diff --git a/.openpublishing.redirection.education.json b/.openpublishing.redirection.education.json
index ad621f161f..95ef6b4693 100644
--- a/.openpublishing.redirection.education.json
+++ b/.openpublishing.redirection.education.json
@@ -92,7 +92,7 @@
     },
     {
       "source_path": "education/windows/enable-s-mode-on-surface-go-devices.md",
-      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
       "redirect_document_id": false
     },
     {
@@ -147,7 +147,7 @@
     },
     {
       "source_path": "education/windows/test-windows10s-for-edu.md",
-      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
       "redirect_document_id": false
     },
     {
diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json
index e76634d1b3..b603a54613 100644
--- a/.openpublishing.redirection.windows-deployment.json
+++ b/.openpublishing.redirection.windows-deployment.json
@@ -1489,6 +1489,21 @@
       "source_path": "windows/deployment/planning/using-the-sua-wizard.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/compatibility/using-the-sua-wizard",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-pro-in-s-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/switch-edition-from-s-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/s-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups",
+      "redirect_document_id": true
     }
   ]
 }
diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index 4e67945cc9..cc60a06d15 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -5127,7 +5127,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
       "redirect_document_id": false
     },
     {
@@ -9184,6 +9184,11 @@
       "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
+      "redirect_document_id": false
     }
   ]
 }
diff --git a/education/windows/toc.yml b/education/windows/toc.yml
index 9442e1c3fc..1774ae6103 100644
--- a/education/windows/toc.yml
+++ b/education/windows/toc.yml
@@ -16,14 +16,6 @@ items:
         href: windows-11-se-settings-list.md
       - name: Frequently Asked Questions (FAQ)
         href: windows-11-se-faq.yml
-    - name: Windows in S Mode
-      items:
-      - name: Overview
-        href: /windows/deployment/s-mode?context=/education/context/context
-      - name: Switch Windows edition from S mode
-        href: /windows/deployment/windows-10-pro-in-s-mode?context=/education/context/context
-      - name: Deploy Win32 apps to S Mode devices
-        href: /windows/security/threat-protection/windows-defender-application-control/lob-win32-apps-on-s?context=/education/context/context
     - name: Shared devices and guests access
       href: /windows/configuration/shared-devices-concepts?context=/education/context/context
     - name: Take tests and assessments in Windows
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 540001d52d..462ea5e08c 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -368,10 +368,6 @@ items:
           href: do/waas-delivery-optimization-reference.md?context=/windows/deployment/context/context
         - name: FoD and language packs for WSUS and Configuration Manager
           href: update/fod-and-lang-packs.md
-        - name: Windows client in S mode
-          href: s-mode.md
-        - name: Switch to Windows client Pro or Enterprise from S mode
-          href: windows-10-pro-in-s-mode.md
         - name: Windows client deployment tools
           items:
             - name: Windows client deployment scenarios and tools
diff --git a/windows/deployment/images/s-mode-flow-chart.png b/windows/deployment/images/s-mode-flow-chart.png
deleted file mode 100644
index c3c43cc027..0000000000
Binary files a/windows/deployment/images/s-mode-flow-chart.png and /dev/null differ
diff --git a/windows/deployment/images/smodeconfig.png b/windows/deployment/images/smodeconfig.png
deleted file mode 100644
index 2ab1fc0813..0000000000
Binary files a/windows/deployment/images/smodeconfig.png and /dev/null differ
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
deleted file mode 100644
index 8e5e27c8df..0000000000
--- a/windows/deployment/s-mode.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: Windows Pro in S mode
-description: Overview of Windows Pro and Enterprise in S mode.
-ms.localizationpriority: high
-ms.service: windows-client
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
-ms.topic: conceptual
-ms.date: 04/26/2023
-ms.subservice: itpro-deploy
----
-
-# Windows Pro in S mode
-
-S mode is a configuration that's available on all Windows Editions, and it's enabled at the time of manufacturing. Windows can be switched out of S mode at any time, as shown in the  picture below. However, the switch is a one-time operation, and can only be undone by a wipe and reload of the operating system.
-
-:::image type="content" source="images/smodeconfig.png" alt-text="Table listing the capabilities of S mode across the different Windows editions.":::
-
-## S mode key features
-
-### Microsoft-verified security
-
-With Windows in S mode, you'll find your favorite applications in the Microsoft Store, where they're Microsoft-verified for security. You can also feel secure when you're online. Microsoft Edge, your default browser, gives you protection against phishing and socially-engineered malware.
-
-### Performance that lasts
-
-Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. You'll enjoy a smooth, responsive experience, whether you're streaming videos, opening apps, or being productive on the go.
-
-### Choice and flexibility
-
-Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don't find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
-
-:::image type="content" source="images/s-mode-flow-chart.png" alt-text="Switching out of S mode flow chart.":::
-
-## Deployment
-
-Windows in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management), which means using [Windows Autopilot](/mem/autopilot/windows-autopilot) for deployment, and a Mobile Device Management (MDM) solution for management, like Microsoft Intune.
-
-Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic device that can only be used to join the company Microsoft Entra tenant or Active Directory domain. Policies are then deployed automatically through MDM, to customize the device to the user and the desired environment.
-
-For the devices that are shipped in S mode, you can either keep them in S mode, use Windows Autopilot to switch them out of S mode during the first run process, or later using MDM, if desired.
-
-## Keep line of business apps functioning with Desktop Bridge
-
-[Desktop Bridge](/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating the apps, you can distribute them through an MDM solution like Microsoft Intune.
-
-## Repackage Win32 apps into the MSIX format
-
-The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through the MSIX Packaging Tool interactively, and obtain an MSIX package that you can deploy through and MDM solution like Microsoft Intune. The MSIX Packaging Tool is another way to get your apps ready to run on Windows in S mode.
-
-## Related links
-
-- [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
-- [S mode devices](https://www.microsoft.com/windows/view-all-devices)
-- [Windows Defender Application Control deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Microsoft Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/)
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index 1d7ec557b6..013dcffe27 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -10,7 +10,7 @@ ms.author: mstewart
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
-ms.date: 08/28/2023
+ms.date: 08/15/2024
 ---
 
 # Windows Update security
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
deleted file mode 100644
index f4b7f66792..0000000000
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Switch to Windows 10 Pro/Enterprise from S mode
-description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.localizationpriority: medium
-ms.service: windows-client
-ms.topic: conceptual
-ms.date: 11/23/2022
-ms.subservice: itpro-deploy
----
-
-# Switch to Windows 10 Pro or Enterprise from S mode
-
-We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later.
-
-Many other transformations are possible depending on which version and edition of Windows 10 you're starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
-
-| If a device is running this version of Windows 10 | and this edition of Windows 10       | then you can switch or convert it to this edition of Windows 10 by these methods: |             &nbsp;                         | &nbsp;|
-|-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------|
-|             |                     | **Store for Education** (switch/convert all devices in your tenant)           | **Microsoft Store** (switch/convert one device at a time)          | **Intune** (switch/convert any number of devices selected by admin)                                |
-| **Windows 10, version 1709**     | Pro in S mode | Pro EDU                           | Pro                           | Not by this method                                        |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-|             |                     |                                   |                               |                                            |
-| **Windows 10, version 1803**     | Pro in S mode       | Pro EDU in S mode                 | Pro                           | Not by this method                                         |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home in S mode      | Not by any method                    | Home                          | Not by this method                                         |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-|             |                     |                                   |                               |                                            |
-| **Windows 10, version 1809**     | Pro in S mode       | Pro EDU in S mode                 | Pro                           | Pro                                        |
-|             | Pro                 | Pro EDU                           | Not by any method                | Not by any method                             |
-|             | Home in S mode      | Not by any method                    | Home                          | Home                                       |
-|             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
-
-Use the following information to switch to Windows 10 Pro through the Microsoft Store.
-
-> [!IMPORTANT]
-> While it's free to switch to Windows 10 Pro, it's not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
-
-## Switch one device through the Microsoft Store
-
-Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device.
-
-Note these differences affecting switching modes in various releases of Windows 10:
-
-- In Windows 10, version 1709, you can switch devices one at a time from Windows 10 Pro in S mode to Windows 10 Pro by using the Microsoft Store or **Settings**. No other switches are possible.
-
-- In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**.
-
-- Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves.
-
-1. Sign into the Microsoft Store using your Microsoft account.
-
-2. Search for "S mode".
-
-3. In the offer, select **Buy**, **Get**, or **Learn more.**
-
-You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
-
-## Switch one or more devices by using Microsoft Intune
-
-Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE. Switching out of S mode gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
-
-1. Start Microsoft Intune.
-
-2. Navigate to **Device configuration** > **Profiles** > **Windows 10 and later** > **Edition upgrade and mode switch**.
-
-3. Follow the instructions to complete the switch.
-
-## Block users from switching
-
-You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10. To set this policy, go to **Device configuration** > **Profiles** > **Windows 10 and later** > **Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
-
-## S mode management with CSPs
-
-In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode).
-
-## Related articles
-
-[FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)<br>
-[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<BR>
-[Windows 10 Pro Education](/education/windows/test-windows10s-for-edu)<BR>
-[Introduction to Microsoft Intune in the Azure portal](/intune/what-is-intune)
diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index f4de9aac02..a678f8d182 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -42,14 +42,13 @@
               href: deploy/windows-autopatch-register-devices.md
             - name: Windows Autopatch groups overview
               href: deploy/windows-autopatch-groups-overview.md
-              items:
-                - name: Manage Windows Autopatch groups
-                  href: deploy/windows-autopatch-groups-manage-autopatch-groups.md
             - name: Post-device registration readiness checks
               href: deploy/windows-autopatch-post-reg-readiness-checks.md
     - name: Manage
       href: 
       items:
+        - name: Manage Windows Autopatch groups
+          href: manage/windows-autopatch-manage-autopatch-groups.md
         - name: Customize Windows Update settings
           href: manage/windows-autopatch-customize-windows-update-settings.md
         - name: Windows feature updates
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index 3b2702240b..705c158639 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -46,7 +46,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
 | Step | Description |
 | ----- | ----- |
 | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
-| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
+| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
 | **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group or from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.<ol><li>Once devices are discovered from the Microsoft Entra group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Microsoft Entra ID in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements before registration.</li></ol> |
 | **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn't enrolled into Intune.</li><li>A common reason is when the Microsoft Entra device ID is stale, it doesn't have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn't enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
 | **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
index acdf9129ce..1ab150d7a1 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
@@ -190,7 +190,7 @@ The following are the Microsoft Entra ID assigned groups that represent the soft
 
 ### About device registration
 
-Autopatch groups register devices with the Windows Autopatch service when you either [create](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) or [edit a Custom Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group), and/or when you [edit the Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to use your existing Microsoft Entra groups instead of the Windows Autopatch Device Registration group provided by the service.
+Autopatch groups register devices with the Windows Autopatch service when you either [create](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group) or [edit a Custom Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group), and/or when you [edit the Default Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to use your existing Microsoft Entra groups instead of the Windows Autopatch Device Registration group provided by the service.
 
 ## Common ways to use Autopatch groups
 
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
index 5836f3979a..d3e5f4afa6 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@@ -35,7 +35,7 @@ When you either create/edit a [Custom Autopatch group](../deploy/windows-autopat
 
 If devices aren't registered, Autopatch groups starts the device registration process by using your existing device-based Microsoft Entra groups instead of the Windows Autopatch Device Registration group.
 
-For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
+For more information, see [create Custom Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
 
 <a name='supported-scenarios-when-nesting-other-azure-ad-groups'></a>
 
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
similarity index 98%
rename from windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
rename to windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
index cd9cd8132d..30d237f9ca 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
@@ -180,4 +180,4 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch
 
 #### Device conflict post device registration
 
-Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
+Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
index 24c4fc7e02..3f370a7509 100644
--- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
+++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
@@ -98,8 +98,8 @@ There are two scenarios that the Global release is used:
 
 | Scenario | Description |
 | ----- | ----- |
-| Scenario #1 | You assign Microsoft Entra groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Microsoft Entra groups to the deployment ring (Last) in the Default Autopatch group.</p> |
-| Scenario #2 | You create new [Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
+| Scenario #1 | You assign Microsoft Entra groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Microsoft Entra groups to the deployment ring (Last) in the Default Autopatch group.</p> |
+| Scenario #2 | You create new [Custom Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
 
 > [!NOTE]
 > Global releases don't show up in the Windows feature updates release management blade.
@@ -124,7 +124,7 @@ The differences in between the global and the default Windows feature update pol
 
 | Default Windows feature update policy | Global Windows feature update policy |
 | ----- | ----- |
-| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul>
+| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul> |
 
 ### Custom release
 
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 2aea84859d..205e52e37a 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -79,7 +79,7 @@ sections:
           No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
       - question: How can I represent our organizational structure with our own deployment cadence?
         answer: |
-          [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
+          [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
   - name: Update management
     questions:
       - question: What systems does Windows Autopatch update?
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
index f8f71f9db2..dc12d303ad 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@@ -63,7 +63,7 @@ Microsoft remains committed to the security of your data and the [accessibility]
 | Area | Description |
 | ----- | ----- |
 | Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>[Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</ul> |
-| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md)</li></ul> |
+| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md)</li></ul> |
 | Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-groups-update-management.md)</li><li>[Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Exclude a device](../operate/windows-autopatch-exclude-device.md)</li></ul>
 | References | This section includes the following articles:<ul><li>[Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)<li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li></ul> |
 
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
index 215fef87ca..68e12d9680 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@@ -58,7 +58,7 @@ For more information and assistance with preparing for your Windows Autopatch de
 | Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
 | Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
-| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |
 
 ## Manage
@@ -68,8 +68,8 @@ For more information and assistance with preparing for your Windows Autopatch de
 | [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
 | [Maintain and manage the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
 | [Maintain customer configuration to align with the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
-| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
-| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
+| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../manage/windows-autopatch-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
+| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../manage/windows-autopatch-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
 | Maintain the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | Monitor [Windows update signals](../manage/windows-autopatch-windows-quality-update-signals.md) for safe update release<ul><li>[Pre-release signals](../manage/windows-autopatch-windows-quality-update-signals.md#pre-release-signals)</li><li>[Early signals](../manage/windows-autopatch-windows-quality-update-signals.md#early-signals)</li><li>[Device reliability signals](../manage/windows-autopatch-windows-quality-update-signals.md#device-reliability-signals)</li></ul> | :x: | :heavy_check_mark: |
 | Test specific [business update scenarios](../manage/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
index 3774758175..a3fda24453 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@@ -100,7 +100,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | ----- | ----- |
 | [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Updated article to include Windows Autopatch groups |
 | [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
-| [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
index c2302c6e47..91cc8b46d0 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
@@ -100,8 +100,6 @@
           href: deployment/create-code-signing-cert-for-wdac.md
     - name: Disable WDAC policies
       href: deployment/disable-wdac-policies.md
-    - name: LOB Win32 Apps on S Mode
-      href: deployment/LOB-win32-apps-on-s.md
 - name: WDAC operational guide
   href: operations/wdac-operational-guide.md
   items:
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
deleted file mode 100644
index 965a20c625..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
+++ /dev/null
@@ -1,252 +0,0 @@
----
-title: Allow LOB Win32 apps on Intune-managed S Mode devices
-description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S Mode base policy on your Intune-managed devices.
-ms.localizationpriority: medium
-ms.date: 04/05/2023
-ms.topic: how-to
----
-
-# Allow line-of-business Win32 apps on Intune-managed S Mode devices
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe.
-
-With Intune, you can configure managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps your organization uses. This feature changes the S mode security posture from "Microsoft has verified every app" to "Microsoft or your organization has verified every app".
-
-For an overview and brief demo of this feature, see this video:
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4mlcp]
-
-## Policy authorization process
-
-![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png)
-
-The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning.
-
-1. Generate a supplemental policy with WDAC tooling.
-
-    This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more.
-
-    For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
-
-    The following instructions are a basic set for creating an S mode supplemental policy:
-
-    - Create a new base policy using [New-CIPolicy](/powershell/module/configci/new-cipolicy?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        New-CIPolicy -MultiplePolicyFormat -ScanPath <path> -UserPEs -FilePath "<path>\SupplementalPolicy.xml" -Level FilePublisher -Fallback SignedVersion,Publisher,Hash
-        ```
-
-    - Change it to a supplemental policy using [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Set-CIPolicyIdInfo -SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784 -FilePath "<path>\SupplementalPolicy.xml"
-        ```
-
-        For policies that supplement the S mode base policy, use `-SupplementsBasePolicyID 5951A96A-E0B5-4D3D-8FB8-3E5B61030784`. This ID is the S mode policy ID.
-
-    - Put the policy in enforce mode using [Set-RuleOption](/powershell/module/configci/set-ruleoption?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Set-RuleOption -FilePath "<path>\SupplementalPolicy.xml>" -Option 3 -Delete
-        ```
-
-        This command deletes the 'audit mode' qualifier.
-
-    - Since you're signing your policy, you must authorize the signing certificate you use to sign the policy. Optionally, also authorize one or more extra signers that can be used to sign updates to the policy in the future. The next step in the overall process, **Sign the policy**, describes it in more detail.
-
-        To add the signing certificate to the WDAC policy, use [Add-SignerRule](/powershell/module/configci/add-signerrule?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        Add-SignerRule -FilePath <policypath> -CertificatePath <certpath> -User -Update
-        ```
-
-    - Convert to `.bin` using [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy?view=win10-ps&preserve-view=true).
-
-        ```powershell
-        ConvertFrom-CIPolicy -XmlFilePath "<path>\SupplementalPolicy.xml" -BinaryFilePath "<path>\SupplementalPolicy.bin>
-        ```
-
-2. Sign the policy.
-
-    Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md).
-
-      > [!TIP]
-      > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669).
-
-    After you've signed it, rename your policy to `{PolicyID}.p7b`. Get the **PolicyID** from the supplemental policy XML.
-
-3. Deploy the signed supplemental policy using Microsoft Intune.
-
-    Go to the Microsoft Intune portal, go to the Client apps page, and select **S mode supplemental policies**. Upload the signed policy to Intune and assign it to user or device groups. Intune generates authorization tokens for the tenant and specific devices. Intune then deploys the corresponding authorization token and supplemental policy to each device in the assigned group. Together, these tokens and policies expand the S mode base policy on the device.
-
-> [!NOTE]
-> When you update your supplemental policy, make sure that the new version number is strictly greater than the previous one. Intune doesn't allow using the same version number. For more information on setting the version number, see [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion?view=win10-ps&preserve-view=true).
-
-## Standard process for deploying apps through Intune
-
-![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png)
-
-For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
-
-## Optional: Process for deploying apps using catalogs
-
-![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png)
-
-Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well.
-
-Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate.
-
-The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md).
-
-> [!NOTE]
-> Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own.
-
-## Sample policy
-
-The following policy is a sample that allows kernel debuggers, PowerShell ISE, and Registry Editor. It also demonstrates how to specify your organization's code signing and policy signing certificates.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Supplemental Policy">
-  <VersionEx>10.0.0.0</VersionEx>
-  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
-  <!--Standard S mode GUID-->
-  <BasePolicyID>{5951A96A-E0B5-4D3D-8FB8-3E5B61030784}</BasePolicyID>
-  <!--Unique policy GUID-->
-  <PolicyID>{52671094-ACC6-43CF-AAF1-096DC69C1345}</PolicyID>
-  <!--EKUS-->
-  <EKUs />
-  <!--File Rules-->
-  <FileRules>
-    <!--Allow kernel debuggers-->
-    <Allow ID="ID_ALLOW_CBD_0" FriendlyName="cdb.exe" FileName="CDB.Exe" />
-    <Allow ID="ID_ALLOW_KD_0" FriendlyName="kd.exe" FileName="kd.Exe" />
-    <Allow ID="ID_ALLOW_WINDBG_0" FriendlyName="windbg.exe" FileName="windbg.Exe" />
-    <Allow ID="ID_ALLOW_MSBUILD_0" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" />
-    <Allow ID="ID_ALLOW_NTSD_0" FriendlyName="ntsd.exe" FileName="ntsd.Exe" />
-    <!--Allow PowerShell ISE and Registry Editor-->
-    <Allow ID="ID_ALLOW_POWERSHELLISE_0" FriendlyName="powershell_ise.exe" FileName="powershell_ise.exe" />
-    <Allow ID="ID_ALLOW_REGEDIT_0" FriendlyName="regedit.exe" FileName="regedit.exe" />
-  </FileRules>
-  <!--Signers-->
-  <Signers>
-    <!--info of the certificate you will use to do any code/catalog signing-->
-    <Signer ID="EXAMPLE_ID_SIGNER_CODE" Name="Example Code Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-    
-    <!--info of the certificate you will use to sign your policy-->
-    <Signer ID="EXAMPLE_ID_SIGNER_POLICY" Name="Example Policy Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-  </Signers>
-  <!--Driver Signing Scenarios-->
-  <SigningScenarios>
-    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="Example Name">
-      <ProductSigners />
-    </SigningScenario>
-    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="Example Name">
-      <ProductSigners>
-        <AllowedSigners>
-          <AllowedSigner SignerId="EXAMPLE_ID_SIGNER_CODE" />
-        </AllowedSigners>
-        <FileRulesRef>
-          <FileRuleRef RuleID="ID_ALLOW_CBD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_KD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_WINDBG_0" />
-          <FileRuleRef RuleID="ID_ALLOW_MSBUILD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_NTSD_0" />
-          <FileRuleRef RuleID="ID_ALLOW_POWERSHELLISE_0" />
-          <FileRuleRef RuleID="ID_ALLOW_REGEDIT_0" />
-        </FileRulesRef>
-      </ProductSigners>
-    </SigningScenario>
-  </SigningScenarios>
-  <!--Specify one or more certificates that can be used to sign updated policy-->
-  <UpdatePolicySigners>
-    <UpdatePolicySigner SignerId="EXAMPLE_ID_SIGNER_POLICY" />
-  </UpdatePolicySigners>
-  <!--Specify one or more codesigning certificates to trust-->
-  <CiSigners>
-    <CiSigner SignerId="EXAMPLE_ID_SIGNER_CODE" />
-  </CiSigners>
-  <!-- example remove core isolation a.k.a. Hypervisor Enforced Code Integrity (HVCI) options, consider enabling if your system supports it-->
-  <HvciOptions>0</HvciOptions>
-  <Settings>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
-      <Value>
-        <String>Example Policy Name</String>
-      </Value>
-    </Setting>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
-      <Value>
-        <String>Example-Policy-10.0.0.0</String>
-      </Value>
-    </Setting>
-  </Settings>
-</SiPolicy>
-```
-
-## Policy removal
-
-In order to revert users to an unmodified S mode policy, remove a user or users from the targeted Intune group that received the policy. This action triggers a removal of both the policy and the authorization token from the device.
-
-You can also delete a supplemental policy through Intune.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Supplemental Policy">
-  <VersionEx>10.0.0.1</VersionEx>
-  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
-  <BasePolicyID>{5951A96A-E0B5-4D3D-8FB8-3E5B61030784}</BasePolicyID>
-  <PolicyID>{52671094-ACC6-43CF-AAF1-096DC69C1345}</PolicyID>
-  <Rules>
-  </Rules>
-  <!--EKUS-->
-  <EKUs />
-  <!--File Rules-->
-
-  <!--Signers-->
-  <Signers>
-    <!--info of the certificate you will use to sign your policy-->
-    <Signer ID="EXAMPLE_ID_SIGNER_POLICY" Name="Example Policy Signing Certificate Friendly Name">
-      <CertRoot Type="TBS" Value="<value>" />
-    </Signer>
-  </Signers>
-  <!--Driver Signing Scenarios-->
-  <SigningScenarios>
-    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="KMCI">
-      <ProductSigners>
-      </ProductSigners>
-    </SigningScenario>
-    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="UMCI">
-      <ProductSigners>
-      </ProductSigners>
-    </SigningScenario>
-  </SigningScenarios>
-  <UpdatePolicySigners>
-    <UpdatePolicySigner SignerId="EXAMPLE_ID_SIGNER_POLICY" />
-  </UpdatePolicySigners>
-  <!-- example remove core isolation a.k.a. Hypervisor Enforced Code Integrity (HVCI) options, consider enabling if your system is supported-->
-  <HvciOptions>0</HvciOptions>
-  <Settings>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
-      <Value>
-        <String>Example Policy Name - Empty</String>
-      </Value>
-    </Setting>
-    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
-      <Value>
-        <String>Example-Policy-Empty-10.0.0.1</String>
-      </Value>
-    </Setting>
-  </Settings>
-</SiPolicy>
-```
-
-## Errata
-
-If a Windows 10 in S mode device with a policy authorization token and supplemental policy is rolled back from the 1909 update to the 1903 build, it will not revert to locked-down S mode until the next policy refresh. To achieve an immediate change to a locked-down S mode state, IT Pros should delete any tokens in %SystemRoot%\System32\CI\Tokens\Active.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png
deleted file mode 100644
index 754cf041ba..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png
deleted file mode 100644
index 91fc4f136b..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png
deleted file mode 100644
index d011fc4408..0000000000
Binary files a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png and /dev/null differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
index 1b1d46e536..04252abe74 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
@@ -8,7 +8,7 @@ metadata:
   author: vinaypamnani-msft
   ms.author: vinpa
   manager: aaroncz
-  ms.date: 04/05/2023
+  ms.date: 08/14/2024
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
@@ -39,8 +39,6 @@ landingContent:
             url: design/microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies
             url: design/example-wdac-base-policies.md
-          - text: LOB Win32 apps on S Mode
-            url: deployment/LOB-win32-apps-on-s.md
           - text: Managing multiple policies
             url: design/deploy-multiple-wdac-policies.md
       - linkListType: how-to-guide
@@ -51,7 +49,7 @@ landingContent:
             url: design/create-wdac-policy-for-fully-managed-devices.md
           - text: Create a WDAC policy for a fixed-workload
             url: design/create-wdac-policy-using-reference-computer.md
-          - text: Create a WDAC deny list policy
+          - text: Create a WDAC blocklist policy
             url: design/create-wdac-deny-policy.md
           - text: Deploying catalog files for WDAC management
             url: deployment/deploy-catalog-files-to-support-wdac.md
@@ -82,7 +80,7 @@ landingContent:
             url: design/manage-packaged-apps-with-wdac.md
           - text: Allow com object registration
             url: design/allow-com-object-registration-in-wdac-policy.md
-          - text: Manage plug-ins, add-ins and modules
+          - text: Manage plug-ins, add-ins, and modules
             url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
   # Card
   - title: Learn how to deploy WDAC Policies
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index c921606652..d7c7571c0e 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -99,7 +99,9 @@
         "operating-system-security/data-protection/**/*.md": "paolomatarazzo",
         "operating-system-security/data-protection/**/*.yml": "paolomatarazzo",
         "operating-system-security/network-security/**/*.md": "paolomatarazzo",
-        "operating-system-security/network-security/**/*.yml": "paolomatarazzo"
+        "operating-system-security/network-security/**/*.yml": "paolomatarazzo",
+        "security-foundations/certification/**/*.md": "mike-grimm",
+        "security-foundations/certification/**/*.yml": "mike-grimm"
       },
       "ms.author": {
         "application-security//**/*.md": "vinpa",
@@ -119,7 +121,9 @@
         "operating-system-security/data-protection/**/*.md": "paoloma",
         "operating-system-security/data-protection/**/*.yml": "paoloma",
         "operating-system-security/network-security/**/*.md": "paoloma",
-        "operating-system-security/network-security/**/*.yml": "paoloma"
+        "operating-system-security/network-security/**/*.yml": "paoloma",
+        "security-foundations/certification/**/*.md": "mgrimm",
+        "security-foundations/certification/**/*.yml": "mgrimm"
       },
       "appliesto": {
         "application-security//**/*.md": [
@@ -233,7 +237,8 @@
         "operating-system-security/data-protection/personal-data-encryption/*.md": "rhonnegowda",
         "operating-system-security/device-management/windows-security-configuration-framework/*.md": "jmunck",
         "operating-system-security/network-security/vpn/*.md": "pesmith",
-        "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
+        "operating-system-security/network-security/windows-firewall/*.md": "nganguly",
+        "security-foundations/certification/**/*.md": "paoloma"
       },
       "ms.collection": {
         "book/*.md": "tier3",
@@ -242,6 +247,7 @@
         "information-protection/tpm/*.md": "tier1",
         "operating-system-security/data-protection/bitlocker/*.md": "tier1",
         "operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
+        "security-foundations/certification/**/*.md": "tier3",
         "threat-protection/auditing/*.md": "tier3"
       },
       "ROBOTS": {
diff --git a/windows/security/security-foundations/certification/fips-140-validation.md b/windows/security/security-foundations/certification/fips-140-validation.md
index 7e2163afdc..739b778e25 100644
--- a/windows/security/security-foundations/certification/fips-140-validation.md
+++ b/windows/security/security-foundations/certification/fips-140-validation.md
@@ -3,10 +3,6 @@ title: Windows FIPS 140 validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows FIPS 140 validation
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-previous.md
index 58209a1bc7..8d5cd8c275 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-previous.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows releases
 description: Learn about the completed Common Criteria certifications for previous Windows releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications for previous Windows releases
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md b/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
index 5e7d75c602..75df55214c 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-2022-2019-2016.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server 2022, 2019, and 2016
 description: Learn about the completed Common Criteria certifications for Windows Server 2022, 2019, and 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows Server 2022, 2019, and 2016 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
index d8b655246d..392c293fd2 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows Server releases
 description: Learn about the completed Common Criteria certifications for previous Windows Server releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications for previous Windows Server releases
diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md b/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
index d65c3f9442..979a3196ee 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows-server-semi-annual.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server semi-annual releases
 description: Learn about the completed Common Criteria certifications for Windows Server semi-annual releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows Server semi-annual Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows10.md b/windows/security/security-foundations/certification/validations/cc-windows10.md
index 916d28b4cd..36bd9cc400 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows10.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows10.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 10
 description: Learn about the completed Common Criteria certifications for Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows 10 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/cc-windows11.md b/windows/security/security-foundations/certification/validations/cc-windows11.md
index 1f653104a1..52e683c0c2 100644
--- a/windows/security/security-foundations/certification/validations/cc-windows11.md
+++ b/windows/security/security-foundations/certification/validations/cc-windows11.md
@@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 11
 description: Learn about the completed Common Criteria certifications for Windows 11.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Windows 11 Common Criteria certifications
diff --git a/windows/security/security-foundations/certification/validations/fips-140-other-products.md b/windows/security/security-foundations/certification/validations/fips-140-other-products.md
index 1d93f90168..009d8e3b18 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-other-products.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-other-products.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for other products
 description: This topic lists the completed FIPS 140 cryptographic module validations for products other than Windows and Windows Server that leverage the Windows cryptographic modules.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in other products
 
 The following tables list the completed FIPS 140 validations in products other than Windows and Windows Server that leverage the Windows cryptographic modules. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md b/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
index eca7af6d57..25731d7f15 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-previous.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for previous Windows versions
 description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows prior to Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in previous Windows versions
 
 The following tables list the completed FIPS 140 validations of cryptographic modules used in versions of Windows  prior to Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
index e745be28d9..7105cd5459 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2016.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server 2016
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 # FIPS 140 validated modules in Windows Server 2016
 
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
index caebf60f2a..c5ef45bb70 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-2019.md
@@ -3,11 +3,8 @@ title: FIPS 140 validated modules for Windows Server 2019
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2019.
 ms.date: 4/5/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
+
 # FIPS 140 validated modules in Windows Server 2019
 
 The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server 2019, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, see its linked Security Policy document or module certificate.
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
index 7e5d018a04..659435689f 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-previous.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for previous Windows Server versions
 description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows Server prior to Windows Server 2016.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules in previous Windows Server versions
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md b/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
index 773a622fe4..d1d1724b36 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server Semi-Annual Releases
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server semi-annual releases.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules in Windows Server semi-annual releases
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows10.md b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
index d2d5b384b6..e555337cb5 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows10.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows10.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 10
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules for Windows 10
diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows11.md b/windows/security/security-foundations/certification/validations/fips-140-windows11.md
index 0eb4fa7733..bf551c22b5 100644
--- a/windows/security/security-foundations/certification/validations/fips-140-windows11.md
+++ b/windows/security/security-foundations/certification/validations/fips-140-windows11.md
@@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 11
 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 11.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # FIPS 140 validated modules for Windows 11
diff --git a/windows/security/security-foundations/certification/windows-platform-common-criteria.md b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
index d012841b09..e59b0403b4 100644
--- a/windows/security/security-foundations/certification/windows-platform-common-criteria.md
+++ b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
@@ -3,10 +3,6 @@ title: Windows Common Criteria certifications
 description: Learn how Microsoft products are certified under the Common Criteria for Information Technology Security Evaluation program.
 ms.date: 2/1/2024
 ms.topic: reference
-ms.author: v-rodurff
-author: msrobertd
-ms.reviewer: paoloma
-ms.collection: tier3
 ---
 
 # Common Criteria certifications
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index a23ff9f3aa..fa2925d159 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -105,7 +105,7 @@ The features in this article are no longer being actively developed, and might b
 |IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
 |RSA/AES Encryption for IIS   | We recommend that users use CNG encryption provider. | 1709 |
 |Screen saver functionality in Themes   | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
-|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report.  All other  **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
+|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report.  All other  **Sync your settings** options will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
 |System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software publisher. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 |
 |TLS RC4 Ciphers  |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 |
 |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index 62733bd8d1..a348f85ad3 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -60,7 +60,7 @@ To upgrade directly to Windows 11, eligible Windows 10 devices must meet both of
 > [!NOTE]
 >
 > - S mode is only supported on the Home edition of Windows 11.
-> - If you're running a different edition of Windows in S mode, before upgrading to Windows 11, first [switch out of S mode](/windows/deployment/windows-10-pro-in-s-mode).
+> - If you're running a different edition of Windows in S mode, before upgrading to Windows 11, first [switch out of S mode](/previous-versions/windows/it-pro/windows-10/deployment/s-mode/switch-edition-from-s-mode).
 > - To switch a device out of Windows 10 in S mode also requires internet connectivity. If you switch out of S mode, you can't switch back to S mode later.
 
 ## Feature-specific requirements