Merge branch 'main' into v-mathavale-5916892

.acrolinx-config.edn

@@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi
  
 Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
 
-| Article | Score | Issues | Spelling<br>issues | Scorecard | Processed |
+| Article | Score | Issues | Correctness<br>issues | Scorecard | Processed |
 | ------- | ----- | ------ | ------ | --------- | --------- |
 "
 
  :template-change
- "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} |
+ "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/correctness} | [link](${acrolinx/scorecard}) | ${s/status} |
 "
  
  :template-footer

education/windows/deploy-windows-10-in-a-school-district.md

@@ -114,7 +114,7 @@ Office 365 Education allows:
 
 * Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management.
 
-* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
 
 * Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business.
 

education/windows/deploy-windows-10-in-a-school.md

@@ -74,7 +74,7 @@ Office 365 Education allows:
 - Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
 - Faculty to use advanced email features like email archiving and legal hold capabilities.
 - Faculty to help prevent unauthorized users from accessing documents and email by using Azure Rights Management.
-- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal.
 - Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business or Skype.
 - Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
 - Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.

windows/application-management/docfx.json

@@ -33,7 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",

windows/client-management/docfx.json

@@ -33,7 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",

windows/configuration/docfx.json

@@ -33,7 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",

windows/deployment/do/mcc-isp.md

@@ -13,7 +13,7 @@ ms.collection: M365-modern-desktop
 ms.topic: article
 ---
 
-# Microsoft Connected Cached for Internet Service Providers (ISPs)
+# Microsoft Connected Cache for Internet Service Providers (ISPs)
 
 **Applies to**
 

windows/deployment/docfx.json

@@ -35,7 +35,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",

windows/deployment/update/waas-quick-start.md

@@ -31,7 +31,7 @@ Some new terms have been introduced as part of Windows as a service, so you shou
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
 - **Servicing channels** allow organizations to choose when to deploy new features. 
   - The **General Availability Channel** receives feature updates annually.
-  - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
+  - The **Long-Term Servicing Channel**, which is meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years.
 - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. 
 
 See [Overview of Windows as a service](waas-overview.md) for more information.

windows/deployment/update/windows-update-errors.md

@@ -118,7 +118,7 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
+| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
 
 ## 0x800f0825
 
@@ -148,7 +148,7 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
+| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be access denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
 
 ## 0x80070570
 
@@ -198,7 +198,7 @@ The following table provides information about common errors you might run into
 
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://.windowsupdate.microsoft.com <br> https://update.microsoft.com <br> https://*.update.microsoft.com <br> https://windowsupdate.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://*.download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://*.wustat.windows.com <br> https://ntservicepack.microsoft.com |
+| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> `https://*.windowsupdate.microsoft.com` <br> `https://update.microsoft.com` <br> `https://*.update.microsoft.com` <br> `https://windowsupdate.com` <br> `https://*.windowsupdate.com` <br> `https://download.windowsupdate.com` <br> `https://*.download.windowsupdate.com` <br> `https://download.microsoft.com` <br> `https://*.download.windowsupdate.com` <br> `https://wustat.windows.com` <br> `https://*.wustat.windows.com` <br> `https://ntservicepack.microsoft.com` |
 
 ## 0x80240022
 

windows/docfx.json

@@ -17,7 +17,7 @@
       "recommendations": true,
         "ROBOTS": "INDEX, FOLLOW",
         "audience": "ITPro",
-        "breadcrumb_path": "/itpro/windows/breadcrumb/toc.json",
+        "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
         "uhfHeaderId": "MSDocsHeader-M365-IT",
     		"_op_documentIdPathDepotMapping": {
     			"./": {

windows/hub/breadcrumb/toc.yml

@@ -1,53 +1,57 @@
-- name: Docs
-  tocHref: /
-  topicHref: /
-  items:
-    - name: Windows
-      tocHref: /windows
-      topicHref: /windows/windows-10
-      items:
-        - name: What's new
-          tocHref: /windows/whats-new/
-          topicHref: /windows/whats-new/index
-        - name: Configuration
-          tocHref: /windows/configuration/
-          topicHref: /windows/configuration/index
-        - name: Deployment
-          tocHref: /windows/deployment/
-          topicHref: /windows/deployment/index
-        - name: Application management
-          tocHref: /windows/application-management/
-          topicHref: /windows/application-management/index
-        - name: Client management
-          tocHref: /windows/client-management/
-          topicHref: /windows/client-management/index
-          items:
-            - name: Mobile Device Management
-              tocHref: /windows/client-management/mdm/
-              topicHref: /windows/client-management/mdm/index
-        - name: Release information
-          tocHref: /windows/release-information/
-          topicHref: /windows/release-health/release-information
-        - name: Privacy
-          tocHref: /windows/privacy/
-          topicHref: /windows/privacy/index
-        - name: Security
-          tocHref: /windows/security/
-          topicHref: /windows/security/index
-          items:
-            - name: Identity and access protection
-              tocHref: /windows/security/identity-protection/
-              topicHref: /windows/security/identity-protection/index
-              items:
-                - name: Windows Hello for Business
-                  tocHref: /windows/security/identity-protection/hello-for-business
-                  topicHref: /windows/security/identity-protection/hello-for-business/hello-identity-verification
-            - name: Threat protection
-              tocHref: /windows/security/threat-protection/
-              topicHref: /windows/security/threat-protection/index
-            - name: Information protection
-              tocHref: /windows/security/information-protection/
-              topicHref: /windows/security/information-protection/index
-            - name: Hardware-based protection
-              tocHref: /windows/security/hardware-protection/
-              topicHref: /windows/security/hardware-protection/index
+items:
+  - name: Docs
+    tocHref: /
+    topicHref: /
+    items:
+      - name: Windows
+        tocHref: /windows/
+        topicHref: /windows/resources/
+        items:
+          - name: What's new
+            tocHref: /windows/whats-new/
+            topicHref: /windows/whats-new/
+          - name: Configuration
+            tocHref: /windows/configuration/
+            topicHref: /windows/configuration/
+          - name: Deployment
+            tocHref: /windows/deployment/
+            topicHref: /windows/deployment/
+            items:
+              - name: Delivery Optimization
+                tocHref: /windows/deployment/do/
+                topicHref: /windows/deployment/do/
+          - name: Application management
+            tocHref: /windows/application-management/
+            topicHref: /windows/application-management/
+          - name: Client management
+            tocHref: /windows/client-management/
+            topicHref: /windows/client-management/
+            items:
+              - name: Mobile Device Management
+                tocHref: /windows/client-management/mdm/
+                topicHref: /windows/client-management/mdm/
+          - name: Privacy
+            tocHref: /windows/privacy/
+            topicHref: /windows/privacy/
+          - name: Security
+            tocHref: /windows/security/
+            topicHref: /windows/security/
+            items:
+              - name: Windows Hello for Business
+                tocHref: /windows/security/identity-protection/hello-for-business/
+                topicHref: /windows/security/identity-protection/hello-for-business/
+              - name: Security auditing
+                tocHref: /windows/security/threat-protection/auditing/
+                topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
+              - name: Microsoft Defender Application Guard
+                tocHref: /windows/security/threat-protection/microsoft-defender-application-guard/
+                topicHref: /windows/security/threat-protection/microsoft-defender-application-guard/
+              - name: Security policy settings
+                tocHref: /windows/security/threat-protection/security-policy-settings/
+                topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
+              - name: Application Control for Windows
+                tocHref: /windows/security/threat-protection/windows-defender-application-control/
+                topicHref: /windows/security/threat-protection/windows-defender-application-control/
+              - name: Windows Defender Firewall
+                tocHref: /windows/security/threat-protection/windows-firewall/
+                topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security

windows/hub/docfx.json

@@ -36,7 +36,7 @@
     "globalMetadata": {
       "recommendations": true,
       "audience": "ITPro",
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "ms.topic": "article",

windows/privacy/docfx.json

@@ -33,7 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -307,6 +307,8 @@ You can also apply the Group Policies using the following registry keys:
 
 4. On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
 
+   - On Windows 11, type **"%windir%\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\SearchHost.exe"** instead.
+
 5. On the **Action** page, click **Block the connection**, and then click **Next**.
 
 6. On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
@@ -327,6 +329,8 @@ You can also apply the Group Policies using the following registry keys:
 
 - Create a new REG_SZ registry setting named **{0DE40C8E-C126-4A27-9371-A27DAB1039F7}** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\FirewallRules** and set it to a value of **v2.25|Action=Block|Active=TRUE|Dir=Out|Protocol=6|App=%windir%\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\searchUI.exe|Name=Block outbound Cortana|**
 
+- On Windows 11, follow the previous section instead and use the Group Policy editor.
+
 If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost.
 
 

windows/security/docfx.json

@@ -34,7 +34,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.topic": "article",
       "manager": "dansimp",

windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md

@@ -38,7 +38,7 @@ The Group Policy Editor, when the policy is enabled, creates a default signal ru
 >[!IMPORTANT]
 >Microsoft recommends using the default values for this policy settings.  Measurements are relative based on the varying conditions of each environment.  Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.
 
-For this policy setting, the **type** and **scenario** attribute values are static and cannot change.  The **classofDevice** is configurable but Phone is the only currently supported configuration. The attribute defaults to Phones sand uses the values from the following table:
+For this policy setting, the **type** and **scenario** attribute values are static and cannot change.  The **classofDevice** is configurable but Phone is the only currently supported configuration. The attribute defaults to Phones and uses the values from the following table:
 
 |Description|Value|
 |:-------------|:-------:|

windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md

@@ -57,7 +57,7 @@ To help address this security insufficiency, companies developed data loss preve
 
 - **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
 
-- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
+- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
 
 Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand.
 

windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md

@@ -78,17 +78,3 @@ If you don't want users to see the recommendation to update TPM firmware, you ca
 
 5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
 
-## Disable Memory integrity switch
-If you don't want users to be able to change the Hypervisor Control Integrity (HVCI), or memory integrity, setting on their computers, you can disable the **Memory integrity** switch.
-> [!IMPORTANT]
-> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2.  In the **Group Policy Management Editor** go to **Computer configuration** and then select **Administrative templates**.
-
-3.  Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-
-4.  Open the **Disable Memory integrity switch** setting and set it to **Enabled**. Select **OK**.
-
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).

windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md

@@ -27,10 +27,9 @@ ms.technology: windows-sec
 >[!IMPORTANT]
 >This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-To get started, open Device Configuration in Intune, then create a new profile. 
-Choose Windows 10 or Windows 11 as the platform, and Endpoint Protection as the profile type. 
+To get started, Open the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and then go to **Devices** > **Windows** > **Configuration profiles** > **Create profile** > Choose **Windows 10 and later** as the platform, Choose **Templates**, then **Endpoint protection** as the profile type. 
 Select Windows Defender Firewall.
-![Windows Defender Firewall in Intune.](images/windows-firewall-intune.png)
+:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Endpoint Manager.":::
 
 >[!IMPORTANT]
 >A single Endpoint Protection profile may contain up to a maximum of 150 firewall rules. If a client device requires more than 150 rules, then multiple profiles must be assigned to it.
@@ -115,4 +114,4 @@ Specifies the list of authorized local users for this rule. A list of authorized
 
 ## Configuring firewall rules programmatically
 
-Coming soon.
+Coming soon.

windows/whats-new/docfx.json

@@ -33,7 +33,7 @@
     "externalReference": [],
     "globalMetadata": {
       "recommendations": true,
-      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.topic": "article",
       "audience": "ITPro",