From 7024581bba23575cbcc2e8081c9a37f81e2936fc Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Thu, 6 May 2021 20:01:36 +0200
Subject: [PATCH 01/29] Typo, grammar, whitespace (f8b7f58 follow-up)

During my attempt to make a quick review of PR #9502 (**Update**),
it got merged without any review comments.

This PR contains a typo correction and minor grammar correction,
in addition to lots of whitespace consistency corrections.

Ref. commit 2e943571ac2fd82cc5c137021a9364cc5c656338
---
 .../faq-md-app-guard.md                       | 80 +++++++++----------
 1 file changed, 39 insertions(+), 41 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index e05438f037..6add06d337 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -9,13 +9,13 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.date: 05/06/2021
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.custom: asr
 ms.technology: mde
 ---
 
-# Frequently asked questions - Microsoft Defender Application Guard 
+# Frequently asked questions - Microsoft Defender Application Guard
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
@@ -27,35 +27,35 @@ This article lists frequently asked questions with answers for Microsoft Defende
 
 We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
-`HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
+`HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB` (Default is 8 GB.)
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB` (Default is 5 GB.)
 
-### Can employees download documents from the Application Guard Edge session onto host devices? 
+### Can employees download documents from the Application Guard Edge session onto host devices?
 
 In Windows 10 Enterprise edition, version 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
 
-In Windows 10 Enterprise edition, version 1709, or Windows 10 Professional edition, version 1803, it is not possible to download files from the isolated Application Guard container to the host computer. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
+In Windows 10 Enterprise edition, version 1709, or Windows 10 Professional edition, version 1803, it is not possible to download files from the isolated Application Guard container to the host computer. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device.
 
-### Can employees copy and paste between the host device and the Application Guard Edge session? 
+### Can employees copy and paste between the host device and the Application Guard Edge session?
 
-Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. 
+Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container.
 
 ### Why don't employees see their favorites in the Application Guard Edge session?
 
-Depending on your organization’s settings, it might be that Favorites Sync is off. To managed the policy, see: [Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard)
+Depending on your organization’s settings, it might be that Favorites Sync is turned off. To manage the policy, see: [Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard)
 
 ### Why aren’t employees able to see their extensions in the Application Guard Edge session?
 
 Make sure to enable the extensions policy on your Application Guard configuration.
 
-### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? 
+### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?
 
-Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. 
+Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition, version 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune.
 
-### Which Input Method Editors (IME) in 19H1 are not supported? 
+### Which Input Method Editors (IME) in 19H1 are not supported?
 
 The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard.
 - Vietnam Telex keyboard
@@ -71,25 +71,25 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903
 - Odia phonetic keyboard
 - Punjabi phonetic keyboard
 
-### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? 
+### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?
 
 This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
 
-### What is the WDAGUtilityAccount local account? 
+### What is the WDAGUtilityAccount local account?
 
-WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If *Run as a service* permissions are revoked for this account, you might see the following error: 
+WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If *Run as a service* permissions are revoked for this account, you might see the following error:
 
 **Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000**
 
 We recommend that you do not modify this account.
 
-### How do I trust a subdomain in my site list?                          
+### How do I trust a subdomain in my site list?
 
 To trust a subdomain, you must precede your domain with two dots (..). For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), and the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted.
 
-### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? 
+### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise?
 
-When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](./install-md-app-guard.md). 
+When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](./install-md-app-guard.md).
 
 ### Is there a size limit to the domain lists that I need to configure?
 
@@ -97,7 +97,7 @@ Yes, both the Enterprise Resource domains that are hosted in the cloud and the d
 
 ### Why does my encryption driver break Microsoft Defender Application Guard?
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**).  
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**).
 
 ### Why do the Network Isolation policies in Group Policy and CSP look different?
 
@@ -109,17 +109,17 @@ There is not a one-to-one mapping among all the Network Isolation policies betwe
 
 - For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). 
+Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**).
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
-If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. 
+If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements.
 
 ### Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"?
 
-Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
+Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume.
 
-### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file?
+### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach the PAC file?
 
 This is a known issue. To mitigate this you need to create two firewall rules.
 For guidance on how to create a firewall rule by using group policy, see:
@@ -146,7 +146,7 @@ In the Microsoft Defender Firewall user interface go through the following steps
 7. Allow the connection.
 8. Specify to use all profiles.
 9. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
-10. In the **Programs and services** tab, under the **Services** section, select **settings**. 
+10. In the **Programs and services** tab, under the **Services** section, select **settings**.
 11. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
 
 ### Why can I not launch Application Guard when Exploit Guard is enabled?
@@ -157,9 +157,9 @@ There is a known issue such that if you change the Exploit Protection settings f
 
 ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
 
-1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
+1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**.
 
-2. Disable IpNat.sys from ICS load as follows: <br/> 
+2. Disable IpNat.sys from ICS load as follows: <br/>
 `System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
 
 3. Configure ICS (SharedAccess) to enabled as follows: <br/>
@@ -172,27 +172,25 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 ### Why doesn't the container fully load when device control policies are enabled?
 
-Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. 
+Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly.
 
-Policy: Allow installation of devices that match any of these device IDs 
-- `SCSI\DiskMsft____Virtual_Disk____` 
-- `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba` 
-- `VMS_VSF` 
-- `root\Vpcivsp` 
-- `root\VMBus` 
-- `vms_mp` 
-- `VMS_VSP` 
+Policy: Allow installation of devices that match any of these device IDs
+- `SCSI\DiskMsft____Virtual_Disk____`
+- `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba`
+- `VMS_VSF`
+- `root\Vpcivsp`
+- `root\VMBus`
+- `vms_mp`
+- `VMS_VSP`
 - `ROOT\VKRNLINTVSP`
-- `ROOT\VID` 
-- `root\storvsp` 
-- `vms_vsmp` 
-- `VMS_PP` 
+- `ROOT\VID`
+- `root\storvsp`
+- `vms_vsmp`
+- `VMS_PP`
 
-Policy: Allow installation of devices using drivers that match these device setup classes 
+Policy: Allow installation of devices using drivers that match these device setup classes
 - `{71a27cdd-812a-11d0-bec7-08002be2092f}`
 
-
-
 ## See also
 
 [Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md)

From 297c0fa67ef5b54b7a42eec27591b435aa0fb4c8 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Thu, 6 May 2021 17:18:58 -0700
Subject: [PATCH 02/29] Added a new FAQ

Added a new FAQ item and converted all FAQ questions to titles to make it easy to read and find relevant FAQs
---
 .../update/waas-delivery-optimization.md      | 39 ++++++++++++++-----
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index fe4690ca30..afb9f1fff5 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -132,36 +132,41 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt
 
 ## Frequently asked questions
 
-**Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
+#### Does Delivery Optimization work with WSUS? #### 
+Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
 
-**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+#### Which ports does Delivery Optimization use? #### 
+Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
 
 If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
 
 Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
 
 
-**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
+#### What are the requirements if I use a proxy? ####
+For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
 
-**What hostnames should I allow through my firewall to support Delivery Optimization?**: 
+#### What hostnames should I allow through my firewall to support Delivery Optimization? ####
 
 For communication between clients and the Delivery Optimization cloud service: **\*.do.dsp.mp.microsoft.com**.
 
-For Delivery Optimization metadata: 
+**For Delivery Optimization metadata: **
 
 - *.dl.delivery.mp.microsoft.com
 - *.emdl.ws.microsoft.com
 
-For the payloads (optional):
+**For the payloads (optional):**
 
 - *.download.windowsupdate.com 
 - *.windowsupdate.com
 
-**Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
+#### Does Delivery Optimization use multicast? #### 
+No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
 
-**How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
+#### How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN? #### 
+Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
 
-**How does Delivery Optimization handle VPNs?**
+#### How does Delivery Optimization handle VPNs? ####
 Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
 
 If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn)	policy.
@@ -186,6 +191,22 @@ Windows Update and Microsoft Store backend services and Windows Update and Micro
 
 For more information about remote work if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
 
+
+#### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address? ####
+
+RFC1918 defines the range of IP addresses that are considered "private".
+[RFC 1918 - Address Allocation for Private Internets] https://tools.ietf.org/html/rfc1918
+   10.0.0.0        -   10.255.255.255 (10/8 prefix)
+   172.16.0.0      -   172.31.255.255 (172.16/12 prefix)
+   192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
+
+Prior to Windows 10, version 1903 Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses.
+Starting with version 1903 or higher, this is no longer enforced.
+Customers who utilize Public IP addresses in place of Private IP address can now use DO in LAN mode.
+
+Note: one side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.
+
+
 ## Troubleshooting
 
 This section summarizes common problems and some solutions to try.

From 1c0dd5213e59d9a42586402b50975569e832022f Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 7 May 2021 05:52:11 +0200
Subject: [PATCH 03/29] Add missing infinitive marker "to"

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-application-guard/faq-md-app-guard.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 6add06d337..36b7ec1891 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -172,7 +172,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 ### Why doesn't the container fully load when device control policies are enabled?
 
-Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly.
+Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure AppGuard works properly.
 
 Policy: Allow installation of devices that match any of these device IDs
 - `SCSI\DiskMsft____Virtual_Disk____`

From 06cb0890b5b9edba25372024b5b6d06b7cafd3e4 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 7 May 2021 05:58:23 +0200
Subject: [PATCH 04/29] Restore changes removed by last merge

Line 48:
- "Favorites Sync is off" -> 'Favorites Sync is turned off'
- "To managed the policy" -> 'To manage the policy'
---
 .../microsoft-defender-application-guard/faq-md-app-guard.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index d2fc698794..477c09a58c 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -45,7 +45,7 @@ Depending on your organization's settings, employees can copy and paste images (
 
 ### Why don't employees see their favorites in the Application Guard Edge session?
 
-Depending on your organization’s settings, it might be that Favorites Sync is off. To managed the policy, see: [Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs](/deployedge/microsoft-edge-security-windows-defender-application-guard)
+Depending on your organization’s settings, it might be that Favorites Sync is turned off. To manage the policy, see: [Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs](/deployedge/microsoft-edge-security-windows-defender-application-guard)
 
 ### Why aren’t employees able to see their extensions in the Application Guard Edge session?
 

From dd5727f9ec97be755de8634293d1f4bd33eccfc9 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:05 -0700
Subject: [PATCH 05/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index afb9f1fff5..e221d08b87 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -132,7 +132,7 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt
 
 ## Frequently asked questions
 
-#### Does Delivery Optimization work with WSUS? #### 
+#### Does Delivery Optimization work with WSUS?
 Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
 
 #### Which ports does Delivery Optimization use? #### 

From 9b1322892c1e918405300486555e158033b86740 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:13 -0700
Subject: [PATCH 06/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index e221d08b87..e501f85b3f 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -135,7 +135,7 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt
 #### Does Delivery Optimization work with WSUS?
 Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
 
-#### Which ports does Delivery Optimization use? #### 
+#### Which ports does Delivery Optimization use?
 Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
 
 If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.

From 74a666ccd2f9e737c1c79eb308736277e0fe3f1b Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:31 -0700
Subject: [PATCH 07/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index e501f85b3f..0055d22d00 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -143,7 +143,7 @@ If you set up Delivery Optimization to create peer groups that include devices a
 Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
 
 
-#### What are the requirements if I use a proxy? ####
+#### What are the requirements if I use a proxy?
 For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
 
 #### What hostnames should I allow through my firewall to support Delivery Optimization? ####

From 78322ffbd6bd3c2fec1018b09828474e0dfc82b9 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:38 -0700
Subject: [PATCH 08/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 0055d22d00..70ab9da765 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -146,7 +146,7 @@ Delivery Optimization also communicates with its cloud service by using HTTP/HTT
 #### What are the requirements if I use a proxy?
 For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
 
-#### What hostnames should I allow through my firewall to support Delivery Optimization? ####
+#### What hostnames should I allow through my firewall to support Delivery Optimization?
 
 For communication between clients and the Delivery Optimization cloud service: **\*.do.dsp.mp.microsoft.com**.
 

From 97bde1013edaac8c61c4e3320114e15186cf6f35 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:46 -0700
Subject: [PATCH 09/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 70ab9da765..5aaffebd5f 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -155,7 +155,7 @@ For communication between clients and the Delivery Optimization cloud service: *
 - *.dl.delivery.mp.microsoft.com
 - *.emdl.ws.microsoft.com
 
-**For the payloads (optional):**
+**For the payloads (optional)**:
 
 - *.download.windowsupdate.com 
 - *.windowsupdate.com

From b29553da56a53065abb6975aee61fe76c8499288 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:56:52 -0700
Subject: [PATCH 10/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 5aaffebd5f..39e7605469 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -160,7 +160,7 @@ For communication between clients and the Delivery Optimization cloud service: *
 - *.download.windowsupdate.com 
 - *.windowsupdate.com
 
-#### Does Delivery Optimization use multicast? #### 
+#### Does Delivery Optimization use multicast?
 No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
 
 #### How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN? #### 

From 5a3965e7ed2c07adf9cebe032476b9a4419b5a55 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:57:03 -0700
Subject: [PATCH 11/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 39e7605469..b7c78da1c2 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -163,7 +163,7 @@ For communication between clients and the Delivery Optimization cloud service: *
 #### Does Delivery Optimization use multicast?
 No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
 
-#### How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN? #### 
+#### How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?
 Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
 
 #### How does Delivery Optimization handle VPNs? ####

From 3208b7ca3022baf4fcf2de5a6f5d9ab05ee65631 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:57:16 -0700
Subject: [PATCH 12/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index b7c78da1c2..d8a91308f8 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -200,7 +200,7 @@ RFC1918 defines the range of IP addresses that are considered "private".
    172.16.0.0      -   172.31.255.255 (172.16/12 prefix)
    192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
 
-Prior to Windows 10, version 1903 Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses.
+Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
 Starting with version 1903 or higher, this is no longer enforced.
 Customers who utilize Public IP addresses in place of Private IP address can now use DO in LAN mode.
 

From c6b455caf477a400da6dd5fb5f9c6cfe1e6ce202 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:57:31 -0700
Subject: [PATCH 13/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index d8a91308f8..15ddc48b51 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -204,7 +204,8 @@ Prior to Windows 10, version 1903, Delivery Optimization only allowed connection
 Starting with version 1903 or higher, this is no longer enforced.
 Customers who utilize Public IP addresses in place of Private IP address can now use DO in LAN mode.
 
-Note: one side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.
+> [NOTE]
+> One side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.
 
 
 ## Troubleshooting

From 66d333b5316fa6a161207460657b1d62d5b0479d Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:58:36 -0700
Subject: [PATCH 14/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 15ddc48b51..a97883dc5d 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -194,12 +194,6 @@ For more information about remote work if you're using Configuration Manager, se
 
 #### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address? ####
 
-RFC1918 defines the range of IP addresses that are considered "private".
-[RFC 1918 - Address Allocation for Private Internets] https://tools.ietf.org/html/rfc1918
-   10.0.0.0        -   10.255.255.255 (10/8 prefix)
-   172.16.0.0      -   172.31.255.255 (172.16/12 prefix)
-   192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
-
 Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
 Starting with version 1903 or higher, this is no longer enforced.
 Customers who utilize Public IP addresses in place of Private IP address can now use DO in LAN mode.

From 23650f2996f2cb9376258134688b6e0fa6a3b914 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:58:47 -0700
Subject: [PATCH 15/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index a97883dc5d..5fa1d3d3ea 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -195,8 +195,6 @@ For more information about remote work if you're using Configuration Manager, se
 #### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address? ####
 
 Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
-Starting with version 1903 or higher, this is no longer enforced.
-Customers who utilize Public IP addresses in place of Private IP address can now use DO in LAN mode.
 
 > [NOTE]
 > One side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.

From 7f3488568d4760578bca429907eb8a273ed7122f Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:58:59 -0700
Subject: [PATCH 16/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 5fa1d3d3ea..39ae779f71 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -192,7 +192,7 @@ Windows Update and Microsoft Store backend services and Windows Update and Micro
 For more information about remote work if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
 
 
-#### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address? ####
+#### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address?
 
 Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
 

From cec41a1e5f8e75014b44c3229f103cfb15fa5a49 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:59:08 -0700
Subject: [PATCH 17/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 39ae779f71..1eb4cc7969 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -169,7 +169,7 @@ Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relie
 #### How does Delivery Optimization handle VPNs? ####
 Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
 
-If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn)	policy.
+If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
 
 If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN.
 

From 5764b63b77e104614ce3741727bd2a77df099210 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:59:16 -0700
Subject: [PATCH 18/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 1eb4cc7969..84a6a3b72e 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -166,7 +166,7 @@ No. It relies on the cloud service for peer discovery, resulting in a list of pe
 #### How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?
 Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details, see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
 
-#### How does Delivery Optimization handle VPNs? ####
+#### How does Delivery Optimization handle VPNs?
 Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
 
 If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.

From 72de3a7e9c2a394ab79d1097ccfea86c23e9c3d7 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 7 May 2021 18:59:24 -0700
Subject: [PATCH 19/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 84a6a3b72e..d5625b3173 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -150,7 +150,7 @@ For Delivery Optimization to successfully use the proxy, you should set up the p
 
 For communication between clients and the Delivery Optimization cloud service: **\*.do.dsp.mp.microsoft.com**.
 
-**For Delivery Optimization metadata: **
+**For Delivery Optimization metadata**:
 
 - *.dl.delivery.mp.microsoft.com
 - *.emdl.ws.microsoft.com

From c935a4d6d02bfefe038ba6d4722bf69785878751 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 10 May 2021 20:49:19 +0500
Subject: [PATCH 20/29] Update manage-windows-mixed-reality.md

---
 .../application-management/manage-windows-mixed-reality.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 50a7c2b6f0..2305949341 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
 
 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
 
-   1. Download the FOD .cab file for [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+   1. Download the FOD .cab file for [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
 
       > [!NOTE]
       > You must download the FOD .cab file that matches your operating system version.
@@ -99,4 +99,4 @@ In the following example, the **Id** can be any generated GUID and the **Name**
 
 ## Related topics
 
-- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)
\ No newline at end of file
+- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)

From d6f4cf01d245cc23b003b4f35e84fdc43305c5fb Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Mon, 10 May 2021 13:41:22 -0700
Subject: [PATCH 21/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index d5625b3173..fb2c96ccaa 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -193,7 +193,6 @@ For more information about remote work if you're using Configuration Manager, se
 
 
 #### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address?
-
 Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
 
 > [NOTE]

From 2b6edfe15986950eef91b1559fab4d1afe5ebb4f Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Mon, 10 May 2021 13:41:28 -0700
Subject: [PATCH 22/29] Update
 windows/deployment/update/waas-delivery-optimization.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index fb2c96ccaa..3763434591 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -195,7 +195,7 @@ For more information about remote work if you're using Configuration Manager, se
 #### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address?
 Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
 
-> [NOTE]
+> [!NOTE]
 > One side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.
 
 

From 4f92c4ed6268481c89f9eaf9faf7cd1905743a11 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Mon, 10 May 2021 13:47:24 -0700
Subject: [PATCH 23/29] Update waas-delivery-optimization.md

Cleaned up language. Do not use "DO;" always spell out.
---
 windows/deployment/update/waas-delivery-optimization.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 3763434591..80801b9c28 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -192,11 +192,11 @@ Windows Update and Microsoft Store backend services and Windows Update and Micro
 For more information about remote work if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
 
 
-#### How does Delivery Optimization handle networks where a Public IP address is used in place of a Private IP address?
-Prior to Windows 10, version 1903, Delivery Optimization only allowed connections between LAN peers if those peers utilized Private IP addresses. Starting with version 1903 or higher, this is no longer enforced. Customers who utilize Public IP addresses in place of Private IP addresses can now use DO in LAN mode.
+#### How does Delivery Optimization handle networks where a public IP address is used in place of a private IP address?
+Starting with Windows 10, version 1903 or later, Delivery Optimization no longer restricts connections between LAN peers to those using private IP adddresses. If you use public IP addresses instead of private IP addresses, you can use Delivery Optimization in LAN mode.
 
 > [!NOTE]
-> One side effect of this change is that bytes downloaded from or uploaded to LAN peers with Public IP addresses may be reported as coming from Internet peers.
+> If you use public IP addresses instead of private in LAN mode, the bytes downloaded from or uploaded to LAN peers with public IP addresses might be reported as coming from Internet peers.
 
 
 ## Troubleshooting

From 4945e4da9472ce46b58325d8fc403bc1902be0bd Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 10 May 2021 18:36:13 -0700
Subject: [PATCH 24/29] Acrolinx "adddresses"

Added in public by a member of Microsoft Docs in PR https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9507
---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 80801b9c28..96b1bc810e 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -193,7 +193,7 @@ For more information about remote work if you're using Configuration Manager, se
 
 
 #### How does Delivery Optimization handle networks where a public IP address is used in place of a private IP address?
-Starting with Windows 10, version 1903 or later, Delivery Optimization no longer restricts connections between LAN peers to those using private IP adddresses. If you use public IP addresses instead of private IP addresses, you can use Delivery Optimization in LAN mode.
+Starting with Windows 10, version 1903 or later, Delivery Optimization no longer restricts connections between LAN peers to those using private IP addresses. If you use public IP addresses instead of private IP addresses, you can use Delivery Optimization in LAN mode.
 
 > [!NOTE]
 > If you use public IP addresses instead of private in LAN mode, the bytes downloaded from or uploaded to LAN peers with public IP addresses might be reported as coming from Internet peers.

From deec52f36cc60b85e6e88912b7f31c74677bbe42 Mon Sep 17 00:00:00 2001
From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com>
Date: Tue, 11 May 2021 12:29:58 -0400
Subject: [PATCH 25/29] Removing reference to registry keys

After conferring with SMEs on registry key vs. configuring thru GP/MDM, while it is best practice to configure through GP/MDM (because it can be audited), there isn't strictly any issue with configuring devices straight thru regkey (this is what the script does).
---
 .../update/update-compliance-configuration-manual.md           | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index beb8b237cd..ccdb293504 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -31,9 +31,6 @@ The requirements are separated into different categories:
 
 ## Required policies
 
-> [!NOTE]
-> Windows 10 MDM and Group Policies are backed by registry keys. It is not recommended you set these registry keys directly for configuration as it can lead to unexpected behavior, so the exact registry key locations are not provided, though they are referenced for troubleshooting configuration issues with the [Update Compliance Configuration Script](update-compliance-configuration-script.md).
-
 Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
 
 - **Policy** corresponds to the location and name of the policy.

From 2df86dde5d9a33f70c61392214313f016f82ee03 Mon Sep 17 00:00:00 2001
From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com>
Date: Tue, 11 May 2021 12:36:01 -0400
Subject: [PATCH 26/29] More context on config script

Config script docs inaccurately said that the script configures GP directly. It configures regkeys. This means that if GP Policy X is set to 1, but the regkey value is supposed to be 0, then the config script will set the regkey to 0; however, on the next GP refresh, the regkey will be set back to 1.
---
 .../update/update-compliance-configuration-script.md       | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index 120768cee3..db9c4b87e6 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -18,9 +18,12 @@ ms.topic: article
 # Configuring devices through the Update Compliance Configuration Script
 
 > [!NOTE]
-> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. We don't recommend using this script if you configure devices using MDM. Instead, configure the policies listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) by using your MDM provider. 
+> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. We don't recommend using this script if you configure devices using MDM. Instead, configure the policies listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) by using your MDM provider. Thus, it is worth auditing devices to ensure that there are no GP policy configurations in any existing tool that conflict with how policies should be configured. 
 
-The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
+The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more.
+
+> [!NOTE]
+> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings (GP/MDM) -- **reconfiguring devices with the script does not reconfigure previously set policies, both in the case of GP and MDM**. Therefore, if there are conflicts between your GP/MDM configurations, and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), there can be issues with device enrollment. 
 
 You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
 

From 42aacc1da7ca76158c05c5dcb4ee1e41aaa088ac Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Tue, 11 May 2021 09:47:45 -0700
Subject: [PATCH 27/29] Update update-compliance-configuration-script.md

Slight edits for clarity.
---
 .../update/update-compliance-configuration-script.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index db9c4b87e6..2bdf88323c 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -18,12 +18,12 @@ ms.topic: article
 # Configuring devices through the Update Compliance Configuration Script
 
 > [!NOTE]
-> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. We don't recommend using this script if you configure devices using MDM. Instead, configure the policies listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) by using your MDM provider. Thus, it is worth auditing devices to ensure that there are no GP policy configurations in any existing tool that conflict with how policies should be configured. 
+> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. We don't recommend using this script if you configure devices using MDM. Instead, configure the policies listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) by using your MDM provider. You should check devices to ensure that there aren't any policy configurations in any existing tool that conflict with how policies should be configured. 
 
 The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more.
 
 > [!NOTE]
-> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings (GP/MDM) -- **reconfiguring devices with the script does not reconfigure previously set policies, both in the case of GP and MDM**. Therefore, if there are conflicts between your GP/MDM configurations, and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), there can be issues with device enrollment. 
+> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), there can be issues with device enrollment. 
 
 You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
 

From 383cfd7042718b415d2e1df06fbc69f4ab46c57b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 12 May 2021 09:54:15 -0700
Subject: [PATCH 28/29] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 44 ++++++++++++-------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 477c09a58c..0e4406aaa5 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 05/06/2021
+ms.date: 05/12/2021
 ms.reviewer:
 manager: dansimp
 ms.custom: asr
@@ -57,7 +57,8 @@ Application Guard requires proxies to have a symbolic name, not just an IP addre
 
 ### Which Input Method Editors (IME) in 19H1 are not supported?
 
-The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard.
+The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard:
+
 - Vietnam Telex keyboard
 - Vietnam number key-based keyboard
 - Hindi phonetic keyboard
@@ -121,33 +122,45 @@ Application Guard might not work correctly on NTFS compressed volumes. If this i
 
 ### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach the PAC file?
 
-This is a known issue. To mitigate this you need to create two firewall rules.
-For guidance on how to create a firewall rule by using group policy, see:
+This is a known issue. To mitigate this you need to create two firewall rules. For information about creating a firewall rule by using Group Policy, see the following resources:
+
 - [Create an inbound icmp rule](../windows-firewall/create-an-inbound-icmp-rule.md)
 - [Open Group Policy management console for Microsoft Defender Firewall](../windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 
-First rule (DHCP Server):
+#### First rule (DHCP Server)
 1. Program path: `%SystemRoot%\System32\svchost.exe`
+
 2. Local Service: `Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))`
+
 3. Protocol UDP
+
 4. Port 67
 
-Second rule (DHCP Client)
-This is the same as the first rule, but scoped to local port 68.
-In the Microsoft Defender Firewall user interface go through the following steps:
+#### Second rule (DHCP Client)
+This is the same as the first rule, but scoped to local port 68. In the Microsoft Defender Firewall user interface go through the following steps:
+
 1. Right-click on inbound rules, and then create a new rule.
+
 2. Choose **custom rule**.
+
 3. Specify the following program path: `%SystemRoot%\System32\svchost.exe`.
+
 4. Specify the following settings:
     - Protocol Type: UDP
     - Specific ports: 67
     - Remote port: any
-6. Specify any IP addresses.
-7. Allow the connection.
-8. Specify to use all profiles.
-9. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
-10. In the **Programs and services** tab, under the **Services** section, select **settings**.
-11. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
+
+5. Specify any IP addresses.
+
+6. Allow the connection.
+
+7. Specify to use all profiles.
+
+8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
+
+9. In the **Programs and services** tab, under the **Services** section, select **settings**.
+
+10. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
 
 ### Why can I not launch Application Guard when Exploit Guard is enabled?
 
@@ -174,7 +187,8 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure AppGuard works properly.
 
-Policy: Allow installation of devices that match any of these device IDs
+Policy: Allow installation of devices that match any of the following device IDs:
+
 - `SCSI\DiskMsft____Virtual_Disk____`
 - `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba`
 - `VMS_VSF`

From dec6ecfa013bb96610c0f4260ae07ac5f05f9714 Mon Sep 17 00:00:00 2001
From: Harsh Parakh <harsh.parakh@gmail.com>
Date: Wed, 12 May 2021 14:02:19 -0700
Subject: [PATCH 29/29] Updated policy-csp-experience.md with details for new
 ConfigureChatIcon Policy

---
 .../mdm/policy-csp-experience.md              | 64 ++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 40e43cb6a1..b8ebc176d0 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -76,6 +76,9 @@ manager: dansimp
   <dd>
     <a href="#experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
   </dd>
+  <dd>
+    <a href="#experience-configurechaticonvisibilityonthetaskbar">Experience/ConfigureChatIcon</a>
+  </dd>
   <dd>
     <a href="#experience-disablecloudoptimizedcontent">Experience/DisableCloudOptimizedContent</a>
   </dd>
@@ -1219,6 +1222,65 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 
+<!--Policy-->
+<a href="" id="experience-configurechaticonvisibilityonthetaskbar"></a>**Experience/ConfigureChatIcon**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Specifies whether to allow "Chat" on the Taskbar.
+
+<!--/Description-->
+<!--SupportedValues-->
+The values for this policy are 0, 1, 2 and 3. This policy defaults to 0.
+
+0 - Default: The Chat icon will be displayed or hidden on the taskbar based on account type. Users can show or hide it in Settings.
+1 - Show: The Chat icon will be displayed on the taskbar by default. Users can show or hide it in Settings.
+2 - Hide: The Chat icon will be hidden by default. Users can show or hide it in Settings.
+3 - Disabled: The Chat icon will not be displayed, and users cannot show or hide it in Settings.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**  
 
@@ -1636,4 +1698,4 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 - 9 - Available in Windows 10, version 20H2.
 
-<!--/Policies-->
\ No newline at end of file
+<!--/Policies-->