Sha1" Hash="99039FEBE9EA08C480017C1278A864413449A0AD" />
+    <Deny ID="ID_DENY_NVFLASH_E" FriendlyName="nvflash.sys\1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc Hash Page Sha256" Hash="E47F294B4CB2CFDC42BD801F196FD9A7AF10DA5D4376043C55865549A661F224" />
+    <Deny ID="ID_DENY_NVFLASH_F" FriendlyName="nvflash.sys\1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a Hash Sha1" Hash="FD986601F23ED39308F35A13A54A080065E2B45D" />
+    <Deny ID="ID_DENY_NVFLASH_10" FriendlyName="nvflash.sys\1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a Hash Sha256" Hash="4B38C075BA6523502DFD39ED10757DB58234A1C84D4952B65E30B4A8679BFCCA" />
+    <Deny ID="ID_DENY_NVFLASH_11" FriendlyName="nvflash.sys\1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a Hash Page Sha1" Hash="85AF1545543975E4470A0A16C5825D863F7960C9" />
+    <Deny ID="ID_DENY_NVFLASH_12" FriendlyName="nvflash.sys\1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a Hash Page Sha256" Hash="4B05EC4E5E0FB910E75ACDDFFC8E6D06F9024728AACCE13D659AE3C5B4E379CF" />
+    <Deny ID="ID_DENY_NVFLASH_13" FriendlyName="nvflash.sys\20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece Hash Sha1" Hash="5087F7ED135DB66D4B58BEAF09F1245E65171466" />
+    <Deny ID="ID_DENY_NVFLASH_14" FriendlyName="nvflash.sys\20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece Hash Sha256" Hash="CC041A5C21339D62C9EA05215C2C42697F73A3820C83133EB6C6FA574A095384" />
+    <Deny ID="ID_DENY_NVFLASH_15" FriendlyName="nvflash.sys\20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece Hash Page Sha1" Hash="883179DAAFC0E08990285DA24BE8E63AFF983091" />
+    <Deny ID="ID_DENY_NVFLASH_16" FriendlyName="nvflash.sys\20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece Hash Page Sha256" Hash="928DF51B50A780687CF741F06429107A952238E020FE26CBA66F8FE7A7FED7BB" />
+    <Deny ID="ID_DENY_NVFLASH_17" FriendlyName="nvflash.sys\3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14 Hash Sha1" Hash="2C3D006C7C639BFFD8828AAE973238F570A3D74E" />
+    <Deny ID="ID_DENY_NVFLASH_18" FriendlyName="nvflash.sys\3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14 Hash Sha256" Hash="D9434A50E1A6252F23AF362631A5576017CCE3EF109D7FC93748DE8BD46F9385" />
+    <Deny ID="ID_DENY_NVFLASH_19" FriendlyName="nvflash.sys\3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14 Hash Page Sha1" Hash="1488153E8711789BFA0117E0573EB105F7BAA867" />
+    <Deny ID="ID_DENY_NVFLASH_1A" FriendlyName="nvflash.sys\3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14 Hash Page Sha256" Hash="A384616C14E51F6F5E314174A1CBF9B47A7FE9395C2767DCF6013175E1B798C1" />
+    <Deny ID="ID_DENY_NVFLASH_1B" FriendlyName="nvflash.sys\4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d Hash Sha1" Hash="D23911CE1E509163146B3661FA09031708BE327D" />
+    <Deny ID="ID_DENY_NVFLASH_1C" FriendlyName="nvflash.sys\4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d Hash Sha256" Hash="C2F5DB10A59577AEFF8550A58F9D96CE8AA8C1A13F96814CD0F4BB03274968E9" />
+    <Deny ID="ID_DENY_NVFLASH_1D" FriendlyName="nvflash.sys\423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5 Hash Sha1" Hash="E32288042163C61A55FD5CD05F7E1E0EBE2D3064" />
+    <Deny ID="ID_DENY_NVFLASH_1E" FriendlyName="nvflash.sys\423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5 Hash Sha256" Hash="B62ECD7ECCDE402456EAB582B49705CC77065D7015E7D92BBC06E0FCFF097E58" />
+    <Deny ID="ID_DENY_NVFLASH_1F" FriendlyName="nvflash.sys\423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5 Hash Page Sha1" Hash="66862B3470901C611EF69079594B631F262B643A" />
+    <Deny ID="ID_DENY_NVFLASH_20" FriendlyName="nvflash.sys\423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5 Hash Page Sha256" Hash="EFFC8AB3AC97A9B0FEBA09792BF5CEC1AB1B8759A4E3A50834FDCDA5FFA90BCC" />
+    <Deny ID="ID_DENY_NVFLASH_21" FriendlyName="nvflash.sys\4710acca9c4a61e2fc6daafb09d72e11b603ef8cd732e12a84274ea9ad6d43be Hash Sha1" Hash="D4492258676968C5F3EABD0189F149CA143F16D4" />
+    <Deny ID="ID_DENY_NVFLASH_22" FriendlyName="nvflash.sys\4710acca9c4a61e2fc6daafb09d72e11b603ef8cd732e12a84274ea9ad6d43be Hash Sha256" Hash="1E1F20CEB2BFE9F38B50D6C997DBAD032B2A79937EF6B3CE41B34BB74FBD24DB" />
+    <Deny ID="ID_DENY_NVFLASH_23" FriendlyName="nvflash.sys\4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b Hash Sha1" Hash="26D406A4ED82F5F4550B4E3BEC84FB429A5B7952" />
+    <Deny ID="ID_DENY_NVFLASH_24" FriendlyName="nvflash.sys\4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b Hash Sha256" Hash="D4288C055C6D68B4A45DF501877443E544B31C193F8559C8C7EAC927AE738E8A" />
+    <Deny ID="ID_DENY_NVFLASH_25" FriendlyName="nvflash.sys\4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b Hash Page Sha1" Hash="1ADB9E0B8A2533D51026BA553BF49C7D46BCE794" />
+    <Deny ID="ID_DENY_NVFLASH_26" FriendlyName="nvflash.sys\4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b Hash Page Sha256" Hash="8C312288DAE8148CD93AC970F045E0E7981B4CD9DC21DE64E99633AAEABE9754" />
+    <Deny ID="ID_DENY_NVFLASH_27" FriendlyName="nvflash.sys\50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7 Hash Sha1" Hash="C905EDB291ECA91790FEC309CBC00E8A6CE0534D" />
+    <Deny ID="ID_DENY_NVFLASH_28" FriendlyName="nvflash.sys\50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7 Hash Sha256" Hash="057E6A58E3515E56EAB85CCB8EC5086552B7DE98C886C37F6A5284C002615565" />
+    <Deny ID="ID_DENY_NVFLASH_29" FriendlyName="nvflash.sys\50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7 Hash Page Sha1" Hash="79B21CAC909E73ABEF928A9587703CA2F6501B6D" />
+    <Deny ID="ID_DENY_NVFLASH_2A" FriendlyName="nvflash.sys\50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7 Hash Page Sha256" Hash="61ED70302D3A3F42B99C319D8142E00446F9090A45817C2413BBEF4DF7545C1D" />
+    <Deny ID="ID_DENY_NVFLASH_2B" FriendlyName="nvflash.sys\5cc6b647174c8efa0a81ec1d3cb0464c8a567456571d0939fb2e76c6850bf7cb Hash Sha1" Hash="362773DD943A8FAF5C24FAF1F3DC59E6BC89C384" />
+    <Deny ID="ID_DENY_NVFLASH_2C" FriendlyName="nvflash.sys\5cc6b647174c8efa0a81ec1d3cb0464c8a567456571d0939fb2e76c6850bf7cb Hash Sha256" Hash="E88617BF6581B7F48AB216F5A2CF40CFA728354F81A631568823426461902C87" />
+    <Deny ID="ID_DENY_NVFLASH_2D" FriendlyName="nvflash.sys\5cc6b647174c8efa0a81ec1d3cb0464c8a567456571d0939fb2e76c6850bf7cb Hash Page Sha1" Hash="F2758B4DB78D45A969F6500A55F3303F8279A788" />
+    <Deny ID="ID_DENY_NVFLASH_2E" FriendlyName="nvflash.sys\5cc6b647174c8efa0a81ec1d3cb0464c8a567456571d0939fb2e76c6850bf7cb Hash Page Sha256" Hash="B0E2CCA277AD545180769F454CF2EA25C1B9F7751F1B417E905D7DDA18C287A7" />
+    <Deny ID="ID_DENY_NVFLASH_2F" FriendlyName="nvflash.sys\747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465 Hash Sha1" Hash="30DE853698F8DBF7063E647F6C6C50759CE233DE" />
+    <Deny ID="ID_DENY_NVFLASH_30" FriendlyName="nvflash.sys\747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465 Hash Sha256" Hash="DCEF3C2FE44A68992D2344A8EC129E9D35E7790F4317E9BD7BCA6BF217252D91" />
+    <Deny ID="ID_DENY_NVFLASH_31" FriendlyName="nvflash.sys\747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465 Hash Page Sha1" Hash="E9BB517823908DCFC0E47E7A6A81424BFCCBBB23" />
+    <Deny ID="ID_DENY_NVFLASH_32" FriendlyName="nvflash.sys\747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465 Hash Page Sha256" Hash="04ACDCE5167AF1D3F4F2AAEEBA143D7B610B275E29850F52C6DBA62E6359272D" />
+    <Deny ID="ID_DENY_NVFLASH_33" FriendlyName="nvflash.sys\79aa2cedd1b8415ba6d00f4b3601e2363c8bdd07f860a3b8de010f9e5187c0e9 Hash Sha1" Hash="C5AB13C024491029AA6F72020A4E44A8AF004EE9" />
+    <Deny ID="ID_DENY_NVFLASH_34" FriendlyName="nvflash.sys\79aa2cedd1b8415ba6d00f4b3601e2363c8bdd07f860a3b8de010f9e5187c0e9 Hash Sha256" Hash="7680D9B4F66FE4FE9D4A45F2EBDB3F17E7D3E2519E0B61D691761A2222CF444B" />
+    <Deny ID="ID_DENY_NVFLASH_35" FriendlyName="nvflash.sys\7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667 Hash Sha1" Hash="2060F97A7138F29DFEEEF3258ECFE5256DA8AE87" />
+    <Deny ID="ID_DENY_NVFLASH_36" FriendlyName="nvflash.sys\7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667 Hash Sha256" Hash="6694435663BF283A3D5F20E9C90CF1BC4D3687E381B32E1A004A9D24471EB95B" />
+    <Deny ID="ID_DENY_NVFLASH_37" FriendlyName="nvflash.sys\7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667 Hash Page Sha1" Hash="399627D62A7B582DA2C0202AD46AE1FD50DF6DB8" />
+    <Deny ID="ID_DENY_NVFLASH_38" FriendlyName="nvflash.sys\7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667 Hash Page Sha256" Hash="4346FCFFA68B2B532F4A40D48D4D052CE0106ABBEDE45DE2CBF9E474C379E559" />
+    <Deny ID="ID_DENY_NVFLASH_39" FriendlyName="nvflash.sys\7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7 Hash Sha1" Hash="7BD52FAD60A897B26B0D447F7A84E5D00808B3B3" />
+    <Deny ID="ID_DENY_NVFLASH_3A" FriendlyName="nvflash.sys\7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7 Hash Sha256" Hash="48567FA742841208D4F93F54031218703241BAEC6F59B1E4AB8A71C26DE1CF85" />
+    <Deny ID="ID_DENY_NVFLASH_3B" FriendlyName="nvflash.sys\7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7 Hash Page Sha1" Hash="87581F7EB0804FA1114B8CA28EEDEFCB4E3BEFC2" />
+    <Deny ID="ID_DENY_NVFLASH_3C" FriendlyName="nvflash.sys\7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7 Hash Page Sha256" Hash="73EFDB51282A53B599A9DF6E94E0DB8BCEA3825613742FE2864915AFE7EE1869" />
+    <Deny ID="ID_DENY_NVFLASH_3D" FriendlyName="nvflash.sys\8162811e8aae05884e8cb84b8dd87c310e5ed5ec588b9023a4d849d558d6ae34 Hash Sha1" Hash="F3AD16A4376921F4F70E30F03B55DD87087CF8B4" />
+    <Deny ID="ID_DENY_NVFLASH_3E" FriendlyName="nvflash.sys\8162811e8aae05884e8cb84b8dd87c310e5ed5ec588b9023a4d849d558d6ae34 Hash Sha256" Hash="AE7D7D8A5BC48F2FB1DC81806A5EED52C3EFC487CFDC8737D3EA3970DCA7CE27" />
+    <Deny ID="ID_DENY_NVFLASH_3F" FriendlyName="nvflash.sys\835733590a778f48dae1df4e33da8455b89449fed3e04fa19b64bbdcb6a530db Hash Sha1" Hash="239F1400AE2D6005DB03F92203723BC227CFEE7D" />
+    <Deny ID="ID_DENY_NVFLASH_40" FriendlyName="nvflash.sys\835733590a778f48dae1df4e33da8455b89449fed3e04fa19b64bbdcb6a530db Hash Sha256" Hash="C349C8036B5EE61E7B0831943697BA98BFE70A52BAC0A06B497C229B0C0FFF27" />
+    <Deny ID="ID_DENY_NVFLASH_41" FriendlyName="nvflash.sys\9155470dc24449977d1be15a116b08705dd4c113a2eb4ab19a6000749ff4b100 Hash Sha1" Hash="A3B195EA5F9E63790FA575DBEF85D01B4E4D051F" />
+    <Deny ID="ID_DENY_NVFLASH_42" FriendlyName="nvflash.sys\9155470dc24449977d1be15a116b08705dd4c113a2eb4ab19a6000749ff4b100 Hash Sha256" Hash="989E3234C1B61EA2DB590CB170F79E25E9C9A6262B7B9A751ECFC6BF4468B8C4" />
+    <Deny ID="ID_DENY_NVFLASH_43" FriendlyName="nvflash.sys\9368e51ec98e2ad20893a5fc21e6a8b20c5bee158d5c49ca58649cff84db9d68 Hash Sha1" Hash="0CB5FC2EE1BA75E5B8ED06F92D4EDAF08B136333" />
+    <Deny ID="ID_DENY_NVFLASH_44" FriendlyName="nvflash.sys\9368e51ec98e2ad20893a5fc21e6a8b20c5bee158d5c49ca58649cff84db9d68 Hash Sha256" Hash="4AE065383A4EF5564A515D12ADF18427F8D74CC15140EDB95E5E2A51CA44FE42" />
+    <Deny ID="ID_DENY_NVFLASH_45" FriendlyName="nvflash.sys\b715d5682ab59a0ce3f858e47bf79bdf876a899f618c12c22b27cb1dd4daa8f4 Hash Sha1" Hash="01371BEB459717F8030A4F1F1B3C6E041D8A540D" />
+    <Deny ID="ID_DENY_NVFLASH_46" FriendlyName="nvflash.sys\b715d5682ab59a0ce3f858e47bf79bdf876a899f618c12c22b27cb1dd4daa8f4 Hash Sha256" Hash="11E3D9AA67EF620A452458F67E101AA513C7FBCCA8F35E2E5D0E3403D9DEE937" />
+    <Deny ID="ID_DENY_NVFLASH_47" FriendlyName="nvflash.sys\c11305fc8da85568b2d41cdf030ce260815fea848af91dc0e01076d461bab919 Hash Sha1" Hash="B4F0F313882C61FCE95FAA982CA2E36C7129B5BD" />
+    <Deny ID="ID_DENY_NVFLASH_48" FriendlyName="nvflash.sys\c11305fc8da85568b2d41cdf030ce260815fea848af91dc0e01076d461bab919 Hash Sha256" Hash="E52BB23D6E4572FDA5318ADDB4DAD602629C8F254B8E6C4BAF4033DDDF13D660" />
+    <Deny ID="ID_DENY_NVFLASH_49" FriendlyName="nvflash.sys\c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad Hash Sha1" Hash="C75BBD7F612B0BA6DAEDF6D399FB4E3405D70FCE" />
+    <Deny ID="ID_DENY_NVFLASH_4A" FriendlyName="nvflash.sys\c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad Hash Sha256" Hash="6A95F3C5CEC52DA45F9B74660B81226B4314EC18E761490140173998500AE015" />
+    <Deny ID="ID_DENY_NVFLASH_4B" FriendlyName="nvflash.sys\c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad Hash Page Sha1" Hash="56F1F0F49CBAAC3950ED462B5058988629146152" />
+    <Deny ID="ID_DENY_NVFLASH_4C" FriendlyName="nvflash.sys\c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad Hash Page Sha256" Hash="81226C59A8FE8DFA7D3AF42BE35CF363D9460280947C3C13227FEE5EC55A013F" />
+    <Deny ID="ID_DENY_NVFLASH_4D" FriendlyName="nvflash.sys\df996d5a06a2e2ecc087569358b1957d500b176ec7ed37031bcee440963d9d80 Hash Sha1" Hash="507F08806CF4DB099860BFE6725E1705D2F04994" />
+    <Deny ID="ID_DENY_NVFLASH_4E" FriendlyName="nvflash.sys\df996d5a06a2e2ecc087569358b1957d500b176ec7ed37031bcee440963d9d80 Hash Sha256" Hash="AB3FE6CBD9E3D70A64C5F3B186126CC38A04A624CEEFC46AFE4825F2001A3CAA" />
+    <Deny ID="ID_DENY_NVFLASH_4F" FriendlyName="nvflash.sys\e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa Hash Sha1" Hash="1989E7DB7CE6B29F674BFF8E7EFA7056DD2711AA" />
+    <Deny ID="ID_DENY_NVFLASH_50" FriendlyName="nvflash.sys\e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa Hash Sha256" Hash="E69BBA9F8AAE090226841A02E6207FB37F784B83C6641EA15BD20E7BD3418D87" />
+    <Deny ID="ID_DENY_NVFLASH_51" FriendlyName="nvflash.sys\e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa Hash Page Sha1" Hash="885D09104754C54B888E40BA3FC87D6F31CFBA4C" />
+    <Deny ID="ID_DENY_NVFLASH_52" FriendlyName="nvflash.sys\e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa Hash Page Sha256" Hash="788D70F1F98CB804453B052363C3639447CE1DDE7B4D3CAFD1D7810CCF59A4A0" />
+    <Deny ID="ID_DENY_NVFLASH_53" FriendlyName="nvflash.sys\eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90 Hash Sha1" Hash="D299F3E02E924746763838B6FBE37EBAB64CE698" />
+    <Deny ID="ID_DENY_NVFLASH_54" FriendlyName="nvflash.sys\eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90 Hash Sha256" Hash="B1B708DD7B10616693FD6B56E0B47D9FA6B90F9DB28CBF3893B815222E2FA2E5" />
+    <Deny ID="ID_DENY_NVFLASH_55" FriendlyName="nvflash.sys\eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90 Hash Page Sha1" Hash="8D92D3C3186E525F6810B807FA3AF080776BB5C9" />
+    <Deny ID="ID_DENY_NVFLASH_56" FriendlyName="nvflash.sys\eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90 Hash Page Sha256" Hash="6D4FD027E3B3D3B066092C58408392A8A9475CFEFDE0BDB03BD904228B180365" />
+    <Deny ID="ID_DENY_NVFLASH_57" FriendlyName="nvflash.sys\f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e Hash Sha1" Hash="403101941F404B42ACFB5003D23357EFFD89AB09" />
+    <Deny ID="ID_DENY_NVFLASH_58" FriendlyName="nvflash.sys\f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e Hash Sha256" Hash="D510B3424178F80CBE926217D74BBECBF682A88F1B6052EF27FD27D601FC14F7" />
+    <Deny ID="ID_DENY_NVFLASH_59" FriendlyName="nvflash.sys\f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e Hash Page Sha1" Hash="1985EFCE1EA72048C2F80A259CA9EE1B74964910" />
+    <Deny ID="ID_DENY_NVFLASH_5A" FriendlyName="nvflash.sys\f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e Hash Page Sha256" Hash="CB1CD8AD059F553B7D9D93A343557891B4A126FE97FEA51767C404E85514117F" />
+    <Deny ID="ID_DENY_NVFLASH_5B" FriendlyName="nvflash.sys\f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257 Hash Sha1" Hash="3B45A3E4C8BC157C97DE9D010FEEA486C8263CCA" />
+    <Deny ID="ID_DENY_NVFLASH_5C" FriendlyName="nvflash.sys\f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257 Hash Sha256" Hash="E5A6FE0D0A3894F55B7BA9B4D5A03022F6146544F1F874AE1EF32C29450535B7" />
+    <Deny ID="ID_DENY_NVFLASH_5D" FriendlyName="nvflash.sys\f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257 Hash Page Sha1" Hash="0FCFB7ED9D855A8D217C449FC01C7B6F1DDE6E09" />
+    <Deny ID="ID_DENY_NVFLASH_5E" FriendlyName="nvflash.sys\f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257 Hash Page Sha256" Hash="C5D82F33F4DEFA4430406C1A49320769E435184DC56A2DD167D4C82B0A5B0880" />
+    <Deny ID="ID_DENY_NVFLASH_5F" FriendlyName="nvflash.sys\f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44 Hash Sha1" Hash="E127C3A0F3CF3A30A1A82F558B2BDCD995657B0C" />
+    <Deny ID="ID_DENY_NVFLASH_60" FriendlyName="nvflash.sys\f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44 Hash Sha256" Hash="46CB4AABE49917BE885F2C42ADE92ACEDA6B9D0B7739CF0E7C3C6D93820B67C3" />
+    <Deny ID="ID_DENY_NVFLASH_61" FriendlyName="nvflash.sys\f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44 Hash Page Sha1" Hash="E75DD0730EE08F55F2BA9BE713BE7D8A0532C7ED" />
+    <Deny ID="ID_DENY_NVFLASH_62" FriendlyName="nvflash.sys\f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44 Hash Page Sha256" Hash="71CFC85D9AB2BBE93C4E301B84E590E1067A0306BE04DE8CA7751734AD43C73B" />
+    <Deny ID="ID_DENY_NVFLASH_63" FriendlyName="nvflash.sys\fd94be9ac97f06abe64426933fbee02871d5d181b1d9025daf1aaa92d9342e90 Hash Sha1" Hash="E3908D3DF9154FD25DAE684C1E12750AB6C57FE1" />
+    <Deny ID="ID_DENY_NVFLASH_64" FriendlyName="nvflash.sys\fd94be9ac97f06abe64426933fbee02871d5d181b1d9025daf1aaa92d9342e90 Hash Sha256" Hash="5C58C38E4737C750CCAFA621A18D875299BB5440BB1900EB8469DCF4130049C8" />
+    <Deny ID="ID_DENY_NVFLASH_65" FriendlyName="nvflash.sys\fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5 Hash Sha1" Hash="28DE9CAD03C6F3F335B3B600666B6056A15E44BD" />
+    <Deny ID="ID_DENY_NVFLASH_66" FriendlyName="nvflash.sys\fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5 Hash Sha256" Hash="A00B50CC1D95ABC3ADA635F331C5911D1AAF9AE8B86D359DB6FC7F6FC5EB0C94" />
+    <Deny ID="ID_DENY_NVFLASH_67" FriendlyName="nvflash.sys\fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5 Hash Page Sha1" Hash="5C491461CB823CD8429367939B5823AAAF096AF1" />
+    <Deny ID="ID_DENY_NVFLASH_68" FriendlyName="nvflash.sys\fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5 Hash Page Sha256" Hash="0B0B8410AF9BACB119832C4884159D866EEEDF35C86F08BFB625F8ED782CF871" />
+    <Deny ID="ID_DENY_NVFLASH_69" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Sha1" Hash="7B16F47DAC151D8FF54B249F930A37B72CD7094C" />
+    <Deny ID="ID_DENY_NVFLASH_6A" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Sha256" Hash="157CE9AE0D09766CFA3E5BE8F90E2AC510F0CE3A0BB7CD97E3A5F9AA20C76661" />
+    <Deny ID="ID_DENY_NVFLASH_6B" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Page Sha1" Hash="C1DC399DF098A44F569BA80ECCFE0B5724362B16" />
+    <Deny ID="ID_DENY_NVFLASH_6C" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Page Sha256" Hash="D6E111744E51D167F040AC43D426D852013241C717C557ECC8C8FCEAA0F01BBC" />
+    <Deny ID="ID_DENY_OTIPCIBUS_1" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Sha1" Hash="FD172C7F8BDC81988FCF1642881078A8CA8415F6" />
+    <Deny ID="ID_DENY_OTIPCIBUS_2" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Sha256" Hash="1CDA1A6E33D14D5DD06344425102BF840F8149E817ECFB01C59A2190D3367024" />
+    <Deny ID="ID_DENY_OTIPCIBUS_3" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Page Sha1" Hash="8DFBFD888C9A420AC7F3371E5443C26A2852E539" />
+    <Deny ID="ID_DENY_OTIPCIBUS_4" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Page Sha256" Hash="FC6D1B67464228C2FA102AD121DCD40292054DC0FC8C4D86BEFACA7456535C57" />
     <Deny ID="ID_DENY_PIDDRV_SHA1" FriendlyName="piddrv.sys Hash Sha1" Hash="877C6C36A155109888FE1F9797B93CB30B4957EF" />
     <Deny ID="ID_DENY_PIDDRV_SHA256" FriendlyName="piddrv.sys Hash Sha256" Hash="4E19D4CE649C28DD947424483796BEACE3656284FB0379D97DDDD320AA602BBC" />
     <Deny ID="ID_DENY_PIDDRV_SHA1_PAGE" FriendlyName="piddrv.sys Hash Page Sha1" Hash="A7D827A41B2C4B7638495CD1D77926F1BA902978" />
@@ -265,214 +557,298 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     <Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
     <Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
     <Deny ID="ID_DENY_WINRING0_SHA256_PAGE" FriendlyName="WinRing0.sys Hash Page Sha256" Hash="8D8A5696BDF11D2427016F91F9726AFF4F0C80FADBC3E6033662FA11C8B282BD" />
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_70" FriendlyName="b.sys Hash Sha1" Hash="FD8A340CD071BC98E6EEAC9BBD4AC8A78688BC17"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_71" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA1_72" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
-    <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_70" FriendlyName="b.sys Hash Sha1" Hash="FD8A340CD071BC98E6EEAC9BBD4AC8A78688BC17" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_71" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_72" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A" />
+    <Deny ID="ID_DENY_WINIO_1" FriendlyName="WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
+    <Deny ID="ID_DENY_WINIO_2" FriendlyName="WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
+    <Deny ID="ID_DENY_WINIO_3" FriendlyName="WinIo64B.sys\80ca9c9cce4b5e6afb92a56b5bfd954eca0ff690 Hash Sha1" Hash="80CA9C9CCE4B5E6AFB92A56B5BFD954ECA0FF690" />
+    <Deny ID="ID_DENY_WINIO_4" FriendlyName="WinIo64A.sys\c21043466942961203e751c9cebcd159e661fa1a Hash Sha1" Hash="C21043466942961203E751C9CEBCD159E661FA1A" />
+    <Deny ID="ID_DENY_WINIO_5" FriendlyName="WinIo64.sys\40cc2318ffffd458023c8cd1e285a5ad51adf538 Hash Sha1" Hash="40CC2318FFFFD458023C8CD1E285A5AD51ADF538" />
+    <Deny ID="ID_DENY_WINIO_6" FriendlyName="WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
+    <Deny ID="ID_DENY_WINIO_7" FriendlyName="WinIO32.sys\8fb149fc476cf5bf18dc575334edad7caf210996 Hash Sha1" Hash="8FB149FC476CF5BF18DC575334EDAD7CAF210996" />
+    <Deny ID="ID_DENY_WINIO_8" FriendlyName="WinIO32A.sys\01779ee53f999464465ed690d823d160f73f10e7 Hash Sha1" Hash="01779EE53F999464465ED690D823D160F73F10E7" />
+    <Deny ID="ID_DENY_WINIO_9" FriendlyName="WinIo64C.sys\b242b0332b9c9e8e17ec27ef10d75503d20d97b6 Hash Sha1" Hash="B242B0332B9C9E8E17EC27EF10D75503D20D97B6" />
+    <Deny ID="ID_DENY_WINIO_10" FriendlyName="WinIO64C.sys\a65fabaf64aa1934314aae23f25cdf215cbaa4b6 Hash Sha1" Hash="A65FABAF64AA1934314AAE23F25CDF215CBAA4B6" />
+    <Deny ID="ID_DENY_SUPERBMC_2" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Sha1" Hash="989BDDC6B7076947277AB6EB7F002AB6731AAEAE" />
+    <Deny ID="ID_DENY_SUPERBMC_3" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Sha256" Hash="5147B0F2CA9D0BDE1F9FCEB382C05F7FA9C333709D7BF081D6C00A4132D914AF" />
+    <Deny ID="ID_DENY_SUPERBMC_4" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Page Sha1" Hash="4378B656A1C94CD885323B6D6E36038E8522E6CC" />
+    <Deny ID="ID_DENY_SUPERBMC_5" FriendlyName="superbmc.sys\1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f Hash Page Sha256" Hash="034DB61D844ADA030BB9173F4B7448DD6CC355B4429266F5ABBA6AFDB481128B" />
+    <Deny ID="ID_DENY_SUPERBMC_6" FriendlyName="superbmc.sys\1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6 Hash Sha1" Hash="AF3908C5DCB18E82A749AD06B82D2AEC3C2542AF" />
+    <Deny ID="ID_DENY_SUPERBMC_7" FriendlyName="superbmc.sys\1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6 Hash Sha256" Hash="85C5E66F38152D17D5B580126B3348579263BBC8FD22E5417C0090FD75A330AC" />
+    <Deny ID="ID_DENY_SUPERBMC_8" FriendlyName="superbmc.sys\1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6 Hash Page Sha1" Hash="ECDEED85F0046EC45B50E253B010DDDFDF7B4210" />
+    <Deny ID="ID_DENY_SUPERBMC_9" FriendlyName="superbmc.sys\1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6 Hash Page Sha256" Hash="53784E616D77F2CD75EDF0DBEA9E20795E5E9BC8499D5F71C3792AA937857D7A" />
+    <Deny ID="ID_DENY_SUPERBMC_A" FriendlyName="superbmc.sys\326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9 Hash Sha1" Hash="B73248A34FBAB95C9D4A1CF944CDC69B3F5E4995" />
+    <Deny ID="ID_DENY_SUPERBMC_B" FriendlyName="superbmc.sys\326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9 Hash Sha256" Hash="22AFEE6F0EC783D59EF4F5D6C189B78FA26302F0ED09670B7BBC9BAE26BDB0E5" />
+    <Deny ID="ID_DENY_SUPERBMC_C" FriendlyName="superbmc.sys\326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9 Hash Page Sha1" Hash="D3149002B0072DFB0ACDC28E34B8DE5EEC6F0C68" />
+    <Deny ID="ID_DENY_SUPERBMC_D" FriendlyName="superbmc.sys\326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9 Hash Page Sha256" Hash="24D3142C62692D04B485778810369EDB17804E38DF9791D44345A80DA6D83611" />
+    <Deny ID="ID_DENY_SUPERBMC_E" FriendlyName="superbmc.sys\a6f8aa3de5b4aea58eddd45807d722c864d4bc4a38ad573174af864e21f0d526 Hash Sha1" Hash="93018A3B82781979DD4759DADF5A4EC91DA86722" />
+    <Deny ID="ID_DENY_SUPERBMC_F" FriendlyName="superbmc.sys\a6f8aa3de5b4aea58eddd45807d722c864d4bc4a38ad573174af864e21f0d526 Hash Sha256" Hash="8CEF918675DFAEB50CACD36B9C06871FD05E9FFEA7ADDF98A396FAE131ABE30A" />
+    <Deny ID="ID_DENY_SUPERBMC_10" FriendlyName="superbmc.sys\c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e Hash Sha1" Hash="CDC476003A1310AA02271260CC9EB7BA07FF60CB" />
+    <Deny ID="ID_DENY_SUPERBMC_11" FriendlyName="superbmc.sys\c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e Hash Sha256" Hash="2645298D84585FA987450AA11687B73739CBBC26ABAA8125099CAE5889BEB211" />
+    <Deny ID="ID_DENY_SUPERBMC_12" FriendlyName="superbmc.sys\c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e Hash Page Sha1" Hash="53D29F61F890CE4576950E8B600420302BBB1A6A" />
+    <Deny ID="ID_DENY_SUPERBMC_13" FriendlyName="superbmc.sys\c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e Hash Page Sha256" Hash="898EF622B286EE6E3A30644C073D5E09E33F1762C9B7AC458D2A5A5CC7CFEBE1" />
+    <Deny ID="ID_DENY_SUPERBMC_14" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Sha1" Hash="9A9A788B3E94272C74D1D6C2451491BB40277D04" />
+    <Deny ID="ID_DENY_SUPERBMC_15" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Sha256" Hash="976C015B28197CCD15F807B776F705BDF612FC622FB0A4B9901B90F180BF2F8A" />
+    <Deny ID="ID_DENY_SUPERBMC_16" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha1" Hash="2303BEAB201455CC543E0CCE9D4D8698338787EB" />
+    <Deny ID="ID_DENY_SUPERBMC_17" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha256" Hash="161DC4F7ED741397F6BD6C2B012DBDF6E397CF02212C7DAAF303338206B1E3A7" />
     <Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.65535.65535" />
     <Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
     <Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_PCHUNTER_1" FriendlyName="PCHunter Driver" FileName="PCHunter.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <Deny ID="ID_DENY_PCHUNTER_2" FriendlyName="PCHunter Driver" FileName="安全专用" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_PHYMEMX_64" FriendlyName="Phymemx64 Memory Mapping Driver" FileName="phymemx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_DBK_32" FriendlyName="Cheat Engine Driver" FileName="dbk32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_DBK_64" FriendlyName="Cheat Engine Driver" FileName="dbk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="6.1.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
+    <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_AMDPP_1" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="6.1.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_ASWARPOT" FriendlyName="Avast aswArpot FileAttribute" FileName="aswArPot.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.4.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ATILLK" FriendlyName="atillk64 FileAttribute" FileName="atillk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ATSZIO_1" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_DEF" FriendlyName="Bs_Def64 FileAttribute" FileName="Bs_Def64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_DEF_64" FriendlyName="Bs_Def FileAttribute" FileName="Bs_Def.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
     <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
-    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_RCIO_1" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
     <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
     <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
+    <FileAttrib ID="ID_FILEATTRIB_HW" FriendlyName="hw_sys\4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8 FileAttribute" FileName="HW.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_HWRWDRV" FriendlyName="HwRwDrv FileAttribute" FileName="HwRwDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_IOBITUNLOCKER" FriendlyName="IObitUnlocker FileAttribute" FileName="IObitUnlocker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_KEVP64_1" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LHA_1" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_LV561V64" FriendlyName="LV561V64 LogiTech FileAttribute" FileName="Lv561av.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_MONITOR" FriendlyName="IOBit Monitor.sys FileAttribute" FileName="Monitor.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="15.0.0.2" />
     <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_MYDRIVERS" FriendlyName="mydrivers.sys FileAttribute" FileName="mydrivers.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
-    <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NCPL_DRIVER_1" FriendlyName="" FileName="NCPL.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NVFLASH" FriendlyName="Nvidia NVFlash FileAttribute" FileName="nvflash.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.9.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_PANIO_1" FriendlyName="PanIOx64\6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74 FileAttribute" FileName="PanIOx64.sys" MinimumFileVersion="1.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_PANIO_2" FriendlyName="PanIO\f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960 FileAttribute" FileName="PanIO.sys" MinimumFileVersion="1.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_PANIOMON_1" FriendlyName="PanMonFltx64\06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf FileAttribute" FileName="PanMonFltX64.sys" MinimumFileVersion="1.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_PANIOMON_2" FriendlyName="PanMonFlt\7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7 FileAttribute" FileName="PanMonFlt.sys" MinimumFileVersion="1.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_PHYMEM" FriendlyName="Phymem FileAttribute" FileName="phymem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIO_DRIVER" FriendlyName="" FileName="rtkio.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER" FriendlyName="" FileName="rtkio64.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO_DRIVER" FriendlyName="" FileName="rtkio.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO_DRIVER_1" FriendlyName="" FileName="rtkio.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER" FriendlyName="" FileName="rtkio64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIO64_DRIVER_1" FriendlyName="" FileName="rtkio64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW10X64_DRIVER_1" FriendlyName="" FileName="rtkiow10x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER_1" FriendlyName="" FileName="rtkiow8x64.sys" MinimumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_RWDRV_DRIVER_1" FriendlyName="" FileName="RwDrv.sys" MinimumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_SANDBOX_1" FriendlyName="Agnitum sandbox FileAttribute" FileName="sandbox.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_SANDBOX_2" FriendlyName="Agnitum SandBox FileAttribute" FileName="SandBox.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA" FriendlyName="" FileName="SANDRA" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
+    <FileAttrib ID="ID_FILEATTRIB_SUPERBMC" FriendlyName="Superbmc FileAttribute" FileName="superbmc.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.2.1.0" />
     <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
-    <FileAttrib ID="ID_FILEATTRIB_VBOX" FriendlyName="VBoxDrv.sys FileAttribute" FileName="VBoxDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_VBOX_1" FriendlyName="VBoxDrv.sys FileAttribute" FileName="VBoxDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
-    <FileAttrib ID="ID_FILEATTRIB_VMDRV" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="10.0.10011.16384" />
+    <FileAttrib ID="ID_FILEATTRIB_VMDRV" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.10011.16384" />
+    <FileAttrib ID="ID_FILEATTRIB_VMDRV_1" FriendlyName="vmdrv.sys FileAttribute" FileName="vmdrv.sys" MinimumFileVersion="10.0.10011.16384" />
     <FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_WISEUNLO" FriendlyName="WiseUnlo FileAttribute" FileName="WiseUnlo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
   </FileRules>
   <!--Signers-->
   <Signers>
-    <Signer ID="ID_SIGNER_VERISIGN_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
+    <Signer ID="ID_SIGNER_ATILLK" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="ATI Technologies, Inc" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATILLK" />
     </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    <Signer ID="ID_SIGNER_ASWARPOT_1" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
+      <CertPublisher Value="Avast Software s.r.o." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWARPOT_3" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <CertPublisher Value="Avast plc" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWARPOT_4" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="Avast Software s.r.o." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWARPOT_5" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
+      <CertPublisher Value="AVAST Software s.r.o." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWARPOT_6" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="AVAST Software s.r.o." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_BAOJI" Name="VeriSign Class 3 Code Signing 2010 CA - Baoji zhihengtaiye co.,ltd">
+      <CertRoot Type="TBS" Value="ED37AD43BC52426943019F77F35ED1A6B063B5B7" />
+    </Signer>
+    <Signer ID="ID_SIGNER_BEIJING_CHUNBAI" Name="VeriSign Class 3 Code Signing 2010 CA - Beijing Chunbai Technology Development Co., Ltd">
+      <CertRoot Type="TBS" Value="C4CD7D2A3E12022BCFE2852A14438C7F2BD3A959" />
+    </Signer>
+    <Signer ID="ID_SIGNER_BEIJING_VSK" Name="Symantec Class 3 Code - Beijing VSK Soft Development Co.,Ltd; Thumbprint: 49B76C0AD6085E2F7385644F36CECC09F320BCF4">
+      <CertRoot Type="TBS" Value="399B4EC286EC1963F1BB36206F3200C23DBF1717E24CF0868335FF3E13A45EA0" />
     </Signer>
     <Signer ID="ID_SIGNER_CAPCOM" Name="Symantec Class 3 SHA256 Code Signing CA">
       <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
@@ -480,47 +856,82 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Signer>
     <Signer ID="ID_SIGNER_CHEAT_ENGINE" Name="Microsoft Windows Third Party Component CA 2014 Cheat Engine OPUS">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
-      <CertOemID Value="Cheat Engine"/>
+      <CertOemID Value="Cheat Engine" />
     </Signer>
     <Signer ID="ID_SIGNER_ENE" Name="Microsoft Windows Third Party Component CA 2014 ENE Tech OPUS">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertOemID Value="ENE Technology Inc." />
     </Signer>
-    <Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
-      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="D70EDFA009A76BD8250D74E9EE92EB9EAD7D4CB3" />
     </Signer>
-    <Signer ID="ID_SIGNER_ELBY" Name="GlobalSign Primary Object Publishing CA">
-      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
-      <CertPublisher Value="Elaborate Bytes AG" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ELBY_DRIVER" />
+    <Signer ID="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" Name="GlobalSign CA Cheat Engine Publisher">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="Cheat Engine" />
     </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
-      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
+    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Cheat Engine" />
     </Signer>
-    <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
-      <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
-      <CertPublisher Value="SiSoftware Ltd" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+      <CertRoot Type="TBS" Value="E5BA2ABBD1DC89F143A66A3CDCDA26D968758E2D" />
     </Signer>
-    <Signer ID="ID_SIGNER_SANDRA_THAWTE" Name="Thawte Code Signing CA">
-      <CertRoot Type="TBS" Value="F6297A00D3B2B4CE4750402B66E7EA018D54F683" />
-      <CertPublisher Value="SiSoftware Ltd" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    <Signer ID="ID_SIGNER_GOOD_WEI" Name="thawte SHA256 Code Signing CA - 善君 韦">
+      <CertRoot Type="TBS" Value="8438D529DC1D87E288CE3C8830A782BB167E20A6E1FD37624D5DF21340FF6B25" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang  Daily Goods Department">
+      <CertRoot Type="TBS" Value="CCCAE21FBC083F5D1AF6997BB3F29ED9915E7324" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HYPERTECH" Name="VeriSign Class 3 Code Signing 2010 CA - HYPER TECH CO., LTD.">
+      <CertRoot Type="TBS" Value="5CBF0640A92AB3779F2AF481DAF0ADFEF9BD99F5" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HW_A" Name="GlobalSign">
+      <CertRoot Type="TBS" Value="DE1DA11668F0A8D5E13346ED3AB2755F5D25BEBFFCFD1D0BDE5B9F87BC292C91" />
+      <CertPublisher Value="Marvin Test Solutions, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HW_B" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Marvin Test Solutions, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HW_C" Name="GlobalSign">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="Marvin Test Solutions, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HW_D" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="879269F3F467A6D59641960A62FE9CB419355FF6" />
+      <CertPublisher Value="Geotest - Marvin Test Systems, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HWRWDRV_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Shuttle Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HWRWDRV" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HWRWDRV_2" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="SHUTTLE INC." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HWRWDRV" />
+    </Signer>
+    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
+      <CertRoot Type="TBS" Value="DFA6171201B51A2EC174310E8FB9F4C0FDE2D365235E589DED0213C5279BEA6E" />
+    </Signer>
+    <Signer ID="ID_SIGNER_LV_DIAG" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="Lenovo" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LV_DIAG" />
+    </Signer>
+    <Signer ID="ID_SIGNER_LV_DIAG_2" Name="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1">
+      <CertRoot Type="TBS" Value="65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64" />
+      <CertPublisher Value="Lenovo" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LV_DIAG" />
+    </Signer>
+    <Signer ID="ID_SIGNER_LV_LOGITECH" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Logitech Inc" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LV561V64" />
     </Signer>
     <Signer ID="ID_SIGNER_MIMIKATZ_KERNEL" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
@@ -534,194 +945,117 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertRoot Type="TBS" Value="F7B6EEB3A567223000A61F68C53B458193557C17E5D512D2825BCB13E5FC9BE5" />
       <CertPublisher Value="Open Source Developer, Benjamin Delpy" />
     </Signer>
-    <Signer ID="ID_SIGNER_SPEEDFAN" Name="VeriSign Class 3 Code Signing 2004 CA">
-      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
-      <CertPublisher Value="Sokno S.R.L." />
+    <Signer ID="ID_SIGNER_MYDRIVERS_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Beijing Kingsoft Security software Co.,Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MYDRIVERS_2" Name="GlobalSign">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="北京金山安全软件有限公司" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MYDRIVERS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="Beijing Kingsoft Security software Co.,Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
+      <CertRoot Type="TBS" Value="F5E1C4D98F9CE552EAD3776C16F3AD91FE5F3984" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVFLASH" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="NVIDIA Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVFLASH_2" Name="Symantec Class 3 SHA256 Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="7F25CBD37DCDC0E0D93E0D477C4BC0C54231379E6CAF1023841E1F0D96467A6C" />
+      <CertPublisher Value="NVIDIA Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVFLASH_3" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="NVIDIA Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PAN" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PANIOMON_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PANIO_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PANIOMON_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PANIO_2" />
     </Signer>
     <Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
       <CertPublisher Value="ChongKim Chan" />
     </Signer>
+    <Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
+      <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SPEEDFAN" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Sokno S.R.L." />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYMEM" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Super Micro Computer, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYMEM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SUPERBMC" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYMEM_1" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="Super Micro Computer, Inc. Taiwan" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYMEM" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYMEM_2" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <CertPublisher Value="Super Micro Computer, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYMEM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SUPERBMC" />
+    </Signer>
+    <Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
+      <CertRoot Type="TBS" Value="232A71B4D1734EAC2CFC6EA554C86DE34F9F8B72" />
+    </Signer>
     <Signer ID="ID_SIGNER_VBOX" Name="GlobalSign Primary Object Publishing CA">
       <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
       <CertPublisher Value="innotek GmbH" />
     </Signer>
-    <Signer ID="ID_SIGNER_VBOX_ORCALE" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="Oracle Corporation" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VBOX_SUN" Name="VeriSign Class 3 Code Signing 2004 CA">
+    <Signer ID="ID_SIGNER_VERISIGN_2004_ASUS_BS_DEF" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
-      <CertPublisher Value="Sun Microsystems, Inc." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
-    </Signer>
-    <Signer ID="ID_SIGNER_REALTEK" Name="DigiCert EV Code Signing CA">
-      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
-      <CertPublisher Value="Realtek Semiconductor Corp." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2009_REALTEK" Name="VeriSign Class 3 Code Signing 2009-2 CA">
-      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
-      <CertPublisher Value="Realtek Semiconductor Corp." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <CertPublisher Value="ASUSTeK Computer Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_DEF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_DEF_64" />
     </Signer>
     <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
       <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HWRWDRV" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LV_DIAG" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
     </Signer>
-    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
-      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
-      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+    <Signer ID="ID_SIGNER_WISEUNLO" Name="DigiCert EV Code Signing CA">
+      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
+      <CertPublisher Value="Beijing Lang Xingda Network Technology Co., Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WISEUNLO" />
     </Signer>
-    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2010" Name="Microsoft Third Party Component Windows PCA 2010">
-      <CertRoot Type="TBS" Value="90C9669670E75989159E6EEF69625EB6AD17CBA6209ED56F5665D55450A05212" />
-      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
-      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
-      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
-      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2009_BIOSTAR" Name="VeriSign Class 3 Code Signing 2009-2 CA">
-      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
-      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_2010_BIOSTAR" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" Name="GlobalSign CodeSigning CA - G2">
-      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
-      <CertPublisher Value="MICRO-STAR INTERNATIONAL CO., LTD." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_TOSHIBA" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="TOSHIBA CORPORATION" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_NOVELL" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="Novell, Inc." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GLOBALSIGN_MICROSTAR" Name="GlobalSign Primary Object Publishing CA">
-      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
-      <CertPublisher Value="Micro-Star Int'l Co. Ltd." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_INSYDE" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="Insyde Software Corp." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
-      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_AMD" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="Advanced Micro Devices, Inc." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
-      <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
-      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
-      <CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_HP" Name="DigiCert SHA2 Assured ID Code Signing CA">
-      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
-      <CertPublisher Value="HP Inc." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GETAC" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
-      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
-      <CertPublisher Value="Getac Technology Corp." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" Name="GlobalSign CA Cheat Engine Publisher">
-      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
-      <CertPublisher Value="Cheat Engine" />
-    </Signer>
-    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" Name="GlobalSign CodeSigning CA - G2">
-      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
-      <CertPublisher Value="Cheat Engine" />
-    </Signer>
-    <Signer ID="ID_SIGNER_PHYSMEM" Name="GlobalSign CodeSigning CA - G2">
-      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
-      <CertPublisher Value="Hilscher Gesellschaft fuer Systemautomation mbH" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_PHYSMEM" />
-    </Signer>
-    <Signer ID="ID_SIGNER_VMDRV" Name="DigiCert EV Code Signing CA (SHA2)">
+    <Signer ID="ID_SIGNER_WISEUNLO_1" Name="DigiCert EV Code Signing CA (SHA2)">
       <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
-      <CertPublisher Value="Voicemod Sociedad Limitada" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+      <CertPublisher Value="Beijing Lang Xingda Network Technology Co., Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WISEUNLO" />
     </Signer>
-    <Signer ID="ID_SIGNER_INTEL_IQVW" Name="Intel External Basic Policy CA">
-      <CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_COMODO_IQVW" Name="COMODO RSA Certification Authority">
-      <CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
-    </Signer>
-    <Signer ID="ID_SIGNER_AMDPP" Name="USERTrust RSA Certification Authority">
-      <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
-      <CertPublisher Value="Advanced Micro Devices Inc." />
-      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+    <Signer ID="ID_SIGNER_WISEUNLO_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Lespeed Technology Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WISEUNLO" />
     </Signer>
     <Signer ID="ID_SIGNER_AGNITUM_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
@@ -743,104 +1077,397 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
       <CertPublisher Value="Agnitum Ltd." />
       <FileAttribRef RuleID="ID_FILEATTRIB_SANDBOX_1" />
     </Signer>
-    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+    <Signer ID="ID_SIGNER_AMDPP" Name="USERTrust RSA Certification Authority">
+      <CertRoot Type="TBS" Value="13BAA039635F1C5292A8C2F36AAE7E1D25C025202E9092F5B0F53F5F752DFA9C71B3D1B8D9A6358FCEE6EC75622FABF9" />
+      <CertPublisher Value="Advanced Micro Devices Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_COMODO_IQVW" Name="COMODO RSA Certification Authority">
+      <CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ELBY" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="Elaborate Bytes AG" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ELBY_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2009_1" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
       <CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
     </Signer>
-    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
+    <Signer ID="ID_SIGNER_GETAC" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+      <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
+      <CertPublisher Value="Getac Technology Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="MICRO-STAR INTERNATIONAL CO., LTD." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GLOBALSIGN_MICROSTAR" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="Micro-Star Int'l Co. Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NTIOLIB" />
+    </Signer>
+    <Signer ID="ID_SIGNER_GEOTRUST_SRL_2010_1" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
       <CertRoot Type="TBS" Value="e5ba2abbd1dc89f143a66a3cdcda26d968758e2d" />
     </Signer>
-    <Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang  Daily Goods Department">
+    <Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
+      <CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
+      <CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_HANDAN_1" Name="Handan City Congtai District LiKang  Daily Goods Department">
       <CertRoot Type="TBS" Value="cccae21fbc083f5d1af6997bb3f29ed9915e7324" />
     </Signer>
-    <Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
-      <CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
-    </Signer>
-    <Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
-      <CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
-    </Signer>
-    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
-      <CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
-    </Signer>
-    <Signer ID="ID_SIGNER_SAASAME" Name="SaaSaMe Ltd.">
-      <CertRoot Type="TBS" Value="A86DE66D8198E4272859881476A6F9936034A482" />
-    </Signer>
-    <Signer ID="ID_SIGNER_NVIDIA_2007" Name="Leaked 2007 NVIDIA Corporation Verisign Class 3 Code Signing 2004 CA">
-      <CertRoot Type="TBS" Value="80854F578E2A3B5552EA839BA4F98DDFE94B2381" />
-    </Signer>
-    <Signer ID="ID_SIGNER_NVIDIA_2011" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
-    </Signer>
-    <Signer ID="ID_SIGNER_NVIDIA_2015" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
-      <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
-    </Signer>
-    <Signer ID="ID_SIGNER_HERMETICWIPER_1" Name="DigiCert Assured ID Code Signing CA-1">
+    <Signer ID="ID_SIGNER_HERMETICWIPER_1_1" Name="DigiCert Assured ID Code Signing CA-1">
       <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
       <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
     </Signer>
-    <Signer ID="ID_SIGNER_HERMETICWIPER_2" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
+    <Signer ID="ID_SIGNER_HERMETICWIPER_2_1" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
       <CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
       <CertPublisher Value="Chengdu Yiwo Tech Development Co., Ltd." />
     </Signer>
-    <Signer ID="ID_SIGNER_HERMETICWIPER_3" Name="VeriSign Class 3 Code Signing 2004 CA">
+    <Signer ID="ID_SIGNER_HERMETICWIPER_3_1" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
       <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
     </Signer>
-    <Signer ID="ID_SIGNER_HERMETICWIPER_4" Name="VeriSign Class 3 Code Signing 2010 CA">
+    <Signer ID="ID_SIGNER_HERMETICWIPER_4_1" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
       <CertPublisher Value="CHENGDU YIWO Tech Development Co., Ltd." />
     </Signer>
+    <Signer ID="ID_SIGNER_HP" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="HP Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_INTEL_IQVW" Name="Intel External Basic Policy CA">
+      <CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC_1" Name="Jeromin Cody Eric">
+      <CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NANJING_1" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
+      <CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVIDIA_2007_1" Name="Leaked 2007 NVIDIA Corporation Verisign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="80854F578E2A3B5552EA839BA4F98DDFE94B2381" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVIDIA_2011_1" Name="Leaked 2011 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="15C37DBEBE6FCC77108E3D7AD982676D3D5E77F7" />
+    </Signer>
+    <Signer ID="ID_SIGNER_NVIDIA_2015_1" Name="Leaked 2015 NVIDIA Corporation Verisign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="F049A238763D4A90B148AB10A500F96EBF1DC436" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PHYSMEM" Name="GlobalSign CodeSigning CA - G2">
+      <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
+      <CertPublisher Value="Hilscher Gesellschaft fuer Systemautomation mbH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PHYSMEM" />
+    </Signer>
+    <Signer ID="ID_SIGNER_REALTEK" Name="DigiCert EV Code Signing CA">
+      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
+      <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
+      <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
+      <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SANDRA_THAWTE" Name="Thawte Code Signing CA">
+      <CertRoot Type="TBS" Value="F6297A00D3B2B4CE4750402B66E7EA018D54F683" />
+      <CertPublisher Value="SiSoftware Ltd" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SANDRA_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
+      <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_TRUST_ASIA_1" Name="上海域联软件技术有限公司">
+      <CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VBOX_ORCALE_1" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Oracle Corporation" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VBOX_SUN_1" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="Sun Microsystems, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VBOX_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
+      <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009_BIOSTAR" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2009_REALTEK" Name="VeriSign Class 3 Code Signing 2009-2 CA">
+      <CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
+      <CertPublisher Value="Realtek Semiconductor Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MONITOR" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_2010_BIOSTAR" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_I2CIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BSMI" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_AMD" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Advanced Micro Devices, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_INSYDE" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Insyde Software Corp." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_NOVELL" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Novell, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VERISIGN_TOSHIBA" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="TOSHIBA CORPORATION" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
+    </Signer>
+    <Signer ID="ID_SIGNER_VMDRV" Name="DigiCert EV Code Signing CA (SHA2)">
+      <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
+      <CertPublisher Value="Voicemod Sociedad Limitada" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV_1" />
+    </Signer>
+    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2010" Name="Microsoft Third Party Component Windows PCA 2010">
+      <CertRoot Type="TBS" Value="90C9669670E75989159E6EEF69625EB6AD17CBA6209ED56F5665D55450A05212" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWARPOT_2" Name="Microsoft Windows Third Party Component CA 2012">
+      <CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WINRING0" />
+    </Signer>
+    <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IOBITUNLOCKER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_WISEUNLO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LHA_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV_1" />
+    </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
   <SigningScenarios>
-    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DENIED_VULN_MAL_SIGNERS" FriendlyName="Signers of known vulnerable or malicious drivers">
+    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 09-19-2022">
       <ProductSigners>
         <DeniedSigners>
+          <DeniedSigner SignerId="ID_SIGNER_ATILLK" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_3" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_4" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_5" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_6" />
+          <DeniedSigner SignerId="ID_SIGNER_BAOJI" />
+          <DeniedSigner SignerId="ID_SIGNER_BEIJING_CHUNBAI" />
+          <DeniedSigner SignerId="ID_SIGNER_BEIJING_VSK" />
+          <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
+          <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_ENE" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_GOOD_WEI" />
+          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
+          <DeniedSigner SignerId="ID_SIGNER_HYPERTECH" />
+          <DeniedSigner SignerId="ID_SIGNER_HW_A" />
+          <DeniedSigner SignerId="ID_SIGNER_HW_B" />
+          <DeniedSigner SignerId="ID_SIGNER_HW_C" />
+          <DeniedSigner SignerId="ID_SIGNER_HW_D" />
+          <DeniedSigner SignerId="ID_SIGNER_HWRWDRV_1" />
+          <DeniedSigner SignerId="ID_SIGNER_HWRWDRV_2" />
+          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
+          <DeniedSigner SignerId="ID_SIGNER_LV_DIAG" />
+          <DeniedSigner SignerId="ID_SIGNER_LV_DIAG_2" />
+          <DeniedSigner SignerId="ID_SIGNER_LV_LOGITECH" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
+          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
+          <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_1" />
+          <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_2" />
+          <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_3" />
+          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
+          <DeniedSigner SignerId="ID_SIGNER_NVFLASH" />
+          <DeniedSigner SignerId="ID_SIGNER_NVFLASH_2" />
+          <DeniedSigner SignerId="ID_SIGNER_NVFLASH_3" />
+          <DeniedSigner SignerId="ID_SIGNER_PAN" />
+          <DeniedSigner SignerId="ID_SIGNER_RWEVERY" />
+          <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
+          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
+          <DeniedSigner SignerId="ID_SIGNER_PHYMEM" />
+          <DeniedSigner SignerId="ID_SIGNER_PHYMEM_1" />
+          <DeniedSigner SignerId="ID_SIGNER_PHYMEM_2" />
+          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
+          <DeniedSigner SignerId="ID_SIGNER_VBOX" />
+          <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004_ASUS_BS_DEF" />
+          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
+          <DeniedSigner SignerId="ID_SIGNER_WISEUNLO" />
+          <DeniedSigner SignerId="ID_SIGNER_WISEUNLO_1" />
+          <DeniedSigner SignerId="ID_SIGNER_WISEUNLO_2" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2004" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2009" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010_1" />
           <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
-          <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
-          <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" />
           <DeniedSigner SignerId="ID_SIGNER_COMODO_IQVW" />
           <DeniedSigner SignerId="ID_SIGNER_ELBY" />
-          <DeniedSigner SignerId="ID_SIGNER_ENE" />
           <DeniedSigner SignerId="ID_SIGNER_DIGICERT_EV" />
-          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009_1" />
           <DeniedSigner SignerId="ID_SIGNER_GETAC" />
-          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_CHEAT_ENGINE" />
-          <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_CHEAT_ENGINE" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_G2_MICROSTAR" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
-          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
+          <DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010_1" />
           <DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
-          <DeniedSigner SignerId="ID_SIGNER_HANDAN" />
-          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_1" />
-          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_2" />
-          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_3" />
-          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_4" />
+          <DeniedSigner SignerId="ID_SIGNER_HANDAN_1" />
+          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_1_1" />
+          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_2_1" />
+          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_3_1" />
+          <DeniedSigner SignerId="ID_SIGNER_HERMETICWIPER_4_1" />
           <DeniedSigner SignerId="ID_SIGNER_HP" />
           <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
-          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
-          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
-          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
-          <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
-          <DeniedSigner SignerId="ID_SIGNER_NANJING" />
-          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2007" />
-          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011" />
-          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
+          <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC_1" />
+          <DeniedSigner SignerId="ID_SIGNER_NANJING_1" />
+          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2007_1" />
+          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2011_1" />
+          <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015_1" />
           <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
           <DeniedSigner SignerId="ID_SIGNER_REALTEK" />
-          <DeniedSigner SignerId="ID_SIGNER_RWEVERY" />
-          <DeniedSigner SignerId="ID_SIGNER_SAASAME" />
           <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
           <DeniedSigner SignerId="ID_SIGNER_SANDRA_THAWTE" />
-          <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
           <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
-          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
-          <DeniedSigner SignerId="ID_SIGNER_VBOX" />
-          <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
-          <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
+          <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA_1" />
+          <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE_1" />
+          <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN_1" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004_BIOSTAR" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
@@ -856,11 +1483,15 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
           <DeniedSigner SignerId="ID_SIGNER_VMDRV" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2010" />
-          <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_2" />
           <DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
         </DeniedSigners>
         <FileRulesRef>
           <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256_PAGE" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
           <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
@@ -901,14 +1532,62 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
           <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5A" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5B" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5C" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5D" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5E" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5F" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_60" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_61" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_62" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_63" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_64" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_65" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_66" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_67" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_39" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3A" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3B" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3C" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3D" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3E" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3F" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_40" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_2" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_3" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_4" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_5" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_6" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_7" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_8" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_9" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_A" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_B" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_C" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_D" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_E" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_F" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_10" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_11" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_12" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_13" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_14" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_15" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_16" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_17" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_18" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_19" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1A" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1B" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1C" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1D" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1E" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1F" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
-          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
-          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
           <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
@@ -950,10 +1629,58 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1" />
-          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
-          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
-          <FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_3" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_4" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_5" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_6" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_7" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_8" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_9" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_11" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_12" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_13" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_14" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_15" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_16" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_17" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_18" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_19" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1D" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1E" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1F" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_20" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_21" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_22" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_23" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_24" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_25" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_26" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_27" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_28" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_29" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2D" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2E" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2F" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_30" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_31" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_32" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_33" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_34" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_35" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_36" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_37" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_38" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
@@ -966,6 +1693,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
@@ -1008,6 +1739,79 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
           <FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
+          <FileRuleRef RuleID="ID_DENY_HW_22" />
+          <FileRuleRef RuleID="ID_DENY_HW_23" />
+          <FileRuleRef RuleID="ID_DENY_HW_24" />
+          <FileRuleRef RuleID="ID_DENY_HW_25" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_2" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_3" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_4" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_5" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_6" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_7" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_11" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_12" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_13" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_14" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_15" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_16" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_17" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_18" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_19" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1A" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1B" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1C" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1D" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1E" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1F" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_20" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_21" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_22" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_23" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_1" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_2" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_3" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_5" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_6" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_7" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_8" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_9" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_A" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_B" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_C" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_D" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_E" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_F" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_10" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_11" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_12" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_13" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_14" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_15" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_16" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_17" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_18" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_19" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1A" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1B" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1C" />
+		  <FileRuleRef RuleID="ID_DENY_MHYPROT2_21" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_22" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_23" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_24" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_25" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_26" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_27" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_28" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_4" />
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_1" />
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_1" />
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_1" />
@@ -1020,6 +1824,118 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_3" />
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_4" />
           <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_4" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_7" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_8" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_9" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_10" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_11" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_12" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_13" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_14" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_15" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_16" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_17" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_18" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_19" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_20" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_21" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_22" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_23" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_24" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_25" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_26" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_27" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_28" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_29" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_30" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_31" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_32" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_33" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_34" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_35" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_36" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_37" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_38" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_39" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_40" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_41" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_42" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_43" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_44" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_45" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_46" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_47" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_48" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_49" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_50" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_51" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_52" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_53" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_54" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_55" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_56" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_57" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_58" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_59" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_60" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_61" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_62" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_63" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_64" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_65" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_66" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_67" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_68" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_69" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6C" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_1" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_2" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_3" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_4" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
@@ -1049,69 +1965,69 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_70"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_71"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_72"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_70" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_71" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_72" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
@@ -1121,80 +2037,118 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
           <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71"/>
-          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72"/>
-          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER"/>
-          <FileRuleRef RuleID="ID_DENY_AMP"/>
-          <FileRuleRef RuleID="ID_DENY_ASMMAP"/>
-          <FileRuleRef RuleID="ID_DENY_ASMMAP_64"/>
-          <FileRuleRef RuleID="ID_DENY_PHYMEMX_64"/>
-          <FileRuleRef RuleID="ID_DENY_DBK_32"/>
-          <FileRuleRef RuleID="ID_DENY_DBK_64"/>
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_1" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_2" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_3" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_4" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_5" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_6" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_7" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_8" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_9" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_10" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_2" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_3" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_4" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_5" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_6" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_7" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_8" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_9" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_A" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_B" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_C" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_D" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_E" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_F" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_10" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_11" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_12" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_13" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_14" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_15" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_16" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_17" />
+          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
+          <FileRuleRef RuleID="ID_DENY_AMP" />
+          <FileRuleRef RuleID="ID_DENY_ASMMAP" />
+          <FileRuleRef RuleID="ID_DENY_ASMMAP_64" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_1" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_2" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX_64" />
+          <FileRuleRef RuleID="ID_DENY_DBK_32" />
+          <FileRuleRef RuleID="ID_DENY_DBK_64" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
-    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
+    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 09-19-2022">
       <ProductSigners>
         <FileRulesRef>
           <FileRuleRef RuleID="ID_ALLOW_ALL_2" />
@@ -1213,10 +2167,16 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.25090.0</String>
+        <String>10.0.25210.0</String>
+      </Value>
+    </Setting>
+    <Setting Provider="PolicyInfo" Key="NoRevalidationUponRefresh" ValueName="NoRevalidationUponRefreshValue">
+      <Value>
+        <Boolean>true</Boolean>
       </Value>
     </Setting>
   </Settings>
+  <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
 </SiPolicy>
 ```
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index e8ea61c23d..012e954059 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -61,9 +61,18 @@ Smart App Control is only available on clean installation of Windows 11 version
 > [!IMPORTANT]
 > Once you turn Smart App Control off, it can't be turned on without resetting or reinstalling Windows.
 
+### Smart App Control Enforced Blocks
+
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: 
+
+- Infdefaultinstall.exe
+- Microsoft.Build.dll
+- Microsoft.Build.Framework.dll
+- Wslhost.dll
+
 ## Related articles
 
 - [WDAC design guide](windows-defender-application-control-design-guide.md)
 - [WDAC deployment guide](windows-defender-application-control-deployment-guide.md)
 - [WDAC operational guide](windows-defender-application-control-operational-guide.md)
-- [AppLocker overview](applocker/applocker-overview.md)
\ No newline at end of file
+- [AppLocker overview](applocker/applocker-overview.md)
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index 5e0c376121..8963229d82 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -54,7 +54,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 
 | Name | Build | Baseline Release Date | Security Tools |
 | ---- | ----- | --------------------- | -------------- |
-| Windows 11 | [Windows 11](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772) <br> | October 2021<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 10 | [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| December 2021<br>May 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 1a2434ffeb..92875c810d 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -25,14 +25,15 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 -   Windows 11 security baseline
-
+    -   Windows 11, version 22H2
+    -   Windows 11, version 21H2
 -   Windows 10 security baselines
-    -   Windows 10 Version 21H2
-    -   Windows 10 Version 21H1
-    -   Windows 10 Version 20H2
-    -   Windows 10 Version 1809
-    -   Windows 10 Version 1607
-    -   Windows 10 Version 1507
+    -   Windows 10, version 21H2
+    -   Windows 10, version 21H1
+    -   Windows 10, version 20H2
+    -   Windows 10, version 1809
+    -   Windows 10, version 1607
+    -   Windows 10, version 1507
 
 -   Windows Server security baselines
     -   Windows Server 2022
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index 7a75c8344c..0af8ec6113 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -19,7 +19,7 @@ Windows 11, version 22H2 is a feature update for Windows 11. It includes all fea
 
 Windows 11, version 22H2 follows the [Windows 11 servicing timeline](/lifecycle/faq/windows#windows-11):
 
-- **Windows 11 Professional**: Serviced for 24 months from the release date.
+- **Windows 11 Pro**: Serviced for 24 months from the release date.
 - **Windows 11 Enterprise**: Serviced for 36 months from the release date.
 
 Windows 11, version 22H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 22H2 update](https://aka.ms/W11/how-to-get-22H2). Review the [Windows 11, version 22H2 Windows IT Pro blog post](https://aka.ms/new-in-22H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install).
@@ -43,7 +43,7 @@ For more information, see [Enhanced Phishing Protection in Microsoft Defender Sm
 <!-- 6286281-->
 **Smart App Control** adds significant protection from malware, including new and emerging threats, by blocking apps that are malicious or untrusted. **Smart App Control** also helps to block potentially unwanted apps, which are apps that may cause your device to run slowly, display unexpected ads, offer extra software you didn't want, or do other things you don't expect.
 
-For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md#wdac-and-smart-app-control).
+For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control#wdac-and-smart-app-control).
 
 ## Credential Guard
 <!--6289166-->