Merge pull request #9034 from MicrosoftDocs/main

Publish 10/24/2023, 3:30 PM addendum
2025-05-12 13:27:23 +00:00 · 2023-10-24 15:42:34 -07:00 · 2023-10-24 15:42:34 -07:00 · 0bae45cd0b
commit 0bae45cd0b
parent a4b89447d3 218641a7fc
17 changed files with 73 additions and 76 deletions
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -312,9 +312,9 @@ Windows will attempt to silently enable BitLocker for value 0.

 <!-- Device-ConfigureRecoveryPasswordRotation-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Microsoft Entra ID and Hybrid domain joined devices.
+Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Microsoft Entra ID and hybrid domain joined devices.

-When not configured, Rotation is turned on by default for Microsoft Entra-only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required.
+When not configured, Rotation is turned on by default for Microsoft Entra ID only and off on hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required.

 For OS drive: Turn on "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives".

@ -323,7 +323,7 @@ For Fixed drives: Turn on "Do not enable BitLocker until recovery information is
 Supported Values: 0 - Numeric Recovery Passwords rotation OFF.

 1 - Numeric Recovery Passwords Rotation upon use ON for Microsoft Entra joined devices. Default value
-2 - Numeric Recovery Passwords Rotation upon use ON for both Microsoft Entra ID and Hybrid devices.
+2 - Numeric Recovery Passwords Rotation upon use ON for both Microsoft Entra ID and hybrid devices.
 <!-- Device-ConfigureRecoveryPasswordRotation-Description-End -->

 <!-- Device-ConfigureRecoveryPasswordRotation-Editable-Begin -->
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@ -4,7 +4,7 @@ description: Learn more about the ClientCertificateInstall CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -165,7 +165,7 @@ Required for PFX certificate installation. A unique ID to differentiate differen

 Format is node.

-Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
+Calling Delete on this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
 <!-- Device-PFXCertInstall-{UniqueID}-Description-End -->

 <!-- Device-PFXCertInstall-{UniqueID}-Editable-Begin -->
@ -385,7 +385,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro
 <!-- Description-Source-DDF -->
 Optional.

-When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
+When a value of "2" is contained in PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Description-End -->

 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Editable-Begin -->
@ -653,7 +653,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed.
 <!-- Description-Source-DDF -->
 Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.

-Calling Delete on the this node, should delete the corresponding SCEP certificate.
+Calling Delete on this node, should delete the corresponding SCEP certificate.
 <!-- Device-SCEP-{UniqueID}-Description-End -->

 <!-- Device-SCEP-{UniqueID}-Editable-Begin -->
@ -813,7 +813,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install

 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Description-Begin -->
 <!-- Description-Source-DDF -->
-Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Microsoft Entra ID Key present on the device. If no match is found, enrollment will fail.
 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Description-End -->

 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Editable-Begin -->
@ -1274,7 +1274,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for

 <!-- Device-SCEP-{UniqueID}-Install-RetryCount-Description-Begin -->
 <!-- Description-Source-DDF -->
-Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30.
+Optional. Special to SCEP. Specify device retry times when the SCEP server sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30.

 The min value is 0 which means no retry.
 <!-- Device-SCEP-{UniqueID}-Install-RetryCount-Description-End -->
@ -1741,7 +1741,7 @@ Required for PFX certificate installation. A unique ID to differentiate differen

 Format is node.

-Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
+Calling Delete on this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
 <!-- User-PFXCertInstall-{UniqueID}-Description-End -->

 <!-- User-PFXCertInstall-{UniqueID}-Editable-Begin -->
@ -1961,7 +1961,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro
 <!-- Description-Source-DDF -->
 Optional.

-When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
+When a value of "2" is contained in PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Description-End -->

 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Editable-Begin -->
@ -2227,7 +2227,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed.
 <!-- Description-Source-DDF -->
 Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.

-Calling Delete on the this node, should delete the corresponding SCEP certificate.
+Calling Delete on this node, should delete the corresponding SCEP certificate.
 <!-- User-SCEP-{UniqueID}-Description-End -->

 <!-- User-SCEP-{UniqueID}-Editable-Begin -->
@ -2387,7 +2387,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install

 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Description-Begin -->
 <!-- Description-Source-DDF -->
-Optional. Specify the AAD Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Microsoft Entra ID Key Identifier List as a semicolon separated values. On Enroll, the values in this list are validated against the Microsoft Entra ID Key present on the device. If no match is found, enrollment will fail.
 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Description-End -->

 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Editable-Begin -->
@ -2848,7 +2848,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for

 <!-- User-SCEP-{UniqueID}-Install-RetryCount-Description-Begin -->
 <!-- Description-Source-DDF -->
-Optional. Special to SCEP. Specify device retry times when the SCEP sever sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30.
+Optional. Special to SCEP. Specify device retry times when the SCEP server sends pending status. Format is int. Default value is 3. Max value: the value can't be larger than 30. If it's larger than 30, the device will use 30.

 The min value is 0 which means no retry.
 <!-- User-SCEP-{UniqueID}-Install-RetryCount-Description-End -->
--- a/windows/client-management/mdm/clouddesktop-csp.md
+++ b/windows/client-management/mdm/clouddesktop-csp.md
@ -4,7 +4,7 @@ description: Learn more about the CloudDesktop CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -46,7 +46,7 @@ The following list shows the CloudDesktop configuration service provider nodes:

 <!-- Device-EnableBootToCloudSharedPCMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling boot to cloud shared pc feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.
+Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.
 <!-- Device-EnableBootToCloudSharedPCMode-Description-End -->

 <!-- Device-EnableBootToCloudSharedPCMode-Editable-Begin -->
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@ -4,7 +4,7 @@ description: Learn more about the DMClient CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 09/27/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -351,7 +351,7 @@ For more information about Microsoft Entra enrollment, see [Microsoft Entra inte

 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-Description-Begin -->
 <!-- Description-Source-DDF -->
-For Microsoft Entra backed enrollments, this will cause the client to send a Device Token if the User Token can't be obtained.
+For Microsoft Entra ID backed enrollments, this will cause the client to send a Device Token if the User Token can't be obtained.
 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-Description-End -->

 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-Editable-Begin -->
@ -1209,7 +1209,7 @@ The node contains the secondary certificate - the public key to use.

 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-Description-Begin -->
 <!-- Description-Source-DDF -->
-This node specifies how the client will perform the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
+This node specifies how the client will perform the app layer signing and encryption. 0: no op; 1: sign-only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-Description-End -->

 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-Editable-Begin -->
@ -1568,7 +1568,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-Description-Begin -->
 <!-- Description-Source-DDF -->
-Device Only. This node determines whether or not the MDM progress page is blocking in the AADJ or DJ++ case, as well as which remediation options are available.
+Device Only. This node determines whether or not the MDM progress page is blocking in the Microsoft Entra joined or DJ++ case, as well as which remediation options are available.
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-Description-End -->

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-Editable-Begin -->
@ -1994,7 +1994,7 @@ This node is set by the server to inform the UX that the server has finished pro

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-Description-Begin -->
 <!-- Description-Source-DDF -->
-Device only. This node decides whether or not the MDM device progress page skips after AADJ or Hybrid AADJ in OOBE.
+Device only. This node decides whether or not the MDM device progress page skips after Microsoft Entra joined or Microsoft Entra hybrid joined in OOBE.
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-Description-End -->

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-Editable-Begin -->
@ -2043,7 +2043,7 @@ Device only. This node decides whether or not the MDM device progress page skips

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-Description-Begin -->
 <!-- Description-Source-DDF -->
-Device only. This node decides whether or not the MDM user progress page skips after AADJ or DJ++ after user login.
+Device only. This node decides whether or not the MDM user progress page skips after Microsoft Entra joined or DJ++ after user login.
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-Description-End -->

 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-Editable-Begin -->
@ -2206,7 +2206,7 @@ Force device to send device Microsoft Entra token during check-in as a separate
 | 0 | ForceAadTokenNotDefined: the value isn't defined(default). |
 | 1 | AlwaysSendAadDeviceTokenCheckIn: always send Microsoft Entra device token during check-in as a separate header section(not as Bearer token). |
 | 2 | Reserved for future. AlwaysSendAadUserTokenCheckin: always send Microsoft Entra user token during check-in as a separate header section(not as Bearer token). |
-| 4 | SendAadDeviceTokenForAuth: to replace AADSendDeviceToken, send Microsoft Entra Device token for auth as Bearer token. |
+| 4 | SendAadDeviceTokenForAuth: to replace AADSendDeviceToken, send Microsoft Entra device token for auth as Bearer token. |
 | 8 | Reserved for future. ForceAadTokenMaxAllowed: max value allowed. |
 <!-- Device-Provider-{ProviderID}-ForceAadToken-AllowedValues-End -->

@ -2428,7 +2428,7 @@ The interior node for linked enrollment.

 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-DiscoveryEndpoint-Description-Begin -->
 <!-- Description-Source-DDF -->
-Endpoint Discovery is the process where a specific URL (the "discovery endpoint") is accessed, which returns a directory of endpoints for using the system including enrollment. On Get, if the endpoint isn't set, client will return an rmpty string with S_OK.
+Endpoint Discovery is the process where a specific URL (the "discovery endpoint") is accessed, which returns a directory of endpoints for using the system including enrollment. On Get, if the endpoint isn't set, client will return an empty string with S_OK.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-DiscoveryEndpoint-Description-End -->

 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-DiscoveryEndpoint-Editable-Begin -->
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -449,7 +449,7 @@ Use this setting to configure which directory the local admin account password i
 The allowable settings are:

 0=Disabled (password won't be backed up)
-1=Backup the password to Microsoft Entra-only
+1=Backup the password to Microsoft Entra ID only
 2=Backup the password to Active Directory only.

 If not specified, this setting will default to 0.
@ -475,7 +475,7 @@ If not specified, this setting will default to 0.
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled (password won't be backed up). |
-| 1 | Backup the password to Microsoft Entra-only. |
+| 1 | Backup the password to Microsoft Entra ID only. |
 | 2 | Backup the password to Active Directory only. |
 <!-- Device-Policies-BackupDirectory-AllowedValues-End -->

@ -745,7 +745,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
 | Value | Description |
 |:--|:--|
 | 1 | Reset password: upon expiry of the grace period, the managed account password will be reset. |
-| 3 (Default) | Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will terminated. |
+| 3 (Default) | Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will be terminated. |
 | 5 | Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted. |
 <!-- Device-Policies-PostAuthenticationActions-AllowedValues-End -->

--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@ -4,7 +4,7 @@ description: Learn more about the ADMX_OfflineFiles Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -1755,7 +1755,7 @@ This policy setting is triggered by the configured round trip network latency va

 - If you enable this policy setting, transparent caching is enabled and configurable.

- If you disable or don't configure this policy setting, remote files will be not be transparently cached on client computers.
+- If you disable or don't configure this policy setting, remote files won't be transparently cached on client computers.
 <!-- Pol_OnlineCachingSettings-Description-End -->

 <!-- Pol_OnlineCachingSettings-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@ -4,7 +4,7 @@ description: Learn more about the ADMX_Power Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -102,7 +102,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- Description-Source-ADMX -->
 This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.

- If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
+- If you enable this policy setting, an application or service may prevent the system from sleeping (hybrid Sleep, Stand By, or Hibernate).

 - If you disable or don't configure this policy setting, users control this setting.
 <!-- ACCriticalSleepTransitionsDisable_2-Description-End -->
@ -885,7 +885,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- Description-Source-ADMX -->
 This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.

- If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).
+- If you enable this policy setting, an application or service may prevent the system from sleeping (hybrid Sleep, Stand By, or Hibernate).

 - If you disable or don't configure this policy setting, users control this setting.
 <!-- DCCriticalSleepTransitionsDisable_2-Description-End -->
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/30/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -2459,7 +2459,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 - If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.

 > [!NOTE]
-> AAD Per User mode is deprecated on Windows 11 and above.
+> Microsoft Entra ID Per User mode is deprecated on Windows 11 and above.
 <!-- TS_LICENSING_MODE-Description-End -->

 <!-- TS_LICENSING_MODE-Editable-Begin -->
@ -2515,7 +2515,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 <!-- Description-Source-ADMX -->
 Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.

-You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
+You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, additional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.

 To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.

@ -4070,7 +4070,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF

 <!-- TS_SERVER_PROFILE-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.
+This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.

 - If you enable this policy setting, the RemoteFX experience could be set to one of the following options:

--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@ -4,7 +4,7 @@ description: Learn more about the AppVirtualization Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -1443,7 +1443,7 @@ Specifies the number of times to retry a dropped session.

 <!-- StreamingSharedContentStoreMode-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies that streamed package contents will be not be saved to the local hard disk.
+Specifies that streamed package contents won't be saved to the local hard disk.
 <!-- StreamingSharedContentStoreMode-Description-End -->

 <!-- StreamingSharedContentStoreMode-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@ -4,7 +4,7 @@ description: Learn more about the Authentication Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -90,7 +90,7 @@ This policy allows the Microsoft Entra tenant administrator to enable the self-s

 <!-- AllowEAPCertSSO-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
+Allows an EAP cert-based authentication for a single sign-on (SSO) to access internal resources.
 <!-- AllowEAPCertSSO-Description-End -->

 <!-- AllowEAPCertSSO-Editable-Begin -->
@ -188,7 +188,7 @@ Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restrict

 <!-- AllowSecondaryAuthenticationDevice-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.
+This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign-on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.

 - If you enable or don't configure this policy setting, users can authenticate to Windows Hello using a companion device.

@ -413,7 +413,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex

 <!-- EnablePasswordlessExperience-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies whether connected users on AADJ devices receive a Passwordless experience on Windows.
+Specifies whether connected users on Microsoft Entra joined devices receive a Passwordless experience on Windows.
 <!-- EnablePasswordlessExperience-Description-End -->

 <!-- EnablePasswordlessExperience-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 10/03/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -1074,7 +1074,6 @@ This policy setting allows you to configure the maximum percentage CPU utilizati
 - If you enable this setting, CPU utilization won't exceed the percentage specified.

 - If you disable or don't configure this setting, CPU utilization won't exceed the default value.
-
 <!-- AvgCPULoadFactor-Description-End -->

 <!-- AvgCPULoadFactor-Editable-Begin -->
@ -1085,7 +1084,6 @@ This policy setting allows you to configure the maximum percentage CPU utilizati
 > 
 > - [ScanOnlyIfIdle](defender-csp.md#configurationscanonlyifidleenabled): Instructs the product to scan only when the computer isn't in use.
 > - [DisableCpuThrottleOnIdleScans](defender-csp.md#configurationdisablecputhrottleonidlescans): Instructs the product to disable CPU throttling on idle scans.
-
 <!-- AvgCPULoadFactor-Editable-End -->

 <!-- AvgCPULoadFactor-DFProperties-Begin -->
@ -2920,4 +2918,3 @@ Valid remediation action values are:
 ## Related articles

 [Policy configuration service provider](policy-configuration-service-provider.md)
-
--- a/windows/client-management/mdm/policy-csp-federatedauthentication.md
+++ b/windows/client-management/mdm/policy-csp-federatedauthentication.md
@ -4,7 +4,7 @@ description: Learn more about the FederatedAuthentication Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -63,7 +63,7 @@ Specifies whether web-based sign-in is enabled with the Primary User experience.
 |:--|:--|
 | 0 (Default) | Feature defaults as appropriate for edition and device capabilities. As of now, all editions/devices exhibit Disabled behavior by default. However, this may change for future editions/devices. |
 | 1 | Enabled. Web Sign-in Credential Provider will be enabled for device sign-in. |
-| 2 | Disabled. Web Sign-in Credential Provider isn't be enabled for device sign-in. |
+| 2 | Disabled. Web Sign-in Credential Provider won't be enabled for device sign-in. |
 <!-- EnableWebSignInForPrimaryUser-AllowedValues-End -->

 <!-- EnableWebSignInForPrimaryUser-Examples-Begin -->
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -134,7 +134,7 @@ This policy setting allows retrieving the Microsoft Entra Kerberos Ticket Granti
 | Name | Value |
 |:--|:--|
 | Name | CloudKerberosTicketRetrievalEnabled |
-| Friendly Name | Allow retrieving the Microsoft Entra Kerberos Ticket Granting Ticket during logon |
+| Friendly Name | Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon |
 | Location | Computer Configuration |
 | Path | System > Kerberos |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters |
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@ -4,7 +4,7 @@ description: Learn more about the Power Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -450,7 +450,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- HibernateTimeoutOnBattery-Description-End -->

 <!-- HibernateTimeoutOnBattery-Editable-Begin -->
@ -510,7 +510,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- HibernateTimeoutPluggedIn-Description-End -->

 <!-- HibernateTimeoutPluggedIn-Editable-Begin -->
@ -1144,7 +1144,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- StandbyTimeoutOnBattery-Description-End -->

 <!-- StandbyTimeoutOnBattery-Editable-Begin -->
@ -1204,7 +1204,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- StandbyTimeoutPluggedIn-Description-End -->

 <!-- StandbyTimeoutPluggedIn-Editable-Begin -->
@ -1258,7 +1258,7 @@ If the user has configured a slide show to run on the lock screen when the machi

 <!-- TurnOffHybridSleepOnBattery-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off Hybrid Sleep.

 - If you enable this policy setting, a hiberfile isn't generated when the system transitions to sleep (Stand By).

@ -1285,7 +1285,7 @@ This policy setting allows you to turn off hybrid sleep.
 | Value | Description |
 |:--|:--|
 | 0 (Default) | . |
-| 1 | Hybrid sleep. |
+| 1 | Hybrid Sleep. |
 <!-- TurnOffHybridSleepOnBattery-AllowedValues-End -->

 <!-- TurnOffHybridSleepOnBattery-GpMapping-Begin -->
@ -1325,7 +1325,7 @@ This policy setting allows you to turn off hybrid sleep.

 <!-- TurnOffHybridSleepPluggedIn-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to turn off hybrid sleep.
+This policy setting allows you to turn off Hybrid Sleep.

 - If you enable this policy setting, a hiberfile isn't generated when the system transitions to sleep (Stand By).

@ -1352,7 +1352,7 @@ This policy setting allows you to turn off hybrid sleep.
 | Value | Description |
 |:--|:--|
 | 0 (Default) | . |
-| 1 | Hybrid sleep. |
+| 1 | Hybrid Sleep. |
 <!-- TurnOffHybridSleepPluggedIn-AllowedValues-End -->

 <!-- TurnOffHybridSleepPluggedIn-GpMapping-Begin -->
@ -1398,7 +1398,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- UnattendedSleepTimeoutOnBattery-Description-End -->

 <!-- UnattendedSleepTimeoutOnBattery-Editable-Begin -->
@ -1459,7 +1459,7 @@ This policy setting allows you to specify the period of inactivity before Window

 - If you disable or don't configure this policy setting, users control this setting.

-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 <!-- UnattendedSleepTimeoutPluggedIn-Description-End -->

 <!-- UnattendedSleepTimeoutPluggedIn-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -4,7 +4,7 @@ description: Learn more about the Search Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -102,7 +102,7 @@ Allow search and Cortana to search cloud sources like OneDrive and SharePoint.

 <!-- AllowCortanaInAAD-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Allow the cortana opt-in page during windows setup out of the box experience.
+Allow the Cortana opt-in page during windows setup out of the box experience.
 <!-- AllowCortanaInAAD-Description-End -->

 <!-- AllowCortanaInAAD-Editable-Begin -->
@ -124,8 +124,8 @@ Allow the cortana opt-in page during windows setup out of the box experience.

 | Value | Description |
 |:--|:--|
-| 0 (Default) | Not allowed. The Cortana consent page won't appear in AAD OOBE during setup. |
-| 1 | Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. |
+| 0 (Default) | Not allowed. The Cortana consent page won't appear in Microsoft Entra ID OOBE during setup. |
+| 1 | Allowed. The Cortana consent page will appear in Azure Microsoft Entra ID OOBE during setup. |
 <!-- AllowCortanaInAAD-AllowedValues-End -->

 <!-- AllowCortanaInAAD-GpMapping-Begin -->
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -4,7 +4,7 @@ description: Learn more about the WindowsLogon Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 10/03/2023
+ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -104,20 +104,20 @@ After enabling this policy, you can configure its settings through the ConfigAut

 <!-- ConfigAutomaticRestartSignOn-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose "Disabled" in the "Sign-in and lock last interactive user automatically after a restart" policy, then automatic sign on won't occur and this policy doesn't need to be configured.
+This policy setting controls the configuration under which an automatic restart and sign-on and lock occurs after a restart or cold boot. If you chose "Disabled" in the "Sign-in and lock last interactive user automatically after a restart" policy, then automatic sign-on won't occur and this policy doesn't need to be configured.

 - If you enable this policy setting, you can choose one of the following two options:

-1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
+1. "Enabled if BitLocker is on and not suspended" specifies that automatic sign-on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device's hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.

 BitLocker is suspended during updates if:

 - The device doesn't have TPM 2.0 and PCR7, or
 - The device doesn't use a TPM-only protector.

-2. "Always Enabled" specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
+2. "Always Enabled" specifies that automatic sign-on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker isn't enabled, personal data is accessible on the hard drive. Automatic restart and sign-on should only be run under this condition if you are confident that the configured device is in a secure physical location.

- If you disable or don't configure this setting, automatic sign on will default to the "Enabled if BitLocker is on and not suspended" behavior.
+- If you disable or don't configure this setting, automatic sign-on will default to the "Enabled if BitLocker is on and not suspended" behavior.
 <!-- ConfigAutomaticRestartSignOn-Description-End -->

 <!-- ConfigAutomaticRestartSignOn-Editable-Begin -->
@ -574,7 +574,7 @@ The locations that Switch User interface appear are in the Logon UI, the Start m

 <!-- OverrideShellProgram-Description-Begin -->
 <!-- Description-Source-DDF -->
-OverrideShellProgram policy allows IT admin to configure the shell program for Windows OS on a device. This policy has the highest precedence over other ways of configuring the shell program. The policy currently supports below options: 1. Not Configured: Default shell will be launched. 2. Apply Lightweight Shell: Lightweight shell doesn't have a user interface and helps the device to achieve better performance as the shell consumes limited resources over default shell. Lightweight shell contains a limited set of features, which could be consumed by applications. This configuration can be useful if the device needs to have a continuous running user interface application that would consume features offered by Lightweight shell. If you disable or don't configure this policy setting, then the default shell will be launched.
+OverrideShellProgram policy allows IT admin to configure the shell program for Windows OS on a device. This policy has the highest precedence over other ways of configuring the shell program. The policy currently supports below options: 1. Not Configured: Default shell will be launched. 2. Apply Lightweight Shell: Lightweight shell doesn't have a user interface and helps the device to achieve better performance as the shell consumes limited resources over default shell. Lightweight shell contains a limited set of features which could be consumed by applications. This configuration can be useful if the device needs to have a continuous running user interface application which would consume features offered by Lightweight shell. If you disable or don't configure this policy setting, then the default shell will be launched.
 <!-- OverrideShellProgram-Description-End -->

 <!-- OverrideShellProgram-Editable-Begin -->
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@ -4,7 +4,7 @@ description: Learn more about the SecureAssessment CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 08/10/2023
+ms.date: 10/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@ -327,7 +327,7 @@ Indicates if printing is required by the app.

 <!-- Device-TesterAccount-Description-Begin -->
 <!-- Description-Source-DDF -->
-The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.
+The user name of the test taking account. To specify a domain account, use domain\user. To specify a Microsoft Entra account, use username@tenant.com. To specify a local account, use the username.
 <!-- Device-TesterAccount-Description-End -->

 <!-- Device-TesterAccount-Editable-Begin -->